library

package
Version: v0.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 14, 2021 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessAsGroupTest

func AccessAsGroupTest(
	ctx context.Context,
	testGroup string,
	clientUnderTest kubernetes.Interface,
) func(t *testing.T)

AccessAsGroupTest runs a generic test in which a clientUnderTest with membership in group testGroup tries to auth to the kube API (i.e., list namespaces).

Use this function if you want to simply validate that a user can auth to the kube API (via a group membership) after performing a Pinniped credential exchange.

func AccessAsGroupWithKubectlTest

func AccessAsGroupWithKubectlTest(
	testKubeConfigYAML string,
	testGroup string,
	expectedNamespace string,
) func(t *testing.T)

func AccessAsUserTest

func AccessAsUserTest(
	ctx context.Context,
	testUsername string,
	clientUnderTest kubernetes.Interface,
) func(t *testing.T)

AccessAsUserTest runs a generic test in which a clientUnderTest operating with username testUsername tries to auth to the kube API (i.e., list namespaces).

Use this function if you want to simply validate that a user can auth to the kube API after performing a Pinniped credential exchange.

func AccessAsUserWithKubectlTest

func AccessAsUserWithKubectlTest(
	testKubeConfigYAML string,
	testUsername string,
	expectedNamespace string,
) func(t *testing.T)

func CreateClientCredsSecret

func CreateClientCredsSecret(t *testing.T, clientID string, clientSecret string) *corev1.Secret

func CreatePod

func CreatePod(ctx context.Context, t *testing.T, name, namespace string, spec corev1.PodSpec) *corev1.Pod

func CreateTestClusterRoleBinding

func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef rbacv1.RoleRef) *rbacv1.ClusterRoleBinding

func CreateTestFederationDomain

func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, expectStatus configv1alpha1.FederationDomainStatusCondition) *configv1alpha1.FederationDomain

CreateTestFederationDomain creates and returns a test FederationDomain in $PINNIPED_TEST_SUPERVISOR_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. If the provided issuer is not the empty string, then it will be used for the FederationDomain.Spec.Issuer field. Else, a random issuer will be generated.

func CreateTestJWTAuthenticator

func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alpha1.JWTAuthenticatorSpec) corev1.TypedLocalObjectReference

CreateTestJWTAuthenticator creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.

func CreateTestJWTAuthenticatorForCLIUpstream

func CreateTestJWTAuthenticatorForCLIUpstream(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference

CreateTestJWTAuthenticatorForCLIUpstream creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.

CreateTestJWTAuthenticatorForCLIUpstream gets the OIDC issuer info from IntegrationEnv().CLIUpstreamOIDC.

func CreateTestSecret

func CreateTestSecret(t *testing.T, namespace string, baseName string, secretType corev1.SecretType, stringData map[string]string) *corev1.Secret

func CreateTestWebhookAuthenticator

func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference

CreateTestWebhookAuthenticator creates and returns a test WebhookAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test webhook authenticator within the test namespace.

func LookupIP

func LookupIP(ctx context.Context, hostname string) ([]net.IP, error)

LookupIP looks up the IP address of the provided hostname, preferring IPv4.

func MaskTokens

func MaskTokens(in string) string

MaskTokens makes a best-effort attempt to mask out things that look like secret tokens in test output. The goal is more to have readable test output than for any security reason.

func NewAggregatedClientset

func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface

func NewAnonymousClientRestConfig

func NewAnonymousClientRestConfig(t *testing.T) *rest.Config

Returns a rest.Config without any user authentication info.

func NewAnonymousConciergeClientset

func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface

func NewClientConfig

func NewClientConfig(t *testing.T) *rest.Config

func NewClientsetForKubeConfig

func NewClientsetForKubeConfig(t *testing.T, kubeConfig string) kubernetes.Interface

func NewClientsetWithCertAndKey

func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface

func NewConciergeClientset

func NewConciergeClientset(t *testing.T) conciergeclientset.Interface

func NewKubeclient

func NewKubeclient(t *testing.T, config *rest.Config) *kubeclient.Client

func NewKubernetesClientset

func NewKubernetesClientset(t *testing.T) kubernetes.Interface

func NewLoggerReader

func NewLoggerReader(t *testing.T, name string, reader io.Reader) io.Reader

NewLoggerReader wraps an io.Reader to log its input and output. It also performs some heuristic token masking.

func NewRestConfigFromKubeconfig

func NewRestConfigFromKubeconfig(t *testing.T, kubeConfig string) *rest.Config

func NewSupervisorClientset

func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface

func PinnipedCLIPath

func PinnipedCLIPath(t *testing.T) string

PinnipedCLIPath returns the path to the Pinniped CLI binary, built on demand and cached between tests.

func RandHex

func RandHex(t *testing.T, numBytes int) string

func RedactURLParams

func RedactURLParams(fullURL *url.URL) string

Remove any potentially sensitive query param and fragment values for test logging.

func RequireEventuallyWithoutError

func RequireEventuallyWithoutError(
	t *testing.T,
	f func() (bool, error),
	waitFor time.Duration,
	tick time.Duration,
	msgAndArgs ...interface{},
)

RequireEventuallyWithoutError is similar to require.Eventually() except that it also allows the caller to return an error from the condition function. If the condition function returns an error at any point, the assertion will immediately fail.

func RequireNeverWithoutError

func RequireNeverWithoutError(
	t *testing.T,
	f func() (bool, error),
	waitFor time.Duration,
	tick time.Duration,
	msgAndArgs ...interface{},
)

RequireNeverWithoutError is similar to require.Never() except that it also allows the caller to return an error from the condition function. If the condition function returns an error at any point, the assertion will immediately fail.

func Sdump

func Sdump(a ...interface{}) string

func SkipUnlessIntegration

func SkipUnlessIntegration(t *testing.T)

SkipUnlessIntegration skips the current test if `-short` has been passed to `go test`.

func WaitForUserToHaveAccess

func WaitForUserToHaveAccess(t *testing.T, user string, groups []string, shouldHaveAccessTo *authorizationv1.ResourceAttributes)

Types

type Capability

type Capability string
const (
	ClusterSigningKeyIsAvailable     Capability = "clusterSigningKeyIsAvailable"
	AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
	HasExternalLoadBalancerProvider  Capability = "hasExternalLoadBalancerProvider"
	CanReachInternetLDAPPorts        Capability = "canReachInternetLDAPPorts"
)

type TestEnv

type TestEnv struct {
	ToolsNamespace                 string                               `json:"toolsNamespace"`
	ConciergeNamespace             string                               `json:"conciergeNamespace"`
	SupervisorNamespace            string                               `json:"supervisorNamespace"`
	ConciergeAppName               string                               `json:"conciergeAppName"`
	SupervisorAppName              string                               `json:"supervisorAppName"`
	SupervisorCustomLabels         map[string]string                    `json:"supervisorCustomLabels"`
	ConciergeCustomLabels          map[string]string                    `json:"conciergeCustomLabels"`
	Capabilities                   map[Capability]bool                  `json:"capabilities"`
	TestWebhook                    auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
	SupervisorHTTPAddress          string                               `json:"supervisorHttpAddress"`
	SupervisorHTTPSAddress         string                               `json:"supervisorHttpsAddress"`
	SupervisorHTTPSIngressAddress  string                               `json:"supervisorHttpsIngressAddress"`
	SupervisorHTTPSIngressCABundle string                               `json:"supervisorHttpsIngressCABundle"`
	Proxy                          string                               `json:"proxy"`
	APIGroupSuffix                 string                               `json:"apiGroupSuffix"`

	TestUser struct {
		Token            string   `json:"token"`
		ExpectedUsername string   `json:"expectedUsername"`
		ExpectedGroups   []string `json:"expectedGroups"`
	} `json:"testUser"`

	CLIUpstreamOIDC        TestOIDCUpstream `json:"cliOIDCUpstream"`
	SupervisorUpstreamOIDC TestOIDCUpstream `json:"supervisorOIDCUpstream"`
	SupervisorUpstreamLDAP TestLDAPUpstream `json:"supervisorLDAPUpstream"`
	// contains filtered or unexported fields
}

TestEnv captures all the external parameters consumed by our integration tests.

func IntegrationEnv

func IntegrationEnv(t *testing.T) *TestEnv

IntegrationEnv gets the integration test environment from OS environment variables. This method also implies SkipUnlessIntegration().

func (*TestEnv) HasCapability

func (e *TestEnv) HasCapability(cap Capability) bool

func (*TestEnv) ProxyEnv

func (e *TestEnv) ProxyEnv() []string

ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.

func (*TestEnv) WithCapability

func (e *TestEnv) WithCapability(cap Capability) *TestEnv

func (*TestEnv) WithoutCapability

func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv

type TestLDAPUpstream

type TestLDAPUpstream struct {
	Host                           string   `json:"host"`
	StartTLSOnlyHost               string   `json:"startTLSOnlyHost"`
	CABundle                       string   `json:"caBundle"`
	BindUsername                   string   `json:"bindUsername"`
	BindPassword                   string   `json:"bindPassword"`
	UserSearchBase                 string   `json:"userSearchBase"`
	GroupSearchBase                string   `json:"groupSearchBase"`
	TestUserDN                     string   `json:"testUserDN"`
	TestUserCN                     string   `json:"testUserCN"`
	TestUserPassword               string   `json:"testUserPassword"`
	TestUserMailAttributeName      string   `json:"testUserMailAttributeName"`
	TestUserMailAttributeValue     string   `json:"testUserMailAttributeValue"`
	TestUserUniqueIDAttributeName  string   `json:"testUserUniqueIDAttributeName"`
	TestUserUniqueIDAttributeValue string   `json:"testUserUniqueIDAttributeValue"`
	TestUserDirectGroupsCNs        []string `json:"testUserDirectGroupsCNs"`
	TestUserDirectGroupsDNs        []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS"
}

type TestOIDCUpstream

type TestOIDCUpstream struct {
	Issuer           string   `json:"issuer"`
	CABundle         string   `json:"caBundle"`
	AdditionalScopes []string `json:"additionalScopes"`
	UsernameClaim    string   `json:"usernameClaim"`
	GroupsClaim      string   `json:"groupsClaim"`
	ClientID         string   `json:"clientID"`
	ClientSecret     string   `json:"clientSecret"`
	CallbackURL      string   `json:"callback"`
	Username         string   `json:"username"`
	Password         string   `json:"password"`
	ExpectedGroups   []string `json:"expectedGroups"`
}

Directories

Path Synopsis
Package browsertest provides integration test helpers for our browser-based tests.
Package browsertest provides integration test helpers for our browser-based tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to