From 7a74ca9f577a2756dec661453c503099efe076a3 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 27 Jan 2023 13:34:04 -0800 Subject: [PATCH 1/2] Unhide login subcommand and improve several command help messages Co-authored-by: Ryan Richard Co-authored-by: Benjamin A. Petersen --- cmd/pinniped/cmd/alpha.go | 22 ---------------------- cmd/pinniped/cmd/generate_markdown_help.go | 4 ++-- cmd/pinniped/cmd/get.go | 8 ++++++-- cmd/pinniped/cmd/kubeconfig.go | 4 ++-- cmd/pinniped/cmd/login.go | 22 +++++++++++++++++----- cmd/pinniped/cmd/login_oidc.go | 22 +++++++++++++++++----- cmd/pinniped/cmd/login_oidc_test.go | 22 +++++++++++++++------- cmd/pinniped/cmd/login_static.go | 22 +++++++++++++++++----- cmd/pinniped/cmd/login_static_test.go | 12 ++++++++++-- cmd/pinniped/cmd/root.go | 12 ++++++++---- cmd/pinniped/cmd/whoami.go | 4 ++-- 11 files changed, 96 insertions(+), 58 deletions(-) delete mode 100644 cmd/pinniped/cmd/alpha.go diff --git a/cmd/pinniped/cmd/alpha.go b/cmd/pinniped/cmd/alpha.go deleted file mode 100644 index 7d2ba8653..000000000 --- a/cmd/pinniped/cmd/alpha.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package cmd - -import ( - "github.com/spf13/cobra" -) - -//nolint:gochecknoglobals -var alphaCmd = &cobra.Command{ - Use: "alpha", - Short: "alpha", - Long: "alpha subcommands (syntax or flags are still subject to change)", - SilenceUsage: true, // do not print usage message when commands fail - Hidden: true, -} - -//nolint:gochecknoinits -func init() { - rootCmd.AddCommand(alphaCmd) -} diff --git a/cmd/pinniped/cmd/generate_markdown_help.go b/cmd/pinniped/cmd/generate_markdown_help.go index 9fe51b9c2..4c0b97e73 100644 --- a/cmd/pinniped/cmd/generate_markdown_help.go +++ b/cmd/pinniped/cmd/generate_markdown_help.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -24,7 +24,7 @@ func generateMarkdownHelpCommand() *cobra.Command { Args: cobra.NoArgs, Use: "generate-markdown-help", Short: "Generate markdown help for the current set of non-hidden CLI commands", - SilenceUsage: true, + SilenceUsage: true, // do not print usage message when commands fail Hidden: true, RunE: runGenerateMarkdownHelp, } diff --git a/cmd/pinniped/cmd/get.go b/cmd/pinniped/cmd/get.go index f130c4b74..c559f20e4 100644 --- a/cmd/pinniped/cmd/get.go +++ b/cmd/pinniped/cmd/get.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -8,7 +8,11 @@ import ( ) //nolint:gochecknoglobals -var getCmd = &cobra.Command{Use: "get", Short: "get"} +var getCmd = &cobra.Command{ + Use: "get", + Short: "Gets one of [kubeconfig]", + SilenceUsage: true, // Do not print usage message when commands fail. +} //nolint:gochecknoinits func init() { diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go index a8ca97e0d..5929ba413 100644 --- a/cmd/pinniped/cmd/kubeconfig.go +++ b/cmd/pinniped/cmd/kubeconfig.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -103,7 +103,7 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command { Args: cobra.NoArgs, Use: "kubeconfig", Short: "Generate a Pinniped-based kubeconfig for a cluster", - SilenceUsage: true, + SilenceUsage: true, // do not print usage message when commands fail } flags getKubeconfigParams namespace string // unused now diff --git a/cmd/pinniped/cmd/login.go b/cmd/pinniped/cmd/login.go index 4d8328cc3..202b984a4 100644 --- a/cmd/pinniped/cmd/login.go +++ b/cmd/pinniped/cmd/login.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -7,15 +7,27 @@ import ( "github.com/spf13/cobra" clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" "k8s.io/client-go/tools/auth/exec" + + "go.pinniped.dev/internal/here" ) //nolint:gochecknoglobals var loginCmd = &cobra.Command{ - Use: "login", - Short: "login", - Long: "Login to a Pinniped server", + Use: "login", + Short: "Authenticates with one of [oidc, static]", + Long: here.Doc( + `Authenticates with one of [oidc, static] + + Use "pinniped get kubeconfig" to generate a kubeconfig file which will include + one of these login subcommands in its configuration. The oidc and static + subcommands are not meant to be invoked directly by a user. + + The oidc and static subcommands are Kubernetes client-go credential plugins + which are meant to be configured inside a kubeconfig file. (See the Kubernetes + authentication documentation for more information about client-go credential + plugins.)`, + ), SilenceUsage: true, // Do not print usage message when commands fail. - Hidden: true, // These commands are not really meant to be used directly by users, so it's confusing to have them discoverable. } //nolint:gochecknoinits diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go index 72893e602..69b8951cc 100644 --- a/cmd/pinniped/cmd/login_oidc.go +++ b/cmd/pinniped/cmd/login_oidc.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -23,6 +23,7 @@ import ( oidcapi "go.pinniped.dev/generated/latest/apis/supervisor/oidc" "go.pinniped.dev/internal/execcredcache" "go.pinniped.dev/internal/groupsuffix" + "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/net/phttp" "go.pinniped.dev/internal/plog" "go.pinniped.dev/pkg/conciergeclient" @@ -88,10 +89,21 @@ type oidcLoginFlags struct { func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command { var ( cmd = &cobra.Command{ - Args: cobra.NoArgs, - Use: "oidc --issuer ISSUER", - Short: "Login using an OpenID Connect provider", - SilenceUsage: true, + Args: cobra.NoArgs, + Use: "oidc --issuer ISSUER", + Short: "Login using an OpenID Connect provider", + Long: here.Doc( + `Login using an OpenID Connect provider + + Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this + login command in its configuration. This login command is not meant to be + invoked directly by a user. + + This login command is a Kubernetes client-go credential plugin which is meant to + be configured inside a kubeconfig file. (See the Kubernetes authentication + documentation for more information about client-go credential plugins.)`, + ), + SilenceUsage: true, // do not print usage message when commands fail } flags oidcLoginFlags conciergeNamespace string // unused now diff --git a/cmd/pinniped/cmd/login_oidc_test.go b/cmd/pinniped/cmd/login_oidc_test.go index 65152d42b..b2b97077f 100644 --- a/cmd/pinniped/cmd/login_oidc_test.go +++ b/cmd/pinniped/cmd/login_oidc_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -62,6 +62,14 @@ func TestLoginOIDCCommand(t *testing.T) { wantStdout: here.Doc(` Login using an OpenID Connect provider + Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this + login command in its configuration. This login command is not meant to be + invoked directly by a user. + + This login command is a Kubernetes client-go credential plugin which is meant to + be configured inside a kubeconfig file. (See the Kubernetes authentication + documentation for more information about client-go credential plugins.) + Usage: oidc --issuer ISSUER [flags] @@ -483,8 +491,8 @@ func TestLoginOIDCCommand(t *testing.T) { wantOptionsCount: 4, wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"expirationTimestamp":"3020-10-12T13:14:15Z","token":"test-id-token"}}` + "\n", wantLogs: []string{ - nowStr + ` pinniped-login cmd/login_oidc.go:231 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`, - nowStr + ` pinniped-login cmd/login_oidc.go:251 No concierge configured, skipping token credential exchange`, + nowStr + ` pinniped-login cmd/login_oidc.go:243 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`, + nowStr + ` pinniped-login cmd/login_oidc.go:263 No concierge configured, skipping token credential exchange`, }, }, { @@ -513,10 +521,10 @@ func TestLoginOIDCCommand(t *testing.T) { wantOptionsCount: 11, wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"token":"exchanged-token"}}` + "\n", wantLogs: []string{ - nowStr + ` pinniped-login cmd/login_oidc.go:231 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`, - nowStr + ` pinniped-login cmd/login_oidc.go:241 Exchanging token for cluster credential {"endpoint": "https://127.0.0.1:1234/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`, - nowStr + ` pinniped-login cmd/login_oidc.go:249 Successfully exchanged token for cluster credential.`, - nowStr + ` pinniped-login cmd/login_oidc.go:256 caching cluster credential for future use.`, + nowStr + ` pinniped-login cmd/login_oidc.go:243 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`, + nowStr + ` pinniped-login cmd/login_oidc.go:253 Exchanging token for cluster credential {"endpoint": "https://127.0.0.1:1234/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`, + nowStr + ` pinniped-login cmd/login_oidc.go:261 Successfully exchanged token for cluster credential.`, + nowStr + ` pinniped-login cmd/login_oidc.go:268 caching cluster credential for future use.`, }, }, } diff --git a/cmd/pinniped/cmd/login_static.go b/cmd/pinniped/cmd/login_static.go index d8827a9f6..670502ddf 100644 --- a/cmd/pinniped/cmd/login_static.go +++ b/cmd/pinniped/cmd/login_static.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -16,6 +16,7 @@ import ( "go.pinniped.dev/internal/execcredcache" "go.pinniped.dev/internal/groupsuffix" + "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/plog" "go.pinniped.dev/pkg/conciergeclient" "go.pinniped.dev/pkg/oidcclient/oidctypes" @@ -55,10 +56,21 @@ type staticLoginParams struct { func staticLoginCommand(deps staticLoginDeps) *cobra.Command { var ( cmd = &cobra.Command{ - Args: cobra.NoArgs, - Use: "static [--token TOKEN] [--token-env TOKEN_NAME]", - Short: "Login using a static token", - SilenceUsage: true, + Args: cobra.NoArgs, + Use: "static [--token TOKEN] [--token-env TOKEN_NAME]", + Short: "Login using a static token", + Long: here.Doc( + `Login using a static token + + Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this + login command in its configuration. This login command is not meant to be + invoked directly by a user. + + This login command is a Kubernetes client-go credential plugin which is meant to + be configured inside a kubeconfig file. (See the Kubernetes authentication + documentation for more information about client-go credential plugins.)`, + ), + SilenceUsage: true, // do not print usage message when commands fail } flags staticLoginParams conciergeNamespace string // unused now diff --git a/cmd/pinniped/cmd/login_static_test.go b/cmd/pinniped/cmd/login_static_test.go index f4a7d93ff..53456d915 100644 --- a/cmd/pinniped/cmd/login_static_test.go +++ b/cmd/pinniped/cmd/login_static_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -56,6 +56,14 @@ func TestLoginStaticCommand(t *testing.T) { wantStdout: here.Doc(` Login using a static token + Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this + login command in its configuration. This login command is not meant to be + invoked directly by a user. + + This login command is a Kubernetes client-go credential plugin which is meant to + be configured inside a kubeconfig file. (See the Kubernetes authentication + documentation for more information about client-go credential plugins.) + Usage: static [--token TOKEN] [--token-env TOKEN_NAME] [flags] @@ -140,7 +148,7 @@ func TestLoginStaticCommand(t *testing.T) { Error: could not complete Concierge credential exchange: some concierge error `), wantLogs: []string{ - nowStr + ` pinniped-login cmd/login_static.go:147 exchanging static token for cluster credential {"endpoint": "https://127.0.0.1/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`, + nowStr + ` pinniped-login cmd/login_static.go:159 exchanging static token for cluster credential {"endpoint": "https://127.0.0.1/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`, }, }, { diff --git a/cmd/pinniped/cmd/root.go b/cmd/pinniped/cmd/root.go index f011f811a..2f14aee79 100644 --- a/cmd/pinniped/cmd/root.go +++ b/cmd/pinniped/cmd/root.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -8,14 +8,18 @@ import ( "github.com/spf13/cobra" + "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/plog" ) //nolint:gochecknoglobals var rootCmd = &cobra.Command{ - Use: "pinniped", - Short: "pinniped", - Long: "pinniped is the client-side binary for use with Pinniped-enabled Kubernetes clusters.", + Use: "pinniped", + Long: here.Doc( + `The Pinniped CLI is the client-side binary for use with Pinniped-enabled Kubernetes clusters + + Find more information at: https://pinniped.dev`, + ), SilenceUsage: true, // do not print usage message when commands fail } diff --git a/cmd/pinniped/cmd/whoami.go b/cmd/pinniped/cmd/whoami.go index b03b0ad8a..dee041f4b 100644 --- a/cmd/pinniped/cmd/whoami.go +++ b/cmd/pinniped/cmd/whoami.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -48,7 +48,7 @@ func newWhoamiCommand(getClientset getConciergeClientsetFunc) *cobra.Command { Args: cobra.NoArgs, // do not accept positional arguments for this command Use: "whoami", Short: "Print information about the current user", - SilenceUsage: true, + SilenceUsage: true, // do not print usage message when commands fail } flags := &whoamiFlags{} From 2d3e53e6ac59d932e9fb6312beebb142291a383d Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 27 Jan 2023 14:23:04 -0800 Subject: [PATCH 2/2] Increase timeouts in supervisor_oidcclientsecret_test.go They were too short after enabling the race detector for integration tests in CI. --- test/integration/supervisor_oidcclientsecret_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/integration/supervisor_oidcclientsecret_test.go b/test/integration/supervisor_oidcclientsecret_test.go index d83fa80db..0ba2c42c9 100644 --- a/test/integration/supervisor_oidcclientsecret_test.go +++ b/test/integration/supervisor_oidcclientsecret_test.go @@ -1,4 +1,4 @@ -// Copyright 2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -211,7 +211,7 @@ func TestKubectlOIDCClientSecretRequest_Parallel(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) t.Cleanup(cancel) supervisorClient := testlib.NewSupervisorClientset(t) @@ -877,7 +877,7 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) t.Cleanup(cancel) kubeClient := testlib.NewKubernetesClientset(t) @@ -1020,7 +1020,7 @@ func prependSecret(list []string, newItem string) []string { func TestOIDCClientSecretRequestUnauthenticated_Parallel(t *testing.T) { env := testlib.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) t.Cleanup(cancel) client := testlib.NewAnonymousSupervisorClientset(t)