2020-10-09 00:40:58 +00:00
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package supervisorconfig
import (
"context"
2020-10-09 14:39:17 +00:00
"errors"
2020-10-23 23:25:44 +00:00
"net/url"
2020-10-09 14:39:17 +00:00
"reflect"
"sync"
2020-10-09 00:40:58 +00:00
"testing"
"time"
"github.com/sclevine/spec"
"github.com/sclevine/spec/report"
"github.com/stretchr/testify/require"
2020-10-09 14:39:17 +00:00
k8serrors "k8s.io/apimachinery/pkg/api/errors"
2020-10-09 00:40:58 +00:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2020-10-09 14:39:17 +00:00
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
2020-10-09 00:40:58 +00:00
"k8s.io/apimachinery/pkg/util/clock"
2020-10-09 14:39:17 +00:00
coretesting "k8s.io/client-go/testing"
2020-10-09 00:40:58 +00:00
2020-10-30 20:09:14 +00:00
"go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
pinnipedfake "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/fake"
pinnipedinformers "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions"
2020-10-09 00:40:58 +00:00
"go.pinniped.dev/internal/controllerlib"
2020-10-09 14:39:17 +00:00
"go.pinniped.dev/internal/here"
2020-10-09 00:40:58 +00:00
"go.pinniped.dev/internal/oidc/provider"
"go.pinniped.dev/internal/testutil"
)
func TestInformerFilters ( t * testing . T ) {
spec . Run ( t , "informer filters" , func ( t * testing . T , when spec . G , it spec . S ) {
var r * require . Assertions
var observableWithInformerOption * testutil . ObservableWithInformerOption
var configMapInformerFilter controllerlib . Filter
it . Before ( func ( ) {
r = require . New ( t )
observableWithInformerOption = testutil . NewObservableWithInformerOption ( )
2020-11-02 22:24:55 +00:00
opcInformer := pinnipedinformers . NewSharedInformerFactoryWithOptions ( nil , 0 ) . Config ( ) . V1alpha1 ( ) . OIDCProviders ( )
_ = NewOIDCProviderWatcherController (
2020-10-09 00:40:58 +00:00
nil ,
nil ,
nil ,
opcInformer ,
observableWithInformerOption . WithInformer , // make it possible to observe the behavior of the Filters
)
configMapInformerFilter = observableWithInformerOption . GetFilterForInformer ( opcInformer )
} )
2020-11-02 22:24:55 +00:00
when ( "watching OIDCProvider objects" , func ( ) {
2020-10-09 00:40:58 +00:00
var subject controllerlib . Filter
2020-11-02 22:24:55 +00:00
var target , otherNamespace , otherName * v1alpha1 . OIDCProvider
2020-10-09 00:40:58 +00:00
it . Before ( func ( ) {
subject = configMapInformerFilter
2020-11-02 22:24:55 +00:00
target = & v1alpha1 . OIDCProvider { ObjectMeta : metav1 . ObjectMeta { Name : "some-name" , Namespace : "some-namespace" } }
otherNamespace = & v1alpha1 . OIDCProvider { ObjectMeta : metav1 . ObjectMeta { Name : "some-name" , Namespace : "other-namespace" } }
otherName = & v1alpha1 . OIDCProvider { ObjectMeta : metav1 . ObjectMeta { Name : "other-name" , Namespace : "some-namespace" } }
2020-10-09 00:40:58 +00:00
} )
2020-11-02 22:24:55 +00:00
when ( "any OIDCProvider changes" , func ( ) {
2020-10-09 00:40:58 +00:00
it ( "returns true to trigger the sync method" , func ( ) {
r . True ( subject . Add ( target ) )
r . True ( subject . Add ( otherName ) )
r . True ( subject . Add ( otherNamespace ) )
r . True ( subject . Update ( target , otherName ) )
r . True ( subject . Update ( otherName , otherName ) )
r . True ( subject . Update ( otherNamespace , otherName ) )
r . True ( subject . Update ( otherName , target ) )
r . True ( subject . Update ( otherName , otherName ) )
r . True ( subject . Update ( otherName , otherNamespace ) )
r . True ( subject . Delete ( target ) )
r . True ( subject . Delete ( otherName ) )
r . True ( subject . Delete ( otherNamespace ) )
} )
} )
} )
} , spec . Parallel ( ) , spec . Report ( report . Terminal { } ) )
}
type fakeProvidersSetter struct {
SetProvidersWasCalled bool
OIDCProvidersReceived [ ] * provider . OIDCProvider
}
func ( f * fakeProvidersSetter ) SetProviders ( oidcProviders ... * provider . OIDCProvider ) {
f . SetProvidersWasCalled = true
f . OIDCProvidersReceived = oidcProviders
}
func TestSync ( t * testing . T ) {
spec . Run ( t , "Sync" , func ( t * testing . T , when spec . G , it spec . S ) {
2020-10-09 14:39:17 +00:00
const namespace = "some-namespace"
2020-10-09 00:40:58 +00:00
var r * require . Assertions
var subject controllerlib . Controller
var opcInformerClient * pinnipedfake . Clientset
var opcInformers pinnipedinformers . SharedInformerFactory
var pinnipedAPIClient * pinnipedfake . Clientset
var timeoutContext context . Context
var timeoutContextCancel context . CancelFunc
var syncContext * controllerlib . Context
var frozenNow time . Time
var providersSetter * fakeProvidersSetter
2020-11-02 22:24:55 +00:00
var oidcProviderGVR schema . GroupVersionResource
2020-10-09 00:40:58 +00:00
// Defer starting the informers until the last possible moment so that the
// nested Before's can keep adding things to the informer caches.
var startInformersAndController = func ( ) {
// Set this at the last second to allow for injection of server override.
2020-11-02 22:24:55 +00:00
subject = NewOIDCProviderWatcherController (
2020-10-09 00:40:58 +00:00
providersSetter ,
clock . NewFakeClock ( frozenNow ) ,
pinnipedAPIClient ,
2020-11-02 22:24:55 +00:00
opcInformers . Config ( ) . V1alpha1 ( ) . OIDCProviders ( ) ,
2020-10-09 00:40:58 +00:00
controllerlib . WithInformer ,
)
// Set this at the last second to support calling subject.Name().
syncContext = & controllerlib . Context {
Context : timeoutContext ,
Name : subject . Name ( ) ,
Key : controllerlib . Key {
2020-10-09 14:39:17 +00:00
Namespace : namespace ,
2020-10-09 00:40:58 +00:00
Name : "config-name" ,
} ,
}
// Must start informers before calling TestRunSynchronously()
opcInformers . Start ( timeoutContext . Done ( ) )
controllerlib . TestRunSynchronously ( t , subject )
}
it . Before ( func ( ) {
r = require . New ( t )
providersSetter = & fakeProvidersSetter { }
frozenNow = time . Date ( 2020 , time . September , 23 , 7 , 42 , 0 , 0 , time . Local )
timeoutContext , timeoutContextCancel = context . WithTimeout ( context . Background ( ) , time . Second * 3 )
opcInformerClient = pinnipedfake . NewSimpleClientset ( )
opcInformers = pinnipedinformers . NewSharedInformerFactory ( opcInformerClient , 0 )
pinnipedAPIClient = pinnipedfake . NewSimpleClientset ( )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderGVR = schema . GroupVersionResource {
2020-10-09 14:39:17 +00:00
Group : v1alpha1 . SchemeGroupVersion . Group ,
Version : v1alpha1 . SchemeGroupVersion . Version ,
2020-11-02 22:24:55 +00:00
Resource : "oidcproviders" ,
2020-10-09 14:39:17 +00:00
}
2020-10-09 00:40:58 +00:00
} )
it . After ( func ( ) {
timeoutContextCancel ( )
} )
2020-11-02 22:24:55 +00:00
when ( "there are some valid OIDCProviders in the informer" , func ( ) {
2020-10-09 14:39:17 +00:00
var (
2020-11-02 22:24:55 +00:00
oidcProvider1 * v1alpha1 . OIDCProvider
oidcProvider2 * v1alpha1 . OIDCProvider
2020-10-09 14:39:17 +00:00
)
2020-10-09 00:40:58 +00:00
it . Before ( func ( ) {
2020-11-02 22:24:55 +00:00
oidcProvider1 = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "config1" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://issuer1.com" } ,
2020-10-09 00:40:58 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProvider1 ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProvider1 ) )
2020-10-09 00:40:58 +00:00
2020-11-02 22:24:55 +00:00
oidcProvider2 = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "config2" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://issuer2.com" } ,
2020-10-09 00:40:58 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProvider2 ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProvider2 ) )
2020-10-09 00:40:58 +00:00
} )
2020-10-09 14:39:17 +00:00
it ( "calls the ProvidersSetter" , func ( ) {
2020-10-09 00:40:58 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
provider1 , err := provider . NewOIDCProvider ( oidcProvider1 . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
2020-11-02 22:24:55 +00:00
provider2 , err := provider . NewOIDCProvider ( oidcProvider2 . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
2020-10-09 00:40:58 +00:00
r . True ( providersSetter . SetProvidersWasCalled )
2020-10-09 14:39:17 +00:00
r . ElementsMatch (
[ ] * provider . OIDCProvider {
provider1 ,
provider2 ,
} ,
providersSetter . OIDCProvidersReceived ,
)
} )
2020-11-02 22:24:55 +00:00
it ( "updates the status to success in the OIDCProviders" , func ( ) {
2020-10-09 14:39:17 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
oidcProvider1 . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider1 . Status . Message = "Provider successfully created"
oidcProvider1 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
oidcProvider2 . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider2 . Status . Message = "Provider successfully created"
oidcProvider2 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider1 . Namespace ,
oidcProvider1 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider1 . Namespace ,
oidcProvider1 ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider2 . Namespace ,
oidcProvider2 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider2 . Namespace ,
oidcProvider2 ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
2020-11-02 22:24:55 +00:00
when ( "one OIDCProvider is already up to date" , func ( ) {
2020-10-09 14:39:17 +00:00
it . Before ( func ( ) {
2020-11-02 22:24:55 +00:00
oidcProvider1 . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider1 . Status . Message = "Provider successfully created"
oidcProvider1 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Update ( oidcProviderGVR , oidcProvider1 , oidcProvider1 . Namespace ) )
r . NoError ( opcInformerClient . Tracker ( ) . Update ( oidcProviderGVR , oidcProvider1 , oidcProvider1 . Namespace ) )
2020-10-09 14:39:17 +00:00
} )
2020-11-02 22:24:55 +00:00
it ( "only updates the out-of-date OIDCProvider" , func ( ) {
2020-10-09 14:39:17 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
oidcProvider2 . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider2 . Status . Message = "Provider successfully created"
oidcProvider2 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider1 . Namespace ,
oidcProvider1 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider2 . Namespace ,
oidcProvider2 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider2 . Namespace ,
oidcProvider2 ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
2020-11-02 22:24:55 +00:00
it ( "calls the ProvidersSetter with both OIDCProvider's" , func ( ) {
2020-10-09 14:39:17 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-10-09 00:40:58 +00:00
2020-11-02 22:24:55 +00:00
provider1 , err := provider . NewOIDCProvider ( oidcProvider1 . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
2020-11-02 22:24:55 +00:00
provider2 , err := provider . NewOIDCProvider ( oidcProvider2 . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
r . True ( providersSetter . SetProvidersWasCalled )
r . ElementsMatch (
[ ] * provider . OIDCProvider {
provider1 ,
provider2 ,
} ,
providersSetter . OIDCProvidersReceived ,
)
} )
} )
2020-11-02 22:24:55 +00:00
when ( "updating only one OIDCProvider fails for a reason other than conflict" , func ( ) {
2020-10-09 14:39:17 +00:00
it . Before ( func ( ) {
once := sync . Once { }
pinnipedAPIClient . PrependReactor (
"update" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-09 14:39:17 +00:00
func ( _ coretesting . Action ) ( bool , runtime . Object , error ) {
var err error
once . Do ( func ( ) {
err = errors . New ( "some update error" )
} )
return true , nil , err
} ,
)
} )
it ( "sets the provider that it could actually update in the API" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , "1 error(s):\n- could not update status: some update error" )
2020-11-02 22:24:55 +00:00
provider1 , err := provider . NewOIDCProvider ( oidcProvider1 . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
2020-11-02 22:24:55 +00:00
provider2 , err := provider . NewOIDCProvider ( oidcProvider2 . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
r . True ( providersSetter . SetProvidersWasCalled )
r . Len ( providersSetter . OIDCProvidersReceived , 1 )
r . True (
reflect . DeepEqual ( providersSetter . OIDCProvidersReceived [ 0 ] , provider1 ) ||
reflect . DeepEqual ( providersSetter . OIDCProvidersReceived [ 0 ] , provider2 ) ,
)
} )
it ( "returns an error" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , "1 error(s):\n- could not update status: some update error" )
2020-11-02 22:24:55 +00:00
oidcProvider1 . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider1 . Status . Message = "Provider successfully created"
oidcProvider1 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
oidcProvider2 . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider2 . Status . Message = "Provider successfully created"
oidcProvider2 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider1 . Namespace ,
oidcProvider1 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider1 . Namespace ,
oidcProvider1 ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider2 . Namespace ,
oidcProvider2 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider2 . Namespace ,
oidcProvider2 ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
} )
} )
2020-11-02 22:24:55 +00:00
when ( "there are errors updating the OIDCProviders" , func ( ) {
2020-10-09 14:39:17 +00:00
var (
2020-11-02 22:24:55 +00:00
oidcProvider * v1alpha1 . OIDCProvider
2020-10-09 14:39:17 +00:00
)
it . Before ( func ( ) {
2020-11-02 22:24:55 +00:00
oidcProvider = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "config" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://issuer.com" } ,
2020-10-09 14:39:17 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProvider ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProvider ) )
2020-10-09 00:40:58 +00:00
} )
2020-11-02 22:24:55 +00:00
when ( "there is a conflict while updating an OIDCProvider" , func ( ) {
2020-10-09 14:39:17 +00:00
it . Before ( func ( ) {
once := sync . Once { }
pinnipedAPIClient . PrependReactor (
"update" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-09 14:39:17 +00:00
func ( _ coretesting . Action ) ( bool , runtime . Object , error ) {
var err error
once . Do ( func ( ) {
err = k8serrors . NewConflict ( schema . GroupResource { } , "" , nil )
} )
return true , nil , err
} ,
)
} )
2020-11-02 22:24:55 +00:00
it ( "retries updating the OIDCProvider" , func ( ) {
2020-10-09 14:39:17 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
oidcProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider . Status . Message = "Provider successfully created"
oidcProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider ,
2020-10-09 14:39:17 +00:00
) ,
}
r . Equal ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
} )
2020-11-02 22:24:55 +00:00
when ( "updating the OIDCProvider fails for a reason other than conflict" , func ( ) {
2020-10-09 14:39:17 +00:00
it . Before ( func ( ) {
pinnipedAPIClient . PrependReactor (
"update" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-09 14:39:17 +00:00
func ( _ coretesting . Action ) ( bool , runtime . Object , error ) {
return true , nil , errors . New ( "some update error" )
} ,
)
} )
it ( "returns an error" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , "1 error(s):\n- could not update status: some update error" )
2020-11-02 22:24:55 +00:00
oidcProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider . Status . Message = "Provider successfully created"
oidcProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider ,
2020-10-09 14:39:17 +00:00
) ,
}
r . Equal ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
} )
2020-11-02 22:24:55 +00:00
when ( "there is an error when getting the OIDCProvider" , func ( ) {
2020-10-09 14:39:17 +00:00
it . Before ( func ( ) {
pinnipedAPIClient . PrependReactor (
"get" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-09 14:39:17 +00:00
func ( _ coretesting . Action ) ( bool , runtime . Object , error ) {
return true , nil , errors . New ( "some get error" )
} ,
)
} )
it ( "returns the get error" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , "1 error(s):\n- could not update status: get failed: some get error" )
2020-11-02 22:24:55 +00:00
oidcProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider . Status . Message = "Provider successfully created"
oidcProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
}
r . Equal ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
2020-10-09 00:40:58 +00:00
} )
} )
2020-11-02 22:24:55 +00:00
when ( "there are both valid and invalid OIDCProviders in the informer" , func ( ) {
2020-10-09 14:39:17 +00:00
var (
2020-11-02 22:24:55 +00:00
validOIDCProvider * v1alpha1 . OIDCProvider
invalidOIDCProvider * v1alpha1 . OIDCProvider
2020-10-09 14:39:17 +00:00
)
it . Before ( func ( ) {
2020-11-02 22:24:55 +00:00
validOIDCProvider = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "valid-config" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://valid-issuer.com" } ,
2020-10-09 14:39:17 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( validOIDCProvider ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( validOIDCProvider ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
invalidOIDCProvider = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "invalid-config" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://invalid-issuer.com?some=query" } ,
2020-10-09 14:39:17 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( invalidOIDCProvider ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( invalidOIDCProvider ) )
2020-10-09 14:39:17 +00:00
} )
it ( "calls the ProvidersSetter with the valid provider" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
validProvider , err := provider . NewOIDCProvider ( validOIDCProvider . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
r . True ( providersSetter . SetProvidersWasCalled )
r . Equal (
[ ] * provider . OIDCProvider {
validProvider ,
} ,
providersSetter . OIDCProvidersReceived ,
)
} )
2020-11-02 22:24:55 +00:00
it ( "updates the status to success/invalid in the OIDCProviders" , func ( ) {
2020-10-09 14:39:17 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
validOIDCProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
validOIDCProvider . Status . Message = "Provider successfully created"
validOIDCProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
invalidOIDCProvider . Status . Status = v1alpha1 . InvalidOIDCProviderStatusCondition
invalidOIDCProvider . Status . Message = "Invalid: issuer must not have query"
invalidOIDCProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
invalidOIDCProvider . Namespace ,
invalidOIDCProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
invalidOIDCProvider . Namespace ,
invalidOIDCProvider ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
validOIDCProvider . Namespace ,
validOIDCProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
validOIDCProvider . Namespace ,
validOIDCProvider ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
2020-11-02 22:24:55 +00:00
when ( "updating only the invalid OIDCProvider fails for a reason other than conflict" , func ( ) {
2020-10-09 14:39:17 +00:00
it . Before ( func ( ) {
pinnipedAPIClient . PrependReactor (
"update" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-09 14:39:17 +00:00
func ( action coretesting . Action ) ( bool , runtime . Object , error ) {
updateAction := action . ( coretesting . UpdateActionImpl )
2020-11-02 22:24:55 +00:00
opc := updateAction . Object . ( * v1alpha1 . OIDCProvider )
if opc . Name == validOIDCProvider . Name {
2020-10-09 14:39:17 +00:00
return true , nil , nil
}
return true , nil , errors . New ( "some update error" )
} ,
)
} )
it ( "sets the provider that it could actually update in the API" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , "1 error(s):\n- could not update status: some update error" )
2020-11-02 22:24:55 +00:00
validProvider , err := provider . NewOIDCProvider ( validOIDCProvider . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
r . True ( providersSetter . SetProvidersWasCalled )
r . Equal (
[ ] * provider . OIDCProvider {
validProvider ,
} ,
providersSetter . OIDCProvidersReceived ,
)
} )
it ( "returns an error" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , "1 error(s):\n- could not update status: some update error" )
2020-11-02 22:24:55 +00:00
validOIDCProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
validOIDCProvider . Status . Message = "Provider successfully created"
validOIDCProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
invalidOIDCProvider . Status . Status = v1alpha1 . InvalidOIDCProviderStatusCondition
invalidOIDCProvider . Status . Message = "Invalid: issuer must not have query"
invalidOIDCProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
invalidOIDCProvider . Namespace ,
invalidOIDCProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
invalidOIDCProvider . Namespace ,
invalidOIDCProvider ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
validOIDCProvider . Namespace ,
validOIDCProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
validOIDCProvider . Namespace ,
validOIDCProvider ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
} )
2020-10-09 00:40:58 +00:00
} )
2020-11-02 22:24:55 +00:00
when ( "there are OIDCProviders with duplicate issuer names in the informer" , func ( ) {
2020-10-09 14:39:17 +00:00
var (
2020-11-02 22:24:55 +00:00
oidcProviderDuplicate1 * v1alpha1 . OIDCProvider
oidcProviderDuplicate2 * v1alpha1 . OIDCProvider
oidcProvider * v1alpha1 . OIDCProvider
2020-10-09 14:39:17 +00:00
)
it . Before ( func ( ) {
2020-10-23 23:25:44 +00:00
// Hostnames are case-insensitive, so consider them to be duplicates if they only differ by case.
// Paths are case-sensitive, so having a path that differs only by case makes a new issuer.
2020-11-02 22:24:55 +00:00
oidcProviderDuplicate1 = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "duplicate1" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://iSSueR-duPlicAte.cOm/a" } ,
2020-10-09 14:39:17 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProviderDuplicate1 ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProviderDuplicate1 ) )
oidcProviderDuplicate2 = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "duplicate2" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://issuer-duplicate.com/a" } ,
2020-10-09 14:39:17 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProviderDuplicate2 ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProviderDuplicate2 ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
oidcProvider = & v1alpha1 . OIDCProvider {
2020-10-09 14:39:17 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "not-duplicate" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec { Issuer : "https://issuer-duplicate.com/A" } , // different path
2020-10-09 14:39:17 +00:00
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProvider ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProvider ) )
2020-10-09 14:39:17 +00:00
} )
it ( "calls the ProvidersSetter with the non-duplicate" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
nonDuplicateProvider , err := provider . NewOIDCProvider ( oidcProvider . Spec . Issuer )
2020-10-09 14:39:17 +00:00
r . NoError ( err )
r . True ( providersSetter . SetProvidersWasCalled )
r . Equal (
[ ] * provider . OIDCProvider {
nonDuplicateProvider ,
} ,
providersSetter . OIDCProvidersReceived ,
)
} )
it ( "updates the statuses" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
oidcProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider . Status . Message = "Provider successfully created"
oidcProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderDuplicate1 . Status . Status = v1alpha1 . DuplicateOIDCProviderStatusCondition
oidcProviderDuplicate1 . Status . Message = "Duplicate issuer: https://iSSueR-duPlicAte.cOm/a"
oidcProviderDuplicate1 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderDuplicate2 . Status . Status = v1alpha1 . DuplicateOIDCProviderStatusCondition
oidcProviderDuplicate2 . Status . Message = "Duplicate issuer: https://issuer-duplicate.com/a"
oidcProviderDuplicate2 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDuplicate1 . Namespace ,
oidcProviderDuplicate1 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDuplicate1 . Namespace ,
oidcProviderDuplicate1 ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDuplicate2 . Namespace ,
oidcProviderDuplicate2 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDuplicate2 . Namespace ,
oidcProviderDuplicate2 ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
when ( "we cannot talk to the API" , func ( ) {
it . Before ( func ( ) {
pinnipedAPIClient . PrependReactor (
"get" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-09 14:39:17 +00:00
func ( _ coretesting . Action ) ( bool , runtime . Object , error ) {
return true , nil , errors . New ( "some get error" )
} ,
)
} )
it ( "returns the get errors" , func ( ) {
expectedError := here . Doc ( `
2020-10-23 23:25:44 +00:00
3 error ( s ) :
- could not update status : get failed : some get error
- could not update status : get failed : some get error
- could not update status : get failed : some get error ` )
2020-10-09 14:39:17 +00:00
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , expectedError )
2020-11-02 22:24:55 +00:00
oidcProvider . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProvider . Status . Message = "Provider successfully created"
oidcProvider . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-09 14:39:17 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDuplicate1 . Namespace ,
oidcProviderDuplicate1 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDuplicate2 . Namespace ,
oidcProviderDuplicate2 . Name ,
2020-10-09 14:39:17 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProvider . Namespace ,
oidcProvider . Name ,
2020-10-09 14:39:17 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
} )
2020-10-09 00:40:58 +00:00
} )
2020-11-02 22:24:55 +00:00
when ( "there are OIDCProviders with the same issuer DNS hostname using different secretNames" , func ( ) {
2020-10-23 23:25:44 +00:00
var (
2020-11-02 22:24:55 +00:00
oidcProviderSameIssuerAddress1 * v1alpha1 . OIDCProvider
oidcProviderSameIssuerAddress2 * v1alpha1 . OIDCProvider
oidcProviderDifferentIssuerAddress * v1alpha1 . OIDCProvider
oidcProviderWithInvalidIssuerURL * v1alpha1 . OIDCProvider
2020-10-23 23:25:44 +00:00
)
it . Before ( func ( ) {
2020-11-02 22:24:55 +00:00
oidcProviderSameIssuerAddress1 = & v1alpha1 . OIDCProvider {
2020-10-23 23:25:44 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "provider1" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec {
2020-11-02 22:55:29 +00:00
Issuer : "https://iSSueR-duPlicAte-adDress.cOm/path1" ,
TLS : & v1alpha1 . OIDCProviderTLSSpec { SecretName : "secret1" } ,
2020-10-23 23:25:44 +00:00
} ,
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProviderSameIssuerAddress1 ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProviderSameIssuerAddress1 ) )
oidcProviderSameIssuerAddress2 = & v1alpha1 . OIDCProvider {
2020-10-23 23:25:44 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "provider2" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec {
2020-10-27 00:03:26 +00:00
// Validation treats these as the same DNS hostname even though they have different port numbers,
// because SNI information on the incoming requests is not going to include port numbers.
2020-11-02 22:55:29 +00:00
Issuer : "https://issuer-duplicate-address.com:1234/path2" ,
TLS : & v1alpha1 . OIDCProviderTLSSpec { SecretName : "secret2" } ,
2020-10-23 23:25:44 +00:00
} ,
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProviderSameIssuerAddress2 ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProviderSameIssuerAddress2 ) )
2020-10-23 23:25:44 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderDifferentIssuerAddress = & v1alpha1 . OIDCProvider {
2020-10-23 23:25:44 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "differentIssuerAddressProvider" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec {
2020-11-02 22:55:29 +00:00
Issuer : "https://issuer-not-duplicate.com" ,
TLS : & v1alpha1 . OIDCProviderTLSSpec { SecretName : "secret1" } ,
2020-10-23 23:25:44 +00:00
} ,
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProviderDifferentIssuerAddress ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProviderDifferentIssuerAddress ) )
2020-10-23 23:25:44 +00:00
// Also add one with a URL that cannot be parsed to make sure that the error handling
// for the duplicate issuers and secret names are not confused by invalid URLs.
invalidIssuerURL := ":/host//path"
_ , err := url . Parse ( invalidIssuerURL ) //nolint:staticcheck // Yes, this URL is intentionally invalid.
r . Error ( err )
2020-11-02 22:24:55 +00:00
oidcProviderWithInvalidIssuerURL = & v1alpha1 . OIDCProvider {
2020-10-23 23:25:44 +00:00
ObjectMeta : metav1 . ObjectMeta { Name : "invalidIssuerURLProvider" , Namespace : namespace } ,
2020-11-02 22:24:55 +00:00
Spec : v1alpha1 . OIDCProviderSpec {
2020-11-02 22:55:29 +00:00
Issuer : invalidIssuerURL ,
TLS : & v1alpha1 . OIDCProviderTLSSpec { SecretName : "secret1" } ,
2020-10-23 23:25:44 +00:00
} ,
}
2020-11-02 22:24:55 +00:00
r . NoError ( pinnipedAPIClient . Tracker ( ) . Add ( oidcProviderWithInvalidIssuerURL ) )
r . NoError ( opcInformerClient . Tracker ( ) . Add ( oidcProviderWithInvalidIssuerURL ) )
2020-10-23 23:25:44 +00:00
} )
it ( "calls the ProvidersSetter with the non-duplicate" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
nonDuplicateProvider , err := provider . NewOIDCProvider ( oidcProviderDifferentIssuerAddress . Spec . Issuer )
2020-10-23 23:25:44 +00:00
r . NoError ( err )
r . True ( providersSetter . SetProvidersWasCalled )
r . Equal (
[ ] * provider . OIDCProvider {
nonDuplicateProvider ,
} ,
providersSetter . OIDCProvidersReceived ,
)
} )
it ( "updates the statuses" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
2020-11-02 22:24:55 +00:00
oidcProviderDifferentIssuerAddress . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProviderDifferentIssuerAddress . Status . Message = "Provider successfully created"
oidcProviderDifferentIssuerAddress . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-23 23:25:44 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderSameIssuerAddress1 . Status . Status = v1alpha1 . SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition
oidcProviderSameIssuerAddress1 . Status . Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com"
oidcProviderSameIssuerAddress1 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-23 23:25:44 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderSameIssuerAddress2 . Status . Status = v1alpha1 . SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition
oidcProviderSameIssuerAddress2 . Status . Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com"
oidcProviderSameIssuerAddress2 . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-23 23:25:44 +00:00
2020-11-02 22:24:55 +00:00
oidcProviderWithInvalidIssuerURL . Status . Status = v1alpha1 . InvalidOIDCProviderStatusCondition
oidcProviderWithInvalidIssuerURL . Status . Message = ` Invalid: could not parse issuer as URL: parse ":/host//path": missing protocol scheme `
oidcProviderWithInvalidIssuerURL . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-23 23:25:44 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderSameIssuerAddress1 . Namespace ,
oidcProviderSameIssuerAddress1 . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderSameIssuerAddress1 . Namespace ,
oidcProviderSameIssuerAddress1 ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderSameIssuerAddress2 . Namespace ,
oidcProviderSameIssuerAddress2 . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderSameIssuerAddress2 . Namespace ,
oidcProviderSameIssuerAddress2 ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDifferentIssuerAddress . Namespace ,
oidcProviderDifferentIssuerAddress . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDifferentIssuerAddress . Namespace ,
oidcProviderDifferentIssuerAddress ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderWithInvalidIssuerURL . Namespace ,
oidcProviderWithInvalidIssuerURL . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewUpdateAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderWithInvalidIssuerURL . Namespace ,
oidcProviderWithInvalidIssuerURL ,
2020-10-23 23:25:44 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
when ( "we cannot talk to the API" , func ( ) {
it . Before ( func ( ) {
pinnipedAPIClient . PrependReactor (
"get" ,
2020-11-02 22:24:55 +00:00
"oidcproviders" ,
2020-10-23 23:25:44 +00:00
func ( _ coretesting . Action ) ( bool , runtime . Object , error ) {
return true , nil , errors . New ( "some get error" )
} ,
)
} )
it ( "returns the get errors" , func ( ) {
expectedError := here . Doc ( `
4 error ( s ) :
- could not update status : get failed : some get error
- could not update status : get failed : some get error
- could not update status : get failed : some get error
- could not update status : get failed : some get error ` )
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . EqualError ( err , expectedError )
2020-11-02 22:24:55 +00:00
oidcProviderDifferentIssuerAddress . Status . Status = v1alpha1 . SuccessOIDCProviderStatusCondition
oidcProviderDifferentIssuerAddress . Status . Message = "Provider successfully created"
oidcProviderDifferentIssuerAddress . Status . LastUpdateTime = timePtr ( metav1 . NewTime ( frozenNow ) )
2020-10-23 23:25:44 +00:00
expectedActions := [ ] coretesting . Action {
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderSameIssuerAddress1 . Namespace ,
oidcProviderSameIssuerAddress1 . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderSameIssuerAddress2 . Namespace ,
oidcProviderSameIssuerAddress2 . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderDifferentIssuerAddress . Namespace ,
oidcProviderDifferentIssuerAddress . Name ,
2020-10-23 23:25:44 +00:00
) ,
coretesting . NewGetAction (
2020-11-02 22:24:55 +00:00
oidcProviderGVR ,
oidcProviderWithInvalidIssuerURL . Namespace ,
oidcProviderWithInvalidIssuerURL . Name ,
2020-10-23 23:25:44 +00:00
) ,
}
r . ElementsMatch ( expectedActions , pinnipedAPIClient . Actions ( ) )
} )
} )
} )
2020-11-02 22:24:55 +00:00
when ( "there are no OIDCProviders in the informer" , func ( ) {
2020-10-09 00:40:58 +00:00
it ( "keeps waiting for one" , func ( ) {
startInformersAndController ( )
err := controllerlib . TestSync ( t , subject , * syncContext )
r . NoError ( err )
r . Empty ( pinnipedAPIClient . Actions ( ) )
r . True ( providersSetter . SetProvidersWasCalled )
r . Empty ( providersSetter . OIDCProvidersReceived )
} )
} )
} , spec . Parallel ( ) , spec . Report ( report . Terminal { } ) )
}
