djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extend TestCLILoginOIDC to test ID token caching behavior.

Browse Source 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2020-10-21 15:02:42 -05:00
parent e919ef6582
commit 0adbb5234e
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
test/integration/cli_test.go
View File

@ -146,7 +146,7 @@ func getLoginProvider(t *testing.T) *loginProviderPatterns {
func TestCLILoginOIDC(t *testing.T) {
env := library.IntegrationEnv(t)
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Find the login CSS selectors for the test issuer, or fail fast.
@ -172,12 +172,16 @@ func TestCLILoginOIDC(t *testing.T) {
t.Logf("building CLI binary")
pinnipedExe := buildPinnipedCLI(t)
// Make a temp directory to hold the session cache for this test.
sessionCachePath := t.TempDir() + "/sessions.yaml"
// Start the CLI running the "alpha login oidc [...]" command with stdout/stderr connected to pipes.
t.Logf("starting CLI subprocess")
cmd := exec.CommandContext(ctx, pinnipedExe, "alpha", "login", "oidc",
"--issuer", env.OIDCUpstream.Issuer,
"--client-id", env.OIDCUpstream.ClientID,
"--listen-port", strconv.Itoa(env.OIDCUpstream.LocalhostPort),
"--session-cache", sessionCachePath,
"--skip-browser",
)
stderr, err := cmd.StderrPipe()
@ -305,6 +309,26 @@ func TestCLILoginOIDC(t *testing.T) {
require.Equal(t, env.OIDCUpstream.ClientID, claims["aud"])
require.Equal(t, env.OIDCUpstream.Username, claims["email"])
require.NotEmpty(t, claims["nonce"])
// Run the CLI again with the same session cache and login parameters.
t.Logf("starting second CLI subprocess to test session caching")
secondCtx, secondCancel := context.WithTimeout(ctx, 5*time.Second)
defer secondCancel()
cmdOutput, err := exec.CommandContext(secondCtx, pinnipedExe, "alpha", "login", "oidc",
"--issuer", env.OIDCUpstream.Issuer,
"--client-id", env.OIDCUpstream.ClientID,
"--listen-port", strconv.Itoa(env.OIDCUpstream.LocalhostPort),
"--session-cache", sessionCachePath,
"--skip-browser",
).CombinedOutput()
require.NoError(t, err)
// Expect the CLI to output the same ExecCredential in JSON format.
t.Logf("validating second ExecCredential")
var credOutput2 clientauthenticationv1beta1.ExecCredential
require.NoErrorf(t, json.Unmarshal(cmdOutput, &credOutput2),
"command returned something other than an ExecCredential:\n%s", string(cmdOutput))
require.Equal(t, credOutput, credOutput2)
}
func waitForVisibleElements(t *testing.T, page *agouti.Page, selectors ...string) {