wip017

Signed-off-by: Monis Khan <mok@vmware.com>
2022-07-21 13:01:32 -04:00 · 2022-07-21 13:01:32 -04:00 · 5e91fc43b1
commit 5e91fc43b1
parent ac921fbf58
1 changed files with 41 additions and 5 deletions
--- a/test/integration/supervisor_oidcclientsecret_test.go
+++ b/test/integration/supervisor_oidcclientsecret_test.go
@ -5,6 +5,7 @@ package integration

 import (
 	"context"
+	"encoding/hex"
 	"testing"
 	"time"

@ -12,6 +13,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"go.pinniped.dev/generated/latest/apis/supervisor/clientsecret/v1alpha1"
+	supervisorconfigv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
 	"go.pinniped.dev/test/testlib"
 )

@ -19,27 +21,61 @@ func TestOIDCClientSecretRequest_HappyPath_Parallel(t *testing.T) {
 	env := testlib.IntegrationEnv(t)

 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
-	defer cancel()
+	t.Cleanup(cancel)

 	client := testlib.NewSupervisorClientset(t)

+	oidcClient, err := client.ConfigV1alpha1().OIDCClients(env.SupervisorNamespace).Create(ctx,
+		&supervisorconfigv1alpha1.OIDCClient{
+			ObjectMeta: metav1.ObjectMeta{
+				GenerateName: "client.oauth.pinniped.dev-",
+			},
+			Spec: supervisorconfigv1alpha1.OIDCClientSpec{
+				AllowedRedirectURIs: []supervisorconfigv1alpha1.RedirectURI{
+					"https://example.com",
+					"http://127.0.0.1/yoyo",
+				},
+				AllowedGrantTypes: []supervisorconfigv1alpha1.GrantType{
+					"authorization_code",
+					"refresh_token",
+					"urn:ietf:params:oauth:grant-type:token-exchange",
+				},
+				AllowedScopes: []supervisorconfigv1alpha1.Scope{
+					"openid",
+					"offline_access",
+					"username",
+					"groups",
+					"pinniped:request-audience",
+				},
+			},
+		},
+		metav1.CreateOptions{},
+	)
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		deleteErr := client.ConfigV1alpha1().OIDCClients(env.SupervisorNamespace).Delete(ctx, oidcClient.Name, metav1.DeleteOptions{})
+		require.NoError(t, deleteErr)
+	})
+
 	response, err := client.ClientsecretV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx,
 		&v1alpha1.OIDCClientSecretRequest{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: oidcClient.Name,
+			},
 			Spec: v1alpha1.OIDCClientSecretRequestSpec{
 				GenerateNewSecret: true,
 			},
 		}, metav1.CreateOptions{})
 	require.NoError(t, err)
-	// the hardcoded values from the nonfunctional request
-	require.Equal(t, response.Status.TotalClientSecrets, 20)
-	require.Equal(t, response.Status.GeneratedSecret, "not-a-real-secret")
+	require.Equal(t, response.Status.TotalClientSecrets, 1)
+	require.Len(t, response.Status.GeneratedSecret, hex.EncodedLen(32))
 }

 func TestOIDCClientSecretRequest_Unauthenticated_Parallel(t *testing.T) {
 	env := testlib.IntegrationEnv(t)

 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
-	defer cancel()
+	t.Cleanup(cancel)

 	client := testlib.NewAnonymousSupervisorClientset(t)