Re: [PR] [YUNIKORN-1977] E2E test for verifying user info with non kube-admin user [yunikorn-k8shim]

Mon, 16 Sep 2024 14:38:45 -0700 


pbacsko commented on code in PR #915:
URL: https://github.com/apache/yunikorn-k8shim/pull/915#discussion_r1761993943


##########
test/e2e/user_group_limit/user_group_limit_test.go:
##########
@@ -1022,3 +1249,45 @@ func checkUsageWildcardGroups(testType TestType, name 
string, queuePath string,
        
Ω(resourceUsageDAO.ResourceUsage.Resources["pods"]).To(gomega.Equal(resources.Quantity(len(expectedRunningPods))))
        Ω(resourceUsageDAO.RunningApplications).To(gomega.ConsistOf(appIDs...))
 }
+
+func createKubeconfig(path, currentContext, clusterCA, clusterServer, 
userTokenValue string) error {
+       kubeconfigTemplate := `
+apiVersion: v1
+kind: Config
+current-context: ${CURRENT_CONTEXT}
+contexts:
+- name: ${CURRENT_CONTEXT}
+  context:
+    cluster: ${CURRENT_CONTEXT}
+    user: test-user
+clusters:
+- name: ${CURRENT_CONTEXT}
+  cluster:
+    certificate-authority-data: ${CLUSTER_CA}
+    server: ${CLUSTER_SERVER}
+users:
+- name: test-user
+  user:
+    token: ${USER_TOKEN_VALUE}
+`
+       // Replace placeholders in the template
+       kubeconfigContent := strings.ReplaceAll(kubeconfigTemplate, 
"${CURRENT_CONTEXT}", currentContext)
+       kubeconfigContent = strings.ReplaceAll(kubeconfigContent, 
"${CLUSTER_CA}", clusterCA)
+       kubeconfigContent = strings.ReplaceAll(kubeconfigContent, 
"${CLUSTER_SERVER}", clusterServer)
+       kubeconfigContent = strings.ReplaceAll(kubeconfigContent, 
"${USER_TOKEN_VALUE}", userTokenValue)
+
+       // Write the kubeconfig YAML to the file
+       err := os.WriteFile(path, []byte(kubeconfigContent), 0600)
+       gomega.Ω(err).NotTo(gomega.HaveOccurred())
+       return nil
+}

Review Comment:
   All of this should NOT be necessary. Way too complicated to mess around with 
separate `kubectl` calls.
   
   You can do this:
   ```
   config, _ := kClient.GetKubeConfig() // handle error in real code
   
   newConf := config.DeepCopy()  // copy existing config
   newConf.TLSClientConfig.CertFile = ""  // remove cert file
   newConf.TLSClientConfig.KeyFile = ""  // remove key file
   newConf.BearerToken = "<base64Token>"  // set token that is retrieved in the 
test
   _ = kClient.SetClientFromConfig(newConf)
   ```
   After this point, `kClient` will use the token for authentication there's no 
need to delete/restore anything.
   
   New method is necessary in `KubeCtl`:
   ```
   func (k *KubeCtl) SetClientFromConfig(conf *rest.Config) error {
       k.kubeConfig = conf.DeepCopy()
       k.clientSet, err = kubernetes.NewForConfig(k.kubeConfig)   // creates 
new clientset 
       return err
   } 
   ```
   
   Also, try to retrieve the secret token using `KubeCtl`. We might need to 
create a new method for it, but again, it shouldn't involve running the 
`kubectl` command:
   
   ```
   func (k *KubeCtl) GetSecret(namespace string) (*v1.Secret, error) {
       return k.clientSet.CoreV1().Secrets(namespace).Get(context.TODO(), 
namespace, metav1.GetOptions{})
   }
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to