Merge pull request #1593 from vmware-tanzu/pinny/bump-deps

Bump go.mod direct dependencies
This commit is contained in:
Joshua Casey 2023-07-28 12:03:57 -05:00 committed by GitHub
commit 057304e9aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 262 additions and 262 deletions

2
go.mod
View File

@ -50,7 +50,7 @@ require (
k8s.io/klog/v2 v2.100.1 k8s.io/klog/v2 v2.100.1
k8s.io/kube-aggregator v0.27.4 k8s.io/kube-aggregator v0.27.4
k8s.io/kube-openapi v0.0.0-20230718181711-3c0fae5ee9fd k8s.io/kube-openapi v0.0.0-20230718181711-3c0fae5ee9fd
k8s.io/utils v0.0.0-20230711102312-30195339c3c7 k8s.io/utils v0.0.0-20230726121419-3b25d923346b
sigs.k8s.io/yaml v1.3.0 sigs.k8s.io/yaml v1.3.0
) )

4
go.sum
View File

@ -1044,8 +1044,8 @@ k8s.io/kube-aggregator v0.27.4 h1:WdK9iiBr32G8bWfpUEFVQl70RZO2dU19ZAktUXL5JFc=
k8s.io/kube-aggregator v0.27.4/go.mod h1:+eG83gkAyh0uilQEAOgheeQW4hr+PkyV+5O1nLGsjlM= k8s.io/kube-aggregator v0.27.4/go.mod h1:+eG83gkAyh0uilQEAOgheeQW4hr+PkyV+5O1nLGsjlM=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
k8s.io/utils v0.0.0-20230711102312-30195339c3c7 h1:ZgnF1KZsYxWIifwSNZFZgNtWE89WI5yiP5WwlfDoIyc= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
k8s.io/utils v0.0.0-20230711102312-30195339c3c7/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

View File

@ -43,7 +43,7 @@ import (
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd/api" "k8s.io/client-go/tools/clientcmd/api"
featuregatetesting "k8s.io/component-base/featuregate/testing" featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
"go.pinniped.dev/internal/certauthority" "go.pinniped.dev/internal/certauthority"
@ -988,7 +988,7 @@ func TestImpersonator(t *testing.T) {
&loginv1alpha1.TokenCredentialRequest{ &loginv1alpha1.TokenCredentialRequest{
Spec: loginv1alpha1.TokenCredentialRequestSpec{ Spec: loginv1alpha1.TokenCredentialRequestSpec{
Authenticator: corev1.TypedLocalObjectReference{ Authenticator: corev1.TypedLocalObjectReference{
APIGroup: pointer.String("anything.pinniped.dev"), APIGroup: ptr.To("anything.pinniped.dev"),
}, },
}, },
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})

View File

@ -11,7 +11,7 @@ import (
"os" "os"
"strings" "strings"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
"sigs.k8s.io/yaml" "sigs.k8s.io/yaml"
"go.pinniped.dev/internal/constable" "go.pinniped.dev/internal/constable"
@ -93,39 +93,39 @@ func FromPath(ctx context.Context, path string) (*Config, error) {
func maybeSetAPIDefaults(apiConfig *APIConfigSpec) { func maybeSetAPIDefaults(apiConfig *APIConfigSpec) {
if apiConfig.ServingCertificateConfig.DurationSeconds == nil { if apiConfig.ServingCertificateConfig.DurationSeconds == nil {
apiConfig.ServingCertificateConfig.DurationSeconds = pointer.Int64(aboutAYear) apiConfig.ServingCertificateConfig.DurationSeconds = ptr.To[int64](aboutAYear)
} }
if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil { if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil {
apiConfig.ServingCertificateConfig.RenewBeforeSeconds = pointer.Int64(about9Months) apiConfig.ServingCertificateConfig.RenewBeforeSeconds = ptr.To[int64](about9Months)
} }
} }
func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) {
if *apiGroupSuffix == nil { if *apiGroupSuffix == nil {
*apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix) *apiGroupSuffix = ptr.To(groupsuffix.PinnipedDefaultSuffix)
} }
} }
func maybeSetAggregatedAPIServerPortDefaults(port **int64) { func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
if *port == nil { if *port == nil {
*port = pointer.Int64(aggregatedAPIServerPortDefault) *port = ptr.To[int64](aggregatedAPIServerPortDefault)
} }
} }
func maybeSetImpersonationProxyServerPortDefaults(port **int64) { func maybeSetImpersonationProxyServerPortDefaults(port **int64) {
if *port == nil { if *port == nil {
*port = pointer.Int64(impersonationProxyPortDefault) *port = ptr.To[int64](impersonationProxyPortDefault)
} }
} }
func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) { func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) {
if cfg.NamePrefix == nil { if cfg.NamePrefix == nil {
cfg.NamePrefix = pointer.String("pinniped-kube-cert-agent-") cfg.NamePrefix = ptr.To("pinniped-kube-cert-agent-")
} }
if cfg.Image == nil { if cfg.Image == nil {
cfg.Image = pointer.String("debian:latest") cfg.Image = ptr.To("debian:latest")
} }
} }

View File

@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package concierge package concierge
@ -9,7 +9,7 @@ import (
"testing" "testing"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
"go.pinniped.dev/internal/here" "go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/plog" "go.pinniped.dev/internal/plog"
@ -59,17 +59,17 @@ func TestFromPath(t *testing.T) {
`), `),
wantConfig: &Config{ wantConfig: &Config{
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: pointer.String("https://some.discovery/url"), URL: ptr.To("https://some.discovery/url"),
}, },
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64(3600), DurationSeconds: ptr.To[int64](3600),
RenewBeforeSeconds: pointer.Int64(2400), RenewBeforeSeconds: ptr.To[int64](2400),
}, },
}, },
APIGroupSuffix: pointer.String("some.suffix.com"), APIGroupSuffix: ptr.To("some.suffix.com"),
AggregatedAPIServerPort: pointer.Int64(12345), AggregatedAPIServerPort: ptr.To[int64](12345),
ImpersonationProxyServerPort: pointer.Int64(4242), ImpersonationProxyServerPort: ptr.To[int64](4242),
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
CredentialIssuer: "pinniped-config", CredentialIssuer: "pinniped-config",
@ -86,8 +86,8 @@ func TestFromPath(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.String("kube-cert-agent-name-prefix-"), NamePrefix: ptr.To("kube-cert-agent-name-prefix-"),
Image: pointer.String("kube-cert-agent-image"), Image: ptr.To("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
}, },
LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug), LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug),
@ -135,17 +135,17 @@ func TestFromPath(t *testing.T) {
`), `),
wantConfig: &Config{ wantConfig: &Config{
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: pointer.String("https://some.discovery/url"), URL: ptr.To("https://some.discovery/url"),
}, },
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64(3600), DurationSeconds: ptr.To[int64](3600),
RenewBeforeSeconds: pointer.Int64(2400), RenewBeforeSeconds: ptr.To[int64](2400),
}, },
}, },
APIGroupSuffix: pointer.String("some.suffix.com"), APIGroupSuffix: ptr.To("some.suffix.com"),
AggregatedAPIServerPort: pointer.Int64(12345), AggregatedAPIServerPort: ptr.To[int64](12345),
ImpersonationProxyServerPort: pointer.Int64(4242), ImpersonationProxyServerPort: ptr.To[int64](4242),
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
CredentialIssuer: "pinniped-config", CredentialIssuer: "pinniped-config",
@ -162,8 +162,8 @@ func TestFromPath(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.String("kube-cert-agent-name-prefix-"), NamePrefix: ptr.To("kube-cert-agent-name-prefix-"),
Image: pointer.String("kube-cert-agent-image"), Image: ptr.To("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
}, },
Log: plog.LogSpec{ Log: plog.LogSpec{
@ -212,17 +212,17 @@ func TestFromPath(t *testing.T) {
`), `),
wantConfig: &Config{ wantConfig: &Config{
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: pointer.String("https://some.discovery/url"), URL: ptr.To("https://some.discovery/url"),
}, },
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64(3600), DurationSeconds: ptr.To[int64](3600),
RenewBeforeSeconds: pointer.Int64(2400), RenewBeforeSeconds: ptr.To[int64](2400),
}, },
}, },
APIGroupSuffix: pointer.String("some.suffix.com"), APIGroupSuffix: ptr.To("some.suffix.com"),
AggregatedAPIServerPort: pointer.Int64(12345), AggregatedAPIServerPort: ptr.To[int64](12345),
ImpersonationProxyServerPort: pointer.Int64(4242), ImpersonationProxyServerPort: ptr.To[int64](4242),
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
CredentialIssuer: "pinniped-config", CredentialIssuer: "pinniped-config",
@ -239,8 +239,8 @@ func TestFromPath(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.String("kube-cert-agent-name-prefix-"), NamePrefix: ptr.To("kube-cert-agent-name-prefix-"),
Image: pointer.String("kube-cert-agent-image"), Image: ptr.To("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
}, },
LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug), LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug),
@ -289,13 +289,13 @@ func TestFromPath(t *testing.T) {
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: nil, URL: nil,
}, },
APIGroupSuffix: pointer.String("pinniped.dev"), APIGroupSuffix: ptr.To("pinniped.dev"),
AggregatedAPIServerPort: pointer.Int64(10250), AggregatedAPIServerPort: ptr.To[int64](10250),
ImpersonationProxyServerPort: pointer.Int64(8444), ImpersonationProxyServerPort: ptr.To[int64](8444),
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64(60 * 60 * 24 * 365), // about a year DurationSeconds: ptr.To[int64](60 * 60 * 24 * 365), // about a year
RenewBeforeSeconds: pointer.Int64(60 * 60 * 24 * 30 * 9), // about 9 months RenewBeforeSeconds: ptr.To[int64](60 * 60 * 24 * 30 * 9), // about 9 months
}, },
}, },
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
@ -311,8 +311,8 @@ func TestFromPath(t *testing.T) {
}, },
Labels: map[string]string{}, Labels: map[string]string{},
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.String("pinniped-kube-cert-agent-"), NamePrefix: ptr.To("pinniped-kube-cert-agent-"),
Image: pointer.String("debian:latest"), Image: ptr.To("debian:latest"),
}, },
}, },
}, },

View File

@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// Package supervisor contains functionality to load/store Config's from/to // Package supervisor contains functionality to load/store Config's from/to
@ -12,7 +12,7 @@ import (
"os" "os"
"strings" "strings"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
"sigs.k8s.io/yaml" "sigs.k8s.io/yaml"
"go.pinniped.dev/internal/constable" "go.pinniped.dev/internal/constable"
@ -109,7 +109,7 @@ func maybeSetEndpointDefault(endpoint **Endpoint, defaultEndpoint Endpoint) {
func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) {
if *apiGroupSuffix == nil { if *apiGroupSuffix == nil {
*apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix) *apiGroupSuffix = ptr.To(groupsuffix.PinnipedDefaultSuffix)
} }
} }
@ -119,7 +119,7 @@ func validateAPIGroupSuffix(apiGroupSuffix string) error {
func maybeSetAggregatedAPIServerPortDefaults(port **int64) { func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
if *port == nil { if *port == nil {
*port = pointer.Int64(aggregatedAPIServerPortDefault) *port = ptr.To[int64](aggregatedAPIServerPortDefault)
} }
} }

View File

@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package supervisor package supervisor
@ -10,7 +10,7 @@ import (
"testing" "testing"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
"go.pinniped.dev/internal/here" "go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/plog" "go.pinniped.dev/internal/plog"
@ -45,7 +45,7 @@ func TestFromPath(t *testing.T) {
aggregatedAPIServerPort: 12345 aggregatedAPIServerPort: 12345
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.String("some.suffix.com"), APIGroupSuffix: ptr.To("some.suffix.com"),
Labels: map[string]string{ Labels: map[string]string{
"myLabelKey1": "myLabelValue1", "myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
@ -68,7 +68,7 @@ func TestFromPath(t *testing.T) {
Log: plog.LogSpec{ Log: plog.LogSpec{
Level: plog.LevelTrace, Level: plog.LevelTrace,
}, },
AggregatedAPIServerPort: pointer.Int64(12345), AggregatedAPIServerPort: ptr.To[int64](12345),
}, },
}, },
{ {
@ -95,7 +95,7 @@ func TestFromPath(t *testing.T) {
aggregatedAPIServerPort: 12345 aggregatedAPIServerPort: 12345
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.String("some.suffix.com"), APIGroupSuffix: ptr.To("some.suffix.com"),
Labels: map[string]string{ Labels: map[string]string{
"myLabelKey1": "myLabelValue1", "myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
@ -118,7 +118,7 @@ func TestFromPath(t *testing.T) {
Level: plog.LevelInfo, Level: plog.LevelInfo,
Format: plog.FormatText, Format: plog.FormatText,
}, },
AggregatedAPIServerPort: pointer.Int64(12345), AggregatedAPIServerPort: ptr.To[int64](12345),
}, },
}, },
{ {
@ -145,7 +145,7 @@ func TestFromPath(t *testing.T) {
format: text format: text
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.String("some.suffix.com"), APIGroupSuffix: ptr.To("some.suffix.com"),
Labels: map[string]string{ Labels: map[string]string{
"myLabelKey1": "myLabelValue1", "myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
@ -169,7 +169,7 @@ func TestFromPath(t *testing.T) {
Level: plog.LevelTrace, Level: plog.LevelTrace,
Format: plog.FormatText, Format: plog.FormatText,
}, },
AggregatedAPIServerPort: pointer.Int64(10250), AggregatedAPIServerPort: ptr.To[int64](10250),
}, },
}, },
{ {
@ -192,7 +192,7 @@ func TestFromPath(t *testing.T) {
defaultTLSCertificateSecret: my-secret-name defaultTLSCertificateSecret: my-secret-name
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.String("pinniped.dev"), APIGroupSuffix: ptr.To("pinniped.dev"),
Labels: map[string]string{}, Labels: map[string]string{},
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
DefaultTLSCertificateSecret: "my-secret-name", DefaultTLSCertificateSecret: "my-secret-name",
@ -207,7 +207,7 @@ func TestFromPath(t *testing.T) {
}, },
}, },
AllowExternalHTTP: false, AllowExternalHTTP: false,
AggregatedAPIServerPort: pointer.Int64(10250), AggregatedAPIServerPort: ptr.To[int64](10250),
}, },
}, },
{ {
@ -322,7 +322,7 @@ func TestFromPath(t *testing.T) {
insecureAcceptExternalUnencryptedHttpRequests: true insecureAcceptExternalUnencryptedHttpRequests: true
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.String("pinniped.dev"), APIGroupSuffix: ptr.To("pinniped.dev"),
Labels: map[string]string{}, Labels: map[string]string{},
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
DefaultTLSCertificateSecret: "my-secret-name", DefaultTLSCertificateSecret: "my-secret-name",
@ -338,7 +338,7 @@ func TestFromPath(t *testing.T) {
}, },
}, },
AllowExternalHTTP: true, AllowExternalHTTP: true,
AggregatedAPIServerPort: pointer.Int64(10250), AggregatedAPIServerPort: ptr.To[int64](10250),
}, },
}, },
{ {
@ -354,7 +354,7 @@ func TestFromPath(t *testing.T) {
insecureAcceptExternalUnencryptedHttpRequests: "true" insecureAcceptExternalUnencryptedHttpRequests: "true"
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.String("pinniped.dev"), APIGroupSuffix: ptr.To("pinniped.dev"),
Labels: map[string]string{}, Labels: map[string]string{},
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
DefaultTLSCertificateSecret: "my-secret-name", DefaultTLSCertificateSecret: "my-secret-name",
@ -370,7 +370,7 @@ func TestFromPath(t *testing.T) {
}, },
}, },
AllowExternalHTTP: true, AllowExternalHTTP: true,
AggregatedAPIServerPort: pointer.Int64(10250), AggregatedAPIServerPort: ptr.To[int64](10250),
}, },
}, },
{ {

View File

@ -29,7 +29,7 @@ import (
"k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd"
"k8s.io/klog/v2" "k8s.io/klog/v2"
"k8s.io/utils/clock" "k8s.io/utils/clock"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
configv1alpha1informers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/config/v1alpha1" configv1alpha1informers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/config/v1alpha1"
@ -521,14 +521,14 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
Labels: c.cfg.Labels, Labels: c.cfg.Labels,
}, },
Spec: appsv1.DeploymentSpec{ Spec: appsv1.DeploymentSpec{
Replicas: pointer.Int32(1), Replicas: ptr.To[int32](1),
Selector: metav1.SetAsLabelSelector(c.cfg.agentPodSelectorLabels()), Selector: metav1.SetAsLabelSelector(c.cfg.agentPodSelectorLabels()),
Template: corev1.PodTemplateSpec{ Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Labels: c.cfg.agentPodLabels(), Labels: c.cfg.agentPodLabels(),
}, },
Spec: corev1.PodSpec{ Spec: corev1.PodSpec{
TerminationGracePeriodSeconds: pointer.Int64(0), TerminationGracePeriodSeconds: ptr.To[int64](0),
ImagePullSecrets: imagePullSecrets, ImagePullSecrets: imagePullSecrets,
Containers: []corev1.Container{ Containers: []corev1.Container{
{ {
@ -557,15 +557,15 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
Volumes: controllerManagerPod.Spec.Volumes, Volumes: controllerManagerPod.Spec.Volumes,
RestartPolicy: corev1.RestartPolicyAlways, RestartPolicy: corev1.RestartPolicyAlways,
NodeSelector: controllerManagerPod.Spec.NodeSelector, NodeSelector: controllerManagerPod.Spec.NodeSelector,
AutomountServiceAccountToken: pointer.Bool(false), AutomountServiceAccountToken: ptr.To(false),
ServiceAccountName: c.cfg.ServiceAccountName, ServiceAccountName: c.cfg.ServiceAccountName,
NodeName: controllerManagerPod.Spec.NodeName, NodeName: controllerManagerPod.Spec.NodeName,
Tolerations: controllerManagerPod.Spec.Tolerations, Tolerations: controllerManagerPod.Spec.Tolerations,
// We need to run the agent pod as root since the file permissions // We need to run the agent pod as root since the file permissions
// on the cluster keypair usually restricts access to only root. // on the cluster keypair usually restricts access to only root.
SecurityContext: &corev1.PodSecurityContext{ SecurityContext: &corev1.PodSecurityContext{
RunAsUser: pointer.Int64(0), RunAsUser: ptr.To[int64](0),
RunAsGroup: pointer.Int64(0), RunAsGroup: ptr.To[int64](0),
}, },
HostNetwork: controllerManagerPod.Spec.HostNetwork, HostNetwork: controllerManagerPod.Spec.HostNetwork,
}, },

View File

@ -27,7 +27,7 @@ import (
kubefake "k8s.io/client-go/kubernetes/fake" kubefake "k8s.io/client-go/kubernetes/fake"
coretesting "k8s.io/client-go/testing" coretesting "k8s.io/client-go/testing"
clocktesting "k8s.io/utils/clock/testing" clocktesting "k8s.io/utils/clock/testing"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
conciergefake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake" conciergefake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake"
@ -95,7 +95,7 @@ func TestAgentController(t *testing.T) {
Labels: map[string]string{"extralabel": "labelvalue", "app": "anything"}, Labels: map[string]string{"extralabel": "labelvalue", "app": "anything"},
}, },
Spec: appsv1.DeploymentSpec{ Spec: appsv1.DeploymentSpec{
Replicas: pointer.Int32(1), Replicas: ptr.To[int32](1),
Selector: metav1.SetAsLabelSelector(map[string]string{ Selector: metav1.SetAsLabelSelector(map[string]string{
"kube-cert-agent.pinniped.dev": "v3", "kube-cert-agent.pinniped.dev": "v3",
}), }),
@ -133,12 +133,12 @@ func TestAgentController(t *testing.T) {
ImagePullPolicy: corev1.PullIfNotPresent, ImagePullPolicy: corev1.PullIfNotPresent,
}}, }},
RestartPolicy: corev1.RestartPolicyAlways, RestartPolicy: corev1.RestartPolicyAlways,
TerminationGracePeriodSeconds: pointer.Int64(0), TerminationGracePeriodSeconds: ptr.To[int64](0),
ServiceAccountName: "test-service-account-name", ServiceAccountName: "test-service-account-name",
AutomountServiceAccountToken: pointer.Bool(false), AutomountServiceAccountToken: ptr.To(false),
SecurityContext: &corev1.PodSecurityContext{ SecurityContext: &corev1.PodSecurityContext{
RunAsUser: pointer.Int64(0), RunAsUser: ptr.To[int64](0),
RunAsGroup: pointer.Int64(0), RunAsGroup: ptr.To[int64](0),
}, },
ImagePullSecrets: []corev1.LocalObjectReference{{ ImagePullSecrets: []corev1.LocalObjectReference{{
Name: "pinniped-image-pull-secret", Name: "pinniped-image-pull-secret",
@ -992,7 +992,7 @@ func TestAgentController(t *testing.T) {
healthyAgentPod, healthyAgentPod,
validClusterInfoConfigMap, validClusterInfoConfigMap,
}, },
discoveryURLOverride: pointer.String("https://overridden-server.example.com/some/path"), discoveryURLOverride: ptr.To("https://overridden-server.example.com/some/path"),
mocks: mockExecSucceeds, mocks: mockExecSucceeds,
wantDistinctErrors: []string{""}, wantDistinctErrors: []string{""},
wantAgentDeployment: healthyAgentDeployment, wantAgentDeployment: healthyAgentDeployment,

View File

@ -16,7 +16,7 @@ import (
kubefake "k8s.io/client-go/kubernetes/fake" kubefake "k8s.io/client-go/kubernetes/fake"
kubetesting "k8s.io/client-go/testing" kubetesting "k8s.io/client-go/testing"
"k8s.io/client-go/tools/leaderelection" "k8s.io/client-go/tools/leaderelection"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
) )
// see test/integration/leaderelection_test.go for the bulk of the testing related to this code // see test/integration/leaderelection_test.go for the bulk of the testing related to this code
@ -31,7 +31,7 @@ func Test_releaseLock_Update(t *testing.T) {
f: func(t *testing.T, internalClient *kubefake.Clientset, isLeader *isLeaderTracker, cancel context.CancelFunc) { f: func(t *testing.T, internalClient *kubefake.Clientset, isLeader *isLeaderTracker, cancel context.CancelFunc) {
internalClient.PrependReactor("update", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { internalClient.PrependReactor("update", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
lease := action.(kubetesting.UpdateAction).GetObject().(*coordinationv1.Lease) lease := action.(kubetesting.UpdateAction).GetObject().(*coordinationv1.Lease)
if len(pointer.StringDeref(lease.Spec.HolderIdentity, "")) == 0 { if len(ptr.Deref(lease.Spec.HolderIdentity, "")) == 0 {
require.False(t, isLeader.canWrite(), "client must release in-memory leader status before Kube API call") require.False(t, isLeader.canWrite(), "client must release in-memory leader status before Kube API call")
} }
return true, nil, errors.New("cannot renew") return true, nil, errors.New("cannot renew")

View File

@ -25,7 +25,7 @@ import (
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/kubernetes/fake"
v1 "k8s.io/client-go/kubernetes/typed/core/v1" v1 "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake" supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake"
"go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/typed/config/v1alpha1" "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/typed/config/v1alpha1"
@ -695,8 +695,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -725,8 +725,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
Build()), Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -756,8 +756,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
Build()), Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -779,8 +779,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -800,8 +800,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -991,8 +991,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: "/some/path", path: "/some/path",
contentType: formContentType, contentType: formContentType,
body: encodeQuery(happyGetRequestQueryMap), body: encodeQuery(happyGetRequestQueryMap),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1015,8 +1015,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: "/some/path", path: "/some/path",
contentType: formContentType, contentType: formContentType,
body: encodeQuery(happyGetRequestQueryMap), body: encodeQuery(happyGetRequestQueryMap),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -1038,8 +1038,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: "/some/path", path: "/some/path",
contentType: formContentType, contentType: formContentType,
body: encodeQuery(happyGetRequestQueryMap), body: encodeQuery(happyGetRequestQueryMap),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -1194,8 +1194,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client
}), }),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1218,8 +1218,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client
}), }),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid\+username\+groups&state=` + happyState, wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid\+username\+groups&state=` + happyState,
@ -1258,8 +1258,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1280,8 +1280,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(1*time.Hour))).WithUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(1*time.Hour))).WithUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1313,8 +1313,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1335,8 +1335,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusBadGateway, wantStatus: http.StatusBadGateway,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n",
@ -1346,8 +1346,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&erroringUpstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&erroringUpstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusBadGateway, wantStatus: http.StatusBadGateway,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n",
@ -1362,8 +1362,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String("wrong-password"), customPasswordHeader: ptr.To("wrong-password"),
wantPasswordGrantCall: &expectedPasswordGrant{ wantPasswordGrantCall: &expectedPasswordGrant{
performedByUpstreamName: oidcPasswordGrantUpstreamName, performedByUpstreamName: oidcPasswordGrantUpstreamName,
args: &oidctestutil.PasswordCredentialsGrantAndValidateTokensArgs{ args: &oidctestutil.PasswordCredentialsGrantAndValidateTokensArgs{
@ -1380,8 +1380,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String("wrong-password"), customPasswordHeader: ptr.To("wrong-password"),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1392,8 +1392,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String("wrong-password"), customPasswordHeader: ptr.To("wrong-password"),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1404,8 +1404,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String("wrong-username"), customUsernameHeader: ptr.To("wrong-username"),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1416,8 +1416,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String("wrong-username"), customUsernameHeader: ptr.To("wrong-username"),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1429,7 +1429,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: nil, // do not send header customUsernameHeader: nil, // do not send header
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
@ -1441,7 +1441,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: nil, // do not send header customUsernameHeader: nil, // do not send header
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
@ -1453,7 +1453,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: nil, // do not send header customUsernameHeader: nil, // do not send header
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
@ -1464,7 +1464,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: nil, // do not send header customPasswordHeader: nil, // do not send header
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1476,7 +1476,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: nil, // do not send header customPasswordHeader: nil, // do not send header
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1488,8 +1488,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1501,8 +1501,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1514,8 +1514,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithEmptyAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithEmptyAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1527,8 +1527,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithoutAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithoutAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1540,8 +1540,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithEmptyAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithEmptyAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1553,8 +1553,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithoutAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithoutAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1566,7 +1566,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: nil, // do not send header customPasswordHeader: nil, // do not send header
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1578,8 +1578,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(upstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(upstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithPasswordGrantDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithPasswordGrantDisallowedHintErrorQuery),
@ -1591,8 +1591,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
@ -1604,8 +1604,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
@ -1617,8 +1617,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
@ -1666,8 +1666,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
}), }),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusBadRequest, wantStatus: http.StatusBadRequest,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidRedirectURIErrorBody, wantBodyJSON: fositeInvalidRedirectURIErrorBody,
@ -1679,8 +1679,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
}), }),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusBadRequest, wantStatus: http.StatusBadRequest,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidRedirectURIErrorBody, wantBodyJSON: fositeInvalidRedirectURIErrorBody,
@ -1692,8 +1692,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
}), }),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusBadRequest, wantStatus: http.StatusBadRequest,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidRedirectURIErrorBody, wantBodyJSON: fositeInvalidRedirectURIErrorBody,
@ -1717,8 +1717,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": "invalid-client"}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": "invalid-client"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusUnauthorized, wantStatus: http.StatusUnauthorized,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidClientErrorBody, wantBodyJSON: fositeInvalidClientErrorBody,
@ -1781,8 +1781,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
@ -1793,8 +1793,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
@ -1830,8 +1830,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
@ -1898,8 +1898,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid profile email tuna"}), path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid profile email tuna"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
@ -1939,8 +1939,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
@ -1951,8 +1951,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
@ -1994,8 +1994,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
@ -2006,8 +2006,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
@ -2039,8 +2039,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
@ -2086,8 +2086,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": ""}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": ""}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusUnauthorized, wantStatus: http.StatusUnauthorized,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidClientErrorBody, wantBodyJSON: fositeInvalidClientErrorBody,
@ -2137,8 +2137,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2151,8 +2151,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery),
@ -2195,8 +2195,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2209,8 +2209,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery),
@ -2253,8 +2253,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2267,8 +2267,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery),
@ -2311,8 +2311,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2325,8 +2325,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery),
@ -2375,8 +2375,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2391,8 +2391,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery),
@ -2446,8 +2446,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
// The following prompt value is illegal when openid is requested, but note that openid is not requested. // The following prompt value is illegal when openid is requested, but note that openid is not requested.
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2469,8 +2469,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
// The following prompt value is illegal when openid is requested, but note that openid is not requested. // The following prompt value is illegal when openid is requested, but note that openid is not requested.
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=username\+groups&state=` + happyState, // username and groups scopes were not requested, but are granted anyway for backwards compatibility wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=username\+groups&state=` + happyState, // username and groups scopes were not requested, but are granted anyway for backwards compatibility
@ -2492,8 +2492,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2518,8 +2518,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2545,8 +2545,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2573,8 +2573,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2600,8 +2600,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2618,8 +2618,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2633,8 +2633,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2658,8 +2658,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2683,8 +2683,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2707,8 +2707,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2722,8 +2722,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2746,8 +2746,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2761,8 +2761,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2776,8 +2776,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2791,8 +2791,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2806,8 +2806,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2821,8 +2821,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2836,8 +2836,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2851,8 +2851,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2866,8 +2866,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2881,8 +2881,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2896,8 +2896,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2940,8 +2940,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}),
customUsernameHeader: pointer.String(oidcUpstreamUsername), customUsernameHeader: ptr.To(oidcUpstreamUsername),
customPasswordHeader: pointer.String(oidcUpstreamPassword), customPasswordHeader: ptr.To(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery),
@ -2952,8 +2952,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}),
customUsernameHeader: pointer.String(happyLDAPUsername), customUsernameHeader: ptr.To(happyLDAPUsername),
customPasswordHeader: pointer.String(happyLDAPPassword), customPasswordHeader: ptr.To(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery),

View File

@ -22,7 +22,7 @@ import (
genericapirequest "k8s.io/apiserver/pkg/endpoints/request" genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/apiserver/pkg/registry/rest" "k8s.io/apiserver/pkg/registry/rest"
"k8s.io/klog/v2" "k8s.io/klog/v2"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
loginapi "go.pinniped.dev/generated/latest/apis/concierge/login" loginapi "go.pinniped.dev/generated/latest/apis/concierge/login"
"go.pinniped.dev/internal/issuer" "go.pinniped.dev/internal/issuer"
@ -387,7 +387,7 @@ func requireSuccessfulResponseWithAuthenticationFailureMessage(t *testing.T, err
require.Equal(t, response, &loginapi.TokenCredentialRequest{ require.Equal(t, response, &loginapi.TokenCredentialRequest{
Status: loginapi.TokenCredentialRequestStatus{ Status: loginapi.TokenCredentialRequestStatus{
Credential: nil, Credential: nil,
Message: pointer.String("authentication failed"), Message: ptr.To("authentication failed"),
}, },
}) })
} }

View File

@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration package integration
@ -15,7 +15,7 @@ import (
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
@ -151,7 +151,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic
require.Empty(t, response.Spec) require.Empty(t, response.Spec)
require.Nil(t, response.Status.Credential) require.Nil(t, response.Status.Credential)
require.Equal(t, pointer.String("authentication failed"), response.Status.Message) require.Equal(t, ptr.To("authentication failed"), response.Status.Message)
} }
// TCRs are non-mutating and safe to run in parallel with serial tests, see main_test.go. // TCRs are non-mutating and safe to run in parallel with serial tests, see main_test.go.

View File

@ -59,7 +59,7 @@ import (
"k8s.io/client-go/util/certificate/csr" "k8s.io/client-go/util/certificate/csr"
"k8s.io/client-go/util/keyutil" "k8s.io/client-go/util/keyutil"
"k8s.io/client-go/util/retry" "k8s.io/client-go/util/retry"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1"
@ -1370,7 +1370,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
tkr, err := impersonationProxyAnonymousClient.PinnipedConcierge.LoginV1alpha1().TokenCredentialRequests(). tkr, err := impersonationProxyAnonymousClient.PinnipedConcierge.LoginV1alpha1().TokenCredentialRequests().
Create(ctx, &loginv1alpha1.TokenCredentialRequest{ Create(ctx, &loginv1alpha1.TokenCredentialRequest{
Spec: loginv1alpha1.TokenCredentialRequestSpec{ Spec: loginv1alpha1.TokenCredentialRequestSpec{
Authenticator: corev1.TypedLocalObjectReference{APIGroup: pointer.String("anything.pinniped.dev")}, Authenticator: corev1.TypedLocalObjectReference{APIGroup: ptr.To("anything.pinniped.dev")},
}, },
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
require.True(t, k8serrors.IsInvalid(err), testlib.Sdump(err)) require.True(t, k8serrors.IsInvalid(err), testlib.Sdump(err))

View File

@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration package integration
@ -14,7 +14,7 @@ import (
k8serrors "k8s.io/apimachinery/pkg/api/errors" k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
"go.pinniped.dev/test/testlib" "go.pinniped.dev/test/testlib"
@ -132,7 +132,7 @@ func TestLegacyPodCleaner_Parallel(t *testing.T) {
t.Cleanup(func() { t.Cleanup(func() {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
defer cancel() defer cancel()
err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: pointer.Int64(0)}) err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: ptr.To[int64](0)})
if !k8serrors.IsNotFound(err) { if !k8serrors.IsNotFound(err) {
require.NoError(t, err, "failed to clean up fake legacy agent pod") require.NoError(t, err, "failed to clean up fake legacy agent pod")
} }

View File

@ -19,7 +19,7 @@ import (
"k8s.io/apimachinery/pkg/util/rand" "k8s.io/apimachinery/pkg/util/rand"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/util/retry" "k8s.io/client-go/util/retry"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
"go.pinniped.dev/internal/downward" "go.pinniped.dev/internal/downward"
"go.pinniped.dev/internal/kubeclient" "go.pinniped.dev/internal/kubeclient"
@ -205,7 +205,7 @@ func waitForIdentity(ctx context.Context, t *testing.T, namespace *corev1.Namesp
} }
out = lease out = lease
t.Logf("lease %s/%s - current leader identity: %s, valid leader identities: %s", t.Logf("lease %s/%s - current leader identity: %s, valid leader identities: %s",
namespace.Name, leaseName, pointer.StringDeref(lease.Spec.HolderIdentity, "<nil>"), identities.List()) namespace.Name, leaseName, ptr.Deref(lease.Spec.HolderIdentity, "<nil>"), identities.List())
return lease.Spec.HolderIdentity != nil && identities.Has(*lease.Spec.HolderIdentity), nil return lease.Spec.HolderIdentity != nil && identities.Has(*lease.Spec.HolderIdentity), nil
}, 10*time.Minute, 10*time.Second) }, 10*time.Minute, 10*time.Second)
@ -276,7 +276,7 @@ func forceTransition(ctx context.Context, t *testing.T, namespace *corev1.Namesp
startTime = *startLease.Spec.AcquireTime startTime = *startLease.Spec.AcquireTime
startLease = startLease.DeepCopy() startLease = startLease.DeepCopy()
startLease.Spec.HolderIdentity = pointer.String("some-other-client-" + rand.String(5)) startLease.Spec.HolderIdentity = ptr.To("some-other-client-" + rand.String(5))
_, err := pickCurrentLeaderClient(ctx, t, namespace, leaseName, clients). _, err := pickCurrentLeaderClient(ctx, t, namespace, leaseName, clients).
Kubernetes.CoordinationV1().Leases(namespace.Name).Update(ctx, startLease, metav1.UpdateOptions{}) Kubernetes.CoordinationV1().Leases(namespace.Name).Update(ctx, startLease, metav1.UpdateOptions{})

View File

@ -25,7 +25,7 @@ import (
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd"
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
"k8s.io/utils/pointer" "k8s.io/utils/ptr"
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
"go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
@ -614,8 +614,8 @@ func RestrictiveSecurityContext() *corev1.SecurityContext {
Capabilities: &corev1.Capabilities{ Capabilities: &corev1.Capabilities{
Drop: []corev1.Capability{"ALL"}, Drop: []corev1.Capability{"ALL"},
}, },
RunAsNonRoot: pointer.Bool(true), RunAsNonRoot: ptr.To(true),
AllowPrivilegeEscalation: pointer.Bool(false), AllowPrivilegeEscalation: ptr.To(false),
SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault},
} }
} }