testutil

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2022 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Overview

Package testutil contains shared test utilities for the Pinniped project.

As of right now, it is more or less a dumping ground for our test utilities.

Index

Constants

View Source 
const (
	AllDynamicClientScopesSpaceSep = "openid offline_access pinniped:request-audience username groups"

	// PlaintextPassword1 is a fake client secret for use in unit tests, along with several flavors of the bcrypt
	// hashed version of the password. Do not use for integration tests.
	PlaintextPassword1                        = "password1"
	HashedPassword1AtGoMinCost                = "$2a$04$JfX1ba/ctAt3AGk73E9Zz.Fdki5GiQtj.O/CnPbRRSKQWWfv1svoe" //nolint:gosec // this is not a credential
	HashedPassword1JustBelowSupervisorMinCost = "$2a$11$w/incy7Z1/ljLYvv2XRg4.WrPgY9oR7phebcgr6rGA3u/5TG9MKOe" //nolint:gosec // this is not a credential
	HashedPassword1AtSupervisorMinCost        = "$2a$12$id4i/yFYxS99txKOFEeboea2kU6DyZY0Nh4ul0eR46sDuoFoNTRV." //nolint:gosec // this is not a credential
	HashedPassword1InvalidFormat              = "$2a$12$id4i/yFYxS99txKOFEeboea2kU6DyZY0Nh4ul0eR46sDuo"        //nolint:gosec // this is not a credential

	// PlaintextPassword2 is a second fake client secret for use in unit tests, along with several flavors of the bcrypt
	// hashed version of the password. Do not use for integration tests.
	PlaintextPassword2                 = "password2"
	HashedPassword2AtGoMinCost         = "$2a$04$VQ5z6kkgU8JPLGSGctg.s.iYyoac3Oisa/SIM3sDK5BxTrVbCkyNm" //nolint:gosec // this is not a credential
	HashedPassword2AtSupervisorMinCost = "$2a$12$SdUqoJOn4/3yEQfJx616V.q.f76KaXD.ISgJT1oydqFdgfjJpBh6u" //nolint:gosec // this is not a credential
)

Variables

This section is empty.

Functions

func CreateCertificate 

func CreateCertificate(notBefore, notAfter time.Time) ([]byte, []byte, error)

CreateCertificate creates a certificate with the provided time bounds, and returns the PEM representation of the certificate and its private key. The returned certificate is capable of signing child certificates.

func ExpectedLoginPageHTML added in v0.18.0 

func ExpectedLoginPageHTML(wantCSS, wantIDPName, wantPostPath, wantEncodedState, wantAlert string) string

func FullyCapableOIDCClientAndStorageSecret added in v0.20.0 

func FullyCapableOIDCClientAndStorageSecret(
	t *testing.T,
	namespace string,
	clientID string,
	clientUID string,
	redirectURI string,
	hashes []string,
	validateFunc OIDCClientValidatorFunc,
) (*configv1alpha1.OIDCClient, *corev1.Secret)

FullyCapableOIDCClientAndStorageSecret returns an OIDC client which is allowed to use all grant types and all scopes that are supported by the Supervisor for dynamic clients, along with a corresponding client secret storage Secret.

func KubeServerMinorVersionInBetweenInclusive added in v0.20.0 

func KubeServerMinorVersionInBetweenInclusive(t *testing.T, discoveryClient discovery.DiscoveryInterface, min, max int) bool

func KubeServerSupportsCertificatesV1API added in v0.12.1 

func KubeServerSupportsCertificatesV1API(t *testing.T, discoveryClient discovery.DiscoveryInterface) bool

func LogActualJSONFromCreateAction added in v0.13.0 

func LogActualJSONFromCreateAction(t *testing.T, client *fake.Clientset, actionIndex int)

func LogActualJSONFromUpdateAction added in v0.13.0 

func LogActualJSONFromUpdateAction(t *testing.T, client *fake.Clientset, actionIndex int)

func NewFakePinnipedSession added in v0.13.0 

func NewFakePinnipedSession() *psession.PinnipedSession

func NewPreconditions added in v0.11.0 

func NewPreconditions(uid types.UID, rv string) metav1.DeleteOptions

func OIDCClientAndStorageSecret added in v0.20.0 

func OIDCClientAndStorageSecret(
	t *testing.T,
	namespace string,
	clientID string,
	clientUID string,
	allowedGrantTypes []configv1alpha1.GrantType,
	allowedScopes []configv1alpha1.Scope,
	redirectURI string,
	hashes []string,
	validateFunc OIDCClientValidatorFunc,
) (*configv1alpha1.OIDCClient, *corev1.Secret)

OIDCClientAndStorageSecret returns an OIDC client which is allowed to use the specified grant types and scopes, along with a corresponding client secret storage Secret. It also validates the client to make sure that the specified combination of grant types and scopes is considered valid before returning the client.

func OIDCClientSecretStorageSecretForUID added in v0.20.0 

func OIDCClientSecretStorageSecretForUID(t *testing.T, namespace string, oidcClientUID string, hashes []string) *corev1.Secret

func OIDCClientSecretStorageSecretForUIDWithWrongVersion added in v0.20.0 

func OIDCClientSecretStorageSecretForUIDWithWrongVersion(t *testing.T, namespace string, oidcClientUID string) *corev1.Secret

func OIDCClientSecretStorageSecretWithoutName added in v0.20.0 

func OIDCClientSecretStorageSecretWithoutName(t *testing.T, namespace string, hashes []string) *corev1.Secret

func RequireEqualContentType added in v0.3.0 

func RequireEqualContentType(t *testing.T, actual string, expected string)

func RequireNumberOfSecretsExcludingLabelSelector added in v0.20.0 

func RequireNumberOfSecretsExcludingLabelSelector(t *testing.T, secrets v1.SecretInterface, labelSet labels.Set, expectedNumberOfSecrets int)

func RequireNumberOfSecretsMatchingLabelSelector added in v0.3.0 

func RequireNumberOfSecretsMatchingLabelSelector(t *testing.T, secrets v1.SecretInterface, labelSet labels.Set, expectedNumberOfSecrets int)

func RequireSecurityHeadersWithFormPostPageCSPs added in v0.18.0 

func RequireSecurityHeadersWithFormPostPageCSPs(t *testing.T, response *httptest.ResponseRecorder)

func RequireSecurityHeadersWithLoginPageCSPs added in v0.18.0 

func RequireSecurityHeadersWithLoginPageCSPs(t *testing.T, response *httptest.ResponseRecorder)

func RequireSecurityHeadersWithoutCustomCSPs added in v0.18.0 

func RequireSecurityHeadersWithoutCustomCSPs(t *testing.T, response *httptest.ResponseRecorder)

func RequireTimeInDelta added in v0.3.0 

func RequireTimeInDelta(t *testing.T, t1 time.Time, t2 time.Time, delta time.Duration)

func SHA256 added in v0.3.0 

func SHA256(s string) string

SHA256 returns the base64 URL encoding of the SHA256 sum of the provided string.

func TLSTestServer 

func TLSTestServer(t *testing.T, handler http.HandlerFunc) (caBundlePEM, url string)

TLSTestServer starts a test server listening on a local port using a test CA. It returns the PEM CA bundle and the URL of the listening server. The lifetime of the server is bound to the provided *testing.T.

func TLSTestServerWithCert added in v0.9.0 

func TLSTestServerWithCert(t *testing.T, handler http.HandlerFunc, certificate *tls.Certificate) (url string)

func TempDir added in v0.3.0 

func TempDir(t *testing.T) string

func WriteStringToTempFile added in v0.9.0 

func WriteStringToTempFile(t *testing.T, filename string, fileBody string) *os.File

func X509UntrustedCertError added in v0.16.0 

func X509UntrustedCertError(commonName string) string

Types

type ErrorWriter 

type ErrorWriter struct {
	ReturnError error
}

ErrorWriter implements io.Writer by returning a fixed error.

func (*ErrorWriter) Write 

func (e *ErrorWriter) Write([]byte) (int, error)

type OIDCClientValidatorFunc added in v0.20.0 

type OIDCClientValidatorFunc func(oidcClient *configv1alpha1.OIDCClient, secret *corev1.Secret, minBcryptCost int) (bool, []*configv1alpha1.Condition, []string)

OIDCClientValidatorFunc is an interface-like type that allows these test helpers to avoid having a direct dependency on the production code, to avoid circular module dependencies. Implemented by oidcclientvalidator.Validate.

type ObservableWithInformerOption 

type ObservableWithInformerOption struct {
	// contains filtered or unexported fields
}

func NewObservableWithInformerOption 

func NewObservableWithInformerOption() *ObservableWithInformerOption

func (*ObservableWithInformerOption) GetFilterForInformer 

func (i *ObservableWithInformerOption) GetFilterForInformer(getter controllerlib.InformerGetter) controllerlib.Filter

func (*ObservableWithInformerOption) WithInformer 

func (i *ObservableWithInformerOption) WithInformer(
	getter controllerlib.InformerGetter,
	filter controllerlib.Filter,
	opt controllerlib.InformerOption,
) controllerlib.Option

type ObservableWithInitialEventOption 

type ObservableWithInitialEventOption struct {
	// contains filtered or unexported fields
}

func NewObservableWithInitialEventOption 

func NewObservableWithInitialEventOption() *ObservableWithInitialEventOption

func (*ObservableWithInitialEventOption) GetInitialEventKey 

func (i *ObservableWithInitialEventOption) GetInitialEventKey() *controllerlib.Key

func (*ObservableWithInitialEventOption) WithInitialEvent 

func (i *ObservableWithInitialEventOption) WithInitialEvent(key controllerlib.Key) controllerlib.Option

type RoundTrip added in v0.5.0 

type RoundTrip struct {
	MutateRequests, MutateResponses []func(kubeclient.Object) error
	// contains filtered or unexported fields
}

RoundTrip is an implementation of kubeclient.RoundTrip that is easy to use in tests.

func (*RoundTrip) MutateRequest added in v0.5.0 

func (rt *RoundTrip) MutateRequest(fn func(kubeclient.Object) error)

func (*RoundTrip) MutateResponse added in v0.5.0 

func (rt *RoundTrip) MutateResponse(fn func(kubeclient.Object) error)

func (*RoundTrip) Namespace added in v0.5.0 

func (rt *RoundTrip) Namespace() string

func (*RoundTrip) NamespaceScoped added in v0.5.0 

func (rt *RoundTrip) NamespaceScoped() bool

func (*RoundTrip) Resource added in v0.5.0 

func (rt *RoundTrip) Resource() schema.GroupVersionResource

func (*RoundTrip) Subresource added in v0.5.0 

func (rt *RoundTrip) Subresource() string

func (*RoundTrip) Verb added in v0.5.0 

func (rt *RoundTrip) Verb() kubeclient.Verb

func (*RoundTrip) WithNamespace added in v0.5.0 

func (rt *RoundTrip) WithNamespace(namespace string) *RoundTrip

func (*RoundTrip) WithResource added in v0.5.0 

func (rt *RoundTrip) WithResource(resource schema.GroupVersionResource) *RoundTrip

func (*RoundTrip) WithSubresource added in v0.5.0 

func (rt *RoundTrip) WithSubresource(subresource string) *RoundTrip

func (*RoundTrip) WithVerb added in v0.5.0 

func (rt *RoundTrip) WithVerb(verb kubeclient.Verb) *RoundTrip

type TranscriptLogMessage 

type TranscriptLogMessage struct {
	Level   string
	Message string
}

type TranscriptLogger 

type TranscriptLogger struct {
	// contains filtered or unexported fields
}

func NewTranscriptLogger deprecated 

func NewTranscriptLogger(t *testing.T) *TranscriptLogger

Deprecated: Use plog.TestLogger or plog.TestZapr instead. This is meant for old tests only.

func (*TranscriptLogger) Enabled 

func (log *TranscriptLogger) Enabled(level int) bool

func (*TranscriptLogger) Error 

func (log *TranscriptLogger) Error(_ error, msg string, _ ...interface{})

func (*TranscriptLogger) Info 

func (log *TranscriptLogger) Info(level int, msg string, keysAndValues ...interface{})

func (*TranscriptLogger) Init added in v0.13.0 

func (log *TranscriptLogger) Init(info logr.RuntimeInfo)

func (*TranscriptLogger) Transcript 

func (log *TranscriptLogger) Transcript() []TranscriptLogMessage

func (*TranscriptLogger) V 

func (log *TranscriptLogger) V(_ int) logr.LogSink

func (*TranscriptLogger) WithName 

func (log *TranscriptLogger) WithName(_ string) logr.LogSink

func (*TranscriptLogger) WithValues 

func (log *TranscriptLogger) WithValues(_ ...interface{}) logr.LogSink

type ValidCert 

type ValidCert struct {
	// contains filtered or unexported fields
}

func ValidateClientCertificate added in v0.7.0 

func ValidateClientCertificate(t *testing.T, caPEM string, certPEM string) *ValidCert

func ValidateServerCertificate added in v0.7.0 

func ValidateServerCertificate(t *testing.T, caPEM string, certPEM string) *ValidCert

ValidateServerCertificate validates a certificate and provides an object for asserting properties of the certificate.

func (*ValidCert) RequireCommonName 

func (v *ValidCert) RequireCommonName(commonName string)

RequireCommonName asserts that the certificate contains the provided commonName.

func (*ValidCert) RequireDNSName 

func (v *ValidCert) RequireDNSName(expectDNSName string)

RequireDNSName asserts that the certificate matches the provided DNS name.

func (*ValidCert) RequireDNSNames added in v0.7.0 

func (v *ValidCert) RequireDNSNames(names []string)

func (*ValidCert) RequireEmptyDNSNames added in v0.7.0 

func (v *ValidCert) RequireEmptyDNSNames()

func (*ValidCert) RequireEmptyIPs added in v0.7.0 

func (v *ValidCert) RequireEmptyIPs()

func (*ValidCert) RequireIPs added in v0.7.0 

func (v *ValidCert) RequireIPs(ips []net.IP)

func (*ValidCert) RequireLifetime 

func (v *ValidCert) RequireLifetime(expectNotBefore time.Time, expectNotAfter time.Time, delta time.Duration)

RequireLifetime asserts that the lifetime of the certificate matches the expected timestamps.

func (*ValidCert) RequireMatchesPrivateKey 

func (v *ValidCert) RequireMatchesPrivateKey(keyPEM string)

RequireMatchesPrivateKey asserts that the public key in the certificate matches the provided private key.

func (*ValidCert) RequireOrganizations added in v0.7.0 

func (v *ValidCert) RequireOrganizations(orgs []string)

Source Files

View all Source files

Directories

Path Synopsis
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
 Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
Package testlogger wraps logr.Logger to allow for writing test assertions.
 Package testlogger wraps logr.Logger to allow for writing test assertions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.