From 5e91fc43b170fc0ea6583024b39aed3cc035061b Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Thu, 21 Jul 2022 13:01:32 -0400 Subject: [PATCH] wip017 Signed-off-by: Monis Khan --- .../supervisor_oidcclientsecret_test.go | 46 +++++++++++++++++-- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/test/integration/supervisor_oidcclientsecret_test.go b/test/integration/supervisor_oidcclientsecret_test.go index 8e41b0ff..3ca4c582 100644 --- a/test/integration/supervisor_oidcclientsecret_test.go +++ b/test/integration/supervisor_oidcclientsecret_test.go @@ -5,6 +5,7 @@ package integration import ( "context" + "encoding/hex" "testing" "time" @@ -12,6 +13,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "go.pinniped.dev/generated/latest/apis/supervisor/clientsecret/v1alpha1" + supervisorconfigv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1" "go.pinniped.dev/test/testlib" ) @@ -19,27 +21,61 @@ func TestOIDCClientSecretRequest_HappyPath_Parallel(t *testing.T) { env := testlib.IntegrationEnv(t) ctx, cancel := context.WithTimeout(context.Background(), time.Minute) - defer cancel() + t.Cleanup(cancel) client := testlib.NewSupervisorClientset(t) + oidcClient, err := client.ConfigV1alpha1().OIDCClients(env.SupervisorNamespace).Create(ctx, + &supervisorconfigv1alpha1.OIDCClient{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "client.oauth.pinniped.dev-", + }, + Spec: supervisorconfigv1alpha1.OIDCClientSpec{ + AllowedRedirectURIs: []supervisorconfigv1alpha1.RedirectURI{ + "https://example.com", + "http://127.0.0.1/yoyo", + }, + AllowedGrantTypes: []supervisorconfigv1alpha1.GrantType{ + "authorization_code", + "refresh_token", + "urn:ietf:params:oauth:grant-type:token-exchange", + }, + AllowedScopes: []supervisorconfigv1alpha1.Scope{ + "openid", + "offline_access", + "username", + "groups", + "pinniped:request-audience", + }, + }, + }, + metav1.CreateOptions{}, + ) + require.NoError(t, err) + t.Cleanup(func() { + deleteErr := client.ConfigV1alpha1().OIDCClients(env.SupervisorNamespace).Delete(ctx, oidcClient.Name, metav1.DeleteOptions{}) + require.NoError(t, deleteErr) + }) + response, err := client.ClientsecretV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx, &v1alpha1.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: oidcClient.Name, + }, Spec: v1alpha1.OIDCClientSecretRequestSpec{ GenerateNewSecret: true, }, }, metav1.CreateOptions{}) require.NoError(t, err) - // the hardcoded values from the nonfunctional request - require.Equal(t, response.Status.TotalClientSecrets, 20) - require.Equal(t, response.Status.GeneratedSecret, "not-a-real-secret") + require.Equal(t, response.Status.TotalClientSecrets, 1) + require.Len(t, response.Status.GeneratedSecret, hex.EncodedLen(32)) } func TestOIDCClientSecretRequest_Unauthenticated_Parallel(t *testing.T) { env := testlib.IntegrationEnv(t) ctx, cancel := context.WithTimeout(context.Background(), time.Minute) - defer cancel() + t.Cleanup(cancel) client := testlib.NewAnonymousSupervisorClientset(t)