Avoid a rare flake in TestSupervisorLogin.

There was nothing to guarantee that _all_ Supervisor pods would be ready to handle this request. We saw a rare test flake where the LDAPIdentityProvider was marked as ready but one of the Supervisor pods didn't have it loaded yet and returned an HTTP 422 error (`Unprocessable Entity: No upstream providers are configured`).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-06-02 13:36:48 -05:00
parent 2acfafd5a5
commit 5686591420
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D

View File

@ -540,11 +540,29 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho
authRequest.Header.Set("Pinniped-Username", upstreamUsername) authRequest.Header.Set("Pinniped-Username", upstreamUsername)
authRequest.Header.Set("Pinniped-Password", upstreamPassword) authRequest.Header.Set("Pinniped-Password", upstreamPassword)
authResponse, err := httpClient.Do(authRequest) // At this point in the test, we've already waited for the LDAPIdentityProvider to be loaded and marked healthy by
require.NoError(t, err) // at least one Supervisor pod, but we can't be sure that _all_ of them have loaded the provider, so we may need
responseBody, err := ioutil.ReadAll(authResponse.Body) // to retry this request multiple times until we get the expected 302 status response.
defer authResponse.Body.Close() var authResponse *http.Response
require.NoError(t, err) var responseBody []byte
library.RequireEventuallyWithoutError(t, func() (bool, error) {
authResponse, err = httpClient.Do(authRequest)
if err != nil {
t.Logf("got authorization response with error %v", err)
return false, nil
}
defer func() { _ = authResponse.Body.Close() }()
responseBody, err = ioutil.ReadAll(authResponse.Body)
if err != nil {
return false, nil
}
t.Logf("got authorization response with code %d (%d byte body)", authResponse.StatusCode, len(responseBody))
if authResponse.StatusCode != http.StatusFound {
return false, nil
}
return true, nil
}, 30*time.Second, 200*time.Millisecond)
expectSecurityHeaders(t, authResponse, true) expectSecurityHeaders(t, authResponse, true)
// A successful authorize request results in a redirect to our localhost callback listener with an authcode param. // A successful authorize request results in a redirect to our localhost callback listener with an authcode param.