testutil

package
v0.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2023 License: Apache-2.0 Imports: 49 Imported by: 0

Documentation

Overview

Package testutil contains shared test utilities for the Pinniped project.

As of right now, it is more or less a dumping ground for our test utilities.

Index

Constants

View Source
const (
	AllDynamicClientScopesSpaceSep = "openid offline_access pinniped:request-audience username groups"

	// PlaintextPassword1 is a fake client secret for use in unit tests, along with several flavors of the bcrypt
	// hashed version of the password. Do not use for integration tests.
	PlaintextPassword1                        = "password1"
	HashedPassword1AtGoMinCost                = "$2a$04$JfX1ba/ctAt3AGk73E9Zz.Fdki5GiQtj.O/CnPbRRSKQWWfv1svoe" //nolint:gosec // this is not a credential
	HashedPassword1JustBelowSupervisorMinCost = "$2a$11$w/incy7Z1/ljLYvv2XRg4.WrPgY9oR7phebcgr6rGA3u/5TG9MKOe" //nolint:gosec // this is not a credential
	HashedPassword1AtSupervisorMinCost        = "$2a$12$id4i/yFYxS99txKOFEeboea2kU6DyZY0Nh4ul0eR46sDuoFoNTRV." //nolint:gosec // this is not a credential
	HashedPassword1InvalidFormat              = "$2a$12$id4i/yFYxS99txKOFEeboea2kU6DyZY0Nh4ul0eR46sDuo"        //nolint:gosec // this is not a credential

	// PlaintextPassword2 is a second fake client secret for use in unit tests, along with several flavors of the bcrypt
	// hashed version of the password. Do not use for integration tests.
	PlaintextPassword2                 = "password2"
	HashedPassword2AtGoMinCost         = "$2a$04$VQ5z6kkgU8JPLGSGctg.s.iYyoac3Oisa/SIM3sDK5BxTrVbCkyNm" //nolint:gosec // this is not a credential
	HashedPassword2AtSupervisorMinCost = "$2a$12$SdUqoJOn4/3yEQfJx616V.q.f76KaXD.ISgJT1oydqFdgfjJpBh6u" //nolint:gosec // this is not a credential
)

Variables

This section is empty.

Functions

func AddPrefixToEach added in v0.26.0

func AddPrefixToEach(prefix string, addToEach []string) []string

func CreateCertificate

func CreateCertificate(notBefore, notAfter time.Time) ([]byte, []byte, error)

CreateCertificate creates a certificate with the provided time bounds, and returns the PEM representation of the certificate and its private key. The returned certificate is capable of signing child certificates.

func ExpectedLoginPageHTML added in v0.18.0

func ExpectedLoginPageHTML(wantCSS, wantIDPName, wantPostPath, wantEncodedState, wantAlert string) string

func FullyCapableOIDCClientAndStorageSecret added in v0.20.0

func FullyCapableOIDCClientAndStorageSecret(
	t *testing.T,
	namespace string,
	clientID string,
	clientUID string,
	redirectURI string,
	hashes []string,
	validateFunc OIDCClientValidatorFunc,
) (*configv1alpha1.OIDCClient, *corev1.Secret)

FullyCapableOIDCClientAndStorageSecret returns an OIDC client which is allowed to use all grant types and all scopes that are supported by the Supervisor for dynamic clients, along with a corresponding client secret storage Secret.

func KubeServerMinorVersionInBetweenInclusive added in v0.20.0

func KubeServerMinorVersionInBetweenInclusive(t *testing.T, discoveryClient discovery.DiscoveryInterface, min, max int) bool

func KubeServerSupportsCertificatesV1API added in v0.12.1

func KubeServerSupportsCertificatesV1API(t *testing.T, discoveryClient discovery.DiscoveryInterface) bool

func LogActualJSONFromCreateAction added in v0.13.0

func LogActualJSONFromCreateAction(t *testing.T, client *fake.Clientset, actionIndex int)

func LogActualJSONFromUpdateAction added in v0.13.0

func LogActualJSONFromUpdateAction(t *testing.T, client *fake.Clientset, actionIndex int)

func NewFakePinnipedSession added in v0.13.0

func NewFakePinnipedSession() *psession.PinnipedSession

func NewPreconditions added in v0.11.0

func NewPreconditions(uid types.UID, rv string) metav1.DeleteOptions

func OIDCClientAndStorageSecret added in v0.20.0

func OIDCClientAndStorageSecret(
	t *testing.T,
	namespace string,
	clientID string,
	clientUID string,
	allowedGrantTypes []configv1alpha1.GrantType,
	allowedScopes []configv1alpha1.Scope,
	redirectURI string,
	hashes []string,
	validateFunc OIDCClientValidatorFunc,
) (*configv1alpha1.OIDCClient, *corev1.Secret)

OIDCClientAndStorageSecret returns an OIDC client which is allowed to use the specified grant types and scopes, along with a corresponding client secret storage Secret. It also validates the client to make sure that the specified combination of grant types and scopes is considered valid before returning the client.

func OIDCClientSecretStorageSecretForUID added in v0.20.0

func OIDCClientSecretStorageSecretForUID(t *testing.T, namespace string, oidcClientUID string, hashes []string) *corev1.Secret

func OIDCClientSecretStorageSecretForUIDWithWrongVersion added in v0.20.0

func OIDCClientSecretStorageSecretForUIDWithWrongVersion(t *testing.T, namespace string, oidcClientUID string) *corev1.Secret

func OIDCClientSecretStorageSecretWithoutName added in v0.20.0

func OIDCClientSecretStorageSecretWithoutName(t *testing.T, namespace string, hashes []string) *corev1.Secret

func RequireEqualContentType added in v0.3.0

func RequireEqualContentType(t *testing.T, actual string, expected string)

func RequireErrorString added in v0.23.0

func RequireErrorString(t *testing.T, actualErrorStr string, requireFunc RequireErrorStringFunc)

RequireErrorString can be used to make assertions about error strings in tests.

func RequireErrorStringFromErr added in v0.23.0

func RequireErrorStringFromErr(t *testing.T, actualError error, requireFunc RequireErrorStringFunc)

RequireErrorStringFromErr can be used to make assertions about errors in tests.

func RequireNumberOfSecretsExcludingLabelSelector added in v0.20.0

func RequireNumberOfSecretsExcludingLabelSelector(t *testing.T, secrets v1.SecretInterface, labelSet labels.Set, expectedNumberOfSecrets int)

func RequireNumberOfSecretsMatchingLabelSelector added in v0.3.0

func RequireNumberOfSecretsMatchingLabelSelector(t *testing.T, secrets v1.SecretInterface, labelSet labels.Set, expectedNumberOfSecrets int)

func RequireSecurityHeadersWithFormPostPageCSPs added in v0.18.0

func RequireSecurityHeadersWithFormPostPageCSPs(t *testing.T, response *httptest.ResponseRecorder)

func RequireSecurityHeadersWithLoginPageCSPs added in v0.18.0

func RequireSecurityHeadersWithLoginPageCSPs(t *testing.T, response *httptest.ResponseRecorder)

func RequireSecurityHeadersWithoutCustomCSPs added in v0.18.0

func RequireSecurityHeadersWithoutCustomCSPs(t *testing.T, response *httptest.ResponseRecorder)

func RequireTimeInDelta added in v0.3.0

func RequireTimeInDelta(t *testing.T, t1 time.Time, t2 time.Time, delta time.Duration)

func SHA256 added in v0.3.0

func SHA256(s string) string

SHA256 returns the base64 URL encoding of the SHA256 sum of the provided string.

func TLSTestServer

func TLSTestServer(t *testing.T, handler http.HandlerFunc) (caBundlePEM, url string)

TLSTestServer starts a test server listening on a local port using a test CA. It returns the PEM CA bundle and the URL of the listening server. The lifetime of the server is bound to the provided *testing.T.

func TLSTestServerWithCert added in v0.9.0

func TLSTestServerWithCert(t *testing.T, handler http.HandlerFunc, certificate *tls.Certificate) (url string)

func WriteStringToTempFile added in v0.9.0

func WriteStringToTempFile(t *testing.T, filename string, fileBody string) *os.File

Types

type ErrorWriter

type ErrorWriter struct {
	ReturnError error
}

ErrorWriter implements io.Writer by returning a fixed error.

func (*ErrorWriter) Write

func (e *ErrorWriter) Write([]byte) (int, error)

type OIDCClientValidatorFunc added in v0.20.0

type OIDCClientValidatorFunc func(oidcClient *configv1alpha1.OIDCClient, secret *corev1.Secret, minBcryptCost int) (bool, []*metav1.Condition, []string)

OIDCClientValidatorFunc is an interface-like type that allows these test helpers to avoid having a direct dependency on the production code, to avoid circular module dependencies. Implemented by oidcclientvalidator.Validate.

type ObservableWithInformerOption

type ObservableWithInformerOption struct {
	// contains filtered or unexported fields
}

func NewObservableWithInformerOption

func NewObservableWithInformerOption() *ObservableWithInformerOption

func (*ObservableWithInformerOption) GetFilterForInformer

func (*ObservableWithInformerOption) WithInformer

type ObservableWithInitialEventOption

type ObservableWithInitialEventOption struct {
	// contains filtered or unexported fields
}

func NewObservableWithInitialEventOption

func NewObservableWithInitialEventOption() *ObservableWithInitialEventOption

func (*ObservableWithInitialEventOption) GetInitialEventKey

func (i *ObservableWithInitialEventOption) GetInitialEventKey() *controllerlib.Key

func (*ObservableWithInitialEventOption) WithInitialEvent

type RequireErrorStringFunc added in v0.23.0

type RequireErrorStringFunc func(t *testing.T, actualErrorStr string)

func WantExactErrorString added in v0.23.0

func WantExactErrorString(wantErrStr string) RequireErrorStringFunc

WantExactErrorString can be used to set up an expected value for an error string in a test table. Use when you want to express that the expected string must be an exact match.

func WantMatchingErrorString added in v0.23.0

func WantMatchingErrorString(wantErrRegexp string) RequireErrorStringFunc

WantMatchingErrorString can be used to set up an expected value for an error string in a test table. Use when you want to express that the expected regexp must be a match.

func WantSprintfErrorString added in v0.23.0

func WantSprintfErrorString(wantErrSprintfSpecifier string, a ...interface{}) RequireErrorStringFunc

WantSprintfErrorString can be used to set up an expected value for an error string in a test table. Use when you want to express that an expected string built using fmt.Sprintf semantics must be an exact match.

func WantX509UntrustedCertErrorString added in v0.23.0

func WantX509UntrustedCertErrorString(expectedErrorFormatSpecifier string, expectedCommonName string) RequireErrorStringFunc

WantX509UntrustedCertErrorString can be used to set up an expected value for an error string in a test table. expectedErrorFormatString must contain exactly one formatting verb, which should usually be %s, which will be replaced by the platform-specific X509 untrusted certs error string and then compared against expectedCommonName.

type RoundTrip added in v0.5.0

type RoundTrip struct {
	MutateRequests, MutateResponses []func(kubeclient.Object) error
	// contains filtered or unexported fields
}

RoundTrip is an implementation of kubeclient.RoundTrip that is easy to use in tests.

func (*RoundTrip) MutateRequest added in v0.5.0

func (rt *RoundTrip) MutateRequest(fn func(kubeclient.Object) error)

func (*RoundTrip) MutateResponse added in v0.5.0

func (rt *RoundTrip) MutateResponse(fn func(kubeclient.Object) error)

func (*RoundTrip) Namespace added in v0.5.0

func (rt *RoundTrip) Namespace() string

func (*RoundTrip) NamespaceScoped added in v0.5.0

func (rt *RoundTrip) NamespaceScoped() bool

func (*RoundTrip) Resource added in v0.5.0

func (rt *RoundTrip) Resource() schema.GroupVersionResource

func (*RoundTrip) Subresource added in v0.5.0

func (rt *RoundTrip) Subresource() string

func (*RoundTrip) Verb added in v0.5.0

func (rt *RoundTrip) Verb() kubeclient.Verb

func (*RoundTrip) WithNamespace added in v0.5.0

func (rt *RoundTrip) WithNamespace(namespace string) *RoundTrip

func (*RoundTrip) WithResource added in v0.5.0

func (rt *RoundTrip) WithResource(resource schema.GroupVersionResource) *RoundTrip

func (*RoundTrip) WithSubresource added in v0.5.0

func (rt *RoundTrip) WithSubresource(subresource string) *RoundTrip

func (*RoundTrip) WithVerb added in v0.5.0

func (rt *RoundTrip) WithVerb(verb kubeclient.Verb) *RoundTrip

type TranscriptLogMessage

type TranscriptLogMessage struct {
	Level   string
	Message string
}

type TranscriptLogger

type TranscriptLogger struct {
	// contains filtered or unexported fields
}

func NewTranscriptLogger deprecated

func NewTranscriptLogger(t *testing.T) *TranscriptLogger

Deprecated: Use plog.TestLogger or plog.TestZapr instead. This is meant for old tests only.

func (*TranscriptLogger) Enabled

func (log *TranscriptLogger) Enabled(level int) bool

func (*TranscriptLogger) Error

func (log *TranscriptLogger) Error(_ error, msg string, _ ...interface{})

func (*TranscriptLogger) Info

func (log *TranscriptLogger) Info(level int, msg string, keysAndValues ...interface{})

func (*TranscriptLogger) Init added in v0.13.0

func (log *TranscriptLogger) Init(info logr.RuntimeInfo)

func (*TranscriptLogger) Transcript

func (log *TranscriptLogger) Transcript() []TranscriptLogMessage

func (*TranscriptLogger) V

func (log *TranscriptLogger) V(_ int) logr.LogSink

func (*TranscriptLogger) WithName

func (log *TranscriptLogger) WithName(_ string) logr.LogSink

func (*TranscriptLogger) WithValues

func (log *TranscriptLogger) WithValues(_ ...interface{}) logr.LogSink

type ValidCert

type ValidCert struct {
	// contains filtered or unexported fields
}

func ValidateClientCertificate added in v0.7.0

func ValidateClientCertificate(t *testing.T, caPEM string, certPEM string) *ValidCert

func ValidateServerCertificate added in v0.7.0

func ValidateServerCertificate(t *testing.T, caPEM string, certPEM string) *ValidCert

ValidateServerCertificate validates a certificate and provides an object for asserting properties of the certificate.

func (*ValidCert) RequireCommonName

func (v *ValidCert) RequireCommonName(commonName string)

RequireCommonName asserts that the certificate contains the provided commonName.

func (*ValidCert) RequireDNSName

func (v *ValidCert) RequireDNSName(expectDNSName string)

RequireDNSName asserts that the certificate matches the provided DNS name.

func (*ValidCert) RequireDNSNames added in v0.7.0

func (v *ValidCert) RequireDNSNames(names []string)

func (*ValidCert) RequireEmptyDNSNames added in v0.7.0

func (v *ValidCert) RequireEmptyDNSNames()

func (*ValidCert) RequireEmptyIPs added in v0.7.0

func (v *ValidCert) RequireEmptyIPs()

func (*ValidCert) RequireIPs added in v0.7.0

func (v *ValidCert) RequireIPs(ips []net.IP)

func (*ValidCert) RequireLifetime

func (v *ValidCert) RequireLifetime(expectNotBefore time.Time, expectNotAfter time.Time, delta time.Duration)

RequireLifetime asserts that the lifetime of the certificate matches the expected timestamps.

func (*ValidCert) RequireMatchesPrivateKey

func (v *ValidCert) RequireMatchesPrivateKey(keyPEM string)

RequireMatchesPrivateKey asserts that the public key in the certificate matches the provided private key.

func (*ValidCert) RequireOrganizations added in v0.7.0

func (v *ValidCert) RequireOrganizations(orgs []string)

Directories

Path Synopsis
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
Package testlogger wraps logr.Logger to allow for writing test assertions.
Package testlogger wraps logr.Logger to allow for writing test assertions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL