Introduce CF-on-K8s support (#2233)

* Detect CF-on-K8s in `cf api`
* Unpin protobuf
* Implement `cf login` for CF-on-K8s
* Use the latest cloudfoundry/go-log-cache
* Introduce a `ConnectionWrapper` for Kubernetes
* Refactor the creation of the wrapped CC client
* Support Kubernetes inline client certificates
* Support Kubernetes client certificates of any kind
* Test Kubernetes exec plugins
* Support inline and filepath Kubernetes tokens
* Clear the Kubernetes auth information in `cf api`
* Clear the Kubernetes auth information in `cf api --unset`
* Clear the Kubernetes auth information in `cf logout`
* Use the real Kubernetes username when creating a space role
* Use the real Kubernetes username everywhere

Co-authored-by: Giuseppe Capizzi <[email protected]>
Co-authored-by: Danail Branekov <[email protected]>
Co-authored-by: Georgi Sabev <[email protected]>
Co-authored-by: Kieron Browne <[email protected]>
Co-authored-by: Mario Nitchev <[email protected]>

Makefile

@@ -130,11 +130,15 @@ ip: integration-push
 integration-push: build integration-cleanup  ## Run all push-related integration tests
 	$(ginkgo_int) -nodes $(NODES) integration/$(TARGET)/push
 
-integration-tests: build integration-cleanup integration-isolated integration-push integration-global ## Run all isolated, push, and global integration tests
+integration-selfcontained: build
+	$(ginkgo_int) -nodes $(NODES) integration/v7/selfcontained
+
+integration-tests: build integration-cleanup integration-isolated integration-push integration-global integration-selfcontained ## Run all isolated, push, selfcontained, and global integration tests
+
 
 i: integration-tests-full
 integration-full-tests: integration-tests-full
-integration-tests-full: build integration-cleanup integration-isolated integration-push integration-experimental integration-plugin integration-global  ## Run all isolated, push, experimental, plugin, and global integration tests
+integration-tests-full: build integration-cleanup integration-isolated integration-push integration-experimental integration-plugin integration-global integration-selfcontained ## Run all isolated, push, experimental, plugin, selfcontained, and global integration tests
 
 integration-tests-full-ci: integration-cleanup
 	$(ginkgo_int) -nodes $(NODES)  -flakeAttempts $(FLAKE_ATTEMPTS) \

actor/sharedaction/actor.go

@@ -2,14 +2,25 @@
 // controller
 package sharedaction
 
+type AuthActor interface {
+	IsLoggedIn() bool
+}
+
 // Actor handles all shared actions
 type Actor struct {
 	Config Config
+	AuthActor
 }
 
 // NewActor returns an Actor with default settings
 func NewActor(config Config) *Actor {
+	var authActor AuthActor = NewDefaultAuthActor(config)
+	if config.IsCFOnK8s() {
+		authActor = NewK8sAuthActor(config)
+	}
+
 	return &Actor{
-		Config: config,
+		AuthActor: authActor,
+		Config:    config,
 	}
 }

actor/sharedaction/auth.go

@@ -0,0 +1,31 @@
+package sharedaction
+
+type DefaultAuthActor struct {
+	config Config
+}
+
+func NewDefaultAuthActor(config Config) DefaultAuthActor {
+	return DefaultAuthActor{
+		config: config,
+	}
+}
+
+func (a DefaultAuthActor) IsLoggedIn() bool {
+	return a.config.AccessToken() != "" || a.config.RefreshToken() != ""
+}
+
+type K8sAuthActor struct {
+	config Config
+}
+
+func NewK8sAuthActor(config Config) K8sAuthActor {
+	return K8sAuthActor{
+		config: config,
+	}
+}
+
+func (a K8sAuthActor) IsLoggedIn() bool {
+	name, err := a.config.CurrentUserName()
+
+	return err == nil && name != ""
+}

actor/sharedaction/auth_test.go

@@ -0,0 +1,106 @@
+package sharedaction_test
+
+import (
+	"errors"
+
+	. "code.cloudfoundry.org/cli/actor/sharedaction"
+	"code.cloudfoundry.org/cli/actor/sharedaction/sharedactionfakes"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("AuthActor", func() {
+	var (
+		actor      *Actor
+		fakeConfig *sharedactionfakes.FakeConfig
+	)
+
+	BeforeEach(func() {
+		fakeConfig = new(sharedactionfakes.FakeConfig)
+	})
+
+	Context("Default CF on VMs", func() {
+		BeforeEach(func() {
+			actor = NewActor(fakeConfig)
+		})
+
+		When("only the access token is set", func() {
+			BeforeEach(func() {
+				fakeConfig.AccessTokenReturns("some-access-token")
+			})
+
+			It("returns true", func() {
+				Expect(actor.IsLoggedIn()).To(BeTrue())
+			})
+		})
+
+		When("only the refresh token is set", func() {
+			BeforeEach(func() {
+				fakeConfig.RefreshTokenReturns("some-refresh-token")
+			})
+
+			It("returns true", func() {
+				Expect(actor.IsLoggedIn()).To(BeTrue())
+			})
+		})
+
+		When("both access and refresh token are set", func() {
+			BeforeEach(func() {
+				fakeConfig.AccessTokenReturns("some-access-token")
+				fakeConfig.RefreshTokenReturns("some-refresh-token")
+			})
+
+			It("returns true", func() {
+				Expect(actor.IsLoggedIn()).To(BeTrue())
+			})
+		})
+
+		When("neither access nor refresh token are set", func() {
+			BeforeEach(func() {
+				fakeConfig.AccessTokenReturns("")
+				fakeConfig.RefreshTokenReturns("")
+			})
+
+			It("returns false", func() {
+				Expect(actor.IsLoggedIn()).To(BeFalse())
+			})
+		})
+	})
+
+	Context("CF on K8s", func() {
+		BeforeEach(func() {
+			fakeConfig.IsCFOnK8sReturns(true)
+			actor = NewActor(fakeConfig)
+		})
+
+		When("the auth info is set", func() {
+			BeforeEach(func() {
+				fakeConfig.CurrentUserNameReturns("non-empty", nil)
+			})
+
+			It("returns true", func() {
+				Expect(actor.IsLoggedIn()).To(BeTrue())
+			})
+		})
+
+		When("the auth info is not set", func() {
+			BeforeEach(func() {
+				fakeConfig.CurrentUserNameReturns("", nil)
+			})
+
+			It("returns false", func() {
+				Expect(actor.IsLoggedIn()).To(BeFalse())
+			})
+		})
+
+		When("getting the current user name fails", func() {
+			BeforeEach(func() {
+				fakeConfig.CurrentUserNameReturns("", errors.New("boom!"))
+			})
+
+			It("returns false", func() {
+				Expect(actor.IsLoggedIn()).To(BeFalse())
+			})
+		})
+	})
+})

actor/sharedaction/config.go

@@ -9,6 +9,7 @@ type Config interface {
 	CurrentUserName() (string, error)
 	HasTargetedOrganization() bool
 	HasTargetedSpace() bool
+	IsCFOnK8s() bool
 	RefreshToken() string
 	TargetedOrganizationName() string
 	Verbose() (bool, []string)

actor/sharedaction/log_cache_client.go

@@ -5,7 +5,7 @@ import (
 	"time"
 
 	logcache "code.cloudfoundry.org/go-log-cache"
-	"code.cloudfoundry.org/go-loggregator/rpc/loggregator_v2"
+	"code.cloudfoundry.org/go-loggregator/v8/rpc/loggregator_v2"
 )
 
 //go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 . LogCacheClient

actor/sharedaction/logging.go

@@ -10,7 +10,7 @@ import (
 
 	logcache "code.cloudfoundry.org/go-log-cache"
 	"code.cloudfoundry.org/go-log-cache/rpc/logcache_v1"
-	"code.cloudfoundry.org/go-loggregator/rpc/loggregator_v2"
+	"code.cloudfoundry.org/go-loggregator/v8/rpc/loggregator_v2"
 	"github.com/sirupsen/logrus"
 )
 

actor/sharedaction/logging_test.go

@@ -10,7 +10,7 @@ import (
 	"code.cloudfoundry.org/cli/actor/sharedaction"
 	"code.cloudfoundry.org/cli/actor/sharedaction/sharedactionfakes"
 	logcache "code.cloudfoundry.org/go-log-cache"
-	"code.cloudfoundry.org/go-loggregator/rpc/loggregator_v2"
+	"code.cloudfoundry.org/go-loggregator/v8/rpc/loggregator_v2"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )