Merge remote-tracking branch 'upstream/main' into 1-19-exec-strategy
This commit is contained in:
commit
4948e1702f
@ -58,6 +58,15 @@ Also check to see if any open issues are labeled with
|
|||||||
["good first issue"](https://github.com/vmware-tanzu/pinniped/labels/good%20first%20issue)
|
["good first issue"](https://github.com/vmware-tanzu/pinniped/labels/good%20first%20issue)
|
||||||
or ["help wanted"](https://github.com/vmware-tanzu/pinniped/labels/help%20wanted).
|
or ["help wanted"](https://github.com/vmware-tanzu/pinniped/labels/help%20wanted).
|
||||||
|
|
||||||
|
## CLA
|
||||||
|
|
||||||
|
We welcome contributions from everyone but we can only accept them if you sign
|
||||||
|
our Contributor License Agreement (CLA). If you would like to contribute and you
|
||||||
|
have not signed it, our CLA-bot will walk you through the process when you open
|
||||||
|
a Pull Request. For questions about the CLA process, see the
|
||||||
|
[FAQ](https://cla.vmware.com/faq) or submit a question through the GitHub issue
|
||||||
|
tracker.
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
The [Dockerfile](../Dockerfile) at the root of the repo can be used to build and
|
The [Dockerfile](../Dockerfile) at the root of the repo can be used to build and
|
||||||
|
@ -9,7 +9,9 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
|
||||||
|
|
||||||
"go.pinniped.dev/internal/client"
|
"go.pinniped.dev/internal/client"
|
||||||
"go.pinniped.dev/internal/here"
|
"go.pinniped.dev/internal/here"
|
||||||
@ -71,8 +73,13 @@ func TestClient(t *testing.T) {
|
|||||||
// Using the CA bundle and host from the current (admin) kubeconfig, do the token exchange.
|
// Using the CA bundle and host from the current (admin) kubeconfig, do the token exchange.
|
||||||
clientConfig := library.NewClientConfig(t)
|
clientConfig := library.NewClientConfig(t)
|
||||||
|
|
||||||
resp, err := client.ExchangeToken(ctx, namespace, idp, token, string(clientConfig.CAData), clientConfig.Host)
|
var resp *clientauthenticationv1beta1.ExecCredential
|
||||||
|
assert.Eventually(t, func() bool {
|
||||||
|
resp, err = client.ExchangeToken(ctx, namespace, idp, token, string(clientConfig.CAData), clientConfig.Host)
|
||||||
|
return err == nil
|
||||||
|
}, 10*time.Second, 500*time.Millisecond)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
require.NotNil(t, resp.Status.ExpirationTimestamp)
|
require.NotNil(t, resp.Status.ExpirationTimestamp)
|
||||||
require.InDelta(t, time.Until(resp.Status.ExpirationTimestamp.Time), 1*time.Hour, float64(3*time.Minute))
|
require.InDelta(t, time.Until(resp.Status.ExpirationTimestamp.Time), 1*time.Hour, float64(3*time.Minute))
|
||||||
|
|
||||||
|
@ -21,6 +21,11 @@ import (
|
|||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
accessRetryInterval = 250 * time.Millisecond
|
||||||
|
accessRetryTimeout = 10 * time.Second
|
||||||
|
)
|
||||||
|
|
||||||
// accessAsUserTest runs a generic test in which a clientUnderTest operating with username
|
// accessAsUserTest runs a generic test in which a clientUnderTest operating with username
|
||||||
// testUsername tries to auth to the kube API (i.e., list namespaces).
|
// testUsername tries to auth to the kube API (i.e., list namespaces).
|
||||||
//
|
//
|
||||||
@ -42,7 +47,7 @@ func accessAsUserTest(
|
|||||||
listNamespaceResponse, err = clientUnderTest.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
|
listNamespaceResponse, err = clientUnderTest.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
|
||||||
return err == nil
|
return err == nil
|
||||||
}
|
}
|
||||||
assert.Eventually(t, canListNamespaces, 3*time.Second, 250*time.Millisecond)
|
assert.Eventually(t, canListNamespaces, accessRetryTimeout, accessRetryInterval)
|
||||||
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
||||||
require.NotEmpty(t, listNamespaceResponse.Items)
|
require.NotEmpty(t, listNamespaceResponse.Items)
|
||||||
}
|
}
|
||||||
@ -66,7 +71,7 @@ func accessAsUserWithKubectlTest(
|
|||||||
return err == nil
|
return err == nil
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.Eventually(t, canListNamespaces, 3*time.Second, 250*time.Millisecond)
|
assert.Eventually(t, canListNamespaces, accessRetryTimeout, accessRetryInterval)
|
||||||
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
||||||
require.Contains(t, kubectlCommandOutput, expectedNamespace)
|
require.Contains(t, kubectlCommandOutput, expectedNamespace)
|
||||||
}
|
}
|
||||||
@ -93,7 +98,7 @@ func accessAsGroupTest(
|
|||||||
listNamespaceResponse, err = clientUnderTest.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
|
listNamespaceResponse, err = clientUnderTest.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
|
||||||
return err == nil
|
return err == nil
|
||||||
}
|
}
|
||||||
assert.Eventually(t, canListNamespaces, 3*time.Second, 250*time.Millisecond)
|
assert.Eventually(t, canListNamespaces, accessRetryTimeout, accessRetryInterval)
|
||||||
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
||||||
require.NotEmpty(t, listNamespaceResponse.Items)
|
require.NotEmpty(t, listNamespaceResponse.Items)
|
||||||
}
|
}
|
||||||
@ -117,7 +122,7 @@ func accessAsGroupWithKubectlTest(
|
|||||||
return err == nil
|
return err == nil
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.Eventually(t, canListNamespaces, 3*time.Second, 250*time.Millisecond)
|
assert.Eventually(t, canListNamespaces, accessRetryTimeout, accessRetryInterval)
|
||||||
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
require.NoError(t, err) // prints out the error and stops the test in case of failure
|
||||||
require.Contains(t, kubectlCommandOutput, expectedNamespace)
|
require.Contains(t, kubectlCommandOutput, expectedNamespace)
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,7 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/errors"
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
@ -50,9 +51,14 @@ func TestSuccessfulCredentialRequest(t *testing.T) {
|
|||||||
|
|
||||||
testWebhook := library.CreateTestWebhookIDP(ctx, t)
|
testWebhook := library.CreateTestWebhookIDP(ctx, t)
|
||||||
|
|
||||||
response, err := makeRequest(ctx, t, validCredentialRequestSpecWithRealToken(t, testWebhook))
|
var response *loginv1alpha1.TokenCredentialRequest
|
||||||
require.NoError(t, err)
|
successfulResponse := func() bool {
|
||||||
|
var err error
|
||||||
|
response, err = makeRequest(ctx, t, validCredentialRequestSpecWithRealToken(t, testWebhook))
|
||||||
|
require.NoError(t, err, "the request should never fail at the HTTP level")
|
||||||
|
return response.Status.Credential != nil
|
||||||
|
}
|
||||||
|
assert.Eventually(t, successfulResponse, 10*time.Second, 500*time.Millisecond)
|
||||||
require.NotNil(t, response.Status.Credential)
|
require.NotNil(t, response.Status.Credential)
|
||||||
require.Empty(t, response.Status.Message)
|
require.Empty(t, response.Status.Message)
|
||||||
require.Empty(t, response.Spec)
|
require.Empty(t, response.Spec)
|
||||||
|
@ -156,10 +156,12 @@ func CreateTestWebhookIDP(ctx context.Context, t *testing.T) corev1.TypedLocalOb
|
|||||||
|
|
||||||
createContext, cancel := context.WithTimeout(ctx, 5*time.Second)
|
createContext, cancel := context.WithTimeout(ctx, 5*time.Second)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
idp, err := webhooks.Create(createContext, &idpv1alpha1.WebhookIdentityProvider{
|
idp, err := webhooks.Create(createContext, &idpv1alpha1.WebhookIdentityProvider{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
GenerateName: "test-webhook-",
|
GenerateName: "test-webhook-",
|
||||||
Labels: map[string]string{"pinniped.dev/test": t.Name()},
|
Labels: map[string]string{"pinniped.dev/test": ""},
|
||||||
|
Annotations: map[string]string{"pinniped.dev/testName": t.Name()},
|
||||||
},
|
},
|
||||||
Spec: idpv1alpha1.WebhookIdentityProviderSpec{
|
Spec: idpv1alpha1.WebhookIdentityProviderSpec{
|
||||||
Endpoint: endpoint,
|
Endpoint: endpoint,
|
||||||
|
Loading…
Reference in New Issue
Block a user