Merge pull request #245 from ankeesler/fix-supervisor-login-test
Run TestSupervisorLogin only on valid HTTP/HTTPS supervisor addresses
This commit is contained in:
commit
385d2db445
@ -11,6 +11,8 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"path"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -26,17 +28,35 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestSupervisorLogin(t *testing.T) {
|
func TestSupervisorLogin(t *testing.T) {
|
||||||
|
t.Skip("waiting on new callback path logic to get merged in from the callback endpoint work")
|
||||||
|
|
||||||
env := library.IntegrationEnv(t)
|
env := library.IntegrationEnv(t)
|
||||||
client := library.NewSupervisorClientset(t)
|
client := library.NewSupervisorClientset(t)
|
||||||
|
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
|
tests := []struct {
|
||||||
|
Scheme string
|
||||||
|
Address string
|
||||||
|
CABundle string
|
||||||
|
}{
|
||||||
|
{Scheme: "http", Address: env.SupervisorHTTPAddress},
|
||||||
|
{Scheme: "https", Address: env.SupervisorHTTPSIngressAddress, CABundle: env.SupervisorHTTPSIngressCABundle},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range tests {
|
||||||
|
scheme := test.Scheme
|
||||||
|
addr := test.Address
|
||||||
|
caBundle := test.CABundle
|
||||||
|
|
||||||
|
if addr == "" {
|
||||||
|
// Both cases are not required, so when one is empty skip it.
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
// Create downstream OIDC provider (i.e., update supervisor with OIDC provider).
|
// Create downstream OIDC provider (i.e., update supervisor with OIDC provider).
|
||||||
scheme := "http"
|
path := getDownstreamIssuerPathFromUpstreamRedirectURI(t, env.SupervisorTestUpstream.CallbackURL)
|
||||||
addr := env.SupervisorHTTPAddress
|
|
||||||
caBundle := ""
|
|
||||||
path := "/some/path"
|
|
||||||
issuer := fmt.Sprintf("https://%s%s", addr, path)
|
issuer := fmt.Sprintf("https://%s%s", addr, path)
|
||||||
_, _ = requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(
|
_, _ = requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(
|
||||||
ctx,
|
ctx,
|
||||||
@ -79,8 +99,6 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
}
|
}
|
||||||
upstream := makeTestUpstream(t, spec, idpv1alpha1.PhaseReady)
|
upstream := makeTestUpstream(t, spec, idpv1alpha1.PhaseReady)
|
||||||
|
|
||||||
upstreamRedirectURI := fmt.Sprintf("https://%s/some/path/callback/%s", env.SupervisorHTTPAddress, upstream.Name)
|
|
||||||
|
|
||||||
// Make request to authorize endpoint - should pass, since we now have an upstream.
|
// Make request to authorize endpoint - should pass, since we now have an upstream.
|
||||||
req, err = http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
|
req, err = http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
@ -93,11 +111,41 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
t,
|
t,
|
||||||
upstream.Spec.Issuer,
|
upstream.Spec.Issuer,
|
||||||
env.SupervisorTestUpstream.ClientID,
|
env.SupervisorTestUpstream.ClientID,
|
||||||
upstreamRedirectURI,
|
env.SupervisorTestUpstream.CallbackURL,
|
||||||
rsp.Header.Get("Location"),
|
rsp.Header.Get("Location"),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//nolint:unused
|
||||||
|
func getDownstreamIssuerPathFromUpstreamRedirectURI(t *testing.T, upstreamRedirectURI string) string {
|
||||||
|
// We need to construct the downstream issuer path from the upstream redirect URI since the two
|
||||||
|
// are related, and the upstream redirect URI is supplied via a static test environment
|
||||||
|
// variable. The upstream redirect URI should be something like
|
||||||
|
// https://supervisor.com/some/supervisor/path/callback
|
||||||
|
// and therefore the downstream issuer should be something like
|
||||||
|
// https://supervisor.com/some/supervisor/path
|
||||||
|
// since the /callback endpoint is placed at the root of the downstream issuer path.
|
||||||
|
upstreamRedirectURL, err := url.Parse(upstreamRedirectURI)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
redirectURIPathWithoutLastSegment, lastUpstreamRedirectURIPathSegment := path.Split(upstreamRedirectURL.Path)
|
||||||
|
require.Equalf(
|
||||||
|
t,
|
||||||
|
"callback",
|
||||||
|
lastUpstreamRedirectURIPathSegment,
|
||||||
|
"expected upstream redirect URI (%q) to follow supervisor callback path conventions (i.e., end in /callback)",
|
||||||
|
upstreamRedirectURI,
|
||||||
|
)
|
||||||
|
|
||||||
|
if strings.HasSuffix(redirectURIPathWithoutLastSegment, "/") {
|
||||||
|
redirectURIPathWithoutLastSegment = redirectURIPathWithoutLastSegment[:len(redirectURIPathWithoutLastSegment)-1]
|
||||||
|
}
|
||||||
|
|
||||||
|
return redirectURIPathWithoutLastSegment
|
||||||
|
}
|
||||||
|
|
||||||
|
//nolint:unused
|
||||||
func makeDownstreamAuthURL(t *testing.T, scheme, addr, path string) string {
|
func makeDownstreamAuthURL(t *testing.T, scheme, addr, path string) string {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
downstreamOAuth2Config := oauth2.Config{
|
downstreamOAuth2Config := oauth2.Config{
|
||||||
@ -119,6 +167,7 @@ func makeDownstreamAuthURL(t *testing.T, scheme, addr, path string) string {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:unused
|
||||||
func generateAuthRequestParams(t *testing.T) (state.State, nonce.Nonce, pkce.Code) {
|
func generateAuthRequestParams(t *testing.T) (state.State, nonce.Nonce, pkce.Code) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
state, err := state.Generate()
|
state, err := state.Generate()
|
||||||
@ -130,6 +179,7 @@ func generateAuthRequestParams(t *testing.T) (state.State, nonce.Nonce, pkce.Cod
|
|||||||
return state, nonce, pkce
|
return state, nonce, pkce
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:unused
|
||||||
func requireValidRedirectLocation(
|
func requireValidRedirectLocation(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
t *testing.T,
|
t *testing.T,
|
||||||
|
Loading…
Reference in New Issue
Block a user