From e574a99c5e432ba09c48e2ce4b660983843b5e68 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Tue, 22 Sep 2020 10:02:32 -0500 Subject: [PATCH] Add an integration test that tries to use a non-existent IDP. Signed-off-by: Matt Moyer --- test/integration/credentialrequest_test.go | 32 +++++++++++++++++----- test/library/client.go | 1 + 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/test/integration/credentialrequest_test.go b/test/integration/credentialrequest_test.go index da2512bd..d27f652e 100644 --- a/test/integration/credentialrequest_test.go +++ b/test/integration/credentialrequest_test.go @@ -16,10 +16,28 @@ import ( "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "go.pinniped.dev/generated/1.19/apis/login/v1alpha1" + idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1" + loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/login/v1alpha1" "go.pinniped.dev/test/library" ) +func TestUnsuccessfulCredentialRequest(t *testing.T) { + library.SkipUnlessIntegration(t) + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + response, err := makeRequest(ctx, t, validCredentialRequestSpecWithRealToken(t, corev1.TypedLocalObjectReference{ + APIGroup: &idpv1alpha1.SchemeGroupVersion.Group, + Kind: "WebhookIdentityProvider", + Name: "some-webhook-that-does-not-exist", + })) + require.NoError(t, err) + require.Nil(t, response.Status.Credential) + require.NotNil(t, response.Status.Message) + require.Equal(t, "authentication failed", *response.Status.Message) +} + func TestSuccessfulCredentialRequest(t *testing.T) { library.SkipUnlessIntegration(t) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) @@ -73,7 +91,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic library.SkipUnlessIntegration(t) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) - response, err := makeRequest(context.Background(), t, v1alpha1.TokenCredentialRequestSpec{Token: "not a good token"}) + response, err := makeRequest(context.Background(), t, loginv1alpha1.TokenCredentialRequestSpec{Token: "not a good token"}) require.NoError(t, err) @@ -86,7 +104,7 @@ func TestCredentialRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T library.SkipUnlessIntegration(t) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) - response, err := makeRequest(context.Background(), t, v1alpha1.TokenCredentialRequestSpec{Token: ""}) + response, err := makeRequest(context.Background(), t, loginv1alpha1.TokenCredentialRequestSpec{Token: ""}) require.Error(t, err) statusError, isStatus := err.(*errors.StatusError) @@ -120,7 +138,7 @@ func TestCredentialRequest_OtherwiseValidRequestWithRealTokenShouldFailWhenTheCl require.Equal(t, stringPtr("authentication failed"), response.Status.Message) } -func makeRequest(ctx context.Context, t *testing.T, spec v1alpha1.TokenCredentialRequestSpec) (*v1alpha1.TokenCredentialRequest, error) { +func makeRequest(ctx context.Context, t *testing.T, spec loginv1alpha1.TokenCredentialRequestSpec) (*loginv1alpha1.TokenCredentialRequest, error) { t.Helper() client := library.NewAnonymousPinnipedClientset(t) @@ -129,15 +147,15 @@ func makeRequest(ctx context.Context, t *testing.T, spec v1alpha1.TokenCredentia defer cancel() ns := library.GetEnv(t, "PINNIPED_NAMESPACE") - return client.LoginV1alpha1().TokenCredentialRequests(ns).Create(ctx, &v1alpha1.TokenCredentialRequest{ + return client.LoginV1alpha1().TokenCredentialRequests(ns).Create(ctx, &loginv1alpha1.TokenCredentialRequest{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{Namespace: ns}, Spec: spec, }, metav1.CreateOptions{}) } -func validCredentialRequestSpecWithRealToken(t *testing.T, idp corev1.TypedLocalObjectReference) v1alpha1.TokenCredentialRequestSpec { - return v1alpha1.TokenCredentialRequestSpec{ +func validCredentialRequestSpecWithRealToken(t *testing.T, idp corev1.TypedLocalObjectReference) loginv1alpha1.TokenCredentialRequestSpec { + return loginv1alpha1.TokenCredentialRequestSpec{ Token: library.GetEnv(t, "PINNIPED_TEST_USER_TOKEN"), IdentityProvider: idp, } diff --git a/test/library/client.go b/test/library/client.go index 49599ba8..ec14c8cd 100644 --- a/test/library/client.go +++ b/test/library/client.go @@ -170,6 +170,7 @@ func CreateTestWebhookIDP(ctx context.Context, t *testing.T) corev1.TypedLocalOb t.Logf("created test WebhookIdentityProvider %s/%s", idp.Namespace, idp.Name) t.Cleanup(func() { + t.Helper() t.Logf("cleaning up test WebhookIdentityProvider %s/%s", idp.Namespace, idp.Name) deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel()