Merge remote-tracking branch 'upstream/main' into secret-generation

2020-12-15 13:24:33 -05:00 · 2020-12-15 13:24:33 -05:00 · 2e784e006c
parent 7320928235 08cf2f7cd1
commit 2e784e006c
10 changed files with 18 additions and 8 deletions
--- a/apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl
+++ b/apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl
@ -8,7 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
+// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
 type OIDCProviderStatusCondition string

 const (
--- a/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml
+++ b/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml
@ -142,6 +142,7 @@ spec:
                - Success
                - Duplicate
                - Invalid
+                - SameIssuerHostMustUseSameSecret
                type: string
            type: object
        required:
--- a/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go
+++ b/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go
@ -8,7 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
+// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
 type OIDCProviderStatusCondition string

 const (
--- a/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml
+++ b/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml
@ -142,6 +142,7 @@ spec:
                - Success
                - Duplicate
                - Invalid
+                - SameIssuerHostMustUseSameSecret
                type: string
            type: object
        required:
--- a/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go
+++ b/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go
@ -8,7 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
+// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
 type OIDCProviderStatusCondition string

 const (
--- a/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml
+++ b/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml
@ -142,6 +142,7 @@ spec:
                - Success
                - Duplicate
                - Invalid
+                - SameIssuerHostMustUseSameSecret
                type: string
            type: object
        required:
--- a/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go
+++ b/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go
@ -8,7 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
+// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
 type OIDCProviderStatusCondition string

 const (
--- a/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml
+++ b/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml
@ -142,6 +142,7 @@ spec:
                - Success
                - Duplicate
                - Invalid
+                - SameIssuerHostMustUseSameSecret
                type: string
            type: object
        required:
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@ -165,8 +165,12 @@ func TestSupervisorLogin(t *testing.T) {
 	authcode := callback.URL.Query().Get("code")
 	require.NotEmpty(t, authcode)

-	// Call the token endpoint to get tokens.
-	tokenResponse, err := downstreamOAuth2Config.Exchange(oidcHTTPClientContext, authcode, pkceParam.Verifier())
+	// Call the token endpoint to get tokens. Give the Supervisor a couple of seconds to wire up its signing key.
+	var tokenResponse *oauth2.Token
+	assert.Eventually(t, func() bool {
+		tokenResponse, err = downstreamOAuth2Config.Exchange(oidcHTTPClientContext, authcode, pkceParam.Verifier())
+		return err == nil
+	}, time.Second*5, time.Second*1)
 	require.NoError(t, err)

 	expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat"}
--- a/test/library/client.go
+++ b/test/library/client.go
@ -15,6 +15,7 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@ -265,12 +266,13 @@ func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer string, ce

 	// Wait for the OIDCProvider to enter the expected phase (or time out).
 	var result *configv1alpha1.OIDCProvider
-	require.Eventuallyf(t, func() bool {
+	assert.Eventuallyf(t, func() bool {
 		var err error
 		result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{})
 		require.NoError(t, err)
 		return result.Status.Status == expectStatus
-	}, 60*time.Second, 1*time.Second, "expected the UpstreamOIDCProvider to go into phase %s", expectStatus)
+	}, 60*time.Second, 1*time.Second, "expected the OIDCProvider to have status %q", expectStatus)
+	require.Equal(t, expectStatus, result.Status.Status)

 	return opc
 }