envtest expose 'SecureConfig' for user conveinience.

everpeace · everpeace · commit 7dd198f3a5b7 · 2020-07-30T01:24:15.000+09:00
Please note that this just contains secure endpoint itself and its CA
certs.  User will have to set authentication information by themselves
and configure some authn module in kube-apiserver.
diff --git a/pkg/envtest/server.go b/pkg/envtest/server.go
@@ -87,11 +87,34 @@ type Environment struct {
 	// ControlPlane is the ControlPlane including the apiserver and etcd
 	ControlPlane integration.ControlPlane
 
-	// Config can be used to talk to the apiserver.  It's automatically
-	// populated if not set using the standard controller-runtime config
+	// Config can be used to talk to the apiserver (insecure endpoint).
+	// It's automatically populated if not set using the standard controller-runtime config
 	// loading.
 	Config *rest.Config
 
+	// SecureConfig can be used to talk to the apiserver (secure endpoint).
+	// It's automatically populated if not set using the standard controller-runtime config
+	// loading.  This just contains secure endpoint and tlsconfig (no authn info).
+	// To use this config, you have to configure kube-apiserver with some authn module(static token, basic auth, etc.)
+	// and set your authentication info to this config.  For example:
+	//
+	// // basic authn plugin case
+	// te := &envtest.Environment{
+	//   KubeAPIServerFlags: append(
+	//     envtest.DefaultKubeAPIServerFlags,
+	//     "--basic-auth-file=my-file", "--authorization-mode=RBAC",
+	//   ),
+	// }
+	// te.Start()
+	//
+	// cfg := rest.CopyConfig(te.SecureConfig)
+	// cfg.Username = "myname"
+	// cfg.Password = "mypassword"
+	//
+	// // This client can send a request as "myname" user.
+	// cli := client.New(cfg)
+	SecureConfig *rest.Config
+
 	// CRDInstallOptions are the options for installing CRDs.
 	CRDInstallOptions CRDInstallOptions
 
@@ -249,6 +272,13 @@ func (te *Environment) Start() (*rest.Config, error) {
 			QPS:   1000.0,
 			Burst: 2000.0,
 		}
+		te.SecureConfig = &rest.Config{
+			Host:            fmt.Sprintf("%s:%d", te.ControlPlane.APIURL().Hostname(), te.ControlPlane.APIServer.SecurePort),
+			TLSClientConfig: te.ControlPlane.APIServer.TLSClientConfig,
+			// gotta go fast during tests -- we don't really care about overwhelming our test API server
+			QPS:   1000.0,
+			Burst: 2000.0,
+		}
 	}
 
 	log.V(1).Info("installing CRDs")
diff --git a/pkg/internal/testing/integration/apiserver.go b/pkg/internal/testing/integration/apiserver.go
@@ -4,12 +4,13 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"k8s.io/client-go/rest"
 	"net/url"
 	"os"
 	"path/filepath"
 	"time"
 
+	"k8s.io/client-go/rest"
+
 	"sigs.k8s.io/controller-runtime/pkg/internal/testing/integration/addr"
 	"sigs.k8s.io/controller-runtime/pkg/internal/testing/integration/internal"
 )
@@ -25,7 +26,7 @@ type APIServer struct {
 	SecurePort int
 
 	// TLSconfig is tls configuration to connect to its secure endpoint.
-	TlsClientConfig rest.TLSClientConfig
+	TLSClientConfig rest.TLSClientConfig
 
 	// Path is the path to the apiserver binary.
 	//
@@ -161,7 +162,7 @@ func (s *APIServer) populateAPIServerCerts() error {
 		return err
 	}
 
-	s.TlsClientConfig = rest.TLSClientConfig{
+	s.TLSClientConfig = rest.TLSClientConfig{
 		CAData: ca.CA.CertBytes(),
 	}
 
