const defaultNamespace …
const defaultOIDCClientID …
const defaultOIDCClaimedUsername …
const defaultOIDCUsernamePrefix …
const defaultRBACRoleName …
const defaultRBACRoleBindingName …
const defaultStubRefreshToken …
const defaultStubAccessToken …
const rsaKeyBitSize …
var defaultRole …
var defaultRoleBinding …
type authenticationConfigFunc …
type apiServerOIDCConfig …
func TestOIDC(t *testing.T) { … }
func TestStructuredAuthenticationConfig(t *testing.T) { … }
func runTests(t *testing.T, useAuthenticationConfig bool) { … }
type singleTest …
func singleTestRunner[K utilsoidc.JosePrivateKey, L utilsoidc.JosePublicKey](
useAuthenticationConfig bool,
keyFunc func(t *testing.T) (K, L),
tt singleTest[K, L],
) func(t *testing.T) { … }
func TestUpdatingRefreshTokenInCaseOfExpiredIDToken(t *testing.T) { … }
func TestStructuredAuthenticationConfigCEL(t *testing.T) { … }
func TestStructuredAuthenticationConfigReload(t *testing.T) { … }
func configureBasicTestInfrastructureWithRandomKeyType(t *testing.T, fn authenticationConfigFunc) (
oidcServer *utilsoidc.TestServer,
apiServer *kubeapiserverapptesting.TestServer,
caCertContent []byte,
caFilePath string,
) { … }
func configureBasicTestInfrastructure[K utilsoidc.JosePrivateKey, L utilsoidc.JosePublicKey](t *testing.T, fn authenticationConfigFunc, keyFunc func(t *testing.T) (K, L)) (
oidcServer *utilsoidc.TestServer,
apiServer *kubeapiserverapptesting.TestServer,
caCertContent []byte,
caFilePath string,
) { … }
func TestStructuredAuthenticationDiscoveryURL(t *testing.T) { … }
func TestMultipleJWTAuthenticators(t *testing.T) { … }
func rsaGenerateKey(t *testing.T) (*rsa.PrivateKey, *rsa.PublicKey) { … }
func ecdsaGenerateKey(t *testing.T) (*ecdsa.PrivateKey, *ecdsa.PublicKey) { … }
func configureTestInfrastructure[K utilsoidc.JosePrivateKey, L utilsoidc.JosePublicKey](t *testing.T, fn authenticationConfigFunc, keyFunc func(t *testing.T) (K, L)) (
oidcServer *utilsoidc.TestServer,
apiServer *kubeapiserverapptesting.TestServer,
signingPrivateKey K,
caCertContent []byte,
caFilePath string,
) { … }
func configureClientFetchingOIDCCredentials(t *testing.T, restCfg *rest.Config, caCert []byte, certPath, oidcServerURL, oidcServerTokenURL string) kubernetes.Interface { … }
func configureClientWithEmptyIDToken(t *testing.T, restCfg *rest.Config, _ []byte, certPath, oidcServerURL, _ string) kubernetes.Interface { … }
func configureRBAC(t *testing.T, clientset kubernetes.Interface, role *rbacv1.Role, binding *rbacv1.RoleBinding) { … }
func configureClientConfigForOIDC(t *testing.T, config *rest.Config, clientID, caFilePath, idToken, refreshToken, oidcServerURL string) *rest.Config { … }
func startTestAPIServerForOIDC[L utilsoidc.JosePublicKey](t *testing.T, c apiServerOIDCConfig, publicKey L) *kubeapiserverapptesting.TestServer { … }
func maybeSetSigningAlgs[K utilsoidc.JoseKey](key K) []string { … }
func randomBool() bool { … }
func fetchOIDCCredentials(t *testing.T, oidcTokenURL string, caCertContent []byte) (idToken, refreshToken string) { … }
func fetchExpiredToken(t *testing.T, oidcServer *utilsoidc.TestServer, caCertContent []byte, signingPrivateKey *rsa.PrivateKey) (expiredToken, stubRefreshToken string) { … }
func configureOIDCServerToReturnExpiredIDToken(t *testing.T, returningExpiredTokenTimes int, oidcServer *utilsoidc.TestServer, signingPrivateKey *rsa.PrivateKey) { … }
func configureOIDCServerToReturnExpiredRefreshTokenErrorOnTryingToUpdateIDToken(oidcServer *utilsoidc.TestServer) { … }
func generateCert(t *testing.T) (cert, key []byte, certFilePath, keyFilePath string) { … }
func writeTempFile(t *testing.T, content string) string { … }
func indentCertificateAuthority(caCert string) string { … }
func testContext(t *testing.T) context.Context { … }