Merge branch 'main' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint
This commit is contained in:
commit
e25d090ca9
@ -149,7 +149,7 @@ k8s_yaml(local([
|
||||
'--data-value image_repo=image/concierge ' +
|
||||
'--data-value image_tag=tilt-dev ' +
|
||||
'--data-value kube_cert_agent_image=debian:10.6-slim ' +
|
||||
'--data-value discovery_url=$(TERM=dumb kubectl cluster-info | awk \'/Kubernetes master/ {print $NF}\') ' +
|
||||
'--data-value discovery_url=$(TERM=dumb kubectl cluster-info | awk \'/master|control plane/ {print $NF}\') ' +
|
||||
'--data-value log_level=debug ' +
|
||||
'--data-value-yaml replicas=1 ' +
|
||||
'--data-value-yaml "custom_labels={myConciergeCustomLabelName: myConciergeCustomLabelValue}"'
|
||||
|
@ -123,7 +123,7 @@ if ! tilt_mode; then
|
||||
# Our kind config exposes node port 31234 as 127.0.0.1:12345, 31243 as 127.0.0.1:12344, and 31235 as 127.0.0.1:12346
|
||||
./hack/kind-up.sh
|
||||
else
|
||||
if ! kubectl cluster-info | grep master | grep -q 127.0.0.1; then
|
||||
if ! kubectl cluster-info | grep -E '(master|control plane)' | grep -q 127.0.0.1; then
|
||||
log_error "Seems like your kubeconfig is not targeting a local cluster."
|
||||
log_error "Exiting to avoid accidentally running tests against a real cluster."
|
||||
exit 1
|
||||
@ -249,7 +249,7 @@ concierge_app_name="pinniped-concierge"
|
||||
concierge_namespace="concierge"
|
||||
webhook_url="https://local-user-authenticator.local-user-authenticator.svc/authenticate"
|
||||
webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')"
|
||||
discovery_url="$(TERM=dumb kubectl cluster-info | awk '/Kubernetes master/ {print $NF}')"
|
||||
discovery_url="$(TERM=dumb kubectl cluster-info | awk '/master|control plane/ {print $NF}')"
|
||||
concierge_custom_labels="{myConciergeCustomLabelName: myConciergeCustomLabelValue}"
|
||||
|
||||
if ! tilt_mode; then
|
||||
|
@ -180,14 +180,22 @@ func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T) corev1.TypedL
|
||||
createContext, cancel := context.WithTimeout(ctx, 5*time.Second)
|
||||
defer cancel()
|
||||
|
||||
// If the test upstream does not have a CA bundle specified, then don't configure one in the
|
||||
// JWTAuthenticator. Leaving TLSSpec set to nil will result in OIDC discovery using the OS's root
|
||||
// CA store.
|
||||
tlsSpec := &auth1alpha1.TLSSpec{
|
||||
CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(testEnv.CLITestUpstream.CABundle)),
|
||||
}
|
||||
if testEnv.CLITestUpstream.CABundle == "" {
|
||||
tlsSpec = nil
|
||||
}
|
||||
|
||||
jwtAuthenticator, err := jwtAuthenticators.Create(createContext, &auth1alpha1.JWTAuthenticator{
|
||||
ObjectMeta: testObjectMeta(t, "jwt-authenticator"),
|
||||
Spec: auth1alpha1.JWTAuthenticatorSpec{
|
||||
Issuer: testEnv.CLITestUpstream.Issuer,
|
||||
Audience: testEnv.CLITestUpstream.ClientID,
|
||||
TLS: &auth1alpha1.TLSSpec{
|
||||
CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(testEnv.CLITestUpstream.CABundle)),
|
||||
},
|
||||
TLS: tlsSpec,
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
require.NoError(t, err, "could not create test JWTAuthenticator")
|
||||
|
Loading…
Reference in New Issue
Block a user