pkg/credentialprovider/plugin: refactor for better testability with mulitple apiVersions

[andrewsykim]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

#108847 introduced the v1beta1 APIs for the kubelet credential provider feature. Although the v1beta1 APIs are preferred going forward and there are no changes between v1alpha1 and v1beta1, we should still have tests validating v1alpha1 as long as it's supported. This PR refactors the credential provider plugin so we can unit test against multiple apiVersions and test behavior when the apiVersions are mismatched. These unit tests should also help fill in v1alpha1 coverage we're losing with #109006, since the node e2e tests would only be running with v1beta1 APIs.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[andrewsykim]

/assign @adisky

[adisky]

/test pr-kubelet-gce-e2e-credential-provider

[k8s-ci-robot]

@adisky: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

• /test pull-kubernetes-conformance-kind-ga-only-parallel
• /test pull-kubernetes-dependencies
• /test pull-kubernetes-dependencies-go-canary
• /test pull-kubernetes-e2e-gce
• /test pull-kubernetes-e2e-gce-100-performance
• /test pull-kubernetes-e2e-gce-big-performance
• /test pull-kubernetes-e2e-gce-canary
• /test pull-kubernetes-e2e-gce-large-performance
• /test pull-kubernetes-e2e-gce-network-proxy-http-connect
• /test pull-kubernetes-e2e-gce-no-stage
• /test pull-kubernetes-e2e-gce-ubuntu
• /test pull-kubernetes-e2e-gce-ubuntu-containerd
• /test pull-kubernetes-e2e-gce-ubuntu-containerd-canary
• /test pull-kubernetes-e2e-kind
• /test pull-kubernetes-e2e-kind-ipv6
• /test pull-kubernetes-files-remake
• /test pull-kubernetes-integration
• /test pull-kubernetes-integration-go-canary
• /test pull-kubernetes-kubemark-e2e-gce-scale
• /test pull-kubernetes-node-e2e-containerd
• /test pull-kubernetes-typecheck
• /test pull-kubernetes-unit
• /test pull-kubernetes-unit-go-canary
• /test pull-kubernetes-update
• /test pull-kubernetes-verify
• /test pull-kubernetes-verify-go-canary
• /test pull-kubernetes-verify-govet-levee

The following commands are available to trigger optional jobs:

• /test check-dependency-stats
• /test pull-kubernetes-conformance-image-test
• /test pull-kubernetes-conformance-kind-ga-only
• /test pull-kubernetes-conformance-kind-ipv6-parallel
• /test pull-kubernetes-cross
• /test pull-kubernetes-e2e-aks-engine-azure-disk-windows-containerd
• /test pull-kubernetes-e2e-aks-engine-azure-file-windows-containerd
• /test pull-kubernetes-e2e-aks-engine-windows-containerd
• /test pull-kubernetes-e2e-capz-azure-disk
• /test pull-kubernetes-e2e-capz-azure-disk-vmss
• /test pull-kubernetes-e2e-capz-azure-file
• /test pull-kubernetes-e2e-capz-azure-file-vmss
• /test pull-kubernetes-e2e-capz-conformance
• /test pull-kubernetes-e2e-capz-ha-control-plane
• /test pull-kubernetes-e2e-capz-windows-containerd
• /test pull-kubernetes-e2e-containerd-gce
• /test pull-kubernetes-e2e-gce-alpha-features
• /test pull-kubernetes-e2e-gce-correctness
• /test pull-kubernetes-e2e-gce-csi-serial
• /test pull-kubernetes-e2e-gce-device-plugin-gpu
• /test pull-kubernetes-e2e-gce-iscsi
• /test pull-kubernetes-e2e-gce-iscsi-serial
• /test pull-kubernetes-e2e-gce-kubetest2
• /test pull-kubernetes-e2e-gce-network-proxy-grpc
• /test pull-kubernetes-e2e-gce-storage-disruptive
• /test pull-kubernetes-e2e-gce-storage-slow
• /test pull-kubernetes-e2e-gce-storage-snapshot
• /test pull-kubernetes-e2e-gci-gce-autoscaling
• /test pull-kubernetes-e2e-gci-gce-ingress
• /test pull-kubernetes-e2e-gci-gce-ipvs
• /test pull-kubernetes-e2e-iptables-azure-dualstack
• /test pull-kubernetes-e2e-ipvs-azure-dualstack
• /test pull-kubernetes-e2e-kind-canary
• /test pull-kubernetes-e2e-kind-dual-canary
• /test pull-kubernetes-e2e-kind-ipv6-canary
• /test pull-kubernetes-e2e-kind-ipvs-dual-canary
• /test pull-kubernetes-e2e-kind-multizone
• /test pull-kubernetes-e2e-kops-aws
• /test pull-kubernetes-e2e-ubuntu-gce-network-policies
• /test pull-kubernetes-e2e-windows-gce
• /test pull-kubernetes-kubemark-e2e-gce-big
• /test pull-kubernetes-local-e2e
• /test pull-kubernetes-node-crio-cgrpv2-e2e
• /test pull-kubernetes-node-crio-cgrpv2-e2e-kubetest2
• /test pull-kubernetes-node-crio-e2e
• /test pull-kubernetes-node-crio-e2e-kubetest2
• /test pull-kubernetes-node-e2e-containerd-features
• /test pull-kubernetes-node-e2e-containerd-features-kubetest2
• /test pull-kubernetes-node-e2e-containerd-kubetest2
• /test pull-kubernetes-node-kubelet-serial-containerd
• /test pull-kubernetes-node-kubelet-serial-containerd-kubetest2
• /test pull-kubernetes-node-kubelet-serial-cpu-manager
• /test pull-kubernetes-node-kubelet-serial-cpu-manager-kubetest2
• /test pull-kubernetes-node-kubelet-serial-crio-cgroupv1
• /test pull-kubernetes-node-kubelet-serial-crio-cgroupv2
• /test pull-kubernetes-node-kubelet-serial-hugepages
• /test pull-kubernetes-node-kubelet-serial-memory-manager
• /test pull-kubernetes-node-kubelet-serial-topology-manager
• /test pull-kubernetes-node-kubelet-serial-topology-manager-kubetest2
• /test pull-kubernetes-node-memoryqos-cgrpv2
• /test pull-kubernetes-node-swap-fedora
• /test pull-kubernetes-node-swap-fedora-serial
• /test pull-kubernetes-node-swap-ubuntu-serial
• /test pull-kubernetes-unit-experimental
• /test pull-publishing-bot-validate

Use /test all to run the following jobs that were automatically triggered:

• pull-kubernetes-conformance-kind-ga-only-parallel
• pull-kubernetes-dependencies
• pull-kubernetes-e2e-gce-100-performance
• pull-kubernetes-e2e-gce-ubuntu-containerd
• pull-kubernetes-e2e-kind
• pull-kubernetes-e2e-kind-ipv6
• pull-kubernetes-integration
• pull-kubernetes-node-e2e-containerd
• pull-kubernetes-typecheck
• pull-kubernetes-unit
• pull-kubernetes-verify
• pull-kubernetes-verify-govet-levee

In response to this:

/test pr-kubelet-gce-e2e-credential-provider

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[adisky]

/test pull-kubernetes-node-kubelet-credential-provider

[k8s-ci-robot]

@adisky: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

• /test pull-kubernetes-conformance-kind-ga-only-parallel
• /test pull-kubernetes-dependencies
• /test pull-kubernetes-dependencies-go-canary
• /test pull-kubernetes-e2e-gce
• /test pull-kubernetes-e2e-gce-100-performance
• /test pull-kubernetes-e2e-gce-big-performance
• /test pull-kubernetes-e2e-gce-canary
• /test pull-kubernetes-e2e-gce-large-performance
• /test pull-kubernetes-e2e-gce-network-proxy-http-connect
• /test pull-kubernetes-e2e-gce-no-stage
• /test pull-kubernetes-e2e-gce-ubuntu
• /test pull-kubernetes-e2e-gce-ubuntu-containerd
• /test pull-kubernetes-e2e-gce-ubuntu-containerd-canary
• /test pull-kubernetes-e2e-kind
• /test pull-kubernetes-e2e-kind-ipv6
• /test pull-kubernetes-files-remake
• /test pull-kubernetes-integration
• /test pull-kubernetes-integration-go-canary
• /test pull-kubernetes-kubemark-e2e-gce-scale
• /test pull-kubernetes-node-e2e-containerd
• /test pull-kubernetes-typecheck
• /test pull-kubernetes-unit
• /test pull-kubernetes-unit-go-canary
• /test pull-kubernetes-update
• /test pull-kubernetes-verify
• /test pull-kubernetes-verify-go-canary
• /test pull-kubernetes-verify-govet-levee

The following commands are available to trigger optional jobs:

• /test check-dependency-stats
• /test pull-kubernetes-conformance-image-test
• /test pull-kubernetes-conformance-kind-ga-only
• /test pull-kubernetes-conformance-kind-ipv6-parallel
• /test pull-kubernetes-cross
• /test pull-kubernetes-e2e-aks-engine-azure-disk-windows-containerd
• /test pull-kubernetes-e2e-aks-engine-azure-file-windows-containerd
• /test pull-kubernetes-e2e-aks-engine-windows-containerd
• /test pull-kubernetes-e2e-capz-azure-disk
• /test pull-kubernetes-e2e-capz-azure-disk-vmss
• /test pull-kubernetes-e2e-capz-azure-file
• /test pull-kubernetes-e2e-capz-azure-file-vmss
• /test pull-kubernetes-e2e-capz-conformance
• /test pull-kubernetes-e2e-capz-ha-control-plane
• /test pull-kubernetes-e2e-capz-windows-containerd
• /test pull-kubernetes-e2e-containerd-gce
• /test pull-kubernetes-e2e-gce-alpha-features
• /test pull-kubernetes-e2e-gce-correctness
• /test pull-kubernetes-e2e-gce-csi-serial
• /test pull-kubernetes-e2e-gce-device-plugin-gpu
• /test pull-kubernetes-e2e-gce-iscsi
• /test pull-kubernetes-e2e-gce-iscsi-serial
• /test pull-kubernetes-e2e-gce-kubetest2
• /test pull-kubernetes-e2e-gce-network-proxy-grpc
• /test pull-kubernetes-e2e-gce-storage-disruptive
• /test pull-kubernetes-e2e-gce-storage-slow
• /test pull-kubernetes-e2e-gce-storage-snapshot
• /test pull-kubernetes-e2e-gci-gce-autoscaling
• /test pull-kubernetes-e2e-gci-gce-ingress
• /test pull-kubernetes-e2e-gci-gce-ipvs
• /test pull-kubernetes-e2e-iptables-azure-dualstack
• /test pull-kubernetes-e2e-ipvs-azure-dualstack
• /test pull-kubernetes-e2e-kind-canary
• /test pull-kubernetes-e2e-kind-dual-canary
• /test pull-kubernetes-e2e-kind-ipv6-canary
• /test pull-kubernetes-e2e-kind-ipvs-dual-canary
• /test pull-kubernetes-e2e-kind-multizone
• /test pull-kubernetes-e2e-kops-aws
• /test pull-kubernetes-e2e-ubuntu-gce-network-policies
• /test pull-kubernetes-e2e-windows-gce
• /test pull-kubernetes-kubemark-e2e-gce-big
• /test pull-kubernetes-local-e2e
• /test pull-kubernetes-node-crio-cgrpv2-e2e
• /test pull-kubernetes-node-crio-cgrpv2-e2e-kubetest2
• /test pull-kubernetes-node-crio-e2e
• /test pull-kubernetes-node-crio-e2e-kubetest2
• /test pull-kubernetes-node-e2e-containerd-features
• /test pull-kubernetes-node-e2e-containerd-features-kubetest2
• /test pull-kubernetes-node-e2e-containerd-kubetest2
• /test pull-kubernetes-node-kubelet-serial-containerd
• /test pull-kubernetes-node-kubelet-serial-containerd-kubetest2
• /test pull-kubernetes-node-kubelet-serial-cpu-manager
• /test pull-kubernetes-node-kubelet-serial-cpu-manager-kubetest2
• /test pull-kubernetes-node-kubelet-serial-crio-cgroupv1
• /test pull-kubernetes-node-kubelet-serial-crio-cgroupv2
• /test pull-kubernetes-node-kubelet-serial-hugepages
• /test pull-kubernetes-node-kubelet-serial-memory-manager
• /test pull-kubernetes-node-kubelet-serial-topology-manager
• /test pull-kubernetes-node-kubelet-serial-topology-manager-kubetest2
• /test pull-kubernetes-node-memoryqos-cgrpv2
• /test pull-kubernetes-node-swap-fedora
• /test pull-kubernetes-node-swap-fedora-serial
• /test pull-kubernetes-node-swap-ubuntu-serial
• /test pull-kubernetes-unit-experimental
• /test pull-publishing-bot-validate

Use /test all to run the following jobs that were automatically triggered:

• pull-kubernetes-conformance-kind-ga-only-parallel
• pull-kubernetes-dependencies
• pull-kubernetes-e2e-gce-100-performance
• pull-kubernetes-e2e-gce-ubuntu-containerd
• pull-kubernetes-e2e-kind
• pull-kubernetes-e2e-kind-ipv6
• pull-kubernetes-integration
• pull-kubernetes-node-e2e-containerd
• pull-kubernetes-typecheck
• pull-kubernetes-unit
• pull-kubernetes-verify
• pull-kubernetes-verify-govet-levee

In response to this:

/test pull-kubernetes-node-kubelet-credential-provider

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[adisky]

/test pull-kubernetes-node-kubelet-credential-provider

[andrewsykim]

/sig node

[andrewsykim]

This is nice to have for more test coverage but not urgent for v1.24. It mainly covers the test gap for v1alpha1 APIs we lost after merging #109006 which updated the node e2e tests to use the new beta APIs

/assign @liggitt @adisky
/triage accepted
/priority important-longterm

[liggitt]

let's leave this for 1.25 (and we may just drop the v1alpha1 for 1.25)

/milestone v1.25

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[hosseinsalahi]

Hi @andrewsykim
Bug triage team here!
It looks like this PR has a pending review. Just checking in to see if this is still on track for k8s 1.25.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andrewsykim]

/reopen

(coming back from a long break)

I think at this point we'll want to remove the v1alpha1 APIs in v1.26, but I think this refactor is still worthwhile as we'll need to test both v1beta1 and v1 APIs. Working on a separate PR to remove v1alpha1 APIs.

[k8s-ci-robot]

@andrewsykim: Reopened this PR.

In response to this:

/reopen

(coming back from a long break)

I think at this point we'll want to remove the v1alpha1 APIs in v1.26, but I think this refactor is still worthwhile as we'll need to test both v1beta1 and v1 APIs. Working on a separate PR to remove v1alpha1 APIs.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andrewsykim
Once this PR has been reviewed and has the lgtm label, please ask for approval from liggitt by writing /assign @liggitt in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• pkg/credentialprovider/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[andrewsykim]

/retest

[liggitt]

can you sync with @ndixita on #111616 to figure out the order of operations with these PRs? I know that one is really close, but I'm not sure if this would disrupt it or make it easier or improve our test coverage when combined with that one

[andrewsykim]

can you sync with @ndixita on #111616 to figure out the order of operations with these PRs? I know that one is really close, but I'm not sure if this would disrupt it or make it easier or improve our test coverage when combined with that one

Ah, totally missed this PR, thanks will follow-up!

[andrewsykim]

Taking a quick glance at that PR, I think it'll be easier to revisit this after #111616 merges (along with removing v1alpha1 APIs)