Merge pull request #657 from vmware-tanzu/fix-ldap-supervisor-login-test-flake

Avoid a rare flake in TestSupervisorLogin.
This commit is contained in:
Matt Moyer 2021-06-03 13:31:15 -05:00 committed by GitHub
commit 500b444bad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -540,11 +540,29 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho
authRequest.Header.Set("Pinniped-Username", upstreamUsername) authRequest.Header.Set("Pinniped-Username", upstreamUsername)
authRequest.Header.Set("Pinniped-Password", upstreamPassword) authRequest.Header.Set("Pinniped-Password", upstreamPassword)
authResponse, err := httpClient.Do(authRequest) // At this point in the test, we've already waited for the LDAPIdentityProvider to be loaded and marked healthy by
require.NoError(t, err) // at least one Supervisor pod, but we can't be sure that _all_ of them have loaded the provider, so we may need
responseBody, err := ioutil.ReadAll(authResponse.Body) // to retry this request multiple times until we get the expected 302 status response.
defer authResponse.Body.Close() var authResponse *http.Response
require.NoError(t, err) var responseBody []byte
library.RequireEventuallyWithoutError(t, func() (bool, error) {
authResponse, err = httpClient.Do(authRequest)
if err != nil {
t.Logf("got authorization response with error %v", err)
return false, nil
}
defer func() { _ = authResponse.Body.Close() }()
responseBody, err = ioutil.ReadAll(authResponse.Body)
if err != nil {
return false, nil
}
t.Logf("got authorization response with code %d (%d byte body)", authResponse.StatusCode, len(responseBody))
if authResponse.StatusCode != http.StatusFound {
return false, nil
}
return true, nil
}, 30*time.Second, 200*time.Millisecond)
expectSecurityHeaders(t, authResponse, true) expectSecurityHeaders(t, authResponse, true)
// A successful authorize request results in a redirect to our localhost callback listener with an authcode param. // A successful authorize request results in a redirect to our localhost callback listener with an authcode param.