From 4c0fb12cf67741c682da18f12fcd7bfef952e5b8 Mon Sep 17 00:00:00 2001 From: Andrew Keesler Date: Wed, 9 Dec 2020 09:51:58 -0500 Subject: [PATCH] test/integration: only set JWTAuthenticator CA bundle when it exists See comment in code. Signed-off-by: Andrew Keesler --- test/library/client.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/library/client.go b/test/library/client.go index 7a24b54d..d11869d2 100644 --- a/test/library/client.go +++ b/test/library/client.go @@ -180,14 +180,22 @@ func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T) corev1.TypedL createContext, cancel := context.WithTimeout(ctx, 5*time.Second) defer cancel() + // If the test upstream does not have a CA bundle specified, then don't configure one in the + // JWTAuthenticator. Leaving TLSSpec set to nil will result in OIDC discovery using the OS's root + // CA store. + tlsSpec := &auth1alpha1.TLSSpec{ + CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(testEnv.CLITestUpstream.CABundle)), + } + if testEnv.CLITestUpstream.CABundle == "" { + tlsSpec = nil + } + jwtAuthenticator, err := jwtAuthenticators.Create(createContext, &auth1alpha1.JWTAuthenticator{ ObjectMeta: testObjectMeta(t, "jwt-authenticator"), Spec: auth1alpha1.JWTAuthenticatorSpec{ Issuer: testEnv.CLITestUpstream.Issuer, Audience: testEnv.CLITestUpstream.ClientID, - TLS: &auth1alpha1.TLSSpec{ - CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(testEnv.CLITestUpstream.CABundle)), - }, + TLS: tlsSpec, }, }, metav1.CreateOptions{}) require.NoError(t, err, "could not create test JWTAuthenticator")