djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into secret-generation

This commit is contained in:
Andrew Keesler 2020-12-15 13:24:33 -05:00
parent 7320928235 08cf2f7cd1
commit 2e784e006c
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
10 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl
View File

@ -8,7 +8,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
type OIDCProviderStatusCondition string type OIDCProviderStatusCondition string
const ( const (

1
deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml
View File

@ -142,6 +142,7 @@ spec:
- Success - Success
- Duplicate - Duplicate
- Invalid - Invalid
- SameIssuerHostMustUseSameSecret
type: string type: string
type: object type: object
required: required:

2
generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go generated
View File

@ -8,7 +8,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
type OIDCProviderStatusCondition string type OIDCProviderStatusCondition string
const ( const (

1
generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml generated
View File

@ -142,6 +142,7 @@ spec:
- Success - Success
- Duplicate - Duplicate
- Invalid - Invalid
- SameIssuerHostMustUseSameSecret
type: string type: string
type: object type: object
required: required:

2
generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go generated
View File

@ -8,7 +8,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
type OIDCProviderStatusCondition string type OIDCProviderStatusCondition string
const ( const (

1
generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml generated
View File

@ -142,6 +142,7 @@ spec:
- Success - Success
- Duplicate - Duplicate
- Invalid - Invalid
- SameIssuerHostMustUseSameSecret
type: string type: string
type: object type: object
required: required:

2
generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go generated
View File

@ -8,7 +8,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
type OIDCProviderStatusCondition string type OIDCProviderStatusCondition string
const ( const (

1
generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml generated
View File

@ -142,6 +142,7 @@ spec:
- Success - Success
- Duplicate - Duplicate
- Invalid - Invalid
- SameIssuerHostMustUseSameSecret
type: string type: string
type: object type: object
required: required:

8
test/integration/supervisor_login_test.go
View File

@ -165,8 +165,12 @@ func TestSupervisorLogin(t *testing.T) {
authcode := callback.URL.Query().Get("code") authcode := callback.URL.Query().Get("code")
require.NotEmpty(t, authcode) require.NotEmpty(t, authcode)
// Call the token endpoint to get tokens. // Call the token endpoint to get tokens. Give the Supervisor a couple of seconds to wire up its signing key.
tokenResponse, err := downstreamOAuth2Config.Exchange(oidcHTTPClientContext, authcode, pkceParam.Verifier()) var tokenResponse *oauth2.Token
assert.Eventually(t, func() bool {
tokenResponse, err = downstreamOAuth2Config.Exchange(oidcHTTPClientContext, authcode, pkceParam.Verifier())
return err == nil
}, time.Second*5, time.Second*1)
require.NoError(t, err) require.NoError(t, err)
expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat"} expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat"}

6
test/library/client.go
View File

@ -15,6 +15,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors" k8serrors "k8s.io/apimachinery/pkg/api/errors"
@ -265,12 +266,13 @@ func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer string, ce
// Wait for the OIDCProvider to enter the expected phase (or time out). // Wait for the OIDCProvider to enter the expected phase (or time out).
var result *configv1alpha1.OIDCProvider var result *configv1alpha1.OIDCProvider
require.Eventuallyf(t, func() bool { assert.Eventuallyf(t, func() bool {
var err error var err error
result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{}) result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{})
require.NoError(t, err) require.NoError(t, err)
return result.Status.Status == expectStatus return result.Status.Status == expectStatus
}, 60*time.Second, 1*time.Second, "expected the UpstreamOIDCProvider to go into phase %s", expectStatus) }, 60*time.Second, 1*time.Second, "expected the OIDCProvider to have status %q", expectStatus)
require.Equal(t, expectStatus, result.Status.Status)
return opc return opc
} }