Merge remote-tracking branch 'upstream/main' into secret-generation
This commit is contained in:
commit
2e784e006c
@ -8,7 +8,7 @@ import (
|
|||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
|
||||||
type OIDCProviderStatusCondition string
|
type OIDCProviderStatusCondition string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -142,6 +142,7 @@ spec:
|
|||||||
- Success
|
- Success
|
||||||
- Duplicate
|
- Duplicate
|
||||||
- Invalid
|
- Invalid
|
||||||
|
- SameIssuerHostMustUseSameSecret
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
@ -8,7 +8,7 @@ import (
|
|||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
|
||||||
type OIDCProviderStatusCondition string
|
type OIDCProviderStatusCondition string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -142,6 +142,7 @@ spec:
|
|||||||
- Success
|
- Success
|
||||||
- Duplicate
|
- Duplicate
|
||||||
- Invalid
|
- Invalid
|
||||||
|
- SameIssuerHostMustUseSameSecret
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
@ -8,7 +8,7 @@ import (
|
|||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
|
||||||
type OIDCProviderStatusCondition string
|
type OIDCProviderStatusCondition string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -142,6 +142,7 @@ spec:
|
|||||||
- Success
|
- Success
|
||||||
- Duplicate
|
- Duplicate
|
||||||
- Invalid
|
- Invalid
|
||||||
|
- SameIssuerHostMustUseSameSecret
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
@ -8,7 +8,7 @@ import (
|
|||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
|
||||||
type OIDCProviderStatusCondition string
|
type OIDCProviderStatusCondition string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -142,6 +142,7 @@ spec:
|
|||||||
- Success
|
- Success
|
||||||
- Duplicate
|
- Duplicate
|
||||||
- Invalid
|
- Invalid
|
||||||
|
- SameIssuerHostMustUseSameSecret
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
@ -165,8 +165,12 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
authcode := callback.URL.Query().Get("code")
|
authcode := callback.URL.Query().Get("code")
|
||||||
require.NotEmpty(t, authcode)
|
require.NotEmpty(t, authcode)
|
||||||
|
|
||||||
// Call the token endpoint to get tokens.
|
// Call the token endpoint to get tokens. Give the Supervisor a couple of seconds to wire up its signing key.
|
||||||
tokenResponse, err := downstreamOAuth2Config.Exchange(oidcHTTPClientContext, authcode, pkceParam.Verifier())
|
var tokenResponse *oauth2.Token
|
||||||
|
assert.Eventually(t, func() bool {
|
||||||
|
tokenResponse, err = downstreamOAuth2Config.Exchange(oidcHTTPClientContext, authcode, pkceParam.Verifier())
|
||||||
|
return err == nil
|
||||||
|
}, time.Second*5, time.Second*1)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat"}
|
expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat"}
|
||||||
|
@ -15,6 +15,7 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
@ -265,12 +266,13 @@ func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer string, ce
|
|||||||
|
|
||||||
// Wait for the OIDCProvider to enter the expected phase (or time out).
|
// Wait for the OIDCProvider to enter the expected phase (or time out).
|
||||||
var result *configv1alpha1.OIDCProvider
|
var result *configv1alpha1.OIDCProvider
|
||||||
require.Eventuallyf(t, func() bool {
|
assert.Eventuallyf(t, func() bool {
|
||||||
var err error
|
var err error
|
||||||
result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{})
|
result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{})
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
return result.Status.Status == expectStatus
|
return result.Status.Status == expectStatus
|
||||||
}, 60*time.Second, 1*time.Second, "expected the UpstreamOIDCProvider to go into phase %s", expectStatus)
|
}, 60*time.Second, 1*time.Second, "expected the OIDCProvider to have status %q", expectStatus)
|
||||||
|
require.Equal(t, expectStatus, result.Status.Status)
|
||||||
|
|
||||||
return opc
|
return opc
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user