client-go icon indicating copy to clipboard operation
client-go copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Fake does not support Token Review

Open davidhadas opened this issue 3 years ago • 1 comments

testing TokenReviews requires manipulating the created tokenReview object as part of the test while the submitted toeknReview object sent as part of Create is part of the code being tested.

Example code to be tested:

func (k *KubeMgr) validateToken(token string) (err error) {
	tr := authv1.TokenReview{
		Spec: authv1.TokenReviewSpec{
			Token:     token,
			Audiences: []string{ServiceAudience},
		},
	}
	tokenReview, err := k.cmClient.AuthenticationV1().TokenReviews().Create(context.TODO(), &tr, metav1.CreateOptions{})
	if err != nil {
		err = fmt.Errorf("tokenreviews failed %w - %v", err, tokenReview)
		return
	}
	if !tokenReview.Status.Authenticated {
		err = fmt.Errorf("not Authenticated- %v", tokenReview)
		return
	}
	return
}

The test should be able to manipulate for example the tokenReview.Status.Authenticated returned from the fake client AuthenticationV1().TokenReviews().Create(context.TODO(), &tr, metav1.CreateOptions{}).

Currently, the code returns the created object - i.e. tr in the code above is returned - which does not allow manipulating tokenReview.Status.Authenticated.

It is suggested that we use the tracker and in the case of tokenReview, the Create will return a matching tokenReview from the tracker.

davidhadas avatar Oct 27 '22 17:10 davidhadas

/assign davidhadas

davidhadas avatar Oct 27 '22 17:10 davidhadas

Alternative exists

davidhadas avatar Nov 24 '22 16:11 davidhadas