Documentation ¶
Index ¶
- func AccessAsGroupTest(ctx context.Context, testGroup string, clientUnderTest kubernetes.Interface) func(t *testing.T)
- func AccessAsGroupWithKubectlTest(testKubeConfigYAML string, testGroup string, expectedNamespace string) func(t *testing.T)
- func AccessAsUserTest(ctx context.Context, testUsername string, clientUnderTest kubernetes.Interface) func(t *testing.T)
- func AccessAsUserWithKubectlTest(testKubeConfigYAML string, testUsername string, expectedNamespace string) func(t *testing.T)
- func CreateClientCredsSecret(t *testing.T, clientID string, clientSecret string) *corev1.Secret
- func CreatePod(ctx context.Context, t *testing.T, name, namespace string, spec corev1.PodSpec) *corev1.Pod
- func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef rbacv1.RoleRef) *rbacv1.ClusterRoleBinding
- func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, ...) *configv1alpha1.FederationDomain
- func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alpha1.JWTAuthenticatorSpec) corev1.TypedLocalObjectReference
- func CreateTestJWTAuthenticatorForCLIUpstream(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
- func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityProviderSpec, ...) *idpv1alpha1.OIDCIdentityProvider
- func CreateTestSecret(t *testing.T, namespace string, baseName string, secretType corev1.SecretType, ...) *corev1.Secret
- func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
- func CreateTokenCredentialRequest(ctx context.Context, t *testing.T, spec v1alpha1.TokenCredentialRequestSpec) (*v1alpha1.TokenCredentialRequest, error)
- func LookupIP(ctx context.Context, hostname string) ([]net.IP, error)
- func MaskTokens(in string) string
- func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface
- func NewAnonymousClientRestConfig(t *testing.T) *rest.Config
- func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface
- func NewClientConfig(t *testing.T) *rest.Config
- func NewClientsetForKubeConfig(t *testing.T, kubeConfig string) kubernetes.Interface
- func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface
- func NewConciergeClientset(t *testing.T) conciergeclientset.Interface
- func NewKubeclient(t *testing.T, config *rest.Config) *kubeclient.Client
- func NewKubernetesClientset(t *testing.T) kubernetes.Interface
- func NewLoggerReader(t *testing.T, name string, reader io.Reader) io.Reader
- func NewRestConfigFromKubeconfig(t *testing.T, kubeConfig string) *rest.Config
- func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface
- func PinnipedCLIPath(t *testing.T) string
- func RandHex(t *testing.T, numBytes int) string
- func RequireEventuallyWithoutError(t *testing.T, f func() (bool, error), waitFor time.Duration, ...)
- func RequireNeverWithoutError(t *testing.T, f func() (bool, error), waitFor time.Duration, ...)
- func Sdump(a ...interface{}) string
- func SkipUnlessIntegration(t *testing.T)
- func WaitForUserToHaveAccess(t *testing.T, user string, groups []string, ...)
- type Capability
- type TestEnv
- type TestOIDCUpstream
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AccessAsGroupTest ¶ added in v0.2.0
func AccessAsGroupTest( ctx context.Context, testGroup string, clientUnderTest kubernetes.Interface, ) func(t *testing.T)
AccessAsGroupTest runs a generic test in which a clientUnderTest with membership in group testGroup tries to auth to the kube API (i.e., list namespaces).
Use this function if you want to simply validate that a user can auth to the kube API (via a group membership) after performing a Pinniped credential exchange.
func AccessAsGroupWithKubectlTest ¶ added in v0.2.0
func AccessAsUserTest ¶ added in v0.2.0
func AccessAsUserTest( ctx context.Context, testUsername string, clientUnderTest kubernetes.Interface, ) func(t *testing.T)
AccessAsUserTest runs a generic test in which a clientUnderTest operating with username testUsername tries to auth to the kube API (i.e., list namespaces).
Use this function if you want to simply validate that a user can auth to the kube API after performing a Pinniped credential exchange.
func AccessAsUserWithKubectlTest ¶ added in v0.2.0
func CreateClientCredsSecret ¶ added in v0.3.0
func CreateTestClusterRoleBinding ¶ added in v0.3.0
func CreateTestFederationDomain ¶ added in v0.3.0
func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, expectStatus configv1alpha1.FederationDomainStatusCondition) *configv1alpha1.FederationDomain
CreateTestFederationDomain creates and returns a test FederationDomain in $PINNIPED_TEST_SUPERVISOR_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It generates a random, valid, issuer for the FederationDomain.
If the provided issuer is not the empty string, then it will be used for the FederationDomain.Spec.Issuer field. Else, a random issuer will be generated.
func CreateTestJWTAuthenticator ¶ added in v0.3.0
func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alpha1.JWTAuthenticatorSpec) corev1.TypedLocalObjectReference
CreateTestJWTAuthenticator creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.
func CreateTestJWTAuthenticatorForCLIUpstream ¶ added in v0.3.0
func CreateTestJWTAuthenticatorForCLIUpstream(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
CreateTestJWTAuthenticatorForCLIUpstream creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.
CreateTestJWTAuthenticatorForCLIUpstream gets the OIDC issuer info from IntegrationEnv().CLITestUpstream.
func CreateTestOIDCIdentityProvider ¶ added in v0.3.0
func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityProviderSpec, expectedPhase idpv1alpha1.OIDCIdentityProviderPhase) *idpv1alpha1.OIDCIdentityProvider
func CreateTestSecret ¶ added in v0.3.0
func CreateTestWebhookAuthenticator ¶ added in v0.2.0
func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference
CreateTestWebhookAuthenticator creates and returns a test WebhookAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test webhook authenticator within the test namespace.
func CreateTokenCredentialRequest ¶ added in v0.7.0
func CreateTokenCredentialRequest(ctx context.Context, t *testing.T, spec v1alpha1.TokenCredentialRequestSpec) (*v1alpha1.TokenCredentialRequest, error)
func LookupIP ¶ added in v0.3.0
LookupIP looks up the IP address of the provided hostname, preferring IPv4.
func MaskTokens ¶ added in v0.3.0
MaskTokens makes a best-effort attempt to mask out things that look like secret tokens in test output. The goal is more to have readable test output than for any security reason.
func NewAggregatedClientset ¶
func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface
func NewAnonymousClientRestConfig ¶ added in v0.7.0
Returns a rest.Config without any user authentication info.
func NewAnonymousConciergeClientset ¶ added in v0.2.0
func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface
func NewClientsetForKubeConfig ¶
func NewClientsetForKubeConfig(t *testing.T, kubeConfig string) kubernetes.Interface
func NewClientsetWithCertAndKey ¶
func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface
func NewConciergeClientset ¶ added in v0.2.0
func NewConciergeClientset(t *testing.T) conciergeclientset.Interface
func NewKubeclient ¶ added in v0.7.0
func NewKubernetesClientset ¶ added in v0.5.0
func NewKubernetesClientset(t *testing.T) kubernetes.Interface
func NewLoggerReader ¶ added in v0.2.0
NewLoggerReader wraps an io.Reader to log its input and output. It also performs some heuristic token masking.
func NewRestConfigFromKubeconfig ¶ added in v0.3.0
func NewSupervisorClientset ¶ added in v0.2.0
func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface
func PinnipedCLIPath ¶ added in v0.3.0
PinnipedCLIPath returns the path to the Pinniped CLI binary, built on demand and cached between tests.
func RequireEventuallyWithoutError ¶ added in v0.4.0
func RequireEventuallyWithoutError( t *testing.T, f func() (bool, error), waitFor time.Duration, tick time.Duration, msgAndArgs ...interface{}, )
RequireEventuallyWithoutError is similar to require.Eventually() except that it also allows the caller to return an error from the condition function. If the condition function returns an error at any point, the assertion will immediately fail.
func RequireNeverWithoutError ¶ added in v0.7.0
func RequireNeverWithoutError( t *testing.T, f func() (bool, error), waitFor time.Duration, tick time.Duration, msgAndArgs ...interface{}, )
RequireNeverWithoutError is similar to require.Never() except that it also allows the caller to return an error from the condition function. If the condition function returns an error at any point, the assertion will immediately fail.
func SkipUnlessIntegration ¶
SkipUnlessIntegration skips the current test if `-short` has been passed to `go test`.
func WaitForUserToHaveAccess ¶ added in v0.7.0
func WaitForUserToHaveAccess(t *testing.T, user string, groups []string, shouldHaveAccessTo *authorizationv1.ResourceAttributes)
Types ¶
type Capability ¶ added in v0.2.0
type Capability string
const ( ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable" AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported" HasExternalLoadBalancerProvider Capability = "hasExternalLoadBalancerProvider" )
type TestEnv ¶
type TestEnv struct { ToolsNamespace string `json:"toolsNamespace"` ConciergeNamespace string `json:"conciergeNamespace"` SupervisorNamespace string `json:"supervisorNamespace"` ConciergeAppName string `json:"conciergeAppName"` SupervisorAppName string `json:"supervisorAppName"` SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"` ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"` Capabilities map[Capability]bool `json:"capabilities"` TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"` SupervisorHTTPAddress string `json:"supervisorHttpAddress"` SupervisorHTTPSAddress string `json:"supervisorHttpsAddress"` SupervisorHTTPSIngressAddress string `json:"supervisorHttpsIngressAddress"` SupervisorHTTPSIngressCABundle string `json:"supervisorHttpsIngressCABundle"` Proxy string `json:"proxy"` APIGroupSuffix string `json:"apiGroupSuffix"` TestUser struct { Token string `json:"token"` ExpectedUsername string `json:"expectedUsername"` ExpectedGroups []string `json:"expectedGroups"` } `json:"testUser"` CLITestUpstream TestOIDCUpstream `json:"cliOIDCUpstream"` SupervisorTestUpstream TestOIDCUpstream `json:"supervisorOIDCUpstream"` // contains filtered or unexported fields }
TestEnv captures all the external parameters consumed by our integration tests.
func IntegrationEnv ¶
IntegrationEnv gets the integration test environment from OS environment variables. This method also implies SkipUnlessIntegration().
func (*TestEnv) HasCapability ¶
func (e *TestEnv) HasCapability(cap Capability) bool
func (*TestEnv) ProxyEnv ¶ added in v0.3.0
ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.
func (*TestEnv) WithCapability ¶
func (e *TestEnv) WithCapability(cap Capability) *TestEnv
func (*TestEnv) WithoutCapability ¶
func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv
type TestOIDCUpstream ¶ added in v0.3.0
type TestOIDCUpstream struct { Issuer string `json:"issuer"` CABundle string `json:"caBundle"` AdditionalScopes []string `json:"additionalScopes"` UsernameClaim string `json:"usernameClaim"` GroupsClaim string `json:"groupsClaim"` ClientID string `json:"clientID"` ClientSecret string `json:"clientSecret"` CallbackURL string `json:"callback"` Username string `json:"username"` Password string `json:"password"` ExpectedGroups []string `json:"expectedGroups"` }
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package browsertest provides integration test helpers for our browser-based tests.
|
Package browsertest provides integration test helpers for our browser-based tests. |