envtest expose 'SecureConfig' for user conveinience.

Please note that this just contains secure endpoint itself and its CA certs. User will have to set authentication information by themselves and configure some authn module in kube-apiserver.
kubernetes-sigs · Jul 29, 2020 · 034f8e3 · 034f8e3
1 parent b231ddb
commit 034f8e3
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 4 deletions.
diff --git a/pkg/envtest/server.go b/pkg/envtest/server.go
@@ -87,11 +87,34 @@ type Environment struct {
 	// ControlPlane is the ControlPlane including the apiserver and etcd
 	ControlPlane integration.ControlPlane
 
-	// Config can be used to talk to the apiserver.  It's automatically
-	// populated if not set using the standard controller-runtime config
+	// Config can be used to talk to the apiserver (insecure endpoint).
+	// It's automatically populated if not set using the standard controller-runtime config
 	// loading.
 	Config *rest.Config
 
+	// SecureConfig can be used to talk to the apiserver (secure endpoint).
+	// It's automatically populated if not set using the standard controller-runtime config
+	// loading.  This just contains secure endpoint and tlsconfig (no authn info).
+	// To use this config, you have to configure kube-apiserver with some authn module(static token, basic auth, etc.)
+	// and set your authentication info to this config.  For example:
+	//
+	// // basic authn plugin case
+	// te := &envtest.Environment{
+	//   KubeAPIServerFlags: append(
+	//     envtest.DefaultKubeAPIServerFlags,
+	//     "--basic-auth-file=my-file", "--authorization-mode=RBAC",
+	//   ),
+	// }
+	// te.Start()
+	//
+	// cfg := rest.CopyConfig(te.SecureConfig)
+	// cfg.Username = "myname"
+	// cfg.Password = "mypassword"
+	//
+	// // This client can send a request as "myname" user.
+	// cli := client.New(cfg)
+	SecureConfig *rest.Config
+
 	// CRDInstallOptions are the options for installing CRDs.
 	CRDInstallOptions CRDInstallOptions
 
@@ -249,6 +272,13 @@ func (te *Environment) Start() (*rest.Config, error) {
 			QPS:   1000.0,
 			Burst: 2000.0,
 		}
+		te.SecureConfig = &rest.Config{
+			Host: fmt.Sprintf("%s:%d", te.ControlPlane.APIURL().Hostname(), te.ControlPlane.APIServer.SecurePort),
+			TLSClientConfig: te.ControlPlane.APIServer.TLSClientConfig,
+			// gotta go fast during tests -- we don't really care about overwhelming our test API server
+			QPS:   1000.0,
+			Burst: 2000.0,
+		}
 	}
 
 	log.V(1).Info("installing CRDs")

diff --git a/pkg/internal/testing/integration/apiserver.go b/pkg/internal/testing/integration/apiserver.go
@@ -25,7 +25,7 @@ type APIServer struct {
 	SecurePort int
 
 	// TLSconfig is tls configuration to connect to its secure endpoint.
-	TlsClientConfig rest.TLSClientConfig
+	TLSClientConfig rest.TLSClientConfig
 
 	// Path is the path to the apiserver binary.
 	//
@@ -161,7 +161,7 @@ func (s *APIServer) populateAPIServerCerts() error {
 		return err
 	}
 
-	s.TlsClientConfig = rest.TLSClientConfig{
+	s.TLSClientConfig = rest.TLSClientConfig{
 		CAData: ca.CA.CertBytes(),
 	}