Merge pull request #1593 from vmware-tanzu/pinny/bump-deps
Bump go.mod direct dependencies
This commit is contained in:
commit
057304e9aa
2
go.mod
2
go.mod
@ -50,7 +50,7 @@ require (
|
||||
k8s.io/klog/v2 v2.100.1
|
||||
k8s.io/kube-aggregator v0.27.4
|
||||
k8s.io/kube-openapi v0.0.0-20230718181711-3c0fae5ee9fd
|
||||
k8s.io/utils v0.0.0-20230711102312-30195339c3c7
|
||||
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
|
||||
sigs.k8s.io/yaml v1.3.0
|
||||
)
|
||||
|
||||
|
4
go.sum
4
go.sum
@ -1044,8 +1044,8 @@ k8s.io/kube-aggregator v0.27.4 h1:WdK9iiBr32G8bWfpUEFVQl70RZO2dU19ZAktUXL5JFc=
|
||||
k8s.io/kube-aggregator v0.27.4/go.mod h1:+eG83gkAyh0uilQEAOgheeQW4hr+PkyV+5O1nLGsjlM=
|
||||
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
|
||||
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
|
||||
k8s.io/utils v0.0.0-20230711102312-30195339c3c7 h1:ZgnF1KZsYxWIifwSNZFZgNtWE89WI5yiP5WwlfDoIyc=
|
||||
k8s.io/utils v0.0.0-20230711102312-30195339c3c7/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
|
||||
k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
|
||||
k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
|
||||
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
|
||||
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
|
||||
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
|
||||
|
@ -43,7 +43,7 @@ import (
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/tools/clientcmd/api"
|
||||
featuregatetesting "k8s.io/component-base/featuregate/testing"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
||||
"go.pinniped.dev/internal/certauthority"
|
||||
@ -988,7 +988,7 @@ func TestImpersonator(t *testing.T) {
|
||||
&loginv1alpha1.TokenCredentialRequest{
|
||||
Spec: loginv1alpha1.TokenCredentialRequestSpec{
|
||||
Authenticator: corev1.TypedLocalObjectReference{
|
||||
APIGroup: pointer.String("anything.pinniped.dev"),
|
||||
APIGroup: ptr.To("anything.pinniped.dev"),
|
||||
},
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
|
@ -11,7 +11,7 @@ import (
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
"sigs.k8s.io/yaml"
|
||||
|
||||
"go.pinniped.dev/internal/constable"
|
||||
@ -93,39 +93,39 @@ func FromPath(ctx context.Context, path string) (*Config, error) {
|
||||
|
||||
func maybeSetAPIDefaults(apiConfig *APIConfigSpec) {
|
||||
if apiConfig.ServingCertificateConfig.DurationSeconds == nil {
|
||||
apiConfig.ServingCertificateConfig.DurationSeconds = pointer.Int64(aboutAYear)
|
||||
apiConfig.ServingCertificateConfig.DurationSeconds = ptr.To[int64](aboutAYear)
|
||||
}
|
||||
|
||||
if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil {
|
||||
apiConfig.ServingCertificateConfig.RenewBeforeSeconds = pointer.Int64(about9Months)
|
||||
apiConfig.ServingCertificateConfig.RenewBeforeSeconds = ptr.To[int64](about9Months)
|
||||
}
|
||||
}
|
||||
|
||||
func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) {
|
||||
if *apiGroupSuffix == nil {
|
||||
*apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix)
|
||||
*apiGroupSuffix = ptr.To(groupsuffix.PinnipedDefaultSuffix)
|
||||
}
|
||||
}
|
||||
|
||||
func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
|
||||
if *port == nil {
|
||||
*port = pointer.Int64(aggregatedAPIServerPortDefault)
|
||||
*port = ptr.To[int64](aggregatedAPIServerPortDefault)
|
||||
}
|
||||
}
|
||||
|
||||
func maybeSetImpersonationProxyServerPortDefaults(port **int64) {
|
||||
if *port == nil {
|
||||
*port = pointer.Int64(impersonationProxyPortDefault)
|
||||
*port = ptr.To[int64](impersonationProxyPortDefault)
|
||||
}
|
||||
}
|
||||
|
||||
func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) {
|
||||
if cfg.NamePrefix == nil {
|
||||
cfg.NamePrefix = pointer.String("pinniped-kube-cert-agent-")
|
||||
cfg.NamePrefix = ptr.To("pinniped-kube-cert-agent-")
|
||||
}
|
||||
|
||||
if cfg.Image == nil {
|
||||
cfg.Image = pointer.String("debian:latest")
|
||||
cfg.Image = ptr.To("debian:latest")
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package concierge
|
||||
@ -9,7 +9,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
"go.pinniped.dev/internal/here"
|
||||
"go.pinniped.dev/internal/plog"
|
||||
@ -59,17 +59,17 @@ func TestFromPath(t *testing.T) {
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
DiscoveryInfo: DiscoveryInfoSpec{
|
||||
URL: pointer.String("https://some.discovery/url"),
|
||||
URL: ptr.To("https://some.discovery/url"),
|
||||
},
|
||||
APIConfig: APIConfigSpec{
|
||||
ServingCertificateConfig: ServingCertificateConfigSpec{
|
||||
DurationSeconds: pointer.Int64(3600),
|
||||
RenewBeforeSeconds: pointer.Int64(2400),
|
||||
DurationSeconds: ptr.To[int64](3600),
|
||||
RenewBeforeSeconds: ptr.To[int64](2400),
|
||||
},
|
||||
},
|
||||
APIGroupSuffix: pointer.String("some.suffix.com"),
|
||||
AggregatedAPIServerPort: pointer.Int64(12345),
|
||||
ImpersonationProxyServerPort: pointer.Int64(4242),
|
||||
APIGroupSuffix: ptr.To("some.suffix.com"),
|
||||
AggregatedAPIServerPort: ptr.To[int64](12345),
|
||||
ImpersonationProxyServerPort: ptr.To[int64](4242),
|
||||
NamesConfig: NamesConfigSpec{
|
||||
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
|
||||
CredentialIssuer: "pinniped-config",
|
||||
@ -86,8 +86,8 @@ func TestFromPath(t *testing.T) {
|
||||
"myLabelKey2": "myLabelValue2",
|
||||
},
|
||||
KubeCertAgentConfig: KubeCertAgentSpec{
|
||||
NamePrefix: pointer.String("kube-cert-agent-name-prefix-"),
|
||||
Image: pointer.String("kube-cert-agent-image"),
|
||||
NamePrefix: ptr.To("kube-cert-agent-name-prefix-"),
|
||||
Image: ptr.To("kube-cert-agent-image"),
|
||||
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
|
||||
},
|
||||
LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug),
|
||||
@ -135,17 +135,17 @@ func TestFromPath(t *testing.T) {
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
DiscoveryInfo: DiscoveryInfoSpec{
|
||||
URL: pointer.String("https://some.discovery/url"),
|
||||
URL: ptr.To("https://some.discovery/url"),
|
||||
},
|
||||
APIConfig: APIConfigSpec{
|
||||
ServingCertificateConfig: ServingCertificateConfigSpec{
|
||||
DurationSeconds: pointer.Int64(3600),
|
||||
RenewBeforeSeconds: pointer.Int64(2400),
|
||||
DurationSeconds: ptr.To[int64](3600),
|
||||
RenewBeforeSeconds: ptr.To[int64](2400),
|
||||
},
|
||||
},
|
||||
APIGroupSuffix: pointer.String("some.suffix.com"),
|
||||
AggregatedAPIServerPort: pointer.Int64(12345),
|
||||
ImpersonationProxyServerPort: pointer.Int64(4242),
|
||||
APIGroupSuffix: ptr.To("some.suffix.com"),
|
||||
AggregatedAPIServerPort: ptr.To[int64](12345),
|
||||
ImpersonationProxyServerPort: ptr.To[int64](4242),
|
||||
NamesConfig: NamesConfigSpec{
|
||||
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
|
||||
CredentialIssuer: "pinniped-config",
|
||||
@ -162,8 +162,8 @@ func TestFromPath(t *testing.T) {
|
||||
"myLabelKey2": "myLabelValue2",
|
||||
},
|
||||
KubeCertAgentConfig: KubeCertAgentSpec{
|
||||
NamePrefix: pointer.String("kube-cert-agent-name-prefix-"),
|
||||
Image: pointer.String("kube-cert-agent-image"),
|
||||
NamePrefix: ptr.To("kube-cert-agent-name-prefix-"),
|
||||
Image: ptr.To("kube-cert-agent-image"),
|
||||
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
|
||||
},
|
||||
Log: plog.LogSpec{
|
||||
@ -212,17 +212,17 @@ func TestFromPath(t *testing.T) {
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
DiscoveryInfo: DiscoveryInfoSpec{
|
||||
URL: pointer.String("https://some.discovery/url"),
|
||||
URL: ptr.To("https://some.discovery/url"),
|
||||
},
|
||||
APIConfig: APIConfigSpec{
|
||||
ServingCertificateConfig: ServingCertificateConfigSpec{
|
||||
DurationSeconds: pointer.Int64(3600),
|
||||
RenewBeforeSeconds: pointer.Int64(2400),
|
||||
DurationSeconds: ptr.To[int64](3600),
|
||||
RenewBeforeSeconds: ptr.To[int64](2400),
|
||||
},
|
||||
},
|
||||
APIGroupSuffix: pointer.String("some.suffix.com"),
|
||||
AggregatedAPIServerPort: pointer.Int64(12345),
|
||||
ImpersonationProxyServerPort: pointer.Int64(4242),
|
||||
APIGroupSuffix: ptr.To("some.suffix.com"),
|
||||
AggregatedAPIServerPort: ptr.To[int64](12345),
|
||||
ImpersonationProxyServerPort: ptr.To[int64](4242),
|
||||
NamesConfig: NamesConfigSpec{
|
||||
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
|
||||
CredentialIssuer: "pinniped-config",
|
||||
@ -239,8 +239,8 @@ func TestFromPath(t *testing.T) {
|
||||
"myLabelKey2": "myLabelValue2",
|
||||
},
|
||||
KubeCertAgentConfig: KubeCertAgentSpec{
|
||||
NamePrefix: pointer.String("kube-cert-agent-name-prefix-"),
|
||||
Image: pointer.String("kube-cert-agent-image"),
|
||||
NamePrefix: ptr.To("kube-cert-agent-name-prefix-"),
|
||||
Image: ptr.To("kube-cert-agent-image"),
|
||||
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
|
||||
},
|
||||
LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug),
|
||||
@ -289,13 +289,13 @@ func TestFromPath(t *testing.T) {
|
||||
DiscoveryInfo: DiscoveryInfoSpec{
|
||||
URL: nil,
|
||||
},
|
||||
APIGroupSuffix: pointer.String("pinniped.dev"),
|
||||
AggregatedAPIServerPort: pointer.Int64(10250),
|
||||
ImpersonationProxyServerPort: pointer.Int64(8444),
|
||||
APIGroupSuffix: ptr.To("pinniped.dev"),
|
||||
AggregatedAPIServerPort: ptr.To[int64](10250),
|
||||
ImpersonationProxyServerPort: ptr.To[int64](8444),
|
||||
APIConfig: APIConfigSpec{
|
||||
ServingCertificateConfig: ServingCertificateConfigSpec{
|
||||
DurationSeconds: pointer.Int64(60 * 60 * 24 * 365), // about a year
|
||||
RenewBeforeSeconds: pointer.Int64(60 * 60 * 24 * 30 * 9), // about 9 months
|
||||
DurationSeconds: ptr.To[int64](60 * 60 * 24 * 365), // about a year
|
||||
RenewBeforeSeconds: ptr.To[int64](60 * 60 * 24 * 30 * 9), // about 9 months
|
||||
},
|
||||
},
|
||||
NamesConfig: NamesConfigSpec{
|
||||
@ -311,8 +311,8 @@ func TestFromPath(t *testing.T) {
|
||||
},
|
||||
Labels: map[string]string{},
|
||||
KubeCertAgentConfig: KubeCertAgentSpec{
|
||||
NamePrefix: pointer.String("pinniped-kube-cert-agent-"),
|
||||
Image: pointer.String("debian:latest"),
|
||||
NamePrefix: ptr.To("pinniped-kube-cert-agent-"),
|
||||
Image: ptr.To("debian:latest"),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Package supervisor contains functionality to load/store Config's from/to
|
||||
@ -12,7 +12,7 @@ import (
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
"sigs.k8s.io/yaml"
|
||||
|
||||
"go.pinniped.dev/internal/constable"
|
||||
@ -109,7 +109,7 @@ func maybeSetEndpointDefault(endpoint **Endpoint, defaultEndpoint Endpoint) {
|
||||
|
||||
func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) {
|
||||
if *apiGroupSuffix == nil {
|
||||
*apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix)
|
||||
*apiGroupSuffix = ptr.To(groupsuffix.PinnipedDefaultSuffix)
|
||||
}
|
||||
}
|
||||
|
||||
@ -119,7 +119,7 @@ func validateAPIGroupSuffix(apiGroupSuffix string) error {
|
||||
|
||||
func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
|
||||
if *port == nil {
|
||||
*port = pointer.Int64(aggregatedAPIServerPortDefault)
|
||||
*port = ptr.To[int64](aggregatedAPIServerPortDefault)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package supervisor
|
||||
@ -10,7 +10,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
"go.pinniped.dev/internal/here"
|
||||
"go.pinniped.dev/internal/plog"
|
||||
@ -45,7 +45,7 @@ func TestFromPath(t *testing.T) {
|
||||
aggregatedAPIServerPort: 12345
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
APIGroupSuffix: pointer.String("some.suffix.com"),
|
||||
APIGroupSuffix: ptr.To("some.suffix.com"),
|
||||
Labels: map[string]string{
|
||||
"myLabelKey1": "myLabelValue1",
|
||||
"myLabelKey2": "myLabelValue2",
|
||||
@ -68,7 +68,7 @@ func TestFromPath(t *testing.T) {
|
||||
Log: plog.LogSpec{
|
||||
Level: plog.LevelTrace,
|
||||
},
|
||||
AggregatedAPIServerPort: pointer.Int64(12345),
|
||||
AggregatedAPIServerPort: ptr.To[int64](12345),
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -95,7 +95,7 @@ func TestFromPath(t *testing.T) {
|
||||
aggregatedAPIServerPort: 12345
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
APIGroupSuffix: pointer.String("some.suffix.com"),
|
||||
APIGroupSuffix: ptr.To("some.suffix.com"),
|
||||
Labels: map[string]string{
|
||||
"myLabelKey1": "myLabelValue1",
|
||||
"myLabelKey2": "myLabelValue2",
|
||||
@ -118,7 +118,7 @@ func TestFromPath(t *testing.T) {
|
||||
Level: plog.LevelInfo,
|
||||
Format: plog.FormatText,
|
||||
},
|
||||
AggregatedAPIServerPort: pointer.Int64(12345),
|
||||
AggregatedAPIServerPort: ptr.To[int64](12345),
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -145,7 +145,7 @@ func TestFromPath(t *testing.T) {
|
||||
format: text
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
APIGroupSuffix: pointer.String("some.suffix.com"),
|
||||
APIGroupSuffix: ptr.To("some.suffix.com"),
|
||||
Labels: map[string]string{
|
||||
"myLabelKey1": "myLabelValue1",
|
||||
"myLabelKey2": "myLabelValue2",
|
||||
@ -169,7 +169,7 @@ func TestFromPath(t *testing.T) {
|
||||
Level: plog.LevelTrace,
|
||||
Format: plog.FormatText,
|
||||
},
|
||||
AggregatedAPIServerPort: pointer.Int64(10250),
|
||||
AggregatedAPIServerPort: ptr.To[int64](10250),
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -192,7 +192,7 @@ func TestFromPath(t *testing.T) {
|
||||
defaultTLSCertificateSecret: my-secret-name
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
APIGroupSuffix: pointer.String("pinniped.dev"),
|
||||
APIGroupSuffix: ptr.To("pinniped.dev"),
|
||||
Labels: map[string]string{},
|
||||
NamesConfig: NamesConfigSpec{
|
||||
DefaultTLSCertificateSecret: "my-secret-name",
|
||||
@ -207,7 +207,7 @@ func TestFromPath(t *testing.T) {
|
||||
},
|
||||
},
|
||||
AllowExternalHTTP: false,
|
||||
AggregatedAPIServerPort: pointer.Int64(10250),
|
||||
AggregatedAPIServerPort: ptr.To[int64](10250),
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -322,7 +322,7 @@ func TestFromPath(t *testing.T) {
|
||||
insecureAcceptExternalUnencryptedHttpRequests: true
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
APIGroupSuffix: pointer.String("pinniped.dev"),
|
||||
APIGroupSuffix: ptr.To("pinniped.dev"),
|
||||
Labels: map[string]string{},
|
||||
NamesConfig: NamesConfigSpec{
|
||||
DefaultTLSCertificateSecret: "my-secret-name",
|
||||
@ -338,7 +338,7 @@ func TestFromPath(t *testing.T) {
|
||||
},
|
||||
},
|
||||
AllowExternalHTTP: true,
|
||||
AggregatedAPIServerPort: pointer.Int64(10250),
|
||||
AggregatedAPIServerPort: ptr.To[int64](10250),
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -354,7 +354,7 @@ func TestFromPath(t *testing.T) {
|
||||
insecureAcceptExternalUnencryptedHttpRequests: "true"
|
||||
`),
|
||||
wantConfig: &Config{
|
||||
APIGroupSuffix: pointer.String("pinniped.dev"),
|
||||
APIGroupSuffix: ptr.To("pinniped.dev"),
|
||||
Labels: map[string]string{},
|
||||
NamesConfig: NamesConfigSpec{
|
||||
DefaultTLSCertificateSecret: "my-secret-name",
|
||||
@ -370,7 +370,7 @@ func TestFromPath(t *testing.T) {
|
||||
},
|
||||
},
|
||||
AllowExternalHTTP: true,
|
||||
AggregatedAPIServerPort: pointer.Int64(10250),
|
||||
AggregatedAPIServerPort: ptr.To[int64](10250),
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -29,7 +29,7 @@ import (
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/utils/clock"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
configv1alpha1informers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/config/v1alpha1"
|
||||
@ -521,14 +521,14 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
|
||||
Labels: c.cfg.Labels,
|
||||
},
|
||||
Spec: appsv1.DeploymentSpec{
|
||||
Replicas: pointer.Int32(1),
|
||||
Replicas: ptr.To[int32](1),
|
||||
Selector: metav1.SetAsLabelSelector(c.cfg.agentPodSelectorLabels()),
|
||||
Template: corev1.PodTemplateSpec{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Labels: c.cfg.agentPodLabels(),
|
||||
},
|
||||
Spec: corev1.PodSpec{
|
||||
TerminationGracePeriodSeconds: pointer.Int64(0),
|
||||
TerminationGracePeriodSeconds: ptr.To[int64](0),
|
||||
ImagePullSecrets: imagePullSecrets,
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
@ -557,15 +557,15 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
|
||||
Volumes: controllerManagerPod.Spec.Volumes,
|
||||
RestartPolicy: corev1.RestartPolicyAlways,
|
||||
NodeSelector: controllerManagerPod.Spec.NodeSelector,
|
||||
AutomountServiceAccountToken: pointer.Bool(false),
|
||||
AutomountServiceAccountToken: ptr.To(false),
|
||||
ServiceAccountName: c.cfg.ServiceAccountName,
|
||||
NodeName: controllerManagerPod.Spec.NodeName,
|
||||
Tolerations: controllerManagerPod.Spec.Tolerations,
|
||||
// We need to run the agent pod as root since the file permissions
|
||||
// on the cluster keypair usually restricts access to only root.
|
||||
SecurityContext: &corev1.PodSecurityContext{
|
||||
RunAsUser: pointer.Int64(0),
|
||||
RunAsGroup: pointer.Int64(0),
|
||||
RunAsUser: ptr.To[int64](0),
|
||||
RunAsGroup: ptr.To[int64](0),
|
||||
},
|
||||
HostNetwork: controllerManagerPod.Spec.HostNetwork,
|
||||
},
|
||||
|
@ -27,7 +27,7 @@ import (
|
||||
kubefake "k8s.io/client-go/kubernetes/fake"
|
||||
coretesting "k8s.io/client-go/testing"
|
||||
clocktesting "k8s.io/utils/clock/testing"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
conciergefake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake"
|
||||
@ -95,7 +95,7 @@ func TestAgentController(t *testing.T) {
|
||||
Labels: map[string]string{"extralabel": "labelvalue", "app": "anything"},
|
||||
},
|
||||
Spec: appsv1.DeploymentSpec{
|
||||
Replicas: pointer.Int32(1),
|
||||
Replicas: ptr.To[int32](1),
|
||||
Selector: metav1.SetAsLabelSelector(map[string]string{
|
||||
"kube-cert-agent.pinniped.dev": "v3",
|
||||
}),
|
||||
@ -133,12 +133,12 @@ func TestAgentController(t *testing.T) {
|
||||
ImagePullPolicy: corev1.PullIfNotPresent,
|
||||
}},
|
||||
RestartPolicy: corev1.RestartPolicyAlways,
|
||||
TerminationGracePeriodSeconds: pointer.Int64(0),
|
||||
TerminationGracePeriodSeconds: ptr.To[int64](0),
|
||||
ServiceAccountName: "test-service-account-name",
|
||||
AutomountServiceAccountToken: pointer.Bool(false),
|
||||
AutomountServiceAccountToken: ptr.To(false),
|
||||
SecurityContext: &corev1.PodSecurityContext{
|
||||
RunAsUser: pointer.Int64(0),
|
||||
RunAsGroup: pointer.Int64(0),
|
||||
RunAsUser: ptr.To[int64](0),
|
||||
RunAsGroup: ptr.To[int64](0),
|
||||
},
|
||||
ImagePullSecrets: []corev1.LocalObjectReference{{
|
||||
Name: "pinniped-image-pull-secret",
|
||||
@ -992,7 +992,7 @@ func TestAgentController(t *testing.T) {
|
||||
healthyAgentPod,
|
||||
validClusterInfoConfigMap,
|
||||
},
|
||||
discoveryURLOverride: pointer.String("https://overridden-server.example.com/some/path"),
|
||||
discoveryURLOverride: ptr.To("https://overridden-server.example.com/some/path"),
|
||||
mocks: mockExecSucceeds,
|
||||
wantDistinctErrors: []string{""},
|
||||
wantAgentDeployment: healthyAgentDeployment,
|
||||
|
@ -16,7 +16,7 @@ import (
|
||||
kubefake "k8s.io/client-go/kubernetes/fake"
|
||||
kubetesting "k8s.io/client-go/testing"
|
||||
"k8s.io/client-go/tools/leaderelection"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
)
|
||||
|
||||
// see test/integration/leaderelection_test.go for the bulk of the testing related to this code
|
||||
@ -31,7 +31,7 @@ func Test_releaseLock_Update(t *testing.T) {
|
||||
f: func(t *testing.T, internalClient *kubefake.Clientset, isLeader *isLeaderTracker, cancel context.CancelFunc) {
|
||||
internalClient.PrependReactor("update", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
|
||||
lease := action.(kubetesting.UpdateAction).GetObject().(*coordinationv1.Lease)
|
||||
if len(pointer.StringDeref(lease.Spec.HolderIdentity, "")) == 0 {
|
||||
if len(ptr.Deref(lease.Spec.HolderIdentity, "")) == 0 {
|
||||
require.False(t, isLeader.canWrite(), "client must release in-memory leader status before Kube API call")
|
||||
}
|
||||
return true, nil, errors.New("cannot renew")
|
||||
|
@ -25,7 +25,7 @@ import (
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/client-go/kubernetes/fake"
|
||||
v1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake"
|
||||
"go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/typed/config/v1alpha1"
|
||||
@ -695,8 +695,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -725,8 +725,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -756,8 +756,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -779,8 +779,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
|
||||
@ -800,8 +800,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
|
||||
@ -991,8 +991,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: "/some/path",
|
||||
contentType: formContentType,
|
||||
body: encodeQuery(happyGetRequestQueryMap),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -1015,8 +1015,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: "/some/path",
|
||||
contentType: formContentType,
|
||||
body: encodeQuery(happyGetRequestQueryMap),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
|
||||
@ -1038,8 +1038,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: "/some/path",
|
||||
contentType: formContentType,
|
||||
body: encodeQuery(happyGetRequestQueryMap),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
|
||||
@ -1194,8 +1194,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: modifiedHappyGetRequestPath(map[string]string{
|
||||
"redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client
|
||||
}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -1218,8 +1218,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: modifiedHappyGetRequestPath(map[string]string{
|
||||
"redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client
|
||||
}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid\+username\+groups&state=` + happyState,
|
||||
@ -1258,8 +1258,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -1280,8 +1280,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(1*time.Hour))).WithUserInfoURL().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -1313,8 +1313,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -1335,8 +1335,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusBadGateway,
|
||||
wantContentType: htmlContentType,
|
||||
wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n",
|
||||
@ -1346,8 +1346,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&erroringUpstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusBadGateway,
|
||||
wantContentType: htmlContentType,
|
||||
wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n",
|
||||
@ -1362,8 +1362,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String("wrong-password"),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To("wrong-password"),
|
||||
wantPasswordGrantCall: &expectedPasswordGrant{
|
||||
performedByUpstreamName: oidcPasswordGrantUpstreamName,
|
||||
args: &oidctestutil.PasswordCredentialsGrantAndValidateTokensArgs{
|
||||
@ -1380,8 +1380,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String("wrong-password"),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To("wrong-password"),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
|
||||
@ -1392,8 +1392,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String("wrong-password"),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To("wrong-password"),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
|
||||
@ -1404,8 +1404,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String("wrong-username"),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To("wrong-username"),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
|
||||
@ -1416,8 +1416,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String("wrong-username"),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To("wrong-username"),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
|
||||
@ -1429,7 +1429,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: nil, // do not send header
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
|
||||
@ -1441,7 +1441,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: nil, // do not send header
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
|
||||
@ -1453,7 +1453,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: nil, // do not send header
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
|
||||
@ -1464,7 +1464,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: nil, // do not send header
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1476,7 +1476,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: nil, // do not send header
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1488,8 +1488,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1501,8 +1501,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1514,8 +1514,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithEmptyAccessToken().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1527,8 +1527,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithoutAccessToken().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1540,8 +1540,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithEmptyAccessToken().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1553,8 +1553,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithoutAccessToken().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1566,7 +1566,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: nil, // do not send header
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -1578,8 +1578,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(upstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithPasswordGrantDisallowedHintErrorQuery),
|
||||
@ -1591,8 +1591,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
|
||||
@ -1604,8 +1604,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
|
||||
@ -1617,8 +1617,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
|
||||
@ -1666,8 +1666,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: modifiedHappyGetRequestPath(map[string]string{
|
||||
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
|
||||
}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusBadRequest,
|
||||
wantContentType: jsonContentType,
|
||||
wantBodyJSON: fositeInvalidRedirectURIErrorBody,
|
||||
@ -1679,8 +1679,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: modifiedHappyGetRequestPath(map[string]string{
|
||||
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
|
||||
}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusBadRequest,
|
||||
wantContentType: jsonContentType,
|
||||
wantBodyJSON: fositeInvalidRedirectURIErrorBody,
|
||||
@ -1692,8 +1692,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
path: modifiedHappyGetRequestPath(map[string]string{
|
||||
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
|
||||
}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusBadRequest,
|
||||
wantContentType: jsonContentType,
|
||||
wantBodyJSON: fositeInvalidRedirectURIErrorBody,
|
||||
@ -1717,8 +1717,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"client_id": "invalid-client"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusUnauthorized,
|
||||
wantContentType: jsonContentType,
|
||||
wantBodyJSON: fositeInvalidClientErrorBody,
|
||||
@ -1781,8 +1781,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
|
||||
@ -1793,8 +1793,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
|
||||
@ -1830,8 +1830,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
|
||||
@ -1898,8 +1898,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid profile email tuna"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
|
||||
@ -1939,8 +1939,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
|
||||
@ -1951,8 +1951,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
|
||||
@ -1994,8 +1994,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
|
||||
@ -2006,8 +2006,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
|
||||
@ -2039,8 +2039,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
|
||||
@ -2086,8 +2086,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"client_id": ""}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusUnauthorized,
|
||||
wantContentType: jsonContentType,
|
||||
wantBodyJSON: fositeInvalidClientErrorBody,
|
||||
@ -2137,8 +2137,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2151,8 +2151,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery),
|
||||
@ -2195,8 +2195,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2209,8 +2209,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery),
|
||||
@ -2253,8 +2253,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2267,8 +2267,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery),
|
||||
@ -2311,8 +2311,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2325,8 +2325,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery),
|
||||
@ -2375,8 +2375,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2391,8 +2391,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery),
|
||||
@ -2446,8 +2446,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
method: http.MethodGet,
|
||||
// The following prompt value is illegal when openid is requested, but note that openid is not requested.
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2469,8 +2469,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
method: http.MethodGet,
|
||||
// The following prompt value is illegal when openid is requested, but note that openid is not requested.
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=username\+groups&state=` + happyState, // username and groups scopes were not requested, but are granted anyway for backwards compatibility
|
||||
@ -2492,8 +2492,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2518,8 +2518,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2545,8 +2545,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2573,8 +2573,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2600,8 +2600,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2618,8 +2618,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2633,8 +2633,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2658,8 +2658,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2683,8 +2683,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2707,8 +2707,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2722,8 +2722,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: htmlContentType,
|
||||
@ -2746,8 +2746,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2761,8 +2761,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2776,8 +2776,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2791,8 +2791,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2806,8 +2806,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2821,8 +2821,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2836,8 +2836,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2851,8 +2851,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2866,8 +2866,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2881,8 +2881,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2896,8 +2896,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
),
|
||||
method: http.MethodGet,
|
||||
path: happyGetRequestPath,
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
@ -2940,8 +2940,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}),
|
||||
customUsernameHeader: pointer.String(oidcUpstreamUsername),
|
||||
customPasswordHeader: pointer.String(oidcUpstreamPassword),
|
||||
customUsernameHeader: ptr.To(oidcUpstreamUsername),
|
||||
customPasswordHeader: ptr.To(oidcUpstreamPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery),
|
||||
@ -2952,8 +2952,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
||||
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
|
||||
method: http.MethodGet,
|
||||
path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}),
|
||||
customUsernameHeader: pointer.String(happyLDAPUsername),
|
||||
customPasswordHeader: pointer.String(happyLDAPPassword),
|
||||
customUsernameHeader: ptr.To(happyLDAPUsername),
|
||||
customPasswordHeader: ptr.To(happyLDAPPassword),
|
||||
wantStatus: http.StatusFound,
|
||||
wantContentType: jsonContentType,
|
||||
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery),
|
||||
|
@ -22,7 +22,7 @@ import (
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
loginapi "go.pinniped.dev/generated/latest/apis/concierge/login"
|
||||
"go.pinniped.dev/internal/issuer"
|
||||
@ -387,7 +387,7 @@ func requireSuccessfulResponseWithAuthenticationFailureMessage(t *testing.T, err
|
||||
require.Equal(t, response, &loginapi.TokenCredentialRequest{
|
||||
Status: loginapi.TokenCredentialRequestStatus{
|
||||
Credential: nil,
|
||||
Message: pointer.String("authentication failed"),
|
||||
Message: ptr.To("authentication failed"),
|
||||
},
|
||||
})
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package integration
|
||||
@ -15,7 +15,7 @@ import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
|
||||
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
||||
@ -151,7 +151,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic
|
||||
|
||||
require.Empty(t, response.Spec)
|
||||
require.Nil(t, response.Status.Credential)
|
||||
require.Equal(t, pointer.String("authentication failed"), response.Status.Message)
|
||||
require.Equal(t, ptr.To("authentication failed"), response.Status.Message)
|
||||
}
|
||||
|
||||
// TCRs are non-mutating and safe to run in parallel with serial tests, see main_test.go.
|
||||
|
@ -59,7 +59,7 @@ import (
|
||||
"k8s.io/client-go/util/certificate/csr"
|
||||
"k8s.io/client-go/util/keyutil"
|
||||
"k8s.io/client-go/util/retry"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1"
|
||||
@ -1370,7 +1370,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
|
||||
tkr, err := impersonationProxyAnonymousClient.PinnipedConcierge.LoginV1alpha1().TokenCredentialRequests().
|
||||
Create(ctx, &loginv1alpha1.TokenCredentialRequest{
|
||||
Spec: loginv1alpha1.TokenCredentialRequestSpec{
|
||||
Authenticator: corev1.TypedLocalObjectReference{APIGroup: pointer.String("anything.pinniped.dev")},
|
||||
Authenticator: corev1.TypedLocalObjectReference{APIGroup: ptr.To("anything.pinniped.dev")},
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
require.True(t, k8serrors.IsInvalid(err), testlib.Sdump(err))
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package integration
|
||||
@ -14,7 +14,7 @@ import (
|
||||
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
"go.pinniped.dev/test/testlib"
|
||||
@ -132,7 +132,7 @@ func TestLegacyPodCleaner_Parallel(t *testing.T) {
|
||||
t.Cleanup(func() {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
|
||||
defer cancel()
|
||||
err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: pointer.Int64(0)})
|
||||
err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: ptr.To[int64](0)})
|
||||
if !k8serrors.IsNotFound(err) {
|
||||
require.NoError(t, err, "failed to clean up fake legacy agent pod")
|
||||
}
|
||||
|
@ -19,7 +19,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/rand"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/client-go/util/retry"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
"go.pinniped.dev/internal/downward"
|
||||
"go.pinniped.dev/internal/kubeclient"
|
||||
@ -205,7 +205,7 @@ func waitForIdentity(ctx context.Context, t *testing.T, namespace *corev1.Namesp
|
||||
}
|
||||
out = lease
|
||||
t.Logf("lease %s/%s - current leader identity: %s, valid leader identities: %s",
|
||||
namespace.Name, leaseName, pointer.StringDeref(lease.Spec.HolderIdentity, "<nil>"), identities.List())
|
||||
namespace.Name, leaseName, ptr.Deref(lease.Spec.HolderIdentity, "<nil>"), identities.List())
|
||||
return lease.Spec.HolderIdentity != nil && identities.Has(*lease.Spec.HolderIdentity), nil
|
||||
}, 10*time.Minute, 10*time.Second)
|
||||
|
||||
@ -276,7 +276,7 @@ func forceTransition(ctx context.Context, t *testing.T, namespace *corev1.Namesp
|
||||
startTime = *startLease.Spec.AcquireTime
|
||||
|
||||
startLease = startLease.DeepCopy()
|
||||
startLease.Spec.HolderIdentity = pointer.String("some-other-client-" + rand.String(5))
|
||||
startLease.Spec.HolderIdentity = ptr.To("some-other-client-" + rand.String(5))
|
||||
|
||||
_, err := pickCurrentLeaderClient(ctx, t, namespace, leaseName, clients).
|
||||
Kubernetes.CoordinationV1().Leases(namespace.Name).Update(ctx, startLease, metav1.UpdateOptions{})
|
||||
|
@ -25,7 +25,7 @@ import (
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
|
||||
"go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
||||
@ -614,8 +614,8 @@ func RestrictiveSecurityContext() *corev1.SecurityContext {
|
||||
Capabilities: &corev1.Capabilities{
|
||||
Drop: []corev1.Capability{"ALL"},
|
||||
},
|
||||
RunAsNonRoot: pointer.Bool(true),
|
||||
AllowPrivilegeEscalation: pointer.Bool(false),
|
||||
RunAsNonRoot: ptr.To(true),
|
||||
AllowPrivilegeEscalation: ptr.To(false),
|
||||
SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault},
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user