djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Stop using pointer pkg functions that were deprecated by dependency bump

Browse Source
This commit is contained in:
Ryan Richard 2022-12-13 17:04:30 -08:00
parent 85b67f254c
commit 976035115e
10 changed files with 229 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
internal/config/concierge/config.go
View File

@ -93,39 +93,39 @@ func FromPath(ctx context.Context, path string) (*Config, error) {
func maybeSetAPIDefaults(apiConfig *APIConfigSpec) { func maybeSetAPIDefaults(apiConfig *APIConfigSpec) {
if apiConfig.ServingCertificateConfig.DurationSeconds == nil { if apiConfig.ServingCertificateConfig.DurationSeconds == nil {
apiConfig.ServingCertificateConfig.DurationSeconds = pointer.Int64Ptr(aboutAYear) apiConfig.ServingCertificateConfig.DurationSeconds = pointer.Int64(aboutAYear)
} }
if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil { if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil {
apiConfig.ServingCertificateConfig.RenewBeforeSeconds = pointer.Int64Ptr(about9Months) apiConfig.ServingCertificateConfig.RenewBeforeSeconds = pointer.Int64(about9Months)
} }
} }
func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) {
if *apiGroupSuffix == nil { if *apiGroupSuffix == nil {
*apiGroupSuffix = pointer.StringPtr(groupsuffix.PinnipedDefaultSuffix) *apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix)
} }
} }
func maybeSetAggregatedAPIServerPortDefaults(port **int64) { func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
if *port == nil { if *port == nil {
*port = pointer.Int64Ptr(aggregatedAPIServerPortDefault) *port = pointer.Int64(aggregatedAPIServerPortDefault)
} }
} }
func maybeSetImpersonationProxyServerPortDefaults(port **int64) { func maybeSetImpersonationProxyServerPortDefaults(port **int64) {
if *port == nil { if *port == nil {
*port = pointer.Int64Ptr(impersonationProxyPortDefault) *port = pointer.Int64(impersonationProxyPortDefault)
} }
} }
func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) { func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) {
if cfg.NamePrefix == nil { if cfg.NamePrefix == nil {
cfg.NamePrefix = pointer.StringPtr("pinniped-kube-cert-agent-") cfg.NamePrefix = pointer.String("pinniped-kube-cert-agent-")
} }
if cfg.Image == nil { if cfg.Image == nil {
cfg.Image = pointer.StringPtr("debian:latest") cfg.Image = pointer.String("debian:latest")
} }
} }

62
internal/config/concierge/config_test.go
View File

@ -59,17 +59,17 @@ func TestFromPath(t *testing.T) {
`), `),
wantConfig: &Config{ wantConfig: &Config{
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: pointer.StringPtr("https://some.discovery/url"), URL: pointer.String("https://some.discovery/url"),
}, },
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64Ptr(3600), DurationSeconds: pointer.Int64(3600),
RenewBeforeSeconds: pointer.Int64Ptr(2400), RenewBeforeSeconds: pointer.Int64(2400),
}, },
}, },
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.String("some.suffix.com"),
AggregatedAPIServerPort: pointer.Int64Ptr(12345), AggregatedAPIServerPort: pointer.Int64(12345),
ImpersonationProxyServerPort: pointer.Int64Ptr(4242), ImpersonationProxyServerPort: pointer.Int64(4242),
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
CredentialIssuer: "pinniped-config", CredentialIssuer: "pinniped-config",
@ -86,8 +86,8 @@ func TestFromPath(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.StringPtr("kube-cert-agent-name-prefix-"), NamePrefix: pointer.String("kube-cert-agent-name-prefix-"),
Image: pointer.StringPtr("kube-cert-agent-image"), Image: pointer.String("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
}, },
LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug), LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug),
@ -135,17 +135,17 @@ func TestFromPath(t *testing.T) {
`), `),
wantConfig: &Config{ wantConfig: &Config{
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: pointer.StringPtr("https://some.discovery/url"), URL: pointer.String("https://some.discovery/url"),
}, },
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64Ptr(3600), DurationSeconds: pointer.Int64(3600),
RenewBeforeSeconds: pointer.Int64Ptr(2400), RenewBeforeSeconds: pointer.Int64(2400),
}, },
}, },
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.String("some.suffix.com"),
AggregatedAPIServerPort: pointer.Int64Ptr(12345), AggregatedAPIServerPort: pointer.Int64(12345),
ImpersonationProxyServerPort: pointer.Int64Ptr(4242), ImpersonationProxyServerPort: pointer.Int64(4242),
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
CredentialIssuer: "pinniped-config", CredentialIssuer: "pinniped-config",
@ -162,8 +162,8 @@ func TestFromPath(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.StringPtr("kube-cert-agent-name-prefix-"), NamePrefix: pointer.String("kube-cert-agent-name-prefix-"),
Image: pointer.StringPtr("kube-cert-agent-image"), Image: pointer.String("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
}, },
Log: plog.LogSpec{ Log: plog.LogSpec{
@ -212,17 +212,17 @@ func TestFromPath(t *testing.T) {
`), `),
wantConfig: &Config{ wantConfig: &Config{
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: pointer.StringPtr("https://some.discovery/url"), URL: pointer.String("https://some.discovery/url"),
}, },
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64Ptr(3600), DurationSeconds: pointer.Int64(3600),
RenewBeforeSeconds: pointer.Int64Ptr(2400), RenewBeforeSeconds: pointer.Int64(2400),
}, },
}, },
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.String("some.suffix.com"),
AggregatedAPIServerPort: pointer.Int64Ptr(12345), AggregatedAPIServerPort: pointer.Int64(12345),
ImpersonationProxyServerPort: pointer.Int64Ptr(4242), ImpersonationProxyServerPort: pointer.Int64(4242),
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate",
CredentialIssuer: "pinniped-config", CredentialIssuer: "pinniped-config",
@ -239,8 +239,8 @@ func TestFromPath(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.StringPtr("kube-cert-agent-name-prefix-"), NamePrefix: pointer.String("kube-cert-agent-name-prefix-"),
Image: pointer.StringPtr("kube-cert-agent-image"), Image: pointer.String("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
}, },
LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug), LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug),
@ -289,13 +289,13 @@ func TestFromPath(t *testing.T) {
DiscoveryInfo: DiscoveryInfoSpec{ DiscoveryInfo: DiscoveryInfoSpec{
URL: nil, URL: nil,
}, },
APIGroupSuffix: pointer.StringPtr("pinniped.dev"), APIGroupSuffix: pointer.String("pinniped.dev"),
AggregatedAPIServerPort: pointer.Int64Ptr(10250), AggregatedAPIServerPort: pointer.Int64(10250),
ImpersonationProxyServerPort: pointer.Int64Ptr(8444), ImpersonationProxyServerPort: pointer.Int64(8444),
APIConfig: APIConfigSpec{ APIConfig: APIConfigSpec{
ServingCertificateConfig: ServingCertificateConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{
DurationSeconds: pointer.Int64Ptr(60 * 60 * 24 * 365), // about a year DurationSeconds: pointer.Int64(60 * 60 * 24 * 365), // about a year
RenewBeforeSeconds: pointer.Int64Ptr(60 * 60 * 24 * 30 * 9), // about 9 months RenewBeforeSeconds: pointer.Int64(60 * 60 * 24 * 30 * 9), // about 9 months
}, },
}, },
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
@ -311,8 +311,8 @@ func TestFromPath(t *testing.T) {
}, },
Labels: map[string]string{}, Labels: map[string]string{},
KubeCertAgentConfig: KubeCertAgentSpec{ KubeCertAgentConfig: KubeCertAgentSpec{
NamePrefix: pointer.StringPtr("pinniped-kube-cert-agent-"), NamePrefix: pointer.String("pinniped-kube-cert-agent-"),
Image: pointer.StringPtr("debian:latest"), Image: pointer.String("debian:latest"),
}, },
}, },
}, },

4
internal/config/supervisor/config.go
View File

@ -109,7 +109,7 @@ func maybeSetEndpointDefault(endpoint **Endpoint, defaultEndpoint Endpoint) {
func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) {
if *apiGroupSuffix == nil { if *apiGroupSuffix == nil {
*apiGroupSuffix = pointer.StringPtr(groupsuffix.PinnipedDefaultSuffix) *apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix)
} }
} }
@ -119,7 +119,7 @@ func validateAPIGroupSuffix(apiGroupSuffix string) error {
func maybeSetAggregatedAPIServerPortDefaults(port **int64) { func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
if *port == nil { if *port == nil {
*port = pointer.Int64Ptr(aggregatedAPIServerPortDefault) *port = pointer.Int64(aggregatedAPIServerPortDefault)
} }
} }

24
internal/config/supervisor/config_test.go
View File

@ -45,7 +45,7 @@ func TestFromPath(t *testing.T) {
aggregatedAPIServerPort: 12345 aggregatedAPIServerPort: 12345
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.String("some.suffix.com"),
Labels: map[string]string{ Labels: map[string]string{
"myLabelKey1": "myLabelValue1", "myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
@ -68,7 +68,7 @@ func TestFromPath(t *testing.T) {
Log: plog.LogSpec{ Log: plog.LogSpec{
Level: plog.LevelTrace, Level: plog.LevelTrace,
}, },
AggregatedAPIServerPort: pointer.Int64Ptr(12345), AggregatedAPIServerPort: pointer.Int64(12345),
}, },
}, },
{ {
@ -95,7 +95,7 @@ func TestFromPath(t *testing.T) {
aggregatedAPIServerPort: 12345 aggregatedAPIServerPort: 12345
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.String("some.suffix.com"),
Labels: map[string]string{ Labels: map[string]string{
"myLabelKey1": "myLabelValue1", "myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
@ -118,7 +118,7 @@ func TestFromPath(t *testing.T) {
Level: plog.LevelInfo, Level: plog.LevelInfo,
Format: plog.FormatText, Format: plog.FormatText,
}, },
AggregatedAPIServerPort: pointer.Int64Ptr(12345), AggregatedAPIServerPort: pointer.Int64(12345),
}, },
}, },
{ {
@ -145,7 +145,7 @@ func TestFromPath(t *testing.T) {
format: text format: text
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.String("some.suffix.com"),
Labels: map[string]string{ Labels: map[string]string{
"myLabelKey1": "myLabelValue1", "myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
@ -169,7 +169,7 @@ func TestFromPath(t *testing.T) {
Level: plog.LevelTrace, Level: plog.LevelTrace,
Format: plog.FormatText, Format: plog.FormatText,
}, },
AggregatedAPIServerPort: pointer.Int64Ptr(10250), AggregatedAPIServerPort: pointer.Int64(10250),
}, },
}, },
{ {
@ -192,7 +192,7 @@ func TestFromPath(t *testing.T) {
defaultTLSCertificateSecret: my-secret-name defaultTLSCertificateSecret: my-secret-name
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("pinniped.dev"), APIGroupSuffix: pointer.String("pinniped.dev"),
Labels: map[string]string{}, Labels: map[string]string{},
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
DefaultTLSCertificateSecret: "my-secret-name", DefaultTLSCertificateSecret: "my-secret-name",
@ -207,7 +207,7 @@ func TestFromPath(t *testing.T) {
}, },
}, },
AllowExternalHTTP: false, AllowExternalHTTP: false,
AggregatedAPIServerPort: pointer.Int64Ptr(10250), AggregatedAPIServerPort: pointer.Int64(10250),
}, },
}, },
{ {
@ -322,7 +322,7 @@ func TestFromPath(t *testing.T) {
insecureAcceptExternalUnencryptedHttpRequests: true insecureAcceptExternalUnencryptedHttpRequests: true
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("pinniped.dev"), APIGroupSuffix: pointer.String("pinniped.dev"),
Labels: map[string]string{}, Labels: map[string]string{},
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
DefaultTLSCertificateSecret: "my-secret-name", DefaultTLSCertificateSecret: "my-secret-name",
@ -338,7 +338,7 @@ func TestFromPath(t *testing.T) {
}, },
}, },
AllowExternalHTTP: true, AllowExternalHTTP: true,
AggregatedAPIServerPort: pointer.Int64Ptr(10250), AggregatedAPIServerPort: pointer.Int64(10250),
}, },
}, },
{ {
@ -354,7 +354,7 @@ func TestFromPath(t *testing.T) {
insecureAcceptExternalUnencryptedHttpRequests: "true" insecureAcceptExternalUnencryptedHttpRequests: "true"
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("pinniped.dev"), APIGroupSuffix: pointer.String("pinniped.dev"),
Labels: map[string]string{}, Labels: map[string]string{},
NamesConfig: NamesConfigSpec{ NamesConfig: NamesConfigSpec{
DefaultTLSCertificateSecret: "my-secret-name", DefaultTLSCertificateSecret: "my-secret-name",
@ -370,7 +370,7 @@ func TestFromPath(t *testing.T) {
}, },
}, },
AllowExternalHTTP: true, AllowExternalHTTP: true,
AggregatedAPIServerPort: pointer.Int64Ptr(10250), AggregatedAPIServerPort: pointer.Int64(10250),
}, },
}, },
{ {

10
internal/controller/kubecertagent/kubecertagent.go
View File

@ -521,14 +521,14 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
Labels: c.cfg.Labels, Labels: c.cfg.Labels,
}, },
Spec: appsv1.DeploymentSpec{ Spec: appsv1.DeploymentSpec{
Replicas: pointer.Int32Ptr(1), Replicas: pointer.Int32(1),
Selector: metav1.SetAsLabelSelector(c.cfg.agentPodSelectorLabels()), Selector: metav1.SetAsLabelSelector(c.cfg.agentPodSelectorLabels()),
Template: corev1.PodTemplateSpec{ Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Labels: c.cfg.agentPodLabels(), Labels: c.cfg.agentPodLabels(),
}, },
Spec: corev1.PodSpec{ Spec: corev1.PodSpec{
TerminationGracePeriodSeconds: pointer.Int64Ptr(0), TerminationGracePeriodSeconds: pointer.Int64(0),
ImagePullSecrets: imagePullSecrets, ImagePullSecrets: imagePullSecrets,
Containers: []corev1.Container{ Containers: []corev1.Container{
{ {
@ -556,15 +556,15 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
Volumes: controllerManagerPod.Spec.Volumes, Volumes: controllerManagerPod.Spec.Volumes,
RestartPolicy: corev1.RestartPolicyAlways, RestartPolicy: corev1.RestartPolicyAlways,
NodeSelector: controllerManagerPod.Spec.NodeSelector, NodeSelector: controllerManagerPod.Spec.NodeSelector,
AutomountServiceAccountToken: pointer.BoolPtr(false), AutomountServiceAccountToken: pointer.Bool(false),
ServiceAccountName: c.cfg.ServiceAccountName, ServiceAccountName: c.cfg.ServiceAccountName,
NodeName: controllerManagerPod.Spec.NodeName, NodeName: controllerManagerPod.Spec.NodeName,
Tolerations: controllerManagerPod.Spec.Tolerations, Tolerations: controllerManagerPod.Spec.Tolerations,
// We need to run the agent pod as root since the file permissions // We need to run the agent pod as root since the file permissions
// on the cluster keypair usually restricts access to only root. // on the cluster keypair usually restricts access to only root.
SecurityContext: &corev1.PodSecurityContext{ SecurityContext: &corev1.PodSecurityContext{
RunAsUser: pointer.Int64Ptr(0), RunAsUser: pointer.Int64(0),
RunAsGroup: pointer.Int64Ptr(0), RunAsGroup: pointer.Int64(0),
}, },
HostNetwork: controllerManagerPod.Spec.HostNetwork, HostNetwork: controllerManagerPod.Spec.HostNetwork,
}, },

12
internal/controller/kubecertagent/kubecertagent_test.go
View File

@ -95,7 +95,7 @@ func TestAgentController(t *testing.T) {
Labels: map[string]string{"extralabel": "labelvalue", "app": "anything"}, Labels: map[string]string{"extralabel": "labelvalue", "app": "anything"},
}, },
Spec: appsv1.DeploymentSpec{ Spec: appsv1.DeploymentSpec{
Replicas: pointer.Int32Ptr(1), Replicas: pointer.Int32(1),
Selector: metav1.SetAsLabelSelector(map[string]string{ Selector: metav1.SetAsLabelSelector(map[string]string{
"kube-cert-agent.pinniped.dev": "v3", "kube-cert-agent.pinniped.dev": "v3",
}), }),
@ -133,12 +133,12 @@ func TestAgentController(t *testing.T) {
ImagePullPolicy: corev1.PullIfNotPresent, ImagePullPolicy: corev1.PullIfNotPresent,
}}, }},
RestartPolicy: corev1.RestartPolicyAlways, RestartPolicy: corev1.RestartPolicyAlways,
TerminationGracePeriodSeconds: pointer.Int64Ptr(0), TerminationGracePeriodSeconds: pointer.Int64(0),
ServiceAccountName: "test-service-account-name", ServiceAccountName: "test-service-account-name",
AutomountServiceAccountToken: pointer.BoolPtr(false), AutomountServiceAccountToken: pointer.Bool(false),
SecurityContext: &corev1.PodSecurityContext{ SecurityContext: &corev1.PodSecurityContext{
RunAsUser: pointer.Int64Ptr(0), RunAsUser: pointer.Int64(0),
RunAsGroup: pointer.Int64Ptr(0), RunAsGroup: pointer.Int64(0),
}, },
ImagePullSecrets: []corev1.LocalObjectReference{{ ImagePullSecrets: []corev1.LocalObjectReference{{
Name: "pinniped-image-pull-secret", Name: "pinniped-image-pull-secret",
@ -992,7 +992,7 @@ func TestAgentController(t *testing.T) {
healthyAgentPod, healthyAgentPod,
validClusterInfoConfigMap, validClusterInfoConfigMap,
}, },
discoveryURLOverride: pointer.StringPtr("https://overridden-server.example.com/some/path"), discoveryURLOverride: pointer.String("https://overridden-server.example.com/some/path"),
mocks: mockExecSucceeds, mocks: mockExecSucceeds,
wantDistinctErrors: []string{""}, wantDistinctErrors: []string{""},
wantAgentDeployment: healthyAgentDeployment, wantAgentDeployment: healthyAgentDeployment,

324
internal/oidc/auth/auth_handler_test.go
View File

@ -694,8 +694,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -716,8 +716,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -737,8 +737,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -928,8 +928,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: "/some/path", path: "/some/path",
contentType: formContentType, contentType: formContentType,
body: encodeQuery(happyGetRequestQueryMap), body: encodeQuery(happyGetRequestQueryMap),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -952,8 +952,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: "/some/path", path: "/some/path",
contentType: formContentType, contentType: formContentType,
body: encodeQuery(happyGetRequestQueryMap), body: encodeQuery(happyGetRequestQueryMap),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -975,8 +975,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: "/some/path", path: "/some/path",
contentType: formContentType, contentType: formContentType,
body: encodeQuery(happyGetRequestQueryMap), body: encodeQuery(happyGetRequestQueryMap),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp,
@ -1131,8 +1131,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client
}), }),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1155,8 +1155,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client
}), }),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid\+username\+groups&state=` + happyState, wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid\+username\+groups&state=` + happyState,
@ -1195,8 +1195,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1217,8 +1217,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(1*time.Hour))).WithUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(1*time.Hour))).WithUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1250,8 +1250,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -1272,8 +1272,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusBadGateway, wantStatus: http.StatusBadGateway,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n",
@ -1283,8 +1283,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&erroringUpstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&erroringUpstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusBadGateway, wantStatus: http.StatusBadGateway,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n",
@ -1299,8 +1299,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr("wrong-password"), customPasswordHeader: pointer.String("wrong-password"),
wantPasswordGrantCall: &expectedPasswordGrant{ wantPasswordGrantCall: &expectedPasswordGrant{
performedByUpstreamName: oidcPasswordGrantUpstreamName, performedByUpstreamName: oidcPasswordGrantUpstreamName,
args: &oidctestutil.PasswordCredentialsGrantAndValidateTokensArgs{ args: &oidctestutil.PasswordCredentialsGrantAndValidateTokensArgs{
@ -1317,8 +1317,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr("wrong-password"), customPasswordHeader: pointer.String("wrong-password"),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1329,8 +1329,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr("wrong-password"), customPasswordHeader: pointer.String("wrong-password"),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1341,8 +1341,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr("wrong-username"), customUsernameHeader: pointer.String("wrong-username"),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1353,8 +1353,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr("wrong-username"), customUsernameHeader: pointer.String("wrong-username"),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery),
@ -1366,7 +1366,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: nil, // do not send header customUsernameHeader: nil, // do not send header
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
@ -1378,7 +1378,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: nil, // do not send header customUsernameHeader: nil, // do not send header
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
@ -1390,7 +1390,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: nil, // do not send header customUsernameHeader: nil, // do not send header
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery),
@ -1401,7 +1401,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: nil, // do not send header customPasswordHeader: nil, // do not send header
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1413,7 +1413,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: nil, // do not send header customPasswordHeader: nil, // do not send header
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1425,8 +1425,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1438,8 +1438,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1451,8 +1451,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithEmptyAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithEmptyAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1464,8 +1464,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithoutAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithoutAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1477,8 +1477,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithEmptyAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithEmptyAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1490,8 +1490,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithoutAccessToken().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithoutAccessToken().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1503,7 +1503,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: nil, // do not send header customPasswordHeader: nil, // do not send header
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -1515,8 +1515,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(upstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(upstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithPasswordGrantDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithPasswordGrantDisallowedHintErrorQuery),
@ -1528,8 +1528,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
@ -1541,8 +1541,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
@ -1554,8 +1554,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources,
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery),
@ -1603,8 +1603,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
}), }),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusBadRequest, wantStatus: http.StatusBadRequest,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidRedirectURIErrorBody, wantBodyJSON: fositeInvalidRedirectURIErrorBody,
@ -1616,8 +1616,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
}), }),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusBadRequest, wantStatus: http.StatusBadRequest,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidRedirectURIErrorBody, wantBodyJSON: fositeInvalidRedirectURIErrorBody,
@ -1629,8 +1629,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
path: modifiedHappyGetRequestPath(map[string]string{ path: modifiedHappyGetRequestPath(map[string]string{
"redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client",
}), }),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusBadRequest, wantStatus: http.StatusBadRequest,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidRedirectURIErrorBody, wantBodyJSON: fositeInvalidRedirectURIErrorBody,
@ -1654,8 +1654,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": "invalid-client"}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": "invalid-client"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusUnauthorized, wantStatus: http.StatusUnauthorized,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidClientErrorBody, wantBodyJSON: fositeInvalidClientErrorBody,
@ -1718,8 +1718,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
@ -1730,8 +1730,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
@ -1767,8 +1767,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery),
@ -1835,8 +1835,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid profile email tuna"}), path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid profile email tuna"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
@ -1876,8 +1876,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
@ -1888,8 +1888,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery),
@ -1931,8 +1931,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
@ -1943,8 +1943,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
@ -1976,8 +1976,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery),
@ -2023,8 +2023,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"client_id": ""}), path: modifiedHappyGetRequestPath(map[string]string{"client_id": ""}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusUnauthorized, wantStatus: http.StatusUnauthorized,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantBodyJSON: fositeInvalidClientErrorBody, wantBodyJSON: fositeInvalidClientErrorBody,
@ -2074,8 +2074,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2088,8 +2088,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery),
@ -2132,8 +2132,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2146,8 +2146,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery),
@ -2190,8 +2190,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2204,8 +2204,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery),
@ -2248,8 +2248,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2262,8 +2262,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery),
@ -2312,8 +2312,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2328,8 +2328,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery),
@ -2383,8 +2383,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
// The following prompt value is illegal when openid is requested, but note that openid is not requested. // The following prompt value is illegal when openid is requested, but note that openid is not requested.
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2406,8 +2406,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
method: http.MethodGet, method: http.MethodGet,
// The following prompt value is illegal when openid is requested, but note that openid is not requested. // The following prompt value is illegal when openid is requested, but note that openid is not requested.
path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=username\+groups&state=` + happyState, // username and groups scopes were not requested, but are granted anyway for backwards compatibility wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=username\+groups&state=` + happyState, // username and groups scopes were not requested, but are granted anyway for backwards compatibility
@ -2429,8 +2429,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2455,8 +2455,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2482,8 +2482,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2510,8 +2510,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2537,8 +2537,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2555,8 +2555,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2570,8 +2570,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2595,8 +2595,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2620,8 +2620,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2644,8 +2644,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2659,8 +2659,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: htmlContentType, wantContentType: htmlContentType,
@ -2683,8 +2683,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2698,8 +2698,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2713,8 +2713,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2728,8 +2728,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2743,8 +2743,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2758,8 +2758,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2773,8 +2773,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2788,8 +2788,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2803,8 +2803,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2818,8 +2818,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2833,8 +2833,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
), ),
method: http.MethodGet, method: http.MethodGet,
path: happyGetRequestPath, path: happyGetRequestPath,
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation,
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
@ -2877,8 +2877,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}),
customUsernameHeader: pointer.StringPtr(oidcUpstreamUsername), customUsernameHeader: pointer.String(oidcUpstreamUsername),
customPasswordHeader: pointer.StringPtr(oidcUpstreamPassword), customPasswordHeader: pointer.String(oidcUpstreamPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery),
@ -2889,8 +2889,8 @@ func TestAuthorizationEndpoint(t *testing.T) {
idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider),
method: http.MethodGet, method: http.MethodGet,
path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}),
customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customUsernameHeader: pointer.String(happyLDAPUsername),
customPasswordHeader: pointer.StringPtr(happyLDAPPassword), customPasswordHeader: pointer.String(happyLDAPPassword),
wantStatus: http.StatusFound, wantStatus: http.StatusFound,
wantContentType: jsonContentType, wantContentType: jsonContentType,
wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery),

2
internal/registry/credentialrequest/rest_test.go
View File

@ -386,7 +386,7 @@ func requireSuccessfulResponseWithAuthenticationFailureMessage(t *testing.T, err
require.Equal(t, response, &loginapi.TokenCredentialRequest{ require.Equal(t, response, &loginapi.TokenCredentialRequest{
Status: loginapi.TokenCredentialRequestStatus{ Status: loginapi.TokenCredentialRequestStatus{
Credential: nil, Credential: nil,
Message: pointer.StringPtr("authentication failed"), Message: pointer.String("authentication failed"),
}, },
}) })
} }

2
test/integration/concierge_credentialrequest_test.go
View File

@ -151,7 +151,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic
require.Empty(t, response.Spec) require.Empty(t, response.Spec)
require.Nil(t, response.Status.Credential) require.Nil(t, response.Status.Credential)
require.Equal(t, pointer.StringPtr("authentication failed"), response.Status.Message) require.Equal(t, pointer.String("authentication failed"), response.Status.Message)
} }
// TCRs are non-mutating and safe to run in parallel with serial tests, see main_test.go. // TCRs are non-mutating and safe to run in parallel with serial tests, see main_test.go.

4
test/integration/concierge_kubecertagent_test.go
View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration package integration
@ -132,7 +132,7 @@ func TestLegacyPodCleaner_Parallel(t *testing.T) {
t.Cleanup(func() { t.Cleanup(func() {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
defer cancel() defer cancel()
err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: pointer.Int64Ptr(0)}) err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: pointer.Int64(0)})
if !k8serrors.IsNotFound(err) { if !k8serrors.IsNotFound(err) {
require.NoError(t, err, "failed to clean up fake legacy agent pod") require.NoError(t, err, "failed to clean up fake legacy agent pod")
} }