Add offline_access scope for integration tests when using Dex

2021-10-19 12:25:51 -07:00 · 2021-10-19 12:25:51 -07:00 · 7ec0304472
commit 7ec0304472
parent d3ade82f3f
3 changed files with 10 additions and 2 deletions
--- a/hack/prepare-for-integration-tests.sh
+++ b/hack/prepare-for-integration-tests.sh
@ -372,7 +372,7 @@ export PINNIPED_TEST_CLI_OIDC_USERNAME=pinny@example.com
 export PINNIPED_TEST_CLI_OIDC_PASSWORD=${dex_test_password}
 export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER=https://dex.tools.svc.cluster.local/dex
 export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE="${test_ca_bundle_pem}"
-export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES=email
+export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES="offline_access,email"
 export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM=email
 export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM=groups
 export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID=pinniped-supervisor
--- a/test/integration/formposthtml_test.go
+++ b/test/integration/formposthtml_test.go
@ -105,6 +105,7 @@ func TestFormPostHTML_Parallel(t *testing.T) {
 //
 // The test server supports special `?fail=close` and `?fail=500` to force error cases.
 func formpostCallbackServer(t *testing.T) (string, func(*testing.T, url.Values)) {
+	t.Helper()
 	results := make(chan url.Values)

 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -155,6 +156,7 @@ func formpostCallbackServer(t *testing.T) (string, func(*testing.T, url.Values))

 // formpostTemplateServer runs a test server that serves formposthtml.Template() rendered with test parameters.
 func formpostTemplateServer(t *testing.T, redirectURI string, responseParams url.Values) string {
+	t.Helper()
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		fosite.WriteAuthorizeFormPostResponse(redirectURI, responseParams, formposthtml.Template(), w)
 	})
@ -168,6 +170,7 @@ func formpostTemplateServer(t *testing.T, redirectURI string, responseParams url

 // formpostRandomParams is a helper to generate random OAuth2 response parameters for testing.
 func formpostRandomParams(t *testing.T) url.Values {
+	t.Helper()
 	generator := &hmac.HMACStrategy{GlobalSecret: testlib.RandBytes(t, 32), TokenEntropy: 32}
 	authCode, _, err := generator.Generate()
 	require.NoError(t, err)
@ -180,6 +183,7 @@ func formpostRandomParams(t *testing.T) url.Values {

 // formpostExpectTitle asserts that the page has the expected title.
 func formpostExpectTitle(t *testing.T, page *agouti.Page, expected string) {
+	t.Helper()
 	actual, err := page.Title()
 	require.NoError(t, err)
 	require.Equal(t, expected, actual)
@ -187,6 +191,7 @@ func formpostExpectTitle(t *testing.T, page *agouti.Page, expected string) {

 // formpostExpectTitle asserts that the page has the expected SVG/emoji favicon.
 func formpostExpectFavicon(t *testing.T, page *agouti.Page, expected string) {
+	t.Helper()
 	iconURL, err := page.First("#favicon").Attribute("href")
 	require.NoError(t, err)
 	require.True(t, strings.HasPrefix(iconURL, "data:image/svg+xml,<svg"))
@ -203,6 +208,7 @@ func formpostExpectFavicon(t *testing.T, page *agouti.Page, expected string) {
 // formpostInitiate navigates to the template server endpoint and expects the
 // loading animation to be shown.
 func formpostInitiate(t *testing.T, page *agouti.Page, url string) {
+	t.Helper()
 	require.NoError(t, page.Reset())
 	t.Logf("navigating to mock form_post template URL %s...", url)
 	require.NoError(t, page.Navigate(url))
@ -215,6 +221,7 @@ func formpostInitiate(t *testing.T, page *agouti.Page, url string) {

 // formpostExpectSuccessState asserts that the page is in the "success" state.
 func formpostExpectSuccessState(t *testing.T, page *agouti.Page) {
+	t.Helper()
 	t.Logf("expecting to see success message become visible...")
 	browsertest.WaitForVisibleElements(t, page, "#success")
 	successDivText, err := page.First("#success").Text()
@ -227,6 +234,7 @@ func formpostExpectSuccessState(t *testing.T, page *agouti.Page) {

 // formpostExpectManualState asserts that the page is in the "manual" state and returns the auth code.
 func formpostExpectManualState(t *testing.T, page *agouti.Page) string {
+	t.Helper()
 	t.Logf("expecting to see manual message become visible...")
 	browsertest.WaitForVisibleElements(t, page, "#manual")
 	manualDivText, err := page.First("#manual").Text()
--- a/test/testlib/env.go
+++ b/test/testlib/env.go
@ -247,7 +247,7 @@ func loadEnvVars(t *testing.T, result *TestEnv) {
 	result.SupervisorUpstreamOIDC = TestOIDCUpstream{
 		Issuer:           needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER"),
 		CABundle:         base64Decoded(t, os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE")),
-		AdditionalScopes: strings.Fields(os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES")),
+		AdditionalScopes: filterEmpty(strings.Split(strings.ReplaceAll(os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES"), " ", ""), ",")),
 		UsernameClaim:    os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME_CLAIM"),
 		GroupsClaim:      os.Getenv("PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_GROUPS_CLAIM"),
 		ClientID:         needEnv(t, "PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID"),