Documentation ¶
Overview ¶
Package testutil contains shared test utilities for the Pinniped project.
As of right now, it is more or less a dumping ground for our test utilities.
Index ¶
- Constants
- func AddPrefixToEach(prefix string, addToEach []string) []string
- func CreateCertificate(notBefore, notAfter time.Time) ([]byte, []byte, error)
- func ExpectedLoginPageHTML(wantCSS, wantIDPName, wantPostPath, wantEncodedState, wantAlert string) string
- func FullyCapableOIDCClientAndStorageSecret(t *testing.T, namespace string, clientID string, clientUID string, ...) (*configv1alpha1.OIDCClient, *corev1.Secret)
- func KubeServerMinorVersionInBetweenInclusive(t *testing.T, discoveryClient discovery.DiscoveryInterface, min, max int) bool
- func KubeServerSupportsCertificatesV1API(t *testing.T, discoveryClient discovery.DiscoveryInterface) bool
- func LogActualJSONFromCreateAction(t *testing.T, client *fake.Clientset, actionIndex int)
- func LogActualJSONFromUpdateAction(t *testing.T, client *fake.Clientset, actionIndex int)
- func NewFakePinnipedSession() *psession.PinnipedSession
- func NewPreconditions(uid types.UID, rv string) metav1.DeleteOptions
- func OIDCClientAndStorageSecret(t *testing.T, namespace string, clientID string, clientUID string, ...) (*configv1alpha1.OIDCClient, *corev1.Secret)
- func OIDCClientSecretStorageSecretForUID(t *testing.T, namespace string, oidcClientUID string, hashes []string) *corev1.Secret
- func OIDCClientSecretStorageSecretForUIDWithWrongVersion(t *testing.T, namespace string, oidcClientUID string) *corev1.Secret
- func OIDCClientSecretStorageSecretWithoutName(t *testing.T, namespace string, hashes []string) *corev1.Secret
- func RequireEqualContentType(t *testing.T, actual string, expected string)
- func RequireErrorString(t *testing.T, actualErrorStr string, requireFunc RequireErrorStringFunc)
- func RequireErrorStringFromErr(t *testing.T, actualError error, requireFunc RequireErrorStringFunc)
- func RequireNumberOfSecretsExcludingLabelSelector(t *testing.T, secrets v1.SecretInterface, labelSet labels.Set, ...)
- func RequireNumberOfSecretsMatchingLabelSelector(t *testing.T, secrets v1.SecretInterface, labelSet labels.Set, ...)
- func RequireSecurityHeadersWithFormPostPageCSPs(t *testing.T, response *httptest.ResponseRecorder)
- func RequireSecurityHeadersWithLoginPageCSPs(t *testing.T, response *httptest.ResponseRecorder)
- func RequireSecurityHeadersWithoutCustomCSPs(t *testing.T, response *httptest.ResponseRecorder)
- func RequireTimeInDelta(t *testing.T, t1 time.Time, t2 time.Time, delta time.Duration)
- func SHA256(s string) string
- func TLSTestServer(t *testing.T, handler http.HandlerFunc) (caBundlePEM, url string)
- func TLSTestServerWithCert(t *testing.T, handler http.HandlerFunc, certificate *tls.Certificate) (url string)
- func WriteStringToTempFile(t *testing.T, filename string, fileBody string) *os.File
- type ErrorWriter
- type OIDCClientValidatorFunc
- type ObservableWithInformerOption
- type ObservableWithInitialEventOption
- type RequireErrorStringFunc
- func WantExactErrorString(wantErrStr string) RequireErrorStringFunc
- func WantMatchingErrorString(wantErrRegexp string) RequireErrorStringFunc
- func WantSprintfErrorString(wantErrSprintfSpecifier string, a ...interface{}) RequireErrorStringFunc
- func WantX509UntrustedCertErrorString(expectedErrorFormatSpecifier string, expectedCommonName string) RequireErrorStringFunc
- type RoundTrip
- func (rt *RoundTrip) MutateRequest(fn func(kubeclient.Object) error)
- func (rt *RoundTrip) MutateResponse(fn func(kubeclient.Object) error)
- func (rt *RoundTrip) Namespace() string
- func (rt *RoundTrip) NamespaceScoped() bool
- func (rt *RoundTrip) Resource() schema.GroupVersionResource
- func (rt *RoundTrip) Subresource() string
- func (rt *RoundTrip) Verb() kubeclient.Verb
- func (rt *RoundTrip) WithNamespace(namespace string) *RoundTrip
- func (rt *RoundTrip) WithResource(resource schema.GroupVersionResource) *RoundTrip
- func (rt *RoundTrip) WithSubresource(subresource string) *RoundTrip
- func (rt *RoundTrip) WithVerb(verb kubeclient.Verb) *RoundTrip
- type TranscriptLogMessage
- type TranscriptLogger
- func (log *TranscriptLogger) Enabled(level int) bool
- func (log *TranscriptLogger) Error(_ error, msg string, _ ...interface{})
- func (log *TranscriptLogger) Info(level int, msg string, keysAndValues ...interface{})
- func (log *TranscriptLogger) Init(info logr.RuntimeInfo)
- func (log *TranscriptLogger) Transcript() []TranscriptLogMessage
- func (log *TranscriptLogger) V(_ int) logr.LogSink
- func (log *TranscriptLogger) WithName(_ string) logr.LogSink
- func (log *TranscriptLogger) WithValues(_ ...interface{}) logr.LogSink
- type ValidCert
- func (v *ValidCert) RequireCommonName(commonName string)
- func (v *ValidCert) RequireDNSName(expectDNSName string)
- func (v *ValidCert) RequireDNSNames(names []string)
- func (v *ValidCert) RequireEmptyDNSNames()
- func (v *ValidCert) RequireEmptyIPs()
- func (v *ValidCert) RequireIPs(ips []net.IP)
- func (v *ValidCert) RequireLifetime(expectNotBefore time.Time, expectNotAfter time.Time, delta time.Duration)
- func (v *ValidCert) RequireMatchesPrivateKey(keyPEM string)
- func (v *ValidCert) RequireOrganizations(orgs []string)
Constants ¶
const ( AllDynamicClientScopesSpaceSep = "openid offline_access pinniped:request-audience username groups" // PlaintextPassword1 is a fake client secret for use in unit tests, along with several flavors of the bcrypt // hashed version of the password. Do not use for integration tests. PlaintextPassword1 = "password1" HashedPassword1AtGoMinCost = "$2a$04$JfX1ba/ctAt3AGk73E9Zz.Fdki5GiQtj.O/CnPbRRSKQWWfv1svoe" //nolint:gosec // this is not a credential HashedPassword1JustBelowSupervisorMinCost = "$2a$11$w/incy7Z1/ljLYvv2XRg4.WrPgY9oR7phebcgr6rGA3u/5TG9MKOe" //nolint:gosec // this is not a credential HashedPassword1AtSupervisorMinCost = "$2a$12$id4i/yFYxS99txKOFEeboea2kU6DyZY0Nh4ul0eR46sDuoFoNTRV." //nolint:gosec // this is not a credential HashedPassword1InvalidFormat = "$2a$12$id4i/yFYxS99txKOFEeboea2kU6DyZY0Nh4ul0eR46sDuo" //nolint:gosec // this is not a credential // PlaintextPassword2 is a second fake client secret for use in unit tests, along with several flavors of the bcrypt // hashed version of the password. Do not use for integration tests. PlaintextPassword2 = "password2" HashedPassword2AtGoMinCost = "$2a$04$VQ5z6kkgU8JPLGSGctg.s.iYyoac3Oisa/SIM3sDK5BxTrVbCkyNm" //nolint:gosec // this is not a credential HashedPassword2AtSupervisorMinCost = "$2a$12$SdUqoJOn4/3yEQfJx616V.q.f76KaXD.ISgJT1oydqFdgfjJpBh6u" //nolint:gosec // this is not a credential )
Variables ¶
This section is empty.
Functions ¶
func AddPrefixToEach ¶ added in v0.26.0
func CreateCertificate ¶
CreateCertificate creates a certificate with the provided time bounds, and returns the PEM representation of the certificate and its private key. The returned certificate is capable of signing child certificates.
func ExpectedLoginPageHTML ¶ added in v0.18.0
func FullyCapableOIDCClientAndStorageSecret ¶ added in v0.20.0
func FullyCapableOIDCClientAndStorageSecret( t *testing.T, namespace string, clientID string, clientUID string, redirectURI string, hashes []string, validateFunc OIDCClientValidatorFunc, ) (*configv1alpha1.OIDCClient, *corev1.Secret)
FullyCapableOIDCClientAndStorageSecret returns an OIDC client which is allowed to use all grant types and all scopes that are supported by the Supervisor for dynamic clients, along with a corresponding client secret storage Secret.
func KubeServerMinorVersionInBetweenInclusive ¶ added in v0.20.0
func KubeServerSupportsCertificatesV1API ¶ added in v0.12.1
func KubeServerSupportsCertificatesV1API(t *testing.T, discoveryClient discovery.DiscoveryInterface) bool
func LogActualJSONFromCreateAction ¶ added in v0.13.0
func LogActualJSONFromUpdateAction ¶ added in v0.13.0
func NewFakePinnipedSession ¶ added in v0.13.0
func NewFakePinnipedSession() *psession.PinnipedSession
func NewPreconditions ¶ added in v0.11.0
func NewPreconditions(uid types.UID, rv string) metav1.DeleteOptions
func OIDCClientAndStorageSecret ¶ added in v0.20.0
func OIDCClientAndStorageSecret( t *testing.T, namespace string, clientID string, clientUID string, allowedGrantTypes []configv1alpha1.GrantType, allowedScopes []configv1alpha1.Scope, redirectURI string, hashes []string, validateFunc OIDCClientValidatorFunc, ) (*configv1alpha1.OIDCClient, *corev1.Secret)
OIDCClientAndStorageSecret returns an OIDC client which is allowed to use the specified grant types and scopes, along with a corresponding client secret storage Secret. It also validates the client to make sure that the specified combination of grant types and scopes is considered valid before returning the client.
func OIDCClientSecretStorageSecretForUID ¶ added in v0.20.0
func OIDCClientSecretStorageSecretForUIDWithWrongVersion ¶ added in v0.20.0
func OIDCClientSecretStorageSecretWithoutName ¶ added in v0.20.0
func RequireEqualContentType ¶ added in v0.3.0
func RequireErrorString ¶ added in v0.23.0
func RequireErrorString(t *testing.T, actualErrorStr string, requireFunc RequireErrorStringFunc)
RequireErrorString can be used to make assertions about error strings in tests.
func RequireErrorStringFromErr ¶ added in v0.23.0
func RequireErrorStringFromErr(t *testing.T, actualError error, requireFunc RequireErrorStringFunc)
RequireErrorStringFromErr can be used to make assertions about errors in tests.
func RequireNumberOfSecretsExcludingLabelSelector ¶ added in v0.20.0
func RequireNumberOfSecretsMatchingLabelSelector ¶ added in v0.3.0
func RequireSecurityHeadersWithFormPostPageCSPs ¶ added in v0.18.0
func RequireSecurityHeadersWithFormPostPageCSPs(t *testing.T, response *httptest.ResponseRecorder)
func RequireSecurityHeadersWithLoginPageCSPs ¶ added in v0.18.0
func RequireSecurityHeadersWithLoginPageCSPs(t *testing.T, response *httptest.ResponseRecorder)
func RequireSecurityHeadersWithoutCustomCSPs ¶ added in v0.18.0
func RequireSecurityHeadersWithoutCustomCSPs(t *testing.T, response *httptest.ResponseRecorder)
func RequireTimeInDelta ¶ added in v0.3.0
func SHA256 ¶ added in v0.3.0
SHA256 returns the base64 URL encoding of the SHA256 sum of the provided string.
func TLSTestServer ¶
func TLSTestServer(t *testing.T, handler http.HandlerFunc) (caBundlePEM, url string)
TLSTestServer starts a test server listening on a local port using a test CA. It returns the PEM CA bundle and the URL of the listening server. The lifetime of the server is bound to the provided *testing.T.
func TLSTestServerWithCert ¶ added in v0.9.0
func TLSTestServerWithCert(t *testing.T, handler http.HandlerFunc, certificate *tls.Certificate) (url string)
Types ¶
type ErrorWriter ¶
type ErrorWriter struct {
ReturnError error
}
ErrorWriter implements io.Writer by returning a fixed error.
type OIDCClientValidatorFunc ¶ added in v0.20.0
type OIDCClientValidatorFunc func(oidcClient *configv1alpha1.OIDCClient, secret *corev1.Secret, minBcryptCost int) (bool, []*metav1.Condition, []string)
OIDCClientValidatorFunc is an interface-like type that allows these test helpers to avoid having a direct dependency on the production code, to avoid circular module dependencies. Implemented by oidcclientvalidator.Validate.
type ObservableWithInformerOption ¶
type ObservableWithInformerOption struct {
// contains filtered or unexported fields
}
func NewObservableWithInformerOption ¶
func NewObservableWithInformerOption() *ObservableWithInformerOption
func (*ObservableWithInformerOption) GetFilterForInformer ¶
func (i *ObservableWithInformerOption) GetFilterForInformer(getter controllerlib.InformerGetter) controllerlib.Filter
func (*ObservableWithInformerOption) WithInformer ¶
func (i *ObservableWithInformerOption) WithInformer( getter controllerlib.InformerGetter, filter controllerlib.Filter, opt controllerlib.InformerOption, ) controllerlib.Option
type ObservableWithInitialEventOption ¶
type ObservableWithInitialEventOption struct {
// contains filtered or unexported fields
}
func NewObservableWithInitialEventOption ¶
func NewObservableWithInitialEventOption() *ObservableWithInitialEventOption
func (*ObservableWithInitialEventOption) GetInitialEventKey ¶
func (i *ObservableWithInitialEventOption) GetInitialEventKey() *controllerlib.Key
func (*ObservableWithInitialEventOption) WithInitialEvent ¶
func (i *ObservableWithInitialEventOption) WithInitialEvent(key controllerlib.Key) controllerlib.Option
type RequireErrorStringFunc ¶ added in v0.23.0
func WantExactErrorString ¶ added in v0.23.0
func WantExactErrorString(wantErrStr string) RequireErrorStringFunc
WantExactErrorString can be used to set up an expected value for an error string in a test table. Use when you want to express that the expected string must be an exact match.
func WantMatchingErrorString ¶ added in v0.23.0
func WantMatchingErrorString(wantErrRegexp string) RequireErrorStringFunc
WantMatchingErrorString can be used to set up an expected value for an error string in a test table. Use when you want to express that the expected regexp must be a match.
func WantSprintfErrorString ¶ added in v0.23.0
func WantSprintfErrorString(wantErrSprintfSpecifier string, a ...interface{}) RequireErrorStringFunc
WantSprintfErrorString can be used to set up an expected value for an error string in a test table. Use when you want to express that an expected string built using fmt.Sprintf semantics must be an exact match.
func WantX509UntrustedCertErrorString ¶ added in v0.23.0
func WantX509UntrustedCertErrorString(expectedErrorFormatSpecifier string, expectedCommonName string) RequireErrorStringFunc
WantX509UntrustedCertErrorString can be used to set up an expected value for an error string in a test table. expectedErrorFormatString must contain exactly one formatting verb, which should usually be %s, which will be replaced by the platform-specific X509 untrusted certs error string and then compared against expectedCommonName.
type RoundTrip ¶ added in v0.5.0
type RoundTrip struct {
MutateRequests, MutateResponses []func(kubeclient.Object) error
// contains filtered or unexported fields
}
RoundTrip is an implementation of kubeclient.RoundTrip that is easy to use in tests.
func (*RoundTrip) MutateRequest ¶ added in v0.5.0
func (rt *RoundTrip) MutateRequest(fn func(kubeclient.Object) error)
func (*RoundTrip) MutateResponse ¶ added in v0.5.0
func (rt *RoundTrip) MutateResponse(fn func(kubeclient.Object) error)
func (*RoundTrip) NamespaceScoped ¶ added in v0.5.0
func (*RoundTrip) Resource ¶ added in v0.5.0
func (rt *RoundTrip) Resource() schema.GroupVersionResource
func (*RoundTrip) Subresource ¶ added in v0.5.0
func (*RoundTrip) Verb ¶ added in v0.5.0
func (rt *RoundTrip) Verb() kubeclient.Verb
func (*RoundTrip) WithNamespace ¶ added in v0.5.0
func (*RoundTrip) WithResource ¶ added in v0.5.0
func (rt *RoundTrip) WithResource(resource schema.GroupVersionResource) *RoundTrip
func (*RoundTrip) WithSubresource ¶ added in v0.5.0
type TranscriptLogMessage ¶
type TranscriptLogger ¶
type TranscriptLogger struct {
// contains filtered or unexported fields
}
func NewTranscriptLogger
deprecated
func NewTranscriptLogger(t *testing.T) *TranscriptLogger
Deprecated: Use plog.TestLogger or plog.TestZapr instead. This is meant for old tests only.
func (*TranscriptLogger) Enabled ¶
func (log *TranscriptLogger) Enabled(level int) bool
func (*TranscriptLogger) Error ¶
func (log *TranscriptLogger) Error(_ error, msg string, _ ...interface{})
func (*TranscriptLogger) Info ¶
func (log *TranscriptLogger) Info(level int, msg string, keysAndValues ...interface{})
func (*TranscriptLogger) Init ¶ added in v0.13.0
func (log *TranscriptLogger) Init(info logr.RuntimeInfo)
func (*TranscriptLogger) Transcript ¶
func (log *TranscriptLogger) Transcript() []TranscriptLogMessage
func (*TranscriptLogger) WithValues ¶
func (log *TranscriptLogger) WithValues(_ ...interface{}) logr.LogSink
type ValidCert ¶
type ValidCert struct {
// contains filtered or unexported fields
}
func ValidateClientCertificate ¶ added in v0.7.0
func ValidateServerCertificate ¶ added in v0.7.0
ValidateServerCertificate validates a certificate and provides an object for asserting properties of the certificate.
func (*ValidCert) RequireCommonName ¶
RequireCommonName asserts that the certificate contains the provided commonName.
func (*ValidCert) RequireDNSName ¶
RequireDNSName asserts that the certificate matches the provided DNS name.
func (*ValidCert) RequireDNSNames ¶ added in v0.7.0
func (*ValidCert) RequireEmptyDNSNames ¶ added in v0.7.0
func (v *ValidCert) RequireEmptyDNSNames()
func (*ValidCert) RequireEmptyIPs ¶ added in v0.7.0
func (v *ValidCert) RequireEmptyIPs()
func (*ValidCert) RequireIPs ¶ added in v0.7.0
func (*ValidCert) RequireLifetime ¶
func (v *ValidCert) RequireLifetime(expectNotBefore time.Time, expectNotAfter time.Time, delta time.Duration)
RequireLifetime asserts that the lifetime of the certificate matches the expected timestamps.
func (*ValidCert) RequireMatchesPrivateKey ¶
RequireMatchesPrivateKey asserts that the public key in the certificate matches the provided private key.
func (*ValidCert) RequireOrganizations ¶ added in v0.7.0
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
|
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests. |
Package testlogger wraps logr.Logger to allow for writing test assertions.
|
Package testlogger wraps logr.Logger to allow for writing test assertions. |