djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid a rare flake in TestSupervisorLogin. 

There was nothing to guarantee that _all_ Supervisor pods would be ready to handle this request. We saw a rare test flake where the LDAPIdentityProvider was marked as ready but one of the Supervisor pods didn't have it loaded yet and returned an HTTP 422 error (`Unprocessable Entity: No upstream providers are configured`).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-06-02 13:36:48 -05:00
parent 2acfafd5a5
commit 5686591420
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
test/integration/supervisor_login_test.go
View File

@ -540,11 +540,29 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho
authRequest.Header.Set("Pinniped-Username", upstreamUsername)
authRequest.Header.Set("Pinniped-Password", upstreamPassword)
authResponse, err := httpClient.Do(authRequest)
require.NoError(t, err)
responseBody, err := ioutil.ReadAll(authResponse.Body)
defer authResponse.Body.Close()
require.NoError(t, err)
// At this point in the test, we've already waited for the LDAPIdentityProvider to be loaded and marked healthy by
// at least one Supervisor pod, but we can't be sure that _all_ of them have loaded the provider, so we may need
// to retry this request multiple times until we get the expected 302 status response.
var authResponse *http.Response
var responseBody []byte
library.RequireEventuallyWithoutError(t, func() (bool, error) {
authResponse, err = httpClient.Do(authRequest)
if err != nil {
t.Logf("got authorization response with error %v", err)
return false, nil
}
defer func() { _ = authResponse.Body.Close() }()
responseBody, err = ioutil.ReadAll(authResponse.Body)
if err != nil {
return false, nil
}
t.Logf("got authorization response with code %d (%d byte body)", authResponse.StatusCode, len(responseBody))
if authResponse.StatusCode != http.StatusFound {
return false, nil
}
return true, nil
}, 30*time.Second, 200*time.Millisecond)
expectSecurityHeaders(t, authResponse, true)
// A successful authorize request results in a redirect to our localhost callback listener with an authcode param.