2022-02-08 18:52:38 +00:00
|
|
|
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
2020-09-16 14:19:51 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2020-08-03 14:17:11 +00:00
|
|
|
|
2021-06-22 15:23:19 +00:00
|
|
|
package testlib
|
2020-08-03 14:17:11 +00:00
|
|
|
|
|
|
|
import (
|
2021-04-15 00:26:12 +00:00
|
|
|
"encoding/base64"
|
2020-09-24 22:51:43 +00:00
|
|
|
"io/ioutil"
|
2020-08-03 14:17:11 +00:00
|
|
|
"os"
|
2021-05-17 18:10:26 +00:00
|
|
|
"sort"
|
2020-09-24 22:51:43 +00:00
|
|
|
"strings"
|
2021-03-17 17:47:38 +00:00
|
|
|
"sync"
|
2020-08-03 14:17:11 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
2020-09-24 22:51:43 +00:00
|
|
|
"sigs.k8s.io/yaml"
|
|
|
|
|
2021-02-16 19:00:08 +00:00
|
|
|
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
|
2020-09-24 22:51:43 +00:00
|
|
|
)
|
|
|
|
|
2020-10-13 14:13:40 +00:00
|
|
|
type Capability string
|
2021-07-08 18:10:53 +00:00
|
|
|
type KubeDistro string
|
2020-09-24 22:51:43 +00:00
|
|
|
|
|
|
|
const (
|
2021-03-16 18:54:29 +00:00
|
|
|
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
|
|
|
|
AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
|
2021-03-16 19:35:07 +00:00
|
|
|
HasExternalLoadBalancerProvider Capability = "hasExternalLoadBalancerProvider"
|
2021-05-28 23:12:57 +00:00
|
|
|
CanReachInternetLDAPPorts Capability = "canReachInternetLDAPPorts"
|
2021-07-08 18:10:53 +00:00
|
|
|
|
|
|
|
KindDistro KubeDistro = "Kind"
|
|
|
|
GKEDistro KubeDistro = "GKE"
|
|
|
|
AKSDistro KubeDistro = "AKS"
|
|
|
|
EKSDistro KubeDistro = "EKS"
|
|
|
|
TKGSDistro KubeDistro = "TKGS"
|
2020-08-03 14:17:11 +00:00
|
|
|
)
|
|
|
|
|
2020-09-24 22:51:43 +00:00
|
|
|
// TestEnv captures all the external parameters consumed by our integration tests.
|
|
|
|
type TestEnv struct {
|
|
|
|
t *testing.T
|
|
|
|
|
2021-04-15 00:26:12 +00:00
|
|
|
ToolsNamespace string `json:"toolsNamespace"`
|
2020-10-30 16:39:26 +00:00
|
|
|
ConciergeNamespace string `json:"conciergeNamespace"`
|
|
|
|
SupervisorNamespace string `json:"supervisorNamespace"`
|
|
|
|
ConciergeAppName string `json:"conciergeAppName"`
|
|
|
|
SupervisorAppName string `json:"supervisorAppName"`
|
|
|
|
SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"`
|
|
|
|
ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"`
|
2021-07-08 18:10:53 +00:00
|
|
|
KubernetesDistribution KubeDistro `json:"kubernetesDistribution"`
|
2020-10-30 16:39:26 +00:00
|
|
|
Capabilities map[Capability]bool `json:"capabilities"`
|
|
|
|
TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
|
|
|
|
SupervisorHTTPAddress string `json:"supervisorHttpAddress"`
|
|
|
|
SupervisorHTTPSAddress string `json:"supervisorHttpsAddress"`
|
|
|
|
SupervisorHTTPSIngressAddress string `json:"supervisorHttpsIngressAddress"`
|
|
|
|
SupervisorHTTPSIngressCABundle string `json:"supervisorHttpsIngressCABundle"`
|
2020-11-16 16:40:18 +00:00
|
|
|
Proxy string `json:"proxy"`
|
2021-01-19 18:50:22 +00:00
|
|
|
APIGroupSuffix string `json:"apiGroupSuffix"`
|
2021-08-25 22:12:07 +00:00
|
|
|
ShellContainerImage string `json:"shellContainer"`
|
2020-10-09 17:11:47 +00:00
|
|
|
|
|
|
|
TestUser struct {
|
2020-09-24 22:51:43 +00:00
|
|
|
Token string `json:"token"`
|
|
|
|
ExpectedUsername string `json:"expectedUsername"`
|
|
|
|
ExpectedGroups []string `json:"expectedGroups"`
|
|
|
|
} `json:"testUser"`
|
2020-10-13 15:41:53 +00:00
|
|
|
|
2021-07-07 16:23:32 +00:00
|
|
|
CLIUpstreamOIDC TestOIDCUpstream `json:"cliOIDCUpstream"`
|
|
|
|
SupervisorUpstreamOIDC TestOIDCUpstream `json:"supervisorOIDCUpstream"`
|
|
|
|
SupervisorUpstreamLDAP TestLDAPUpstream `json:"supervisorLDAPUpstream"`
|
|
|
|
SupervisorUpstreamActiveDirectory TestLDAPUpstream `json:"supervisorActiveDirectoryUpstream"`
|
2020-11-19 21:05:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type TestOIDCUpstream struct {
|
2021-01-11 19:58:07 +00:00
|
|
|
Issuer string `json:"issuer"`
|
|
|
|
CABundle string `json:"caBundle"`
|
|
|
|
AdditionalScopes []string `json:"additionalScopes"`
|
|
|
|
UsernameClaim string `json:"usernameClaim"`
|
|
|
|
GroupsClaim string `json:"groupsClaim"`
|
|
|
|
ClientID string `json:"clientID"`
|
|
|
|
ClientSecret string `json:"clientSecret"`
|
|
|
|
CallbackURL string `json:"callback"`
|
|
|
|
Username string `json:"username"`
|
|
|
|
Password string `json:"password"`
|
|
|
|
ExpectedGroups []string `json:"expectedGroups"`
|
2020-09-24 22:51:43 +00:00
|
|
|
}
|
|
|
|
|
2021-04-07 19:56:09 +00:00
|
|
|
type TestLDAPUpstream struct {
|
2021-08-17 23:53:26 +00:00
|
|
|
Host string `json:"host"`
|
|
|
|
StartTLSOnlyHost string `json:"startTLSOnlyHost"`
|
|
|
|
CABundle string `json:"caBundle"`
|
|
|
|
BindUsername string `json:"bindUsername"`
|
|
|
|
BindPassword string `json:"bindPassword"`
|
|
|
|
UserSearchBase string `json:"userSearchBase"`
|
|
|
|
DefaultNamingContextSearchBase string `json:"defaultNamingContextSearchBase"`
|
|
|
|
GroupSearchBase string `json:"groupSearchBase"`
|
|
|
|
TestUserDN string `json:"testUserDN"`
|
|
|
|
TestUserCN string `json:"testUserCN"`
|
|
|
|
TestUserPassword string `json:"testUserPassword"`
|
|
|
|
TestUserMailAttributeName string `json:"testUserMailAttributeName"`
|
|
|
|
TestUserMailAttributeValue string `json:"testUserMailAttributeValue"`
|
|
|
|
TestUserUniqueIDAttributeName string `json:"testUserUniqueIDAttributeName"`
|
|
|
|
TestUserUniqueIDAttributeValue string `json:"testUserUniqueIDAttributeValue"`
|
|
|
|
TestUserDirectGroupsCNs []string `json:"testUserDirectGroupsCNs"`
|
|
|
|
TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS"
|
|
|
|
TestUserSAMAccountNameValue string `json:"testUserSAMAccountNameValue"`
|
2021-08-18 20:18:53 +00:00
|
|
|
TestUserPrincipalNameValue string `json:"testUserPrincipalNameValue"`
|
2021-08-17 23:53:26 +00:00
|
|
|
TestUserIndirectGroupsSAMAccountNames []string `json:"TestUserIndirectGroupsSAMAccountNames"`
|
|
|
|
TestUserIndirectGroupsSAMAccountPlusDomainNames []string `json:"TestUserIndirectGroupsSAMAccountPlusDomainNames"`
|
|
|
|
TestDeactivatedUserSAMAccountNameValue string `json:"TestDeactivatedUserSAMAccountNameValue"`
|
|
|
|
TestDeactivatedUserPassword string `json:"TestDeactivatedUserPassword"`
|
2021-04-07 19:56:09 +00:00
|
|
|
}
|
|
|
|
|
2020-12-15 17:45:40 +00:00
|
|
|
// ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.
|
|
|
|
func (e *TestEnv) ProxyEnv() []string {
|
|
|
|
if e.Proxy == "" {
|
|
|
|
return nil
|
|
|
|
}
|
2021-03-04 23:19:59 +00:00
|
|
|
return []string{"http_proxy=" + e.Proxy, "https_proxy=" + e.Proxy, "no_proxy=127.0.0.1"}
|
2020-12-15 17:45:40 +00:00
|
|
|
}
|
|
|
|
|
2021-03-17 17:47:38 +00:00
|
|
|
// memoizedTestEnvsByTest maps *testing.T pointers to *TestEnv. It exists so that we don't do all the
|
|
|
|
// environment parsing N times per test and so that any implicit assertions happen only once.
|
|
|
|
var memoizedTestEnvsByTest sync.Map //nolint: gochecknoglobals
|
|
|
|
|
2020-10-13 15:41:53 +00:00
|
|
|
// IntegrationEnv gets the integration test environment from OS environment variables. This
|
2020-09-24 22:51:43 +00:00
|
|
|
// method also implies SkipUnlessIntegration().
|
|
|
|
func IntegrationEnv(t *testing.T) *TestEnv {
|
2021-03-17 17:47:38 +00:00
|
|
|
if existing, exists := memoizedTestEnvsByTest.Load(t); exists {
|
|
|
|
return existing.(*TestEnv)
|
|
|
|
}
|
|
|
|
|
2020-08-03 14:17:11 +00:00
|
|
|
t.Helper()
|
2021-08-25 19:34:33 +00:00
|
|
|
skipUnlessIntegration(t)
|
2020-09-24 22:51:43 +00:00
|
|
|
|
2020-10-09 17:11:47 +00:00
|
|
|
capabilitiesDescriptionYAML := os.Getenv("PINNIPED_TEST_CLUSTER_CAPABILITY_YAML")
|
|
|
|
capabilitiesDescriptionFile := os.Getenv("PINNIPED_TEST_CLUSTER_CAPABILITY_FILE")
|
2020-09-24 22:51:43 +00:00
|
|
|
require.NotEmptyf(t,
|
|
|
|
capabilitiesDescriptionYAML+capabilitiesDescriptionFile,
|
2020-10-09 17:11:47 +00:00
|
|
|
"must specify either PINNIPED_TEST_CLUSTER_CAPABILITY_YAML or PINNIPED_TEST_CLUSTER_CAPABILITY_FILE env var for integration tests",
|
2020-09-24 22:51:43 +00:00
|
|
|
)
|
|
|
|
if capabilitiesDescriptionYAML == "" {
|
|
|
|
bytes, err := ioutil.ReadFile(capabilitiesDescriptionFile)
|
|
|
|
capabilitiesDescriptionYAML = string(bytes)
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var result TestEnv
|
|
|
|
err := yaml.Unmarshal([]byte(capabilitiesDescriptionYAML), &result)
|
|
|
|
require.NoErrorf(t, err, "capabilities specification was invalid YAML")
|
|
|
|
|
2020-10-27 21:57:25 +00:00
|
|
|
loadEnvVars(t, &result)
|
|
|
|
result.t = t
|
2021-03-17 17:47:38 +00:00
|
|
|
memoizedTestEnvsByTest.Store(t, &result)
|
2020-09-24 22:51:43 +00:00
|
|
|
|
2021-03-17 16:08:01 +00:00
|
|
|
// In every integration test, assert that no pods in our namespaces restart during the test.
|
2021-08-17 00:47:08 +00:00
|
|
|
assertNoRestartsDuringTest(t, result.ConciergeNamespace, "!pinniped.dev/test")
|
|
|
|
assertNoRestartsDuringTest(t, result.SupervisorNamespace, "!pinniped.dev/test")
|
2020-10-27 21:57:25 +00:00
|
|
|
return &result
|
|
|
|
}
|
|
|
|
|
|
|
|
func needEnv(t *testing.T, key string) string {
|
|
|
|
t.Helper()
|
|
|
|
value := os.Getenv(key)
|
|
|
|
require.NotEmptyf(t, value, "must specify %s env var for integration tests", key)
|
|
|
|
return value
|
|
|
|
}
|
|
|
|
|
2021-04-15 00:26:12 +00:00
|
|
|
func base64Decoded(t *testing.T, s string) string {
|
|
|
|
t.Helper()
|
|
|
|
if len(s) == 0 {
|
|
|
|
return s
|
|
|
|
}
|
|
|
|
bytes, err := base64.StdEncoding.DecodeString(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return string(bytes)
|
|
|
|
}
|
|
|
|
|
2021-01-19 18:50:22 +00:00
|
|
|
func wantEnv(key, dephault string) string {
|
|
|
|
value, ok := os.LookupEnv(key)
|
|
|
|
if !ok {
|
|
|
|
return dephault
|
|
|
|
}
|
|
|
|
return value
|
|
|
|
}
|
|
|
|
|
2021-01-11 19:58:07 +00:00
|
|
|
func filterEmpty(ss []string) []string {
|
|
|
|
filtered := []string{}
|
|
|
|
for _, s := range ss {
|
|
|
|
if len(s) != 0 {
|
|
|
|
filtered = append(filtered, s)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return filtered
|
|
|
|
}
|
|
|
|
|
2020-10-27 21:57:25 +00:00
|
|
|
func loadEnvVars(t *testing.T, result *TestEnv) {
|
|
|
|
t.Helper()
|
|
|
|
|
2021-04-15 00:26:12 +00:00
|
|
|
result.ToolsNamespace = os.Getenv("PINNIPED_TEST_TOOLS_NAMESPACE")
|
|
|
|
|
2020-10-27 21:57:25 +00:00
|
|
|
result.ConciergeNamespace = needEnv(t, "PINNIPED_TEST_CONCIERGE_NAMESPACE")
|
|
|
|
result.ConciergeAppName = needEnv(t, "PINNIPED_TEST_CONCIERGE_APP_NAME")
|
|
|
|
result.TestUser.ExpectedUsername = needEnv(t, "PINNIPED_TEST_USER_USERNAME")
|
|
|
|
result.TestUser.ExpectedGroups = strings.Split(strings.ReplaceAll(needEnv(t, "PINNIPED_TEST_USER_GROUPS"), " ", ""), ",")
|
|
|
|
result.TestUser.Token = needEnv(t, "PINNIPED_TEST_USER_TOKEN")
|
|
|
|
result.TestWebhook.Endpoint = needEnv(t, "PINNIPED_TEST_WEBHOOK_ENDPOINT")
|
|
|
|
result.SupervisorNamespace = needEnv(t, "PINNIPED_TEST_SUPERVISOR_NAMESPACE")
|
|
|
|
result.SupervisorAppName = needEnv(t, "PINNIPED_TEST_SUPERVISOR_APP_NAME")
|
2020-10-30 16:03:25 +00:00
|
|
|
result.TestWebhook.TLS = &auth1alpha1.TLSSpec{CertificateAuthorityData: needEnv(t, "PINNIPED_TEST_WEBHOOK_CA_BUNDLE")}
|
2020-10-13 15:41:53 +00:00
|
|
|
|
2020-10-20 22:57:10 +00:00
|
|
|
result.SupervisorHTTPAddress = os.Getenv("PINNIPED_TEST_SUPERVISOR_HTTP_ADDRESS")
|
2020-10-27 21:57:25 +00:00
|
|
|
result.SupervisorHTTPSIngressAddress = os.Getenv("PINNIPED_TEST_SUPERVISOR_HTTPS_INGRESS_ADDRESS")
|
2020-10-20 22:57:10 +00:00
|
|
|
require.NotEmptyf(t,
|
2020-10-27 21:57:25 +00:00
|
|
|
result.SupervisorHTTPAddress+result.SupervisorHTTPSIngressAddress,
|
|
|
|
"must specify either PINNIPED_TEST_SUPERVISOR_HTTP_ADDRESS or PINNIPED_TEST_SUPERVISOR_HTTPS_INGRESS_ADDRESS env var (or both) for integration tests",
|
|
|
|
)
|
|
|
|
result.SupervisorHTTPSAddress = needEnv(t, "PINNIPED_TEST_SUPERVISOR_HTTPS_ADDRESS")
|
|
|
|
require.NotRegexp(t, "^[0-9]", result.SupervisorHTTPSAddress,
|
|
|
|
"PINNIPED_TEST_SUPERVISOR_HTTPS_ADDRESS must be a hostname with an optional port and cannot be an IP address",
|
2020-10-20 22:57:10 +00:00
|
|
|
)
|
2021-04-15 00:26:12 +00:00
|
|
|
result.SupervisorHTTPSIngressCABundle = base64Decoded(t, os.Getenv("PINNIPED_TEST_SUPERVISOR_HTTPS_INGRESS_CA_BUNDLE"))
|
2020-10-20 22:57:10 +00:00
|
|
|
|
2020-10-27 21:57:25 +00:00
|
|
|
conciergeCustomLabelsYAML := needEnv(t, "PINNIPED_TEST_CONCIERGE_CUSTOM_LABELS")
|
2020-10-15 17:14:23 +00:00
|
|
|
var conciergeCustomLabels map[string]string
|
2020-10-27 21:57:25 +00:00
|
|
|
err := yaml.Unmarshal([]byte(conciergeCustomLabelsYAML), &conciergeCustomLabels)
|
2020-10-15 17:14:23 +00:00
|
|
|
require.NoErrorf(t, err, "PINNIPED_TEST_CONCIERGE_CUSTOM_LABELS must be a YAML map of string to string")
|
|
|
|
result.ConciergeCustomLabels = conciergeCustomLabels
|
|
|
|
require.NotEmpty(t, result.ConciergeCustomLabels, "PINNIPED_TEST_CONCIERGE_CUSTOM_LABELS cannot be empty")
|
2020-10-27 21:57:25 +00:00
|
|
|
supervisorCustomLabelsYAML := needEnv(t, "PINNIPED_TEST_SUPERVISOR_CUSTOM_LABELS")
|
2020-10-15 17:14:23 +00:00
|
|
|
var supervisorCustomLabels map[string]string
|
|
|
|
err = yaml.Unmarshal([]byte(supervisorCustomLabelsYAML), &supervisorCustomLabels)
|
|
|
|
require.NoErrorf(t, err, "PINNIPED_TEST_SUPERVISOR_CUSTOM_LABELS must be a YAML map of string to string")
|
|
|
|
result.SupervisorCustomLabels = supervisorCustomLabels
|
|
|
|
require.NotEmpty(t, result.SupervisorCustomLabels, "PINNIPED_TEST_SUPERVISOR_CUSTOM_LABELS cannot be empty")
|
2021-04-15 00:26:12 +00:00
|
|
|
|
2020-11-16 16:40:18 +00:00
|
|
|
result.Proxy = os.Getenv("PINNIPED_TEST_PROXY")
|
2021-01-19 18:50:22 +00:00
|
|
|
result.APIGroupSuffix = wantEnv("PINNIPED_TEST_API_GROUP_SUFFIX", "pinniped.dev")
|
2021-08-25 22:12:07 +00:00
|
|
|
result.ShellContainerImage = needEnv(t, "PINNIPED_TEST_SHELL_CONTAINER_IMAGE")
|
2020-10-15 17:14:23 +00:00
|
|
|
|
2021-04-07 19:56:09 +00:00
|
|
|
result.CLIUpstreamOIDC = TestOIDCUpstream{
|
2020-11-19 21:05:31 +00:00
|
|
|
Issuer: needEnv(t, "PINNIPED_TEST_CLI_OIDC_ISSUER"),
|
2021-04-15 00:26:12 +00:00
|
|
|
CABundle: base64Decoded(t, os.Getenv("PINNIPED_TEST_CLI_OIDC_ISSUER_CA_BUNDLE")),
|
2020-11-19 21:05:31 +00:00
|
|
|
ClientID: needEnv(t, "PINNIPED_TEST_CLI_OIDC_CLIENT_ID"),
|
|
|
|
CallbackURL: needEnv(t, "PINNIPED_TEST_CLI_OIDC_CALLBACK_URL"),
|
|
|
|
Username: needEnv(t, "PINNIPED_TEST_CLI_OIDC_USERNAME"),
|
|
|
|
Password: needEnv(t, "PINNIPED_TEST_CLI_OIDC_PASSWORD"),
|
|
|
|
}
|
|
|
|
|
2021-04-07 19:56:09 +00:00
|
|
|
result.SupervisorUpstreamOIDC = TestOIDCUpstream{
|
2021-01-11 19:58:07 +00:00
|
|
|
Issuer: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER"),
|
2021-04-15 00:26:12 +00:00
|
|
|
CABundle: base64Decoded(t, os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE")),
|
2022-02-08 18:52:38 +00:00
|
|
|
AdditionalScopes: filterEmpty(strings.Split(strings.ReplaceAll(os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES"), " ", ""), ",")),
|
2021-01-11 19:58:07 +00:00
|
|
|
UsernameClaim: os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM"),
|
|
|
|
GroupsClaim: os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM"),
|
|
|
|
ClientID: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID"),
|
|
|
|
ClientSecret: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_SECRET"),
|
|
|
|
CallbackURL: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CALLBACK_URL"),
|
|
|
|
Username: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME"),
|
|
|
|
Password: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_PASSWORD"),
|
|
|
|
ExpectedGroups: filterEmpty(strings.Split(strings.ReplaceAll(os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_EXPECTED_GROUPS"), " ", ""), ",")),
|
2020-11-19 21:05:31 +00:00
|
|
|
}
|
2021-04-07 19:56:09 +00:00
|
|
|
|
|
|
|
result.SupervisorUpstreamLDAP = TestLDAPUpstream{
|
|
|
|
Host: needEnv(t, "PINNIPED_TEST_LDAP_HOST"),
|
2021-05-20 20:39:48 +00:00
|
|
|
StartTLSOnlyHost: needEnv(t, "PINNIPED_TEST_LDAP_STARTTLS_ONLY_HOST"),
|
2021-04-22 23:58:48 +00:00
|
|
|
CABundle: base64Decoded(t, os.Getenv("PINNIPED_TEST_LDAP_LDAPS_CA_BUNDLE")),
|
2021-04-07 19:56:09 +00:00
|
|
|
BindUsername: needEnv(t, "PINNIPED_TEST_LDAP_BIND_ACCOUNT_USERNAME"),
|
|
|
|
BindPassword: needEnv(t, "PINNIPED_TEST_LDAP_BIND_ACCOUNT_PASSWORD"),
|
|
|
|
UserSearchBase: needEnv(t, "PINNIPED_TEST_LDAP_USERS_SEARCH_BASE"),
|
2021-05-17 18:10:26 +00:00
|
|
|
GroupSearchBase: needEnv(t, "PINNIPED_TEST_LDAP_GROUPS_SEARCH_BASE"),
|
2021-04-07 19:56:09 +00:00
|
|
|
TestUserDN: needEnv(t, "PINNIPED_TEST_LDAP_USER_DN"),
|
|
|
|
TestUserCN: needEnv(t, "PINNIPED_TEST_LDAP_USER_CN"),
|
|
|
|
TestUserUniqueIDAttributeName: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME"),
|
|
|
|
TestUserUniqueIDAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE"),
|
2021-07-15 23:58:26 +00:00
|
|
|
TestUserMailAttributeName: needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_NAME"),
|
|
|
|
TestUserMailAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_VALUE"),
|
2021-05-17 18:10:26 +00:00
|
|
|
TestUserDirectGroupsCNs: filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_CN"), ";")),
|
|
|
|
TestUserDirectGroupsDNs: filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_DN"), ";")),
|
2021-04-07 19:56:09 +00:00
|
|
|
TestUserPassword: needEnv(t, "PINNIPED_TEST_LDAP_USER_PASSWORD"),
|
|
|
|
}
|
2021-05-17 18:10:26 +00:00
|
|
|
|
2021-07-07 16:23:32 +00:00
|
|
|
result.SupervisorUpstreamActiveDirectory = TestLDAPUpstream{
|
2021-08-17 23:53:26 +00:00
|
|
|
Host: wantEnv("PINNIPED_TEST_AD_HOST", ""),
|
|
|
|
CABundle: base64Decoded(t, os.Getenv("PINNIPED_TEST_AD_LDAPS_CA_BUNDLE")),
|
|
|
|
BindUsername: wantEnv("PINNIPED_TEST_AD_BIND_ACCOUNT_USERNAME", ""),
|
|
|
|
BindPassword: wantEnv("PINNIPED_TEST_AD_BIND_ACCOUNT_PASSWORD", ""),
|
|
|
|
TestUserPassword: wantEnv("PINNIPED_TEST_AD_USER_PASSWORD", ""),
|
|
|
|
TestUserUniqueIDAttributeName: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_NAME", ""),
|
|
|
|
TestUserUniqueIDAttributeValue: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_VALUE", ""),
|
2021-08-26 23:18:05 +00:00
|
|
|
TestUserPrincipalNameValue: wantEnv("PINNIPED_TEST_AD_USER_USER_PRINCIPAL_NAME", ""),
|
2021-08-17 23:53:26 +00:00
|
|
|
TestUserMailAttributeValue: wantEnv("PINNIPED_TEST_AD_USER_EMAIL_ATTRIBUTE_VALUE", ""),
|
|
|
|
TestUserMailAttributeName: wantEnv("PINNIPED_TEST_AD_USER_EMAIL_ATTRIBUTE_NAME", ""),
|
|
|
|
TestUserDirectGroupsDNs: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_DN", ""), ";")),
|
|
|
|
TestUserDirectGroupsCNs: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_CN", ""), ";")),
|
|
|
|
TestUserIndirectGroupsSAMAccountNames: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_SAMACCOUNTNAME", ""), ";")),
|
|
|
|
TestUserIndirectGroupsSAMAccountPlusDomainNames: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_SAMACCOUNTNAME_DOMAINNAMES", ""), ";")),
|
|
|
|
TestDeactivatedUserSAMAccountNameValue: wantEnv("PINNIPED_TEST_DEACTIVATED_AD_USER_SAMACCOUNTNAME", ""),
|
|
|
|
TestDeactivatedUserPassword: wantEnv("PINNIPED_TEST_DEACTIVATED_AD_USER_PASSWORD", ""),
|
|
|
|
DefaultNamingContextSearchBase: wantEnv("PINNIPED_TEST_AD_DEFAULTNAMINGCONTEXT_DN", ""),
|
|
|
|
UserSearchBase: wantEnv("PINNIPED_TEST_AD_USERS_DN", ""),
|
|
|
|
GroupSearchBase: wantEnv("PINNIPED_TEST_AD_USERS_DN", ""),
|
2021-07-07 16:23:32 +00:00
|
|
|
}
|
|
|
|
|
2021-05-17 18:10:26 +00:00
|
|
|
sort.Strings(result.SupervisorUpstreamLDAP.TestUserDirectGroupsCNs)
|
|
|
|
sort.Strings(result.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs)
|
2021-07-15 18:32:15 +00:00
|
|
|
sort.Strings(result.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsCNs)
|
|
|
|
sort.Strings(result.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsDNs)
|
2021-07-22 00:06:52 +00:00
|
|
|
sort.Strings(result.SupervisorUpstreamActiveDirectory.TestUserIndirectGroupsSAMAccountNames)
|
2020-08-03 14:17:11 +00:00
|
|
|
}
|
2020-09-25 14:37:17 +00:00
|
|
|
|
2020-10-13 14:13:40 +00:00
|
|
|
func (e *TestEnv) HasCapability(cap Capability) bool {
|
2020-09-25 14:37:17 +00:00
|
|
|
e.t.Helper()
|
|
|
|
isCapable, capabilityWasDescribed := e.Capabilities[cap]
|
2020-10-13 14:13:40 +00:00
|
|
|
require.Truef(e.t, capabilityWasDescribed, "the %q capability of the test environment was not described", cap)
|
2020-09-25 14:37:17 +00:00
|
|
|
return isCapable
|
|
|
|
}
|
|
|
|
|
2020-10-13 14:13:40 +00:00
|
|
|
func (e *TestEnv) WithCapability(cap Capability) *TestEnv {
|
2020-09-25 14:37:17 +00:00
|
|
|
e.t.Helper()
|
|
|
|
if !e.HasCapability(cap) {
|
2020-10-13 14:13:40 +00:00
|
|
|
e.t.Skipf("skipping integration test because test environment lacks the %q capability", cap)
|
2020-09-25 14:37:17 +00:00
|
|
|
}
|
|
|
|
return e
|
|
|
|
}
|
|
|
|
|
2020-10-13 14:13:40 +00:00
|
|
|
func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv {
|
2020-09-25 14:37:17 +00:00
|
|
|
e.t.Helper()
|
|
|
|
if e.HasCapability(cap) {
|
2020-10-13 14:13:40 +00:00
|
|
|
e.t.Skipf("skipping integration test because test environment has the %q capability", cap)
|
2020-09-25 14:37:17 +00:00
|
|
|
}
|
|
|
|
return e
|
|
|
|
}
|
2021-07-08 18:10:53 +00:00
|
|
|
|
|
|
|
// WithKubeDistribution skips the test unless it will run on the expected cluster type.
|
|
|
|
// Please use this sparingly. We would prefer that a test run on every cluster type where it can possibly run, so
|
|
|
|
// prefer to run everywhere when possible or use cluster capabilities when needed, rather than looking at the
|
|
|
|
// type of cluster to decide to skip a test. However, there are some tests that do not depend on or interact with
|
|
|
|
// Kubernetes itself which really only need to run on on a single platform to give us the coverage that we desire.
|
|
|
|
func (e *TestEnv) WithKubeDistribution(distro KubeDistro) *TestEnv {
|
|
|
|
e.t.Helper()
|
|
|
|
if e.KubernetesDistribution != distro {
|
|
|
|
e.t.Skipf("skipping integration test because test environment is running %q but this test wants %q", e.KubernetesDistribution, distro)
|
|
|
|
}
|
|
|
|
return e
|
|
|
|
}
|