djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip017

Browse Source 
Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2022-07-21 13:01:32 -04:00
parent ac921fbf58
commit 5e91fc43b1
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
1 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
test/integration/supervisor_oidcclientsecret_test.go
View File

@ -5,6 +5,7 @@ package integration
import ( import (
"context" "context"
"encoding/hex"
"testing" "testing"
"time" "time"
@ -12,6 +13,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"go.pinniped.dev/generated/latest/apis/supervisor/clientsecret/v1alpha1" "go.pinniped.dev/generated/latest/apis/supervisor/clientsecret/v1alpha1"
supervisorconfigv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
"go.pinniped.dev/test/testlib" "go.pinniped.dev/test/testlib"
) )
@ -19,27 +21,61 @@ func TestOIDCClientSecretRequest_HappyPath_Parallel(t *testing.T) {
env := testlib.IntegrationEnv(t) env := testlib.IntegrationEnv(t)
ctx, cancel := context.WithTimeout(context.Background(), time.Minute) ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel() t.Cleanup(cancel)
client := testlib.NewSupervisorClientset(t) client := testlib.NewSupervisorClientset(t)
oidcClient, err := client.ConfigV1alpha1().OIDCClients(env.SupervisorNamespace).Create(ctx,
&supervisorconfigv1alpha1.OIDCClient{
ObjectMeta: metav1.ObjectMeta{
GenerateName: "client.oauth.pinniped.dev-",
},
Spec: supervisorconfigv1alpha1.OIDCClientSpec{
AllowedRedirectURIs: []supervisorconfigv1alpha1.RedirectURI{
"https://example.com",
"http://127.0.0.1/yoyo",
},
AllowedGrantTypes: []supervisorconfigv1alpha1.GrantType{
"authorization_code",
"refresh_token",
"urn:ietf:params:oauth:grant-type:token-exchange",
},
AllowedScopes: []supervisorconfigv1alpha1.Scope{
"openid",
"offline_access",
"username",
"groups",
"pinniped:request-audience",
},
},
},
metav1.CreateOptions{},
)
require.NoError(t, err)
t.Cleanup(func() {
deleteErr := client.ConfigV1alpha1().OIDCClients(env.SupervisorNamespace).Delete(ctx, oidcClient.Name, metav1.DeleteOptions{})
require.NoError(t, deleteErr)
})
response, err := client.ClientsecretV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx, response, err := client.ClientsecretV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx,
&v1alpha1.OIDCClientSecretRequest{ &v1alpha1.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: oidcClient.Name,
},
Spec: v1alpha1.OIDCClientSecretRequestSpec{ Spec: v1alpha1.OIDCClientSecretRequestSpec{
GenerateNewSecret: true, GenerateNewSecret: true,
}, },
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
require.NoError(t, err) require.NoError(t, err)
// the hardcoded values from the nonfunctional request require.Equal(t, response.Status.TotalClientSecrets, 1)
require.Equal(t, response.Status.TotalClientSecrets, 20) require.Len(t, response.Status.GeneratedSecret, hex.EncodedLen(32))
require.Equal(t, response.Status.GeneratedSecret, "not-a-real-secret")
} }
func TestOIDCClientSecretRequest_Unauthenticated_Parallel(t *testing.T) { func TestOIDCClientSecretRequest_Unauthenticated_Parallel(t *testing.T) {
env := testlib.IntegrationEnv(t) env := testlib.IntegrationEnv(t)
ctx, cancel := context.WithTimeout(context.Background(), time.Minute) ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel() t.Cleanup(cancel)
client := testlib.NewAnonymousSupervisorClientset(t) client := testlib.NewAnonymousSupervisorClientset(t)