test/library: use client-go anonymous rest config helper

I saw this helper function the other day and wondered if we could use it. It does indeed look like it does what we want, because when I run this code, I get `...User "system:anonymous" cannot get resource...`. c := library.NewAnonymousPinnipedClientset(t) _, err := c. ConfigV1alpha1(). CredentialIssuerConfigs("integration"). Get(context.Background(), "pinniped-config", metav1.GetOptions{}) t.Log(err) I also ran a similar test using this new helper in the context of library.NewClientsetWithCertAndKey(). Seemed to get us what we want. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2026-01-03 11:45:45 +00:00 · 2020-09-28 08:57:47 -04:00
parent efe420b737
commit 38e26d7a49
1 changed files with 1 additions and 30 deletions
--- a/test/library/client.go
+++ b/test/library/client.go
@@ -16,7 +16,6 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"

 	idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1"
@@ -98,38 +97,10 @@ func newClientsetWithConfig(t *testing.T, config *rest.Config) kubernetes.Interf
 }

 // Returns a rest.Config without any user authentication info.
-// Ensures that we are not accidentally picking up any authentication info from the kube config file.
-// E.g. If your kube config were pointing at an Azure cluster, it would have both certs and a token,
-// and we don't want our tests to accidentally pick up that token.
 func newAnonymousClientRestConfig(t *testing.T) *rest.Config {
 	t.Helper()

-	realConfig := NewClientConfig(t)
-
-	out, err := ioutil.TempFile("", "pinniped-anonymous-kubeconfig-test-*")
-	require.NoError(t, err)
-	defer os.Remove(out.Name())
-
-	anonConfig := clientcmdapi.NewConfig()
-	anonConfig.Clusters["anonymous-cluster"] = &clientcmdapi.Cluster{
-		Server:                   realConfig.Host,
-		CertificateAuthorityData: realConfig.CAData,
-	}
-	anonConfig.Contexts["anonymous"] = &clientcmdapi.Context{
-		Cluster: "anonymous-cluster",
-	}
-	anonConfig.CurrentContext = "anonymous"
-
-	data, err := clientcmd.Write(*anonConfig)
-	require.NoError(t, err)
-
-	_, err = out.Write(data)
-	require.NoError(t, err)
-
-	restConfig, err := clientcmd.BuildConfigFromFlags("", out.Name())
-	require.NoError(t, err)
-
-	return restConfig
+	return rest.AnonymousClientConfig(NewClientConfig(t))
 }

 // Starting with an anonymous client config, add a cert and key to use for authentication in the API server.