Adds e2e tests for extra impersonation headers

Signed-off-by: JoshVanL <[email protected]>

Author: JoshVanL

test/e2e/framework/fake-apiserver/.gitignore

@@ -0,0 +1 @@
+/bin

test/e2e/framework/fake-apiserver/Dockerfile

@@ -0,0 +1,10 @@
+# Copyright Jetstack Ltd. See LICENSE for details.
+FROM alpine:3.10
+
+LABEL description="A fake API server that will respond to requests with the same body and headers."
+
+RUN apk --no-cache --update add ca-certificates
+
+COPY ./bin/fake-apiserver /usr/bin/fake-apiserver
+
+CMD ["/usr/bin/fake-apiserver"]

test/e2e/framework/fake-apiserver/cmd/main.go

@@ -0,0 +1,47 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/jetstack/kube-oidc-proxy/pkg/util"
+	"github.com/jetstack/kube-oidc-proxy/test/e2e/framework/fake-apiserver/cmd/options"
+	"github.com/jetstack/kube-oidc-proxy/test/e2e/framework/fake-apiserver/pkg/server"
+)
+
+func main() {
+	opts := new(options.Options)
+	stopCh := util.SignalHandler()
+
+	cmd := &cobra.Command{
+		Use:   "fake-apiserver",
+		Short: "A fake apiserver that will respond to requests with the same body and headers",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			server, err := server.New(opts.KeyFile, opts.CertFile, stopCh)
+			if err != nil {
+				return err
+			}
+
+			compCh, err := server.Run(opts.BindAddress, opts.ListenPort)
+			if err != nil {
+				return err
+			}
+
+			<-compCh
+
+			return nil
+		},
+	}
+
+	opts.AddFlags(cmd)
+
+	if err := cmd.Execute(); err != nil {
+		fmt.Fprintf(os.Stderr, "%s\n", err.Error())
+		os.Exit(1)
+	}
+
+	os.Exit(0)
+}

test/e2e/framework/fake-apiserver/cmd/options/options.go

@@ -0,0 +1,37 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package options
+
+import (
+	"github.com/spf13/cobra"
+)
+
+type Options struct {
+	BindAddress string
+	ListenPort  string
+
+	KeyFile  string
+	CertFile string
+}
+
+func (o *Options) AddFlags(cmd *cobra.Command) {
+	cmd.PersistentFlags().StringVar(&o.BindAddress, "bind-address",
+		"0.0.0.0", "Bound Address to listen and serve on.")
+
+	cmd.PersistentFlags().StringVar(&o.ListenPort, "secure-port",
+		"6443", "Port to serve HTTPS.")
+	o.must(cmd.MarkPersistentFlagRequired("secure-port"))
+
+	cmd.PersistentFlags().StringVar(&o.KeyFile, "tls-private-key-file",
+		"/etc/apiserver/key.pem", "File location to key for serving.")
+	o.must(cmd.MarkPersistentFlagRequired("tls-private-key-file"))
+
+	cmd.PersistentFlags().StringVar(&o.CertFile, "tls-cert-file",
+		"/etc/apiserver/key.pem", "File location to certificate for serving.")
+	o.must(cmd.MarkPersistentFlagRequired("tls-cert-file"))
+}
+
+func (o *Options) must(err error) {
+	if err != nil {
+		panic(err)
+	}
+}

test/e2e/framework/fake-apiserver/pkg/server/server.go

@@ -0,0 +1,84 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package server
+
+import (
+	"encoding/pem"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type Server struct {
+	keyFile, certFile string
+
+	stopCh <-chan struct{}
+}
+
+func New(keyFile, certFile string, stopCh <-chan struct{}) (*Server, error) {
+	b, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return nil, err
+	}
+
+	block, _ := pem.Decode(b)
+	if block == nil {
+		return nil,
+			fmt.Errorf("failed to parse PEM block containing the key: %q", keyFile)
+	}
+
+	return &Server{
+		keyFile:  keyFile,
+		certFile: certFile,
+		stopCh:   stopCh,
+	}, nil
+}
+
+func (s *Server) Run(bindAddress, listenPort string) (<-chan struct{}, error) {
+	serveAddr := fmt.Sprintf("%s:%s", bindAddress, listenPort)
+
+	l, err := net.Listen("tcp", serveAddr)
+	if err != nil {
+		return nil, err
+	}
+
+	go func() {
+		<-s.stopCh
+		if l != nil {
+			l.Close()
+		}
+	}()
+
+	compCh := make(chan struct{})
+	go func() {
+		defer close(compCh)
+
+		err := http.ServeTLS(l, s, s.certFile, s.keyFile)
+		if err != nil {
+			log.Errorf("stopped serving TLS (%s): %s", serveAddr, err)
+		}
+	}()
+
+	log.Infof("fake API server listening and serving on %s", serveAddr)
+
+	return compCh, nil
+}
+
+func (s *Server) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	log.Infof("fake API server received url %s", r.URL)
+
+	for k, vs := range r.Header {
+		for _, v := range vs {
+			rw.Header().Add(k, v)
+		}
+	}
+
+	if _, err := io.Copy(rw, r.Body); err != nil {
+		log.Errorf("failed to copy request body to response: %s", err)
+	}
+
+	rw.WriteHeader(http.StatusOK)
+}

test/e2e/framework/framework.go

@@ -3,6 +3,7 @@ package framework
 
 import (
 	"fmt"
+	"net/url"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -14,7 +15,7 @@ import (
 
 	"github.com/jetstack/kube-oidc-proxy/test/e2e/framework/config"
 	"github.com/jetstack/kube-oidc-proxy/test/e2e/framework/helper"
-	"github.com/jetstack/kube-oidc-proxy/test/e2e/util"
+	"github.com/jetstack/kube-oidc-proxy/test/util"
 )
 
 var DefaultConfig = &config.Config{}
@@ -35,7 +36,7 @@ type Framework struct {
 	helper *helper.Helper
 
 	issuerKeyBundle, proxyKeyBundle *util.KeyBundle
-	issuerURL, proxyURL             string
+	issuerURL, proxyURL             *url.URL
 }
 
 func NewDefaultFramework(baseName string) *Framework {
@@ -81,7 +82,7 @@ func (f *Framework) BeforeEach() {
 
 	By("Deploying kube-oidc-proxy")
 	proxyKeyBundle, proxyURL, err := f.helper.DeployProxy(f.Namespace,
-		issuerURL, clientID, issuerKeyBundle)
+		issuerURL, clientID, issuerKeyBundle, nil)
 	Expect(err).NotTo(HaveOccurred())
 
 	f.issuerURL, f.proxyURL = issuerURL, proxyURL
@@ -110,14 +111,14 @@ func (f *Framework) AfterEach() {
 	Expect(err).NotTo(HaveOccurred())
 }
 
-func (f *Framework) DeployProxyWith(extraArgs ...string) {
+func (f *Framework) DeployProxyWith(extraVolumes []corev1.Volume, extraArgs ...string) {
 	By("Deleting kube-oidc-proxy deployment")
 	err := f.Helper().DeleteProxy(f.Namespace.Name)
 	Expect(err).NotTo(HaveOccurred())
 
 	By(fmt.Sprintf("Deploying kube-oidc-proxy with extra args %s", extraArgs))
 	f.proxyKeyBundle, f.proxyURL, err = f.helper.DeployProxy(f.Namespace, f.issuerURL,
-		clientID, f.issuerKeyBundle, extraArgs...)
+		clientID, f.issuerKeyBundle, extraVolumes, extraArgs...)
 	Expect(err).NotTo(HaveOccurred())
 }
 
@@ -133,11 +134,11 @@ func (f *Framework) ProxyKeyBundle() *util.KeyBundle {
 	return f.proxyKeyBundle
 }
 
-func (f *Framework) IssuerURL() string {
+func (f *Framework) IssuerURL() *url.URL {
 	return f.issuerURL
 }
 
-func (f *Framework) ProxyURL() string {
+func (f *Framework) ProxyURL() *url.URL {
 	return f.proxyURL
 }