djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test/integration: get downstream issuer path from upstream redirect

Browse Source 
See comment in the code.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-11-30 09:58:08 -05:00
parent 5b04192945
commit 5be46d0bb7
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
1 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
test/integration/supervisor_login_test.go
View File

@ -11,6 +11,8 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"path"
"strings"
"testing" "testing"
"time" "time"
@ -52,7 +54,7 @@ func TestSupervisorLogin(t *testing.T) {
} }
// Create downstream OIDC provider (i.e., update supervisor with OIDC provider). // Create downstream OIDC provider (i.e., update supervisor with OIDC provider).
path := "/some/path" path := getDownstreamIssuerPathFromUpstreamRedirectURI(t, env.SupervisorTestUpstream.CallbackURL)
issuer := fmt.Sprintf("https://%s%s", addr, path) issuer := fmt.Sprintf("https://%s%s", addr, path)
_, _ = requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear( _, _ = requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(
ctx, ctx,
@ -95,8 +97,6 @@ func TestSupervisorLogin(t *testing.T) {
} }
upstream := makeTestUpstream(t, spec, idpv1alpha1.PhaseReady) upstream := makeTestUpstream(t, spec, idpv1alpha1.PhaseReady)
upstreamRedirectURI := fmt.Sprintf("https://%s/some/path/callback/%s", env.SupervisorHTTPAddress, upstream.Name)
// Make request to authorize endpoint - should pass, since we now have an upstream. // Make request to authorize endpoint - should pass, since we now have an upstream.
req, err = http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil) req, err = http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthURL, nil)
require.NoError(t, err) require.NoError(t, err)
@ -109,12 +109,39 @@ func TestSupervisorLogin(t *testing.T) {
t, t,
upstream.Spec.Issuer, upstream.Spec.Issuer,
env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientID,
upstreamRedirectURI, env.SupervisorTestUpstream.CallbackURL,
rsp.Header.Get("Location"), rsp.Header.Get("Location"),
) )
} }
} }
func getDownstreamIssuerPathFromUpstreamRedirectURI(t *testing.T, upstreamRedirectURI string) string {
// We need to construct the downstream issuer path from the upstream redirect URI since the two
// are related, and the upstream redirect URI is supplied via a static test environment
// variable. The upstream redirect URI should be something like
// https://supervisor.com/some/supervisor/path/callback
// and therefore the downstream issuer should be something like
// https://supervisor.com/some/supervisor/path
// since the /callback endpoint is placed at the root of the downstream issuer path.
upstreamRedirectURL, err := url.Parse(upstreamRedirectURI)
require.NoError(t, err)
redirectURIPathWithoutLastSegment, lastUpstreamRedirectURIPathSegment := path.Split(upstreamRedirectURL.Path)
require.Equalf(
t,
"callback",
lastUpstreamRedirectURIPathSegment,
"expected upstream redirect URI (%q) to follow supervisor callback path conventions (i.e., end in /callback)",
upstreamRedirectURI,
)
if strings.HasSuffix(redirectURIPathWithoutLastSegment, "/") {
redirectURIPathWithoutLastSegment = redirectURIPathWithoutLastSegment[:len(redirectURIPathWithoutLastSegment)-1]
}
return redirectURIPathWithoutLastSegment
}
func makeDownstreamAuthURL(t *testing.T, scheme, addr, path string) string { func makeDownstreamAuthURL(t *testing.T, scheme, addr, path string) string {
t.Helper() t.Helper()
downstreamOAuth2Config := oauth2.Config{ downstreamOAuth2Config := oauth2.Config{