djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add an integration test that tries to use a non-existent IDP.

Browse Source 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2020-09-22 10:02:32 -05:00
parent 16ef2baf8a
commit e574a99c5e
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
2 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
test/integration/credentialrequest_test.go
View File

@ -16,10 +16,28 @@ import (
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"go.pinniped.dev/generated/1.19/apis/login/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/login/v1alpha1"
"go.pinniped.dev/test/library" "go.pinniped.dev/test/library"
) )
func TestUnsuccessfulCredentialRequest(t *testing.T) {
library.SkipUnlessIntegration(t)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
response, err := makeRequest(ctx, t, validCredentialRequestSpecWithRealToken(t, corev1.TypedLocalObjectReference{
APIGroup: &idpv1alpha1.SchemeGroupVersion.Group,
Kind: "WebhookIdentityProvider",
Name: "some-webhook-that-does-not-exist",
}))
require.NoError(t, err)
require.Nil(t, response.Status.Credential)
require.NotNil(t, response.Status.Message)
require.Equal(t, "authentication failed", *response.Status.Message)
}
func TestSuccessfulCredentialRequest(t *testing.T) { func TestSuccessfulCredentialRequest(t *testing.T) {
library.SkipUnlessIntegration(t) library.SkipUnlessIntegration(t)
library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable)
@ -73,7 +91,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic
library.SkipUnlessIntegration(t) library.SkipUnlessIntegration(t)
library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable)
response, err := makeRequest(context.Background(), t, v1alpha1.TokenCredentialRequestSpec{Token: "not a good token"}) response, err := makeRequest(context.Background(), t, loginv1alpha1.TokenCredentialRequestSpec{Token: "not a good token"})
require.NoError(t, err) require.NoError(t, err)
@ -86,7 +104,7 @@ func TestCredentialRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T
library.SkipUnlessIntegration(t) library.SkipUnlessIntegration(t)
library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable)
response, err := makeRequest(context.Background(), t, v1alpha1.TokenCredentialRequestSpec{Token: ""}) response, err := makeRequest(context.Background(), t, loginv1alpha1.TokenCredentialRequestSpec{Token: ""})
require.Error(t, err) require.Error(t, err)
statusError, isStatus := err.(*errors.StatusError) statusError, isStatus := err.(*errors.StatusError)
@ -120,7 +138,7 @@ func TestCredentialRequest_OtherwiseValidRequestWithRealTokenShouldFailWhenTheCl
require.Equal(t, stringPtr("authentication failed"), response.Status.Message) require.Equal(t, stringPtr("authentication failed"), response.Status.Message)
} }
func makeRequest(ctx context.Context, t *testing.T, spec v1alpha1.TokenCredentialRequestSpec) (*v1alpha1.TokenCredentialRequest, error) { func makeRequest(ctx context.Context, t *testing.T, spec loginv1alpha1.TokenCredentialRequestSpec) (*loginv1alpha1.TokenCredentialRequest, error) {
t.Helper() t.Helper()
client := library.NewAnonymousPinnipedClientset(t) client := library.NewAnonymousPinnipedClientset(t)
@ -129,15 +147,15 @@ func makeRequest(ctx context.Context, t *testing.T, spec v1alpha1.TokenCredentia
defer cancel() defer cancel()
ns := library.GetEnv(t, "PINNIPED_NAMESPACE") ns := library.GetEnv(t, "PINNIPED_NAMESPACE")
return client.LoginV1alpha1().TokenCredentialRequests(ns).Create(ctx, &v1alpha1.TokenCredentialRequest{ return client.LoginV1alpha1().TokenCredentialRequests(ns).Create(ctx, &loginv1alpha1.TokenCredentialRequest{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{Namespace: ns}, ObjectMeta: metav1.ObjectMeta{Namespace: ns},
Spec: spec, Spec: spec,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
} }
func validCredentialRequestSpecWithRealToken(t *testing.T, idp corev1.TypedLocalObjectReference) v1alpha1.TokenCredentialRequestSpec { func validCredentialRequestSpecWithRealToken(t *testing.T, idp corev1.TypedLocalObjectReference) loginv1alpha1.TokenCredentialRequestSpec {
return v1alpha1.TokenCredentialRequestSpec{ return loginv1alpha1.TokenCredentialRequestSpec{
Token: library.GetEnv(t, "PINNIPED_TEST_USER_TOKEN"), Token: library.GetEnv(t, "PINNIPED_TEST_USER_TOKEN"),
IdentityProvider: idp, IdentityProvider: idp,
} }

1
test/library/client.go
View File

@ -170,6 +170,7 @@ func CreateTestWebhookIDP(ctx context.Context, t *testing.T) corev1.TypedLocalOb
t.Logf("created test WebhookIdentityProvider %s/%s", idp.Namespace, idp.Name) t.Logf("created test WebhookIdentityProvider %s/%s", idp.Namespace, idp.Name)
t.Cleanup(func() { t.Cleanup(func() {
t.Helper()
t.Logf("cleaning up test WebhookIdentityProvider %s/%s", idp.Namespace, idp.Name) t.Logf("cleaning up test WebhookIdentityProvider %s/%s", idp.Namespace, idp.Name)
deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel() defer cancel()