Merge branch 'main' into proposal_process

test/integration/cli_test.go

@@ -170,7 +170,7 @@ func deserializeWhoAmIRequest(t *testing.T, data string, apiGroupSuffix string)
 	return obj.(*identityv1alpha1.WhoAmIRequest)
 }
 
-func TestCLILoginOIDC(t *testing.T) {
+func TestCLILoginOIDC_Browser(t *testing.T) {
 	env := testlib.IntegrationEnv(t)
 
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)

test/integration/concierge_credentialrequest_test.go

@@ -1,4 +1,4 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package integration
@@ -45,10 +45,10 @@ func TestUnsuccessfulCredentialRequest_Parallel(t *testing.T) {
 	require.Equal(t, "authentication failed", *response.Status.Message)
 }
 
-// TestSuccessfulCredentialRequest cannot run in parallel because runPinnipedLoginOIDC uses a fixed port
+// TestSuccessfulCredentialRequest_Browser cannot run in parallel because runPinnipedLoginOIDC uses a fixed port
 // for its localhost listener via --listen-port=env.CLIUpstreamOIDC.CallbackURL.Port() per oidcLoginCommand.
 // Since ports are global to the process, tests using oidcLoginCommand must be run serially.
-func TestSuccessfulCredentialRequest(t *testing.T) {
+func TestSuccessfulCredentialRequest_Browser(t *testing.T) {
 	env := testlib.IntegrationEnv(t).WithCapability(testlib.ClusterSigningKeyIsAvailable)
 
 	ctx, cancel := context.WithTimeout(context.Background(), 6*time.Minute)

test/integration/e2e_test.go

@@ -17,6 +17,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"regexp"
+	"runtime"
 	"sort"
 	"strings"
 	"sync/atomic"
@@ -47,8 +48,8 @@ import (
 	"go.pinniped.dev/test/testlib/browsertest"
 )
 
-// TestE2EFullIntegration tests a full integration scenario that combines the supervisor, concierge, and CLI.
-func TestE2EFullIntegration(t *testing.T) { // nolint:gocyclo
+// TestE2EFullIntegration_Browser tests a full integration scenario that combines the supervisor, concierge, and CLI.
+func TestE2EFullIntegration_Browser(t *testing.T) { // nolint:gocyclo
 	env := testlib.IntegrationEnv(t)
 
 	ctx, cancelFunc := context.WithTimeout(context.Background(), 10*time.Minute)
@@ -449,8 +450,13 @@ func TestE2EFullIntegration(t *testing.T) { // nolint:gocyclo
 		start := time.Now()
 		kubectlCmd := exec.CommandContext(ctx, "kubectl", "get", "namespace", "--kubeconfig", kubeconfigPath)
 		kubectlCmd.Env = append(os.Environ(), env.ProxyEnv()...)
-		stdoutPipe, err := kubectlCmd.StdoutPipe()
-		require.NoError(t, err)
+		var kubectlStdoutPipe io.ReadCloser
+		if runtime.GOOS != "darwin" {
+			// For some unknown reason this breaks the pty library on some MacOS machines.
+			// The problem doesn't reproduce for everyone, so this is just a workaround.
+			kubectlStdoutPipe, err = kubectlCmd.StdoutPipe()
+			require.NoError(t, err)
+		}
 		ptyFile, err := pty.Start(kubectlCmd)
 		require.NoError(t, err)
 
@@ -492,10 +498,19 @@ func TestE2EFullIntegration(t *testing.T) { // nolint:gocyclo
 		t.Logf("waiting for kubectl to output namespace list")
 		// Read all output from the subprocess until EOF.
 		// Ignore any errors returned because there is always an error on linux.
-		kubectlStdOutOutputBytes, _ := ioutil.ReadAll(stdoutPipe)
-		kubectlStdErrOutputBytes, _ := ioutil.ReadAll(ptyFile)
-		requireKubectlGetNamespaceOutput(t, env, string(kubectlStdOutOutputBytes))
-		require.Contains(t, string(kubectlStdErrOutputBytes), "Access token from identity provider has lifetime of less than 3 hours. Expect frequent prompts to log in.")
+		kubectlPtyOutputBytes, _ := ioutil.ReadAll(ptyFile)
+		if kubectlStdoutPipe != nil {
+			// On non-MacOS check that stdout of the CLI contains the expected output.
+			kubectlStdOutOutputBytes, _ := ioutil.ReadAll(kubectlStdoutPipe)
+			requireKubectlGetNamespaceOutput(t, env, string(kubectlStdOutOutputBytes))
+		} else {
+			// On MacOS check that the pty (stdout+stderr+stdin) of the CLI contains the expected output.
+			requireKubectlGetNamespaceOutput(t, env, string(kubectlPtyOutputBytes))
+		}
+		// Due to the GOOS check in the code above, on MacOS the pty will include stdout, and other platforms it will not.
+		// This warning message is supposed to be printed by the CLI on stderr.
+		require.Contains(t, string(kubectlPtyOutputBytes),
+			"Access token from identity provider has lifetime of less than 3 hours. Expect frequent prompts to log in.")
 
 		t.Logf("first kubectl command took %s", time.Since(start).String())
 
@@ -1013,7 +1028,7 @@ func readFromFileUntilStringIsSeen(t *testing.T, f *os.File, until string) strin
 			return true, nil // found it! finished.
 		}
 		if foundEOF {
-			return false, fmt.Errorf("reached EOF of subcommand's output without seeing expected string %q", until)
+			return false, fmt.Errorf("reached EOF of subcommand's output without seeing expected string %q. Output read so far was:\n%s", until, readFromFile)
 		}
 		return false, nil // keep waiting and reading
 	}, 1*time.Minute, 1*time.Second)

test/integration/formposthtml_test.go

@@ -25,7 +25,7 @@ import (
 )
 
 // safe to run in parallel with serial tests since it only interacts with a test local server, see main_test.go.
-func TestFormPostHTML_Parallel(t *testing.T) {
+func TestFormPostHTML_Browser_Parallel(t *testing.T) {
 	_ = testlib.IntegrationEnv(t)
 
 	// Run a mock callback handler, simulating the one running in the CLI.

test/integration/supervisor_login_test.go

@@ -47,7 +47,7 @@ import (
 )
 
 // nolint:gocyclo
-func TestSupervisorLogin(t *testing.T) {
+func TestSupervisorLogin_Browser(t *testing.T) {
 	env := testlib.IntegrationEnv(t)
 
 	tests := []struct {

test/testlib/browsertest/browsertest.go

@@ -6,6 +6,7 @@ package browsertest
 
 import (
 	"regexp"
+	"strings"
 	"testing"
 	"time"
 
@@ -20,10 +21,16 @@ const (
 	operationPollingInterval = 100 * time.Millisecond
 )
 
-// Open a webdriver-driven browser and returns an *agouti.Page to control it. The browser  will be automatically
+// Open a webdriver-driven browser and returns an *agouti.Page to control it. The browser will be automatically
 // closed at the end of the current test. It is configured for test purposes with the correct HTTP proxy and
 // in a mode that ignore certificate errors.
 func Open(t *testing.T) *agouti.Page {
+	t.Helper()
+
+	// make it trivial to run all browser based tests via:
+	// go test -v -race -count 1 -timeout 0 ./test/integration -run '/_Browser'
+	require.Contains(t, rootTestName(t), "_Browser", "browser based tests must contain the string _Browser in their name")
+
 	t.Logf("opening browser driver")
 	env := testlib.IntegrationEnv(t)
 	caps := agouti.NewCapabilities()
@@ -58,6 +65,25 @@ func Open(t *testing.T) *agouti.Page {
 	return page
 }
 
+func rootTestName(t *testing.T) string {
+	switch names := strings.SplitN(t.Name(), "/", 3); len(names) {
+	case 0:
+		panic("impossible")
+
+	case 1:
+		return names[0]
+
+	case 2, 3:
+		if strings.HasPrefix(names[0], "TestIntegration") {
+			return names[1]
+		}
+		return names[0]
+
+	default:
+		panic("impossible")
+	}
+}
+
 // WaitForVisibleElements expects the page to contain all the the elements specified by the selectors. It waits for this
 // to occur and times out, failing the test, if they never appear.
 func WaitForVisibleElements(t *testing.T, page *agouti.Page, selectors ...string) {