Run TestSupervisorLogin only on valid HTTP/HTTPS supervisor addresses

We were assuming that env.SupervisorHTTPAddress was set, but it might not be
depending on the environment on which the integration tests are being run. For
example, in our acceptance environments, we don't currently set
env.SupervisorHTTPAddress.

I tried to follow the pattern from TestSupervisorOIDCDiscovery here.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

test/integration/supervisor_login_test.go

@@ -32,70 +32,87 @@ func TestSupervisorLogin(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 	defer cancel()
 
-	// Create downstream OIDC provider (i.e., update supervisor with OIDC provider).
+	tests := []struct {
-	scheme := "http"
+		Scheme   string
-	addr := env.SupervisorHTTPAddress
+		Address  string
-	caBundle := ""
+		CABundle string
-	path := "/some/path"
+	}{
-	issuer := fmt.Sprintf("https://%s%s", addr, path)
+		{Scheme: "http", Address: env.SupervisorHTTPAddress},
-	_, _ = requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(
+		{Scheme: "https", Address: env.SupervisorHTTPSIngressAddress, CABundle: env.SupervisorHTTPSIngressCABundle},
-		ctx,
-		t,
-		scheme,
-		addr,
-		caBundle,
-		issuer,
-		client,
-	)
-
-	// Create HTTP client.
-	httpClient := newHTTPClient(t, caBundle, nil)
-	httpClient.CheckRedirect = func(_ *http.Request, _ []*http.Request) error {
-		// Don't follow any redirects right now, since we simply want to validate that our auth endpoint
-		// redirects us.
-		return http.ErrUseLastResponse
 	}
 
-	// Declare the downstream auth endpoint url we will use.
+	for _, test := range tests {
-	downstreamAuthURL := makeDownstreamAuthURL(t, scheme, addr, path)
+		scheme := test.Scheme
+		addr := test.Address
+		caBundle := test.CABundle
 
-	// Make request to auth endpoint - should fail, since we have no upstreams.
+		if addr == "" {
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
+			// Both cases are not required, so when one is empty skip it.
-	require.NoError(t, err)
+			continue
-	rsp, err := httpClient.Do(req)
+		}
-	require.NoError(t, err)
-	defer rsp.Body.Close()
-	require.Equal(t, http.StatusUnprocessableEntity, rsp.StatusCode)
 
-	// Create upstream OIDC provider.
+		// Create downstream OIDC provider (i.e., update supervisor with OIDC provider).
-	spec := idpv1alpha1.UpstreamOIDCProviderSpec{
+		path := "/some/path"
-		Issuer: env.SupervisorTestUpstream.Issuer,
+		issuer := fmt.Sprintf("https://%s%s", addr, path)
-		TLS: &idpv1alpha1.TLSSpec{
+		_, _ = requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(
-			CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)),
+			ctx,
-		},
+			t,
-		Client: idpv1alpha1.OIDCClient{
+			scheme,
-			SecretName: makeTestClientCredsSecret(t, env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientSecret).Name,
+			addr,
-		},
+			caBundle,
+			issuer,
+			client,
+		)
+
+		// Create HTTP client.
+		httpClient := newHTTPClient(t, caBundle, nil)
+		httpClient.CheckRedirect = func(_ *http.Request, _ []*http.Request) error {
+			// Don't follow any redirects right now, since we simply want to validate that our auth endpoint
+			// redirects us.
+			return http.ErrUseLastResponse
+		}
+
+		// Declare the downstream auth endpoint url we will use.
+		downstreamAuthURL := makeDownstreamAuthURL(t, scheme, addr, path)
+
+		// Make request to auth endpoint - should fail, since we have no upstreams.
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
+		require.NoError(t, err)
+		rsp, err := httpClient.Do(req)
+		require.NoError(t, err)
+		defer rsp.Body.Close()
+		require.Equal(t, http.StatusUnprocessableEntity, rsp.StatusCode)
+
+		// Create upstream OIDC provider.
+		spec := idpv1alpha1.UpstreamOIDCProviderSpec{
+			Issuer: env.SupervisorTestUpstream.Issuer,
+			TLS: &idpv1alpha1.TLSSpec{
+				CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)),
+			},
+			Client: idpv1alpha1.OIDCClient{
+				SecretName: makeTestClientCredsSecret(t, env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientSecret).Name,
+			},
+		}
+		upstream := makeTestUpstream(t, spec, idpv1alpha1.PhaseReady)
+
+		upstreamRedirectURI := fmt.Sprintf("https://%s/some/path/callback/%s", env.SupervisorHTTPAddress, upstream.Name)
+
+		// Make request to authorize endpoint - should pass, since we now have an upstream.
+		req, err = http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
+		require.NoError(t, err)
+		rsp, err = httpClient.Do(req)
+		require.NoError(t, err)
+		defer rsp.Body.Close()
+		require.Equal(t, http.StatusFound, rsp.StatusCode)
+		requireValidRedirectLocation(
+			ctx,
+			t,
+			upstream.Spec.Issuer,
+			env.SupervisorTestUpstream.ClientID,
+			upstreamRedirectURI,
+			rsp.Header.Get("Location"),
+		)
 	}
-	upstream := makeTestUpstream(t, spec, idpv1alpha1.PhaseReady)
-
-	upstreamRedirectURI := fmt.Sprintf("https://%s/some/path/callback/%s", env.SupervisorHTTPAddress, upstream.Name)
-
-	// Make request to authorize endpoint - should pass, since we now have an upstream.
-	req, err = http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
-	require.NoError(t, err)
-	rsp, err = httpClient.Do(req)
-	require.NoError(t, err)
-	defer rsp.Body.Close()
-	require.Equal(t, http.StatusFound, rsp.StatusCode)
-	requireValidRedirectLocation(
-		ctx,
-		t,
-		upstream.Spec.Issuer,
-		env.SupervisorTestUpstream.ClientID,
-		upstreamRedirectURI,
-		rsp.Header.Get("Location"),
-	)
 }
 
 func makeDownstreamAuthURL(t *testing.T, scheme, addr, path string) string {