djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add offline_access scope for integration tests when using Dex

Browse Source
This commit is contained in:
Ryan Richard 2021-10-19 12:25:51 -07:00
parent d3ade82f3f
commit 7ec0304472
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hack/prepare-for-integration-tests.sh
View File

@ -372,7 +372,7 @@ export PINNIPED_TEST_CLI_OIDC_USERNAME=pinny@example.com
export PINNIPED_TEST_CLI_OIDC_PASSWORD=${dex_test_password} export PINNIPED_TEST_CLI_OIDC_PASSWORD=${dex_test_password}
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER=https://dex.tools.svc.cluster.local/dex export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER=https://dex.tools.svc.cluster.local/dex
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE="${test_ca_bundle_pem}" export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE="${test_ca_bundle_pem}"
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES=email export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES="offline_access,email"
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM=email export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM=email
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM=groups export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM=groups
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID=pinniped-supervisor export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID=pinniped-supervisor

8
test/integration/formposthtml_test.go
View File

@ -105,6 +105,7 @@ func TestFormPostHTML_Parallel(t *testing.T) {
// //
// The test server supports special `?fail=close` and `?fail=500` to force error cases. // The test server supports special `?fail=close` and `?fail=500` to force error cases.
func formpostCallbackServer(t *testing.T) (string, func(*testing.T, url.Values)) { func formpostCallbackServer(t *testing.T) (string, func(*testing.T, url.Values)) {
t.Helper()
results := make(chan url.Values) results := make(chan url.Values)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -155,6 +156,7 @@ func formpostCallbackServer(t *testing.T) (string, func(*testing.T, url.Values))
// formpostTemplateServer runs a test server that serves formposthtml.Template() rendered with test parameters. // formpostTemplateServer runs a test server that serves formposthtml.Template() rendered with test parameters.
func formpostTemplateServer(t *testing.T, redirectURI string, responseParams url.Values) string { func formpostTemplateServer(t *testing.T, redirectURI string, responseParams url.Values) string {
t.Helper()
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fosite.WriteAuthorizeFormPostResponse(redirectURI, responseParams, formposthtml.Template(), w) fosite.WriteAuthorizeFormPostResponse(redirectURI, responseParams, formposthtml.Template(), w)
}) })
@ -168,6 +170,7 @@ func formpostTemplateServer(t *testing.T, redirectURI string, responseParams url
// formpostRandomParams is a helper to generate random OAuth2 response parameters for testing. // formpostRandomParams is a helper to generate random OAuth2 response parameters for testing.
func formpostRandomParams(t *testing.T) url.Values { func formpostRandomParams(t *testing.T) url.Values {
t.Helper()
generator := &hmac.HMACStrategy{GlobalSecret: testlib.RandBytes(t, 32), TokenEntropy: 32} generator := &hmac.HMACStrategy{GlobalSecret: testlib.RandBytes(t, 32), TokenEntropy: 32}
authCode, _, err := generator.Generate() authCode, _, err := generator.Generate()
require.NoError(t, err) require.NoError(t, err)
@ -180,6 +183,7 @@ func formpostRandomParams(t *testing.T) url.Values {
// formpostExpectTitle asserts that the page has the expected title. // formpostExpectTitle asserts that the page has the expected title.
func formpostExpectTitle(t *testing.T, page *agouti.Page, expected string) { func formpostExpectTitle(t *testing.T, page *agouti.Page, expected string) {
t.Helper()
actual, err := page.Title() actual, err := page.Title()
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, expected, actual) require.Equal(t, expected, actual)
@ -187,6 +191,7 @@ func formpostExpectTitle(t *testing.T, page *agouti.Page, expected string) {
// formpostExpectTitle asserts that the page has the expected SVG/emoji favicon. // formpostExpectTitle asserts that the page has the expected SVG/emoji favicon.
func formpostExpectFavicon(t *testing.T, page *agouti.Page, expected string) { func formpostExpectFavicon(t *testing.T, page *agouti.Page, expected string) {
t.Helper()
iconURL, err := page.First("#favicon").Attribute("href") iconURL, err := page.First("#favicon").Attribute("href")
require.NoError(t, err) require.NoError(t, err)
require.True(t, strings.HasPrefix(iconURL, "data:image/svg+xml,<svg")) require.True(t, strings.HasPrefix(iconURL, "data:image/svg+xml,<svg"))
@ -203,6 +208,7 @@ func formpostExpectFavicon(t *testing.T, page *agouti.Page, expected string) {
// formpostInitiate navigates to the template server endpoint and expects the // formpostInitiate navigates to the template server endpoint and expects the
// loading animation to be shown. // loading animation to be shown.
func formpostInitiate(t *testing.T, page *agouti.Page, url string) { func formpostInitiate(t *testing.T, page *agouti.Page, url string) {
t.Helper()
require.NoError(t, page.Reset()) require.NoError(t, page.Reset())
t.Logf("navigating to mock form_post template URL %s...", url) t.Logf("navigating to mock form_post template URL %s...", url)
require.NoError(t, page.Navigate(url)) require.NoError(t, page.Navigate(url))
@ -215,6 +221,7 @@ func formpostInitiate(t *testing.T, page *agouti.Page, url string) {
// formpostExpectSuccessState asserts that the page is in the "success" state. // formpostExpectSuccessState asserts that the page is in the "success" state.
func formpostExpectSuccessState(t *testing.T, page *agouti.Page) { func formpostExpectSuccessState(t *testing.T, page *agouti.Page) {
t.Helper()
t.Logf("expecting to see success message become visible...") t.Logf("expecting to see success message become visible...")
browsertest.WaitForVisibleElements(t, page, "#success") browsertest.WaitForVisibleElements(t, page, "#success")
successDivText, err := page.First("#success").Text() successDivText, err := page.First("#success").Text()
@ -227,6 +234,7 @@ func formpostExpectSuccessState(t *testing.T, page *agouti.Page) {
// formpostExpectManualState asserts that the page is in the "manual" state and returns the auth code. // formpostExpectManualState asserts that the page is in the "manual" state and returns the auth code.
func formpostExpectManualState(t *testing.T, page *agouti.Page) string { func formpostExpectManualState(t *testing.T, page *agouti.Page) string {
t.Helper()
t.Logf("expecting to see manual message become visible...") t.Logf("expecting to see manual message become visible...")
browsertest.WaitForVisibleElements(t, page, "#manual") browsertest.WaitForVisibleElements(t, page, "#manual")
manualDivText, err := page.First("#manual").Text() manualDivText, err := page.First("#manual").Text()

2
test/testlib/env.go
View File

@ -247,7 +247,7 @@ func loadEnvVars(t *testing.T, result *TestEnv) {
result.SupervisorUpstreamOIDC = TestOIDCUpstream{ result.SupervisorUpstreamOIDC = TestOIDCUpstream{
Issuer: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER"), Issuer: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER"),
CABundle: base64Decoded(t, os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE")), CABundle: base64Decoded(t, os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE")),
AdditionalScopes: strings.Fields(os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES")), AdditionalScopes: filterEmpty(strings.Split(strings.ReplaceAll(os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES"), " ", ""), ",")),
UsernameClaim: os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM"), UsernameClaim: os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM"),
GroupsClaim: os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM"), GroupsClaim: os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM"),
ClientID: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID"), ClientID: needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID"),