From 5686591420774a6eca9421b39cb7d59888d176d2 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 2 Jun 2021 13:36:48 -0500 Subject: [PATCH] Avoid a rare flake in TestSupervisorLogin. There was nothing to guarantee that _all_ Supervisor pods would be ready to handle this request. We saw a rare test flake where the LDAPIdentityProvider was marked as ready but one of the Supervisor pods didn't have it loaded yet and returned an HTTP 422 error (`Unprocessable Entity: No upstream providers are configured`). Signed-off-by: Matt Moyer --- test/integration/supervisor_login_test.go | 28 +++++++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 96f4481b..7d811da7 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -540,11 +540,29 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho authRequest.Header.Set("Pinniped-Username", upstreamUsername) authRequest.Header.Set("Pinniped-Password", upstreamPassword) - authResponse, err := httpClient.Do(authRequest) - require.NoError(t, err) - responseBody, err := ioutil.ReadAll(authResponse.Body) - defer authResponse.Body.Close() - require.NoError(t, err) + // At this point in the test, we've already waited for the LDAPIdentityProvider to be loaded and marked healthy by + // at least one Supervisor pod, but we can't be sure that _all_ of them have loaded the provider, so we may need + // to retry this request multiple times until we get the expected 302 status response. + var authResponse *http.Response + var responseBody []byte + library.RequireEventuallyWithoutError(t, func() (bool, error) { + authResponse, err = httpClient.Do(authRequest) + if err != nil { + t.Logf("got authorization response with error %v", err) + return false, nil + } + defer func() { _ = authResponse.Body.Close() }() + responseBody, err = ioutil.ReadAll(authResponse.Body) + if err != nil { + return false, nil + } + t.Logf("got authorization response with code %d (%d byte body)", authResponse.StatusCode, len(responseBody)) + if authResponse.StatusCode != http.StatusFound { + return false, nil + } + return true, nil + }, 30*time.Second, 200*time.Millisecond) + expectSecurityHeaders(t, authResponse, true) // A successful authorize request results in a redirect to our localhost callback listener with an authcode param.