Documentation ¶
Index ¶
- func AccessAsGroupTest(ctx context.Context, testGroup string, clientUnderTest kubernetes.Interface) func(t *testing.T)
- func AccessAsGroupWithKubectlTest(testKubeConfigYAML string, testGroup string, expectedNamespace string) func(t *testing.T)
- func AccessAsUserTest(ctx context.Context, testUsername string, clientUnderTest kubernetes.Interface) func(t *testing.T)
- func AccessAsUserWithKubectlTest(testKubeConfigYAML string, testUsername string, expectedNamespace string) func(t *testing.T)
- func AssertNoRestartsDuringTest(t *testing.T, namespace, labelSelector string)
- func CreateClientCredsSecret(t *testing.T, clientID string, clientSecret string) *corev1.Secret
- func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef rbacv1.RoleRef) *rbacv1.ClusterRoleBinding
- func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, ...) *configv1alpha1.FederationDomain
- func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alpha1.JWTAuthenticatorSpec) corev1.TypedLocalObjectReference
- func CreateTestJWTAuthenticatorForCLIUpstream(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
- func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityProviderSpec, ...) *idpv1alpha1.OIDCIdentityProvider
- func CreateTestSecret(t *testing.T, namespace string, baseName string, secretType corev1.SecretType, ...) *corev1.Secret
- func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
- func DumpLogs(t *testing.T, namespace string, labelSelector string)
- func LookupIP(ctx context.Context, hostname string) ([]net.IP, error)
- func MaskTokens(in string) string
- func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface
- func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface
- func NewClientConfig(t *testing.T) *rest.Config
- func NewClientsetForKubeConfig(t *testing.T, kubeConfig string) kubernetes.Interface
- func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface
- func NewConciergeClientset(t *testing.T) conciergeclientset.Interface
- func NewKubernetesClientset(t *testing.T) kubernetes.Interface
- func NewLoggerReader(t *testing.T, name string, reader io.Reader) io.Reader
- func NewRestConfigFromKubeconfig(t *testing.T, kubeConfig string) *rest.Config
- func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface
- func PinnipedCLIPath(t *testing.T) string
- func RandHex(t *testing.T, numBytes int) string
- func RequireEventuallyWithoutError(t *testing.T, f func() (bool, error), waitFor time.Duration, ...)
- func Sdump(a ...interface{}) string
- func SkipUnlessIntegration(t *testing.T)
- type Capability
- type TestEnv
- type TestOIDCUpstream
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AccessAsGroupTest ¶ added in v0.2.0
func AccessAsGroupTest( ctx context.Context, testGroup string, clientUnderTest kubernetes.Interface, ) func(t *testing.T)
AccessAsGroupTest runs a generic test in which a clientUnderTest with membership in group testGroup tries to auth to the kube API (i.e., list namespaces).
Use this function if you want to simply validate that a user can auth to the kube API (via a group membership) after performing a Pinniped credential exchange.
func AccessAsGroupWithKubectlTest ¶ added in v0.2.0
func AccessAsUserTest ¶ added in v0.2.0
func AccessAsUserTest( ctx context.Context, testUsername string, clientUnderTest kubernetes.Interface, ) func(t *testing.T)
AccessAsUserTest runs a generic test in which a clientUnderTest operating with username testUsername tries to auth to the kube API (i.e., list namespaces).
Use this function if you want to simply validate that a user can auth to the kube API after performing a Pinniped credential exchange.
func AccessAsUserWithKubectlTest ¶ added in v0.2.0
func AssertNoRestartsDuringTest ¶ added in v0.5.0
NewRestartAssertion allows a caller to assert that there were no restarts for a Pod in the provided namespace with the provided labelSelector during the lifetime of a test.
func CreateClientCredsSecret ¶ added in v0.3.0
func CreateTestClusterRoleBinding ¶ added in v0.3.0
func CreateTestFederationDomain ¶ added in v0.3.0
func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, expectStatus configv1alpha1.FederationDomainStatusCondition) *configv1alpha1.FederationDomain
CreateTestFederationDomain creates and returns a test FederationDomain in $PINNIPED_TEST_SUPERVISOR_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It generates a random, valid, issuer for the FederationDomain.
If the provided issuer is not the empty string, then it will be used for the FederationDomain.Spec.Issuer field. Else, a random issuer will be generated.
func CreateTestJWTAuthenticator ¶ added in v0.3.0
func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alpha1.JWTAuthenticatorSpec) corev1.TypedLocalObjectReference
CreateTestJWTAuthenticator creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.
func CreateTestJWTAuthenticatorForCLIUpstream ¶ added in v0.3.0
func CreateTestJWTAuthenticatorForCLIUpstream(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
CreateTestJWTAuthenticatorForCLIUpstream creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.
CreateTestJWTAuthenticatorForCLIUpstream gets the OIDC issuer info from IntegrationEnv().CLITestUpstream.
func CreateTestOIDCIdentityProvider ¶ added in v0.3.0
func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityProviderSpec, expectedPhase idpv1alpha1.OIDCIdentityProviderPhase) *idpv1alpha1.OIDCIdentityProvider
func CreateTestSecret ¶ added in v0.3.0
func CreateTestWebhookAuthenticator ¶ added in v0.2.0
func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
CreateTestWebhookAuthenticator creates and returns a test WebhookAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test webhook authenticator within the test namespace.
func DumpLogs ¶ added in v0.3.0
DumpLogs is meant to be called in a `defer` to dump the logs of components in the cluster on a test failure.
func LookupIP ¶ added in v0.3.0
LookupIP looks up the IP address of the provided hostname, preferring IPv4.
func MaskTokens ¶ added in v0.3.0
MaskTokens makes a best-effort attempt to mask out things that look like secret tokens in test output. The goal is more to have readable test output than for any security reason.
func NewAggregatedClientset ¶
func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface
func NewAnonymousConciergeClientset ¶ added in v0.2.0
func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface
func NewClientsetForKubeConfig ¶
func NewClientsetForKubeConfig(t *testing.T, kubeConfig string) kubernetes.Interface
func NewClientsetWithCertAndKey ¶
func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface
func NewConciergeClientset ¶ added in v0.2.0
func NewConciergeClientset(t *testing.T) conciergeclientset.Interface
func NewKubernetesClientset ¶ added in v0.5.0
func NewKubernetesClientset(t *testing.T) kubernetes.Interface
func NewLoggerReader ¶ added in v0.2.0
NewLoggerReader wraps an io.Reader to log its input and output. It also performs some heuristic token masking.
func NewRestConfigFromKubeconfig ¶ added in v0.3.0
func NewSupervisorClientset ¶ added in v0.2.0
func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface
func PinnipedCLIPath ¶ added in v0.3.0
PinnipedCLIPath returns the path to the Pinniped CLI binary, built on demand and cached between tests.
func RequireEventuallyWithoutError ¶ added in v0.4.0
func RequireEventuallyWithoutError( t *testing.T, f func() (bool, error), waitFor time.Duration, tick time.Duration, msgAndArgs ...interface{}, )
RequireEventuallyWithoutError is a wrapper around require.Eventually() that allows the caller to return an error from the condition function. If the condition function returns an error at any point, the assertion will immediately fail.
func SkipUnlessIntegration ¶
SkipUnlessIntegration skips the current test if `-short` has been passed to `go test`.
Types ¶
type Capability ¶ added in v0.2.0
type Capability string
const (
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
)
type TestEnv ¶
type TestEnv struct { ConciergeNamespace string `json:"conciergeNamespace"` SupervisorNamespace string `json:"supervisorNamespace"` ConciergeAppName string `json:"conciergeAppName"` SupervisorAppName string `json:"supervisorAppName"` SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"` ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"` Capabilities map[Capability]bool `json:"capabilities"` TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"` SupervisorHTTPAddress string `json:"supervisorHttpAddress"` SupervisorHTTPSAddress string `json:"supervisorHttpsAddress"` SupervisorHTTPSIngressAddress string `json:"supervisorHttpsIngressAddress"` SupervisorHTTPSIngressCABundle string `json:"supervisorHttpsIngressCABundle"` Proxy string `json:"proxy"` APIGroupSuffix string `json:"apiGroupSuffix"` TestUser struct { Token string `json:"token"` ExpectedUsername string `json:"expectedUsername"` ExpectedGroups []string `json:"expectedGroups"` } `json:"testUser"` CLITestUpstream TestOIDCUpstream `json:"cliOIDCUpstream"` SupervisorTestUpstream TestOIDCUpstream `json:"supervisorOIDCUpstream"` // contains filtered or unexported fields }
TestEnv captures all the external parameters consumed by our integration tests.
func IntegrationEnv ¶
IntegrationEnv gets the integration test environment from OS environment variables. This method also implies SkipUnlessIntegration().
func (*TestEnv) HasCapability ¶
func (e *TestEnv) HasCapability(cap Capability) bool
func (*TestEnv) ProxyEnv ¶ added in v0.3.0
ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.
func (*TestEnv) WithCapability ¶
func (e *TestEnv) WithCapability(cap Capability) *TestEnv
func (*TestEnv) WithoutCapability ¶
func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv
type TestOIDCUpstream ¶ added in v0.3.0
type TestOIDCUpstream struct { Issuer string `json:"issuer"` CABundle string `json:"caBundle"` AdditionalScopes []string `json:"additionalScopes"` UsernameClaim string `json:"usernameClaim"` GroupsClaim string `json:"groupsClaim"` ClientID string `json:"clientID"` ClientSecret string `json:"clientSecret"` CallbackURL string `json:"callback"` Username string `json:"username"` Password string `json:"password"` ExpectedGroups []string `json:"expectedGroups"` }
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package browsertest provides integration test helpers for our browser-based tests.
|
Package browsertest provides integration test helpers for our browser-based tests. |