Add integration test for OIDCClientSecretRequest
Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
parent
479b6c421d
commit
ba371423d9
@ -23,6 +23,8 @@ import (
|
|||||||
pinnipedconciergeclientsetscheme "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme"
|
pinnipedconciergeclientsetscheme "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme"
|
||||||
pinnipedsupervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
|
pinnipedsupervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
|
||||||
pinnipedsupervisorclientsetscheme "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme"
|
pinnipedsupervisorclientsetscheme "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme"
|
||||||
|
pinnipedsupervisorvirtualclientset "go.pinniped.dev/generated/latest/client/supervisor/virtual/clientset/versioned"
|
||||||
|
pinnipedsupervisorvirtualclientsetscheme "go.pinniped.dev/generated/latest/client/supervisor/virtual/clientset/versioned/scheme"
|
||||||
"go.pinniped.dev/internal/crypto/ptls"
|
"go.pinniped.dev/internal/crypto/ptls"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -31,6 +33,7 @@ type Client struct {
|
|||||||
Aggregation aggregatorclient.Interface
|
Aggregation aggregatorclient.Interface
|
||||||
PinnipedConcierge pinnipedconciergeclientset.Interface
|
PinnipedConcierge pinnipedconciergeclientset.Interface
|
||||||
PinnipedSupervisor pinnipedsupervisorclientset.Interface
|
PinnipedSupervisor pinnipedsupervisorclientset.Interface
|
||||||
|
PinnipedSupervisorVirtual pinnipedsupervisorvirtualclientset.Interface
|
||||||
|
|
||||||
JSONConfig, ProtoConfig *restclient.Config
|
JSONConfig, ProtoConfig *restclient.Config
|
||||||
}
|
}
|
||||||
@ -90,11 +93,17 @@ func New(opts ...Option) (*Client, error) {
|
|||||||
return nil, fmt.Errorf("could not initialize pinniped client: %w", err)
|
return nil, fmt.Errorf("could not initialize pinniped client: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Connect to the pinniped supervisor aggregated API.
|
||||||
|
pinnipedSupervisorVirtualClient, err := pinnipedsupervisorvirtualclientset.NewForConfig(configWithWrapper(jsonKubeConfig, pinnipedsupervisorvirtualclientsetscheme.Scheme, pinnipedsupervisorvirtualclientsetscheme.Codecs, c.middlewares, c.transportWrapper))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("could not initialize pinniped client: %w", err)
|
||||||
|
}
|
||||||
return &Client{
|
return &Client{
|
||||||
Kubernetes: k8sClient,
|
Kubernetes: k8sClient,
|
||||||
Aggregation: aggregatorClient,
|
Aggregation: aggregatorClient,
|
||||||
PinnipedConcierge: pinnipedConciergeClient,
|
PinnipedConcierge: pinnipedConciergeClient,
|
||||||
PinnipedSupervisor: pinnipedSupervisorClient,
|
PinnipedSupervisor: pinnipedSupervisorClient,
|
||||||
|
PinnipedSupervisorVirtual: pinnipedSupervisorVirtualClient,
|
||||||
|
|
||||||
JSONConfig: jsonKubeConfig,
|
JSONConfig: jsonKubeConfig,
|
||||||
ProtoConfig: protoKubeConfig,
|
ProtoConfig: protoKubeConfig,
|
||||||
|
54
test/integration/supervisor_oidcclientsecret_test.go
Normal file
54
test/integration/supervisor_oidcclientsecret_test.go
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package integration
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
"go.pinniped.dev/generated/latest/apis/supervisor/virtual/oauth/v1alpha1"
|
||||||
|
"go.pinniped.dev/test/testlib"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestOIDCClientSecretRequest_HappyPath_Parallel(t *testing.T) {
|
||||||
|
env := testlib.IntegrationEnv(t)
|
||||||
|
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
client := testlib.NewVirtualSupervisorClientset(t)
|
||||||
|
|
||||||
|
response, err := client.OauthV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx,
|
||||||
|
&v1alpha1.OIDCClientSecretRequest{
|
||||||
|
Spec: v1alpha1.OIDCClientSecretRequestSpec{
|
||||||
|
GenerateNewSecret: true,
|
||||||
|
},
|
||||||
|
}, metav1.CreateOptions{})
|
||||||
|
require.NoError(t, err)
|
||||||
|
// the hardcoded values from the nonfunctional request
|
||||||
|
require.Equal(t, response.Status.TotalClientSecrets, 20)
|
||||||
|
require.Equal(t, response.Status.GeneratedSecret, "not-a-real-secret")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestOIDCClientSecretRequest_Unauthenticated_Parallel(t *testing.T) {
|
||||||
|
env := testlib.IntegrationEnv(t)
|
||||||
|
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
client := testlib.NewAnonymousVirtualSupervisorClientset(t)
|
||||||
|
|
||||||
|
_, err := client.OauthV1alpha1().OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx,
|
||||||
|
&v1alpha1.OIDCClientSecretRequest{
|
||||||
|
Spec: v1alpha1.OIDCClientSecretRequestSpec{
|
||||||
|
GenerateNewSecret: true,
|
||||||
|
},
|
||||||
|
}, metav1.CreateOptions{})
|
||||||
|
require.Error(t, err)
|
||||||
|
require.Contains(t, err.Error(), "User \"system:anonymous\" cannot create resource \"oidcclientsecretrequests\"")
|
||||||
|
}
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package testlib
|
package testlib
|
||||||
@ -34,6 +34,7 @@ import (
|
|||||||
idpv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
|
idpv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
|
||||||
conciergeclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
conciergeclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||||
supervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
|
supervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
|
||||||
|
virtualsupervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/virtual/clientset/versioned"
|
||||||
"go.pinniped.dev/internal/groupsuffix"
|
"go.pinniped.dev/internal/groupsuffix"
|
||||||
"go.pinniped.dev/internal/kubeclient"
|
"go.pinniped.dev/internal/kubeclient"
|
||||||
|
|
||||||
@ -86,6 +87,18 @@ func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface {
|
|||||||
return NewKubeclient(t, NewClientConfig(t)).PinnipedSupervisor
|
return NewKubeclient(t, NewClientConfig(t)).PinnipedSupervisor
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewAnonymousVirtualSupervisorClientset(t *testing.T) virtualsupervisorclientset.Interface {
|
||||||
|
t.Helper()
|
||||||
|
|
||||||
|
return NewKubeclient(t, NewAnonymousClientRestConfig(t)).PinnipedSupervisorVirtual
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewVirtualSupervisorClientset(t *testing.T) virtualsupervisorclientset.Interface {
|
||||||
|
t.Helper()
|
||||||
|
|
||||||
|
return NewKubeclient(t, NewClientConfig(t)).PinnipedSupervisorVirtual
|
||||||
|
}
|
||||||
|
|
||||||
func NewConciergeClientset(t *testing.T) conciergeclientset.Interface {
|
func NewConciergeClientset(t *testing.T) conciergeclientset.Interface {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user