From 0adbb5234e16b5bc4108fd61fddc3d372cb9925f Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 21 Oct 2020 15:02:42 -0500 Subject: [PATCH] Extend TestCLILoginOIDC to test ID token caching behavior. Signed-off-by: Matt Moyer --- test/integration/cli_test.go | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/test/integration/cli_test.go b/test/integration/cli_test.go index 334640ce..014eebb4 100644 --- a/test/integration/cli_test.go +++ b/test/integration/cli_test.go @@ -146,7 +146,7 @@ func getLoginProvider(t *testing.T) *loginProviderPatterns { func TestCLILoginOIDC(t *testing.T) { env := library.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() // Find the login CSS selectors for the test issuer, or fail fast. @@ -172,12 +172,16 @@ func TestCLILoginOIDC(t *testing.T) { t.Logf("building CLI binary") pinnipedExe := buildPinnipedCLI(t) + // Make a temp directory to hold the session cache for this test. + sessionCachePath := t.TempDir() + "/sessions.yaml" + // Start the CLI running the "alpha login oidc [...]" command with stdout/stderr connected to pipes. t.Logf("starting CLI subprocess") cmd := exec.CommandContext(ctx, pinnipedExe, "alpha", "login", "oidc", "--issuer", env.OIDCUpstream.Issuer, "--client-id", env.OIDCUpstream.ClientID, "--listen-port", strconv.Itoa(env.OIDCUpstream.LocalhostPort), + "--session-cache", sessionCachePath, "--skip-browser", ) stderr, err := cmd.StderrPipe() @@ -305,6 +309,26 @@ func TestCLILoginOIDC(t *testing.T) { require.Equal(t, env.OIDCUpstream.ClientID, claims["aud"]) require.Equal(t, env.OIDCUpstream.Username, claims["email"]) require.NotEmpty(t, claims["nonce"]) + + // Run the CLI again with the same session cache and login parameters. + t.Logf("starting second CLI subprocess to test session caching") + secondCtx, secondCancel := context.WithTimeout(ctx, 5*time.Second) + defer secondCancel() + cmdOutput, err := exec.CommandContext(secondCtx, pinnipedExe, "alpha", "login", "oidc", + "--issuer", env.OIDCUpstream.Issuer, + "--client-id", env.OIDCUpstream.ClientID, + "--listen-port", strconv.Itoa(env.OIDCUpstream.LocalhostPort), + "--session-cache", sessionCachePath, + "--skip-browser", + ).CombinedOutput() + require.NoError(t, err) + + // Expect the CLI to output the same ExecCredential in JSON format. + t.Logf("validating second ExecCredential") + var credOutput2 clientauthenticationv1beta1.ExecCredential + require.NoErrorf(t, json.Unmarshal(cmdOutput, &credOutput2), + "command returned something other than an ExecCredential:\n%s", string(cmdOutput)) + require.Equal(t, credOutput, credOutput2) } func waitForVisibleElements(t *testing.T, page *agouti.Page, selectors ...string) {