WIP: initial integration test for cert issuing
This commit is contained in:
Andrew Keesler
parent
6fe7a4c9dc
commit
6cc8a2f8dd
@ -8,6 +8,7 @@ package integration
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
@ -49,14 +50,34 @@ func TestSuccessfulLoginRequest(t *testing.T) {
|
||||
|
||||
require.Empty(t, response.Spec)
|
||||
require.NotNil(t, response.Status.Credential)
|
||||
require.NotEmpty(t, response.Status.Credential.Token)
|
||||
require.Empty(t, response.Status.Credential.ClientCertificateData)
|
||||
require.Empty(t, response.Status.Credential.ClientKeyData)
|
||||
require.Empty(t, response.Status.Credential.Token)
|
||||
require.NotEmpty(t, response.Status.Credential.ClientCertificateData)
|
||||
require.NotEmpty(t, response.Status.Credential.ClientKeyData)
|
||||
require.Nil(t, response.Status.Credential.ExpirationTimestamp)
|
||||
|
||||
require.NotNil(t, response.Status.User)
|
||||
require.NotEmpty(t, response.Status.User.Name)
|
||||
require.Contains(t, response.Status.User.Groups, "tmc:member")
|
||||
|
||||
clientWithCert := library.NewClientsetWithConfig(
|
||||
t,
|
||||
library.NewClientConfigWithCertAndKey(
|
||||
t,
|
||||
response.Status.Credential.ClientCertificateData,
|
||||
response.Status.Credential.ClientKeyData,
|
||||
),
|
||||
)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
_, err = clientWithCert.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
|
||||
|
||||
// Response status should be 403 Forbidden because we assume this actor does
|
||||
// not have any permissions on this cluster.
|
||||
require.Error(t, err)
|
||||
statusError, isStatus := err.(*errors.StatusError)
|
||||
require.True(t, isStatus)
|
||||
require.Equal(t, http.StatusForbidden, statusError.Status().Code)
|
||||
}
|
||||
|
||||
func TestFailedLoginRequestWhenTheRequestIsValidButTheTokenDoesNotAuthenticateTheUser(t *testing.T) {
|
||||
@ -74,7 +95,7 @@ func TestFailedLoginRequestWhenTheRequestIsValidButTheTokenDoesNotAuthenticateTh
|
||||
}
|
||||
|
||||
func TestLoginRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T) {
|
||||
_, err := makeRequest(t, v1alpha1.LoginRequestSpec{
|
||||
response, err := makeRequest(t, v1alpha1.LoginRequestSpec{
|
||||
Type: v1alpha1.TokenLoginCredentialType,
|
||||
Token: nil,
|
||||
})
|
||||
@ -88,6 +109,9 @@ func TestLoginRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T) {
|
||||
require.Equal(t, metav1.CauseType("FieldValueRequired"), cause.Type)
|
||||
require.Equal(t, "Required value: token must be supplied", cause.Message)
|
||||
require.Equal(t, "spec.token.value", cause.Field)
|
||||
|
||||
require.Empty(t, response.Spec)
|
||||
require.Nil(t, response.Status.Credential)
|
||||
}
|
||||
|
||||
func TestGetDiscovery(t *testing.T) {
|
||||
|
||||
@ -6,12 +6,14 @@ SPDX-License-Identifier: Apache-2.0
|
||||
package library
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
||||
|
||||
placeholdernameclientset "github.com/suzerain-io/placeholder-name-client-go/pkg/generated/clientset/versioned"
|
||||
)
|
||||
@ -19,18 +21,40 @@ import (
|
||||
func NewClientConfig(t *testing.T) *rest.Config {
|
||||
t.Helper()
|
||||
|
||||
return newClientConfigWithOverrides(t, &clientcmd.ConfigOverrides{})
|
||||
}
|
||||
|
||||
func NewClientConfigWithCertAndKey(t *testing.T, cert, key string) *rest.Config {
|
||||
t.Helper()
|
||||
|
||||
return newClientConfigWithOverrides(t, &clientcmd.ConfigOverrides{
|
||||
AuthInfo: clientcmdapi.AuthInfo{
|
||||
ClientCertificateData: []byte(base64.StdEncoding.EncodeToString([]byte(cert))),
|
||||
ClientKeyData: []byte(base64.StdEncoding.EncodeToString([]byte(key))),
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func newClientConfigWithOverrides(t *testing.T, overrides *clientcmd.ConfigOverrides) *rest.Config {
|
||||
t.Helper()
|
||||
|
||||
loader := clientcmd.NewDefaultClientConfigLoadingRules()
|
||||
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loader, &clientcmd.ConfigOverrides{})
|
||||
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loader, overrides)
|
||||
config, err := clientConfig.ClientConfig()
|
||||
require.NoError(t, err)
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func NewClientset(t *testing.T) kubernetes.Interface {
|
||||
t.Helper()
|
||||
|
||||
return kubernetes.NewForConfigOrDie(NewClientConfig(t))
|
||||
return NewClientsetWithConfig(t, NewClientConfig(t))
|
||||
}
|
||||
|
||||
func NewClientsetWithConfig(t *testing.T, config *rest.Config) kubernetes.Interface {
|
||||
t.Helper()
|
||||
|
||||
return kubernetes.NewForConfigOrDie(config)
|
||||
}
|
||||
|
||||
func NewPlaceholderNameClientset(t *testing.T) placeholdernameclientset.Interface {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user