Merge pull request #499 from vmware-tanzu/add-anon-auth-capability
Describe "anonymousAuthenticationSupported" test cluster capability and add more managed cluster types.
This commit is contained in:
commit
10168ab2e7
12
test/cluster_capabilities/aks.yaml
Normal file
12
test/cluster_capabilities/aks.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
|
capabilities:
|
||||||
|
|
||||||
|
# Is it possible to borrow the cluster's signing key from the kube API server?
|
||||||
|
clusterSigningKeyIsAvailable: false
|
||||||
|
|
||||||
|
# Does the cluster allow requests without authentication?
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests
|
||||||
|
anonymousAuthenticationSupported: false
|
12
test/cluster_capabilities/eks.yaml
Normal file
12
test/cluster_capabilities/eks.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
|
capabilities:
|
||||||
|
|
||||||
|
# Is it possible to borrow the cluster's signing key from the kube API server?
|
||||||
|
clusterSigningKeyIsAvailable: false
|
||||||
|
|
||||||
|
# Does the cluster allow requests without authentication?
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests
|
||||||
|
anonymousAuthenticationSupported: true
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
@ -6,3 +6,7 @@ capabilities:
|
|||||||
|
|
||||||
# Is it possible to borrow the cluster's signing key from the kube API server?
|
# Is it possible to borrow the cluster's signing key from the kube API server?
|
||||||
clusterSigningKeyIsAvailable: false
|
clusterSigningKeyIsAvailable: false
|
||||||
|
|
||||||
|
# Does the cluster allow requests without authentication?
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests
|
||||||
|
anonymousAuthenticationSupported: true
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
@ -6,3 +6,7 @@ capabilities:
|
|||||||
|
|
||||||
# Is it possible to borrow the cluster's signing key from the kube API server?
|
# Is it possible to borrow the cluster's signing key from the kube API server?
|
||||||
clusterSigningKeyIsAvailable: true
|
clusterSigningKeyIsAvailable: true
|
||||||
|
|
||||||
|
# Does the cluster allow requests without authentication?
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests
|
||||||
|
anonymousAuthenticationSupported: true
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
@ -6,3 +6,7 @@ capabilities:
|
|||||||
|
|
||||||
# Is it possible to borrow the cluster's signing key from the kube API server?
|
# Is it possible to borrow the cluster's signing key from the kube API server?
|
||||||
clusterSigningKeyIsAvailable: true
|
clusterSigningKeyIsAvailable: true
|
||||||
|
|
||||||
|
# Does the cluster allow requests without authentication?
|
||||||
|
# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests
|
||||||
|
anonymousAuthenticationSupported: true
|
||||||
|
@ -23,7 +23,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestUnsuccessfulCredentialRequest(t *testing.T) {
|
func TestUnsuccessfulCredentialRequest(t *testing.T) {
|
||||||
env := library.IntegrationEnv(t)
|
env := library.IntegrationEnv(t).WithCapability(library.AnonymousAuthenticationSupported)
|
||||||
|
|
||||||
library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "")
|
library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "")
|
||||||
|
|
||||||
@ -184,7 +184,7 @@ func TestCredentialRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestCredentialRequest_OtherwiseValidRequestWithRealTokenShouldFailWhenTheClusterIsNotCapable(t *testing.T) {
|
func TestCredentialRequest_OtherwiseValidRequestWithRealTokenShouldFailWhenTheClusterIsNotCapable(t *testing.T) {
|
||||||
env := library.IntegrationEnv(t).WithoutCapability(library.ClusterSigningKeyIsAvailable)
|
env := library.IntegrationEnv(t).WithoutCapability(library.ClusterSigningKeyIsAvailable).WithCapability(library.AnonymousAuthenticationSupported)
|
||||||
|
|
||||||
library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "")
|
library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "")
|
||||||
|
|
||||||
|
@ -344,7 +344,7 @@ func TestWhoAmI_CSR(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestWhoAmI_Anonymous(t *testing.T) {
|
func TestWhoAmI_Anonymous(t *testing.T) {
|
||||||
_ = library.IntegrationEnv(t)
|
_ = library.IntegrationEnv(t).WithCapability(library.AnonymousAuthenticationSupported)
|
||||||
|
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
@ -19,6 +19,7 @@ type Capability string
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
|
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
|
||||||
|
AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TestEnv captures all the external parameters consumed by our integration tests.
|
// TestEnv captures all the external parameters consumed by our integration tests.
|
||||||
|
Loading…
Reference in New Issue
Block a user