From d49b51e2e7fdf0b5088fe6ec8dc90f92bea958bf Mon Sep 17 00:00:00 2001
From: Adriano Cunha <adrcunha@google.com>
Date: Wed, 10 Oct 2018 13:28:15 -0700
Subject: [PATCH] Fix authentication for test clusters

Instead of relying on default options, use basic authentication for test cluster.

Also make acquire_cluster_admin_role() handle auth through certificates, since it's used also on deployment.

Backport of https://github.com/knative/test-infra/pull/115
---
 test/e2e-tests.sh |  2 +-
 test/library.sh   | 23 +++++++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh
index 92d6ff3c0e25..a62a8ffce06b 100755
--- a/test/e2e-tests.sh
+++ b/test/e2e-tests.sh
@@ -178,7 +178,7 @@ if (( ! RUN_TESTS )); then
   header "Creating test cluster"
   # Smallest cluster required to run the end-to-end-tests
   CLUSTER_CREATION_ARGS=(
-    --gke-create-args="--enable-autoscaling --min-nodes=1 --max-nodes=${E2E_CLUSTER_NODES} --scopes=cloud-platform"
+    --gke-create-args="--enable-autoscaling --min-nodes=1 --max-nodes=${E2E_CLUSTER_NODES} --scopes=cloud-platform --enable-basic-auth --no-issue-client-certificate"
     --gke-shape={\"default\":{\"Nodes\":${E2E_CLUSTER_NODES}\,\"MachineType\":\"${E2E_CLUSTER_MACHINE}\"}}
     --provider=gke
     --deployment=gke
diff --git a/test/library.sh b/test/library.sh
index 2cda0002670b..907a1240439f 100755
--- a/test/library.sh
+++ b/test/library.sh
@@ -113,10 +113,29 @@ function acquire_cluster_admin_role() {
   # might not have the necessary permission.
   local password=$(gcloud --format="value(masterAuth.password)" \
       container clusters describe $2 --zone=$3)
-  kubectl --username=admin --password=$password \
-      create clusterrolebinding cluster-admin-binding \
+  if [[ -n "${password}" ]]; then
+    # Cluster created with basic authentication
+    kubectl config set-credentials cluster-admin \
+        --username=admin --password=${password}
+  else
+    local cert=$(mktemp)
+    local key=$(mktemp)
+    echo "Certificate in ${cert}, key in ${key}"
+    gcloud --format="value(masterAuth.clientCertificate)" \
+      container clusters describe $2 --zone=$3 | base64 -d > ${cert}
+    gcloud --format="value(masterAuth.clientKey)" \
+      container clusters describe $2 --zone=$3 | base64 -d > ${key}
+    kubectl config set-credentials cluster-admin \
+      --client-certificate=${cert} --client-key=${key}
+  fi
+  kubectl config set-context $(kubectl config current-context) \
+      --user=cluster-admin
+  kubectl create clusterrolebinding cluster-admin-binding \
       --clusterrole=cluster-admin \
       --user=$1
+  # Reset back to the default account
+  gcloud container clusters get-credentials \
+      $2 --zone=$3 --project $(gcloud config get-value project)
 }
 
 # Runs a go test and generate a junit summary through bazel.