use TokenReview API to Authenticate requests (#9)

* use TokenReview API to Authenticate requests Signed-off-by: Francesco Ilario <[email protected]> * support auth in proxy Signed-off-by: Francesco Ilario <[email protected]> * tests for dumb and intelligent proxy arch Signed-off-by: Francesco Ilario <[email protected]> * move to dumb and smart Signed-off-by: Francesco Ilario <[email protected]> * make tests runnable in parallel Signed-off-by: Francesco Ilario <[email protected]> * update readmes Signed-off-by: Francesco Ilario <[email protected]> * fix tests Signed-off-by: Francesco Ilario <[email protected]> * fix linter Signed-off-by: Francesco Ilario <[email protected]> * cleanup Signed-off-by: Francesco Ilario <[email protected]> * fix typo in smart-proxy's Makefile Signed-off-by: Francesco Ilario <[email protected]> * simplify KUBECONFIG in Makefile Signed-off-by: Francesco Ilario <[email protected]> * remove TMPDIR in favor of OUT_DIR Signed-off-by: Francesco Ilario <[email protected]> * forward ginkgo context in test runs Signed-off-by: Francesco Ilario <[email protected]> * add mockgen Signed-off-by: Francesco Ilario <[email protected]> * add tests for authenticator Signed-off-by: Francesco Ilario <[email protected]> * fix Makefile Signed-off-by: Francesco Ilario <[email protected]> * no lint on ginkgo context Signed-off-by: Francesco Ilario <[email protected]> * remove sleep Signed-off-by: Francesco Ilario <[email protected]> * Update acceptance/make/common.mk Co-authored-by: Andy Sadler <[email protected]> --------- Signed-off-by: Francesco Ilario <[email protected]> Co-authored-by: Andy Sadler <[email protected]>
konflux-ci · Dec 4, 2024 · 165eddc · 165eddc
1 parent 54f6e47
commit 165eddc
Show file tree

Hide file tree

Showing 67 changed files with 1,551 additions and 298 deletions.
diff --git a/Makefile b/Makefile
@@ -1,11 +1,11 @@
-ROOT_DIR := $(realpath $(firstword $(MAKEFILE_LIST)))
+ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 LOCALBIN := $(ROOT_DIR)/bin
 
 OUTDIR := $(ROOT_DIR)/out
 
 GO ?= go
 
-GOLANG_CI ?= $(GO) run -modfile $(shell dirname $(ROOT_DIR))/hack/tools/golang-ci/go.mod github.com/golangci/golangci-lint/cmd/golangci-lint
+GOLANG_CI ?= $(GO) run -modfile $(ROOT_DIR)/hack/tools/golang-ci/go.mod github.com/golangci/golangci-lint/cmd/golangci-lint
 
 IMG ?= namespace-lister:latest
 IMAGE_BUILDER ?= docker
@@ -51,3 +51,12 @@ test: ## Run go test against code.
 .PHONY: image-build
 image-build:
 	$(IMAGE_BUILDER) build -t "$(IMG)" .
+
+.PHONY: generate-code
+generate-code: mockgen  ## Run go generate on the project.
+	@echo $(GO) generate ./...
+	@PATH=$(LOCALBIN):${PATH} $(GO) generate ./...
+
+.PHONY: mockgen
+mockgen: $(LOCALBIN) ## Install mockgen locally.
+	$(GO) build -modfile $(ROOT_DIR)/hack/tools/mockgen/go.mod -o $(LOCALBIN)/mockgen go.uber.org/mock/mockgen
diff --git a/README.md b/README.md
@@ -48,36 +48,19 @@ subjects:
   name: user
 ```
 
-## Try
-
-The easiest way of trying this component locally is using `make -C acceptance prepare`.
-This command will build the image, create the Kind cluster, load the image in it, and deploy all needed components. 
-
-You will find a valid `kubeconfig` that you can use in `/tmp/namespace-lister-acceptance-tests-user.kcfg`.
-To access the namespace-lister you need to target the url `https://localhost:10443` and skip TLS verification.
-
-```
-KUBECONFIG=/tmp/namespace-lister-acceptance-tests-user.kcfg kubectl get namespaces --server=https://localhost:10443 --insecure-skip-tls-verify
-```
-
-Take a look at the [Tests section](#tests) for more info.
-
 ## Tests
 
 Acceptance tests are implemented in the [acceptance folder](./acceptance/).
 
 Behavior-Driven Development is enforced through [godog](https://github.com/cucumber/godog).
 You can find the specification of the implemented Features at in the [acceptance/features folder](./acceptance/features/).
 
-They rely on [kind](https://kind.sigs.k8s.io/) and can be executed by just running the following commands:
+## Try
 
-```bash
-make -C acceptance prepare # required just the first time
-make -C acceptance test
-```
+The easiest way to try this component locally is by using the `make prepare` target in `acceptance/test/dumb-proxy` or `acceptance/test/smart-proxy`.
+This command will build the image, create the Kind cluster, load the image in it, and deploy all needed components.
 
-* `prepare` will build the image, create the Kind cluster, load the image in it, and deploy all needed components.
-* `test` will run the tests on the provisioned infrastructure
+Please take a look at the [Acceptance Tests README](./acceptance/README.md) for more information on the two setups and how to access the namespace-lister once deployed.
 
 ### Proxy
 

diff --git a/acceptance/Makefile b/acceptance/Makefile
diff --git a/acceptance/README.md b/acceptance/README.md
@@ -0,0 +1,22 @@
+# Acceptance Tests
+
+Behavior-Driven Development is enforced through [godog](https://github.com/cucumber/godog).
+
+These tests has builtin support to run on [kind](https://kind.sigs.k8s.io/).
+
+## Setups
+
+The Namespace-Lister is usually installed behind a Proxy.
+The Namespace-Lister can be configured to delegate authentication to the Proxy.
+In this case we speak of a `Smart Proxy`.
+
+Alternatively, the request is authenticate against the APIServer's TokenReview API.
+In this case we speak of a `Dumb Proxy`.
+
+We support test cases for both these setups.
+You find the `Smart Proxy`'s tests at [./test/smart-proxy/] and the `Dumb Proxy`'s tests at [./test/dumb-proxy/].
+
+To create the cluster, install the Namespace-Lister, and configure the Proxy you can use the `make prepare` command.
+
+To execute the tests, you can use the `make test` command.
+
diff --git a/acceptance/config/acceptance-tests/namespace.yaml b/acceptance/config/acceptance-tests/namespace.yaml
@@ -2,3 +2,5 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: acceptance-tests
+  labels:
+    namespace-lister/scope: acceptance-tests
diff --git a/acceptance/features/list.feature b/acceptance/features/list.feature
diff --git a/acceptance/features/read.feature b/acceptance/features/read.feature
diff --git a/acceptance/go.mod b/acceptance/go.mod
@@ -3,12 +3,12 @@ module github.com/konflux-ci/namespace-lister/acceptance
 go 1.22.2
 
 require (
-	github.com/cucumber/godog v0.14.1
+	github.com/cucumber/godog v0.15.0
 	github.com/spf13/pflag v1.0.5
-	k8s.io/api v0.31.1
-	k8s.io/apimachinery v0.31.1
-	k8s.io/client-go v0.31.0
-	sigs.k8s.io/controller-runtime v0.19.1
+	k8s.io/api v0.31.3
+	k8s.io/apimachinery v0.31.3
+	k8s.io/client-go v0.31.3
+	sigs.k8s.io/controller-runtime v0.19.2
 )
 
 require (
@@ -44,8 +44,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/onsi/ginkgo/v2 v2.20.1 // indirect
-	github.com/onsi/gomega v1.35.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.19.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
@@ -54,15 +52,15 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
+	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/term v0.25.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect