Code changes to support Kube 0.26 deps

internal/controller/kubecertagent/kubecertagent.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 // Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is
@@ -317,7 +317,7 @@ func (c *agentController) Sync(ctx controllerlib.Context) error {
 	}
 
 	// Load the certificate and key from the agent pod into our in-memory signer.
-	if err := c.loadSigningKey(newestAgentPod); err != nil {
+	if err := c.loadSigningKey(ctx.Context, newestAgentPod); err != nil {
 		return c.failStrategyAndErr(ctx.Context, credIssuer, firstErr(depErr, err), configv1alpha1.CouldNotFetchKeyStrategyReason)
 	}
 
@@ -341,14 +341,14 @@ func (c *agentController) Sync(ctx controllerlib.Context) error {
 	})
 }
 
-func (c *agentController) loadSigningKey(agentPod *corev1.Pod) error {
+func (c *agentController) loadSigningKey(ctx context.Context, agentPod *corev1.Pod) error {
 	// If we remember successfully loading the key from this pod recently, we can skip this step and return immediately.
 	if _, exists := c.execCache.Get(agentPod.UID); exists {
 		return nil
 	}
 
 	// Exec into the agent pod and cat out the certificate and the key.
-	outputJSON, err := c.executor.Exec(agentPod.Namespace, agentPod.Name, "pinniped-concierge-kube-cert-agent", "print")
+	outputJSON, err := c.executor.Exec(ctx, agentPod.Namespace, agentPod.Name, "pinniped-concierge-kube-cert-agent", "print")
 	if err != nil {
 		return fmt.Errorf("could not exec into agent pod %s/%s: %w", agentPod.Namespace, agentPod.Name, err)
 	}

internal/controller/kubecertagent/kubecertagent_test.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package kubecertagent
@@ -229,7 +229,7 @@ func TestAgentController(t *testing.T) {
 	}
 
 	mockExecSucceeds := func(t *testing.T, executor *mocks.MockPodCommandExecutorMockRecorder, dynamicCert *mocks.MockDynamicCertPrivateMockRecorder, execCache *cache.Expiring) {
-		executor.Exec("concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
+		executor.Exec(gomock.Any(), "concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
 			Return(`{"tls.crt": "dGVzdC1jZXJ0", "tls.key": "dGVzdC1rZXk="}`, nil) // "test-cert" / "test-key"
 		dynamicCert.SetCertKeyContent([]byte("test-cert"), []byte("test-key")).
 			Return(nil)
@@ -740,7 +740,7 @@ func TestAgentController(t *testing.T) {
 				validClusterInfoConfigMap,
 			},
 			mocks: func(t *testing.T, executor *mocks.MockPodCommandExecutorMockRecorder, dynamicCert *mocks.MockDynamicCertPrivateMockRecorder, execCache *cache.Expiring) {
-				executor.Exec("concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
+				executor.Exec(gomock.Any(), "concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
 					Return("", fmt.Errorf("some exec error")).
 					AnyTimes()
 			},
@@ -769,7 +769,7 @@ func TestAgentController(t *testing.T) {
 				validClusterInfoConfigMap,
 			},
 			mocks: func(t *testing.T, executor *mocks.MockPodCommandExecutorMockRecorder, dynamicCert *mocks.MockDynamicCertPrivateMockRecorder, execCache *cache.Expiring) {
-				executor.Exec("concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
+				executor.Exec(gomock.Any(), "concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
 					Return("bogus-data", nil).
 					AnyTimes()
 			},
@@ -798,7 +798,7 @@ func TestAgentController(t *testing.T) {
 				validClusterInfoConfigMap,
 			},
 			mocks: func(t *testing.T, executor *mocks.MockPodCommandExecutorMockRecorder, dynamicCert *mocks.MockDynamicCertPrivateMockRecorder, execCache *cache.Expiring) {
-				executor.Exec("concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
+				executor.Exec(gomock.Any(), "concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
 					Return(`{"tls.crt": "invalid"}`, nil).
 					AnyTimes()
 			},
@@ -827,7 +827,7 @@ func TestAgentController(t *testing.T) {
 				validClusterInfoConfigMap,
 			},
 			mocks: func(t *testing.T, executor *mocks.MockPodCommandExecutorMockRecorder, dynamicCert *mocks.MockDynamicCertPrivateMockRecorder, execCache *cache.Expiring) {
-				executor.Exec("concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
+				executor.Exec(gomock.Any(), "concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
 					Return(`{"tls.crt": "dGVzdAo=", "tls.key": "invalid"}`, nil).
 					AnyTimes()
 			},
@@ -856,7 +856,7 @@ func TestAgentController(t *testing.T) {
 				validClusterInfoConfigMap,
 			},
 			mocks: func(t *testing.T, executor *mocks.MockPodCommandExecutorMockRecorder, dynamicCert *mocks.MockDynamicCertPrivateMockRecorder, execCache *cache.Expiring) {
-				executor.Exec("concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
+				executor.Exec(gomock.Any(), "concierge", "pinniped-concierge-kube-cert-agent-xyz-1234", "pinniped-concierge-kube-cert-agent", "print").
 					Return(`{"tls.crt": "dGVzdC1jZXJ0", "tls.key": "dGVzdC1rZXk="}`, nil). // "test-cert" / "test-key"
 					AnyTimes()
 				dynamicCert.SetCertKeyContent([]byte("test-cert"), []byte("test-key")).

internal/controller/kubecertagent/mocks/mockpodcommandexecutor.go

@@ -9,6 +9,7 @@
 package mocks
 
 import (
+	context "context"
 	reflect "reflect"
 
 	gomock "github.com/golang/mock/gomock"
@@ -38,10 +39,10 @@ func (m *MockPodCommandExecutor) EXPECT() *MockPodCommandExecutorMockRecorder {
 }
 
 // Exec mocks base method.
-func (m *MockPodCommandExecutor) Exec(arg0, arg1 string, arg2 ...string) (string, error) {
+func (m *MockPodCommandExecutor) Exec(arg0 context.Context, arg1, arg2 string, arg3 ...string) (string, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []interface{}{arg0, arg1, arg2}
+	for _, a := range arg3 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "Exec", varargs...)
@@ -51,8 +52,8 @@ func (m *MockPodCommandExecutor) Exec(arg0, arg1 string, arg2 ...string) (string
 }
 
 // Exec indicates an expected call of Exec.
-func (mr *MockPodCommandExecutorMockRecorder) Exec(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+func (mr *MockPodCommandExecutorMockRecorder) Exec(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	varargs := append([]interface{}{arg0, arg1, arg2}, arg3...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Exec", reflect.TypeOf((*MockPodCommandExecutor)(nil).Exec), varargs...)
 }

internal/controller/kubecertagent/pod_command_executor.go

@@ -1,10 +1,11 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package kubecertagent
 
 import (
 	"bytes"
+	"context"
 
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
@@ -15,7 +16,7 @@ import (
 
 // PodCommandExecutor can exec a command in a pod located via namespace and name.
 type PodCommandExecutor interface {
-	Exec(podNamespace string, podName string, commandAndArgs ...string) (stdoutResult string, err error)
+	Exec(ctx context.Context, podNamespace string, podName string, commandAndArgs ...string) (stdoutResult string, err error)
 }
 
 type kubeClientPodCommandExecutor struct {
@@ -31,8 +32,7 @@ func NewPodCommandExecutor(kubeConfig *restclient.Config, kubeClient kubernetes.
 	return &kubeClientPodCommandExecutor{kubeConfig: kubeConfig, kubeClient: kubeClient}
 }
 
-func (s *kubeClientPodCommandExecutor) Exec(podNamespace string, podName string, commandAndArgs ...string) (string, error) {
-	// TODO: see if we can add a timeout or make this cancelable somehow
+func (s *kubeClientPodCommandExecutor) Exec(ctx context.Context, podNamespace string, podName string, commandAndArgs ...string) (string, error) {
 	request := s.kubeClient.
 		CoreV1().
 		RESTClient().
@@ -55,7 +55,7 @@ func (s *kubeClientPodCommandExecutor) Exec(podNamespace string, podName string,
 	}
 
 	var stdoutBuf bytes.Buffer
-	if err := executor.Stream(remotecommand.StreamOptions{Stdout: &stdoutBuf}); err != nil {
+	if err := executor.StreamWithContext(ctx, remotecommand.StreamOptions{Stdout: &stdoutBuf}); err != nil {
 		return "", err
 	}
 	return stdoutBuf.String(), nil

internal/controller/kubecertagent/pod_command_executor_test.go

@@ -1,9 +1,10 @@
-// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package kubecertagent
 
 import (
+	"context"
 	"net/http"
 	"testing"
 
@@ -36,7 +37,7 @@ func TestSecureTLS(t *testing.T) {
 	// build this exactly like our production could does
 	podCommandExecutor := NewPodCommandExecutor(client.JSONConfig, client.Kubernetes)
 
-	got, err := podCommandExecutor.Exec("podNamespace", "podName", "command", "arg1", "arg2")
+	got, err := podCommandExecutor.Exec(context.Background(), "podNamespace", "podName", "command", "arg1", "arg2")
 	require.Equal(t, &errors.StatusError{}, err)
 	require.Empty(t, got)