Another integration test fix for dynamic clients feature with Okta
Also increase the timeout in an integration test because it is flaking on one of the GKE environments sometimes, probably because the Concierge controllers aren't ready fast enough before the integration tests start.
This commit is contained in:
parent
f302e71b0f
commit
23185d55a5
@ -109,25 +109,30 @@ func TestAPIServingCertificateAutoCreationAndRotation_Disruptive(t *testing.T) {
|
|||||||
|
|
||||||
// Expect that the Secret comes back right away with newly minted certs.
|
// Expect that the Secret comes back right away with newly minted certs.
|
||||||
var regeneratedCACert []byte
|
var regeneratedCACert []byte
|
||||||
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
testlib.RequireEventually(t,
|
||||||
var err error
|
func(requireEventually *require.Assertions) {
|
||||||
secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{})
|
var err error
|
||||||
requireEventually.NoError(err)
|
secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{})
|
||||||
|
requireEventually.NoError(err)
|
||||||
|
|
||||||
regeneratedCACert = secret.Data["caCertificate"]
|
regeneratedCACert = secret.Data["caCertificate"]
|
||||||
regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
|
regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
|
||||||
regeneratedCertChain := secret.Data["tlsCertificateChain"]
|
regeneratedCertChain := secret.Data["tlsCertificateChain"]
|
||||||
requireEventually.NotEmpty(regeneratedCACert)
|
requireEventually.NotEmpty(regeneratedCACert)
|
||||||
requireEventually.NotEmpty(regeneratedPrivateKey)
|
requireEventually.NotEmpty(regeneratedPrivateKey)
|
||||||
requireEventually.NotEmpty(regeneratedCertChain)
|
requireEventually.NotEmpty(regeneratedCertChain)
|
||||||
requireEventually.NotEqual(initialCACert, regeneratedCACert)
|
requireEventually.NotEqual(initialCACert, regeneratedCACert)
|
||||||
requireEventually.NotEqual(initialPrivateKey, regeneratedPrivateKey)
|
requireEventually.NotEqual(initialPrivateKey, regeneratedPrivateKey)
|
||||||
requireEventually.NotEqual(initialCertChain, regeneratedCertChain)
|
requireEventually.NotEqual(initialCertChain, regeneratedCertChain)
|
||||||
for k, v := range env.ConciergeCustomLabels {
|
for k, v := range env.ConciergeCustomLabels {
|
||||||
requireEventually.Equalf(v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
|
requireEventually.Equalf(v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
|
||||||
}
|
}
|
||||||
requireEventually.Equal(env.ConciergeAppName, secret.Labels["app"])
|
requireEventually.Equal(env.ConciergeAppName, secret.Labels["app"])
|
||||||
}, 2*time.Minute, 250*time.Millisecond)
|
},
|
||||||
|
// Wait 5 minutes in case the Concierge was just redeployed, in which case it can take time for
|
||||||
|
// the controllers to be ready again. This test is often run as the very first test in the whole suite.
|
||||||
|
5*time.Minute,
|
||||||
|
250*time.Millisecond)
|
||||||
|
|
||||||
// Expect that the APIService was also updated with the new CA.
|
// Expect that the APIService was also updated with the new CA.
|
||||||
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
||||||
|
@ -1293,6 +1293,10 @@ func TestSupervisorLogin_Browser(t *testing.T) {
|
|||||||
maybeSkip: skipNever,
|
maybeSkip: skipNever,
|
||||||
createIDP: func(t *testing.T) string {
|
createIDP: func(t *testing.T) string {
|
||||||
spec := basicOIDCIdentityProviderSpec()
|
spec := basicOIDCIdentityProviderSpec()
|
||||||
|
spec.Claims = idpv1alpha1.OIDCClaims{
|
||||||
|
Username: env.SupervisorUpstreamOIDC.UsernameClaim,
|
||||||
|
Groups: env.SupervisorUpstreamOIDC.GroupsClaim,
|
||||||
|
}
|
||||||
spec.AuthorizationConfig = idpv1alpha1.OIDCAuthorizationConfig{
|
spec.AuthorizationConfig = idpv1alpha1.OIDCAuthorizationConfig{
|
||||||
AdditionalScopes: env.SupervisorUpstreamOIDC.AdditionalScopes,
|
AdditionalScopes: env.SupervisorUpstreamOIDC.AdditionalScopes,
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user