⚠️ Envtest refactor, support for 1.20+ API servers (secure serving) #1486
Commits on Jun 1, 2021
-
Envtest secure serving by default, 1.20 flags
This introduces secure serving by default, transparently switching configs to connect to secure endpoints. Similarly, the insecure endpoints are now disabled by default -- they must be explicitly disabled if you want to use them (note that this will only work on API servers <=1.19). This also turns on flags around the tokenrequest endpoint which are required to be on in 1.20, and have been available for all the versions that we currently support (back to 1.16). There's a whole new set of control plane APIs for provisioning users, and the old "just get a single account" APIs of the internal package are mostly deprecated. The default `Environment.Config` is *NOT* deprecated however -- this is intended to continue working as normal in order to avoid breaking everyone and to keep things in envtest working easily -- most tests will be fine with an admin user. For users that want RBAC, individual users may be provisioned with the ControlPlane.AddUser method.
-
This adds a full test suite for TinyCA, which was missing before, and is especially needed with the new envtest client cert generation.
-
Unify process.BinPathFinder with envtest's logic
Previously, envtest had separate logic that overrode testing/process.BinPathFinder, mainly because the latter used to be in a separate module. Since they're now in the same module and BinPathFinder is internal, we can just unify the logic and remove some of our hacks.
-
Tests for testing/controlplane components
This adds fairly comprehensive tests for the control plane components, which either didn't exist before the refactor or existed very loosely in the form of general integration tests.
-
Expose some internal types/funcs in envtest
This exposes a few pieces of the new APIs in internal/testing as public in envtest. These types are effectively part of public APIs (they're referenced by public methods or fields of APIServer, ControlPlane, etc), so we should let users name them.
-
Ensure testing ControlPlane is restartable
This makes sure that you can start a ControlPlane after stopping it. This preserves existing functionality. Note that the ability to re-use users or keep data around is *not* preserved -- use a fixed CertDir if you want this.
-
The only place I've seen lll complain much is flag help, error messsages, and such, which aren't really a problem when they're long. Other stuff like complexity is probably best left to review, IMO.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.