Use a random password for the dex integration test user
Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
parent
c0361645e2
commit
cd6e48bfa8
@ -210,12 +210,14 @@ if ! tilt_mode; then
|
||||
#
|
||||
# Deploy dex
|
||||
#
|
||||
dex_test_password="$(openssl rand -hex 16)"
|
||||
pushd test/deploy/dex >/dev/null
|
||||
|
||||
log_note "Deploying Dex to the cluster..."
|
||||
ytt --file . >"$manifest"
|
||||
ytt --file . \
|
||||
--data-value-yaml "supervisor_redirect_uris=[https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback]" \
|
||||
--data-value "pinny_bcrypt_passwd_hash=$(htpasswd -nbBC 10 x "$dex_test_password" | sed -e "s/^x://")" \
|
||||
>"$manifest"
|
||||
|
||||
kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
|
||||
@ -328,7 +330,7 @@ export PINNIPED_TEST_CLI_OIDC_ISSUER_CA_BUNDLE="${test_ca_bundle_pem}"
|
||||
export PINNIPED_TEST_CLI_OIDC_CLIENT_ID=pinniped-cli
|
||||
export PINNIPED_TEST_CLI_OIDC_CALLBACK_URL=http://127.0.0.1:48095/callback
|
||||
export PINNIPED_TEST_CLI_OIDC_USERNAME=pinny@example.com
|
||||
export PINNIPED_TEST_CLI_OIDC_PASSWORD=password
|
||||
export PINNIPED_TEST_CLI_OIDC_PASSWORD=${dex_test_password}
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER=https://dex.dex.svc.cluster.local/dex
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ISSUER_CA_BUNDLE="${test_ca_bundle_pem}"
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_ADDITIONAL_SCOPES=email
|
||||
@ -338,7 +340,7 @@ export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_ID=pinniped-supervisor
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CLIENT_SECRET=pinniped-supervisor-secret
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_CALLBACK_URL=https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_USERNAME=pinny@example.com
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_PASSWORD=password
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_PASSWORD=${dex_test_password}
|
||||
export PINNIPED_TEST_SUPERVISOR_UPSTREAM_OIDC_EXPECTED_GROUPS= # Dex's local user store does not let us configure groups.
|
||||
export PINNIPED_TEST_API_GROUP_SUFFIX='${api_group_suffix}'
|
||||
|
||||
|
@ -32,7 +32,7 @@ enablePasswordDB: true
|
||||
staticPasswords:
|
||||
- username: "pinny"
|
||||
email: "pinny@example.com"
|
||||
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" #! bcrypt("password")
|
||||
hash: #@ data.values.pinny_bcrypt_passwd_hash
|
||||
userID: "061d23d1-fe1e-4777-9ae9-59cd12abeaaa"
|
||||
#@ end
|
||||
|
||||
|
@ -19,3 +19,6 @@ ports:
|
||||
#! supervisor_redirect_uris is an array of redirect uris that dex will use for its pinniped-supervisor client.
|
||||
#! usage: --data-value-yaml "supervisor_redirect_uris=[some-redirect.com,some-other-redirect.com]"
|
||||
supervisor_redirect_uris: []
|
||||
|
||||
#! The bcrypt-hashed password of the pinny test user account.
|
||||
pinny_bcrypt_passwd_hash:
|
||||
|
Loading…
Reference in New Issue
Block a user