Changed TestLDAPUpstream.TestUsernameAttributeName back to TestUserMailAttributeName
Also added TestUserSAMAccountNameValue Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
parent
e5c8cbb3a4
commit
3b4f521596
@ -386,7 +386,7 @@ func TestE2EFullIntegration(t *testing.T) {
|
|||||||
t.Skip("LDAP integration test requires connectivity to an LDAP server")
|
t.Skip("LDAP integration test requires connectivity to an LDAP server")
|
||||||
}
|
}
|
||||||
|
|
||||||
expectedUsername := env.SupervisorUpstreamLDAP.TestUsernameAttributeValue
|
expectedUsername := env.SupervisorUpstreamLDAP.TestUserMailAttributeValue
|
||||||
expectedGroups := env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs
|
expectedGroups := env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs
|
||||||
|
|
||||||
// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
|
// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
|
||||||
@ -422,7 +422,7 @@ func TestE2EFullIntegration(t *testing.T) {
|
|||||||
Base: env.SupervisorUpstreamLDAP.UserSearchBase,
|
Base: env.SupervisorUpstreamLDAP.UserSearchBase,
|
||||||
Filter: "",
|
Filter: "",
|
||||||
Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
|
Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
|
||||||
Username: env.SupervisorUpstreamLDAP.TestUsernameAttributeName,
|
Username: env.SupervisorUpstreamLDAP.TestUserMailAttributeName,
|
||||||
UID: env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
|
UID: env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -128,7 +128,7 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
Base: env.SupervisorUpstreamLDAP.UserSearchBase,
|
Base: env.SupervisorUpstreamLDAP.UserSearchBase,
|
||||||
Filter: "",
|
Filter: "",
|
||||||
Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
|
Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
|
||||||
Username: env.SupervisorUpstreamLDAP.TestUsernameAttributeName,
|
Username: env.SupervisorUpstreamLDAP.TestUserMailAttributeName,
|
||||||
UID: env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
|
UID: env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -150,7 +150,7 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
requestAuthorization: func(t *testing.T, downstreamAuthorizeURL, _ string, httpClient *http.Client) {
|
requestAuthorization: func(t *testing.T, downstreamAuthorizeURL, _ string, httpClient *http.Client) {
|
||||||
requestAuthorizationUsingLDAPIdentityProvider(t,
|
requestAuthorizationUsingLDAPIdentityProvider(t,
|
||||||
downstreamAuthorizeURL,
|
downstreamAuthorizeURL,
|
||||||
env.SupervisorUpstreamLDAP.TestUsernameAttributeValue, // username to present to server during login
|
env.SupervisorUpstreamLDAP.TestUserMailAttributeValue, // username to present to server during login
|
||||||
env.SupervisorUpstreamLDAP.TestUserPassword, // password to present to server during login
|
env.SupervisorUpstreamLDAP.TestUserPassword, // password to present to server during login
|
||||||
httpClient,
|
httpClient,
|
||||||
)
|
)
|
||||||
@ -162,7 +162,7 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
"&sub=" + base64.RawURLEncoding.EncodeToString([]byte(env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeValue)),
|
"&sub=" + base64.RawURLEncoding.EncodeToString([]byte(env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeValue)),
|
||||||
),
|
),
|
||||||
// the ID token Username should have been pulled from the requested UserSearch.Attributes.Username attribute
|
// the ID token Username should have been pulled from the requested UserSearch.Attributes.Username attribute
|
||||||
wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamLDAP.TestUsernameAttributeValue),
|
wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamLDAP.TestUserMailAttributeValue),
|
||||||
wantDownstreamIDTokenGroups: env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs,
|
wantDownstreamIDTokenGroups: env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -274,7 +274,7 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
requestAuthorization: func(t *testing.T, downstreamAuthorizeURL, _ string, httpClient *http.Client) {
|
requestAuthorization: func(t *testing.T, downstreamAuthorizeURL, _ string, httpClient *http.Client) {
|
||||||
requestAuthorizationUsingLDAPIdentityProvider(t,
|
requestAuthorizationUsingLDAPIdentityProvider(t,
|
||||||
downstreamAuthorizeURL,
|
downstreamAuthorizeURL,
|
||||||
env.SupervisorUpstreamActiveDirectory.TestUsernameAttributeValue, // username to present to server during login
|
env.SupervisorUpstreamActiveDirectory.TestUserSAMAccountNameValue, // username to present to server during login
|
||||||
env.SupervisorUpstreamActiveDirectory.TestUserPassword, // password to present to server during login
|
env.SupervisorUpstreamActiveDirectory.TestUserPassword, // password to present to server during login
|
||||||
httpClient,
|
httpClient,
|
||||||
)
|
)
|
||||||
@ -286,7 +286,7 @@ func TestSupervisorLogin(t *testing.T) {
|
|||||||
"&sub=" + env.SupervisorUpstreamActiveDirectory.TestUserUniqueIDAttributeValue,
|
"&sub=" + env.SupervisorUpstreamActiveDirectory.TestUserUniqueIDAttributeValue,
|
||||||
),
|
),
|
||||||
// the ID token Username should have been pulled from the requested UserSearch.Attributes.Username attribute
|
// the ID token Username should have been pulled from the requested UserSearch.Attributes.Username attribute
|
||||||
wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamActiveDirectory.TestUsernameAttributeValue),
|
wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamActiveDirectory.TestUserSAMAccountNameValue),
|
||||||
wantDownstreamIDTokenGroups: env.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsDNs,
|
wantDownstreamIDTokenGroups: env.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsDNs,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -92,12 +92,13 @@ type TestLDAPUpstream struct {
|
|||||||
TestUserDN string `json:"testUserDN"`
|
TestUserDN string `json:"testUserDN"`
|
||||||
TestUserCN string `json:"testUserCN"`
|
TestUserCN string `json:"testUserCN"`
|
||||||
TestUserPassword string `json:"testUserPassword"`
|
TestUserPassword string `json:"testUserPassword"`
|
||||||
TestUsernameAttributeName string `json:"testUserMailAttributeName"`
|
TestUserMailAttributeName string `json:"testUserMailAttributeName"`
|
||||||
TestUsernameAttributeValue string `json:"testUserMailAttributeValue"`
|
TestUserMailAttributeValue string `json:"testUserMailAttributeValue"`
|
||||||
TestUserUniqueIDAttributeName string `json:"testUserUniqueIDAttributeName"`
|
TestUserUniqueIDAttributeName string `json:"testUserUniqueIDAttributeName"`
|
||||||
TestUserUniqueIDAttributeValue string `json:"testUserUniqueIDAttributeValue"`
|
TestUserUniqueIDAttributeValue string `json:"testUserUniqueIDAttributeValue"`
|
||||||
TestUserDirectGroupsCNs []string `json:"testUserDirectGroupsCNs"`
|
TestUserDirectGroupsCNs []string `json:"testUserDirectGroupsCNs"`
|
||||||
TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS"
|
TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS"
|
||||||
|
TestUserSAMAccountNameValue string `json:"testUserSAMAccountNameValue"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.
|
// ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.
|
||||||
@ -261,8 +262,8 @@ func loadEnvVars(t *testing.T, result *TestEnv) {
|
|||||||
TestUserCN: needEnv(t, "PINNIPED_TEST_LDAP_USER_CN"),
|
TestUserCN: needEnv(t, "PINNIPED_TEST_LDAP_USER_CN"),
|
||||||
TestUserUniqueIDAttributeName: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME"),
|
TestUserUniqueIDAttributeName: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME"),
|
||||||
TestUserUniqueIDAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE"),
|
TestUserUniqueIDAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE"),
|
||||||
TestUsernameAttributeName: needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_NAME"),
|
TestUserMailAttributeName: needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_NAME"),
|
||||||
TestUsernameAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_VALUE"),
|
TestUserMailAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_VALUE"),
|
||||||
TestUserDirectGroupsCNs: filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_CN"), ";")),
|
TestUserDirectGroupsCNs: filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_CN"), ";")),
|
||||||
TestUserDirectGroupsDNs: filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_DN"), ";")),
|
TestUserDirectGroupsDNs: filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_DN"), ";")),
|
||||||
TestUserPassword: needEnv(t, "PINNIPED_TEST_LDAP_USER_PASSWORD"),
|
TestUserPassword: needEnv(t, "PINNIPED_TEST_LDAP_USER_PASSWORD"),
|
||||||
@ -276,8 +277,7 @@ func loadEnvVars(t *testing.T, result *TestEnv) {
|
|||||||
TestUserPassword: wantEnv("PINNIPED_TEST_AD_USER_PASSWORD", ""),
|
TestUserPassword: wantEnv("PINNIPED_TEST_AD_USER_PASSWORD", ""),
|
||||||
TestUserUniqueIDAttributeName: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_NAME", ""),
|
TestUserUniqueIDAttributeName: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_NAME", ""),
|
||||||
TestUserUniqueIDAttributeValue: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_VALUE", ""),
|
TestUserUniqueIDAttributeValue: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_VALUE", ""),
|
||||||
TestUsernameAttributeName: wantEnv("PINNIPED_TEST_AD_USERNAME_ATTRIBUTE_NAME", ""),
|
TestUserSAMAccountNameValue: wantEnv("PINNIPED_TEST_AD_USERNAME_ATTRIBUTE_VALUE", ""),
|
||||||
TestUsernameAttributeValue: wantEnv("PINNIPED_TEST_AD_USERNAME_ATTRIBUTE_VALUE", ""),
|
|
||||||
TestUserDirectGroupsDNs: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_DN", ""), ";")),
|
TestUserDirectGroupsDNs: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_DN", ""), ";")),
|
||||||
TestUserDirectGroupsCNs: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_CN", ""), ";")),
|
TestUserDirectGroupsCNs: filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_CN", ""), ";")),
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user