Add integration test for OIDCClientSecretRequest

Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Margo Crawford 2022-06-10 13:56:15 -07:00
parent 479b6c421d
commit ba371423d9
3 changed files with 85 additions and 9 deletions

View File

@ -23,14 +23,17 @@ import (
pinnipedconciergeclientsetscheme "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme"
pinnipedsupervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
pinnipedsupervisorclientsetscheme "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme"
pinnipedsupervisorvirtualclientset "go.pinniped.dev/generated/latest/client/supervisor/virtual/clientset/versioned"
pinnipedsupervisorvirtualclientsetscheme "go.pinniped.dev/generated/latest/client/supervisor/virtual/clientset/versioned/scheme"
"go.pinniped.dev/internal/crypto/ptls"
)
type Client struct {
Kubernetes kubernetes.Interface
Aggregation aggregatorclient.Interface
PinnipedConcierge pinnipedconciergeclientset.Interface
PinnipedSupervisor pinnipedsupervisorclientset.Interface
Kubernetes kubernetes.Interface
Aggregation aggregatorclient.Interface
PinnipedConcierge pinnipedconciergeclientset.Interface
PinnipedSupervisor pinnipedsupervisorclientset.Interface
PinnipedSupervisorVirtual pinnipedsupervisorvirtualclientset.Interface
JSONConfig, ProtoConfig *restclient.Config
}
@ -90,11 +93,17 @@ func New(opts ...Option) (*Client, error) {
return nil, fmt.Errorf("could not initialize pinniped client: %w", err)
}
// Connect to the pinniped supervisor aggregated API.
pinnipedSupervisorVirtualClient, err := pinnipedsupervisorvirtualclientset.NewForConfig(configWithWrapper(jsonKubeConfig, pinnipedsupervisorvirtualclientsetscheme.Scheme, pinnipedsupervisorvirtualclientsetscheme.Codecs, c.middlewares, c.transportWrapper))
if err != nil {
return nil, fmt.Errorf("could not initialize pinniped client: %w", err)
}
return &Client{
Kubernetes: k8sClient,
Aggregation: aggregatorClient,
PinnipedConcierge: pinnipedConciergeClient,
PinnipedSupervisor: pinnipedSupervisorClient,
Kubernetes: k8sClient,
Aggregation: aggregatorClient,
PinnipedConcierge: pinnipedConciergeClient,
PinnipedSupervisor: pinnipedSupervisorClient,
PinnipedSupervisorVirtual: pinnipedSupervisorVirtualClient,
JSONConfig: jsonKubeConfig,
ProtoConfig: protoKubeConfig,

View File

@ -0,0 +1,54 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package integration
import (
"context"
"testing"
"time"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"go.pinniped.dev/generated/latest/apis/supervisor/virtual/oauth/v1alpha1"
"go.pinniped.dev/test/testlib"
)
func TestOIDCClientSecretRequest_HappyPath_Parallel(t *testing.T) {
env := testlib.IntegrationEnv(t)
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()
client := testlib.NewVirtualSupervisorClientset(t)
response, err := client.OauthV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx,
&v1alpha1.OIDCClientSecretRequest{
Spec: v1alpha1.OIDCClientSecretRequestSpec{
GenerateNewSecret: true,
},
}, metav1.CreateOptions{})
require.NoError(t, err)
// the hardcoded values from the nonfunctional request
require.Equal(t, response.Status.TotalClientSecrets, 20)
require.Equal(t, response.Status.GeneratedSecret, "not-a-real-secret")
}
func TestOIDCClientSecretRequest_Unauthenticated_Parallel(t *testing.T) {
env := testlib.IntegrationEnv(t)
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()
client := testlib.NewAnonymousVirtualSupervisorClientset(t)
_, err := client.OauthV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx,
&v1alpha1.OIDCClientSecretRequest{
Spec: v1alpha1.OIDCClientSecretRequestSpec{
GenerateNewSecret: true,
},
}, metav1.CreateOptions{})
require.Error(t, err)
require.Contains(t, err.Error(), "User \"system:anonymous\" cannot create resource \"oidcclientsecretrequests\"")
}

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package testlib
@ -34,6 +34,7 @@ import (
idpv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
conciergeclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
supervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
virtualsupervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/virtual/clientset/versioned"
"go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/kubeclient"
@ -86,6 +87,18 @@ func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface {
return NewKubeclient(t, NewClientConfig(t)).PinnipedSupervisor
}
func NewAnonymousVirtualSupervisorClientset(t *testing.T) virtualsupervisorclientset.Interface {
t.Helper()
return NewKubeclient(t, NewAnonymousClientRestConfig(t)).PinnipedSupervisorVirtual
}
func NewVirtualSupervisorClientset(t *testing.T) virtualsupervisorclientset.Interface {
t.Helper()
return NewKubeclient(t, NewClientConfig(t)).PinnipedSupervisorVirtual
}
func NewConciergeClientset(t *testing.T) conciergeclientset.Interface {
t.Helper()