diff --git a/cmd/pinniped-supervisor/main.go b/cmd/pinniped-supervisor/main.go index 3ac3ad1e..fe719af8 100644 --- a/cmd/pinniped-supervisor/main.go +++ b/cmd/pinniped-supervisor/main.go @@ -15,8 +15,6 @@ import ( "strings" "time" - "go.pinniped.dev/internal/controller/supervisorconfig/activedirectoryupstreamwatcher" - appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/clock" @@ -33,6 +31,7 @@ import ( pinnipedinformers "go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions" "go.pinniped.dev/internal/config/supervisor" "go.pinniped.dev/internal/controller/supervisorconfig" + "go.pinniped.dev/internal/controller/supervisorconfig/activedirectoryupstreamwatcher" "go.pinniped.dev/internal/controller/supervisorconfig/generator" "go.pinniped.dev/internal/controller/supervisorconfig/ldapupstreamwatcher" "go.pinniped.dev/internal/controller/supervisorconfig/oidcupstreamwatcher" diff --git a/deploy/supervisor/z0_crd_overlay.yaml b/deploy/supervisor/z0_crd_overlay.yaml index 8e2dca11..7596975d 100644 --- a/deploy/supervisor/z0_crd_overlay.yaml +++ b/deploy/supervisor/z0_crd_overlay.yaml @@ -31,3 +31,12 @@ metadata: name: #@ pinnipedDevAPIGroupWithPrefix("ldapidentityproviders.idp.supervisor") spec: group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor") + +#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"activedirectoryidentityproviders.idp.supervisor.pinniped.dev"}}), expects=1 +--- +metadata: + #@overlay/match missing_ok=True + labels: #@ labels() + name: #@ pinnipedDevAPIGroupWithPrefix("activedirectoryidentityproviders.idp.supervisor") +spec: + group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor") diff --git a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher.go b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher.go index 39e5a0b3..3d611710 100644 --- a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher.go +++ b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher.go @@ -11,8 +11,6 @@ import ( "fmt" "time" - "go.pinniped.dev/internal/upstreamad" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -29,6 +27,7 @@ import ( "go.pinniped.dev/internal/controllerlib" "go.pinniped.dev/internal/oidc/provider" "go.pinniped.dev/internal/plog" + "go.pinniped.dev/internal/upstreamad" "go.pinniped.dev/internal/upstreamldap" ) @@ -133,7 +132,7 @@ func newInternal( func (c *activeDirectoryWatcherController) Sync(ctx controllerlib.Context) error { actualUpstreams, err := c.activeDirectoryIdentityProviderInformer.Lister().List(labels.Everything()) if err != nil { - return fmt.Errorf("failed to list LDAPIdentityProviders: %w", err) + return fmt.Errorf("failed to list ActiveDirectoryIdentityProviders: %w", err) } requeue := false diff --git a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go index 1b7ae2aa..c14c4390 100644 --- a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go @@ -35,7 +35,7 @@ import ( "go.pinniped.dev/internal/upstreamldap" ) -func TestLDAPUpstreamWatcherControllerFilterSecrets(t *testing.T) { +func TestActiveDirectoryUpstreamWatcherControllerFilterSecrets(t *testing.T) { t.Parallel() tests := []struct { @@ -94,7 +94,7 @@ func TestLDAPUpstreamWatcherControllerFilterSecrets(t *testing.T) { } } -func TestLDAPUpstreamWatcherControllerFilterLDAPIdentityProviders(t *testing.T) { +func TestActiveDirectoryUpstreamWatcherControllerFilterActiveDirectoryIdentityProviders(t *testing.T) { t.Parallel() tests := []struct { @@ -105,7 +105,7 @@ func TestLDAPUpstreamWatcherControllerFilterLDAPIdentityProviders(t *testing.T) wantDelete bool }{ { - name: "any LDAPIdentityProvider", + name: "any ActiveDirectoryIdentityProvider", idp: &v1alpha1.ActiveDirectoryIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"}, }, diff --git a/internal/upstreamad/upstreamad.go b/internal/upstreamad/upstreamad.go index c6e457b8..5b2f34fa 100644 --- a/internal/upstreamad/upstreamad.go +++ b/internal/upstreamad/upstreamad.go @@ -17,8 +17,6 @@ import ( "strings" "time" - "go.pinniped.dev/internal/upstreamldap" - "github.com/go-ldap/ldap/v3" "github.com/gofrs/uuid" "k8s.io/apiserver/pkg/authentication/authenticator" @@ -29,6 +27,7 @@ import ( "go.pinniped.dev/internal/endpointaddr" "go.pinniped.dev/internal/oidc/provider" "go.pinniped.dev/internal/plog" + "go.pinniped.dev/internal/upstreamldap" ) const ( diff --git a/internal/upstreamad/upstreamad_test.go b/internal/upstreamad/upstreamad_test.go index 346741b5..579bddd2 100644 --- a/internal/upstreamad/upstreamad_test.go +++ b/internal/upstreamad/upstreamad_test.go @@ -15,8 +15,6 @@ import ( "testing" "time" - "go.pinniped.dev/internal/upstreamldap" - "github.com/go-ldap/ldap/v3" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" @@ -27,6 +25,7 @@ import ( "go.pinniped.dev/internal/endpointaddr" "go.pinniped.dev/internal/mocks/mockldapconn" "go.pinniped.dev/internal/testutil" + "go.pinniped.dev/internal/upstreamldap" ) const ( diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index df53f302..bfb93886 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -610,7 +610,7 @@ func requestAuthorizationUsingOIDCIdentityProvider(t *testing.T, downstreamAutho func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAuthorizeURL, upstreamUsername, upstreamPassword string, httpClient *http.Client) { t.Helper() - ctx, cancelFunc := context.WithTimeout(context.Background(), 2*time.Minute) + ctx, cancelFunc := context.WithTimeout(context.Background(), time.Minute) defer cancelFunc() authRequest, err := http.NewRequestWithContext(ctx, http.MethodGet, downstreamAuthorizeURL, nil) @@ -641,7 +641,7 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho return false, nil } return true, nil - }, 60*time.Second, 200*time.Millisecond) + }, 30*time.Second, 200*time.Millisecond) expectSecurityHeaders(t, authResponse, true) diff --git a/test/testlib/client.go b/test/testlib/client.go index 0cebe5ad..8c91f40a 100644 --- a/test/testlib/client.go +++ b/test/testlib/client.go @@ -15,12 +15,11 @@ import ( "testing" "time" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - "github.com/stretchr/testify/require" authorizationv1 "k8s.io/api/authorization/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" diff --git a/test/testlib/env.go b/test/testlib/env.go index 5d68d4a6..64706e58 100644 --- a/test/testlib/env.go +++ b/test/testlib/env.go @@ -284,6 +284,8 @@ func loadEnvVars(t *testing.T, result *TestEnv) { sort.Strings(result.SupervisorUpstreamLDAP.TestUserDirectGroupsCNs) sort.Strings(result.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs) + sort.Strings(result.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsCNs) + sort.Strings(result.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsDNs) } func (e *TestEnv) HasCapability(cap Capability) bool {