Skip some recently added integration tests when LDAP is unavailable

Also refactor to use shared test helper for skipping LDAP and AD tests.

test/integration/e2e_test.go

@@ -634,15 +634,13 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 	// Add an LDAP upstream IDP and try using it to authenticate during kubectl commands
 	// by interacting with the CLI's username and password prompts.
 	t.Run("with Supervisor LDAP upstream IDP using username and password prompts", func(t *testing.T) {
+		testlib.SkipTestWhenLDAPIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 
 		tempDir := testutil.TempDir(t) // per-test tmp dir to avoid sharing files between tests
 
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
-			t.Skip("LDAP integration test requires connectivity to an LDAP server")
-		}
-
 		expectedUsername := env.SupervisorUpstreamLDAP.TestUserMailAttributeValue
 		expectedGroups := env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs
 
@@ -696,15 +694,13 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 	// Add an LDAP upstream IDP and try using it to authenticate during kubectl commands
 	// by passing username and password via environment variables, thus avoiding the CLI's username and password prompts.
 	t.Run("with Supervisor LDAP upstream IDP using PINNIPED_USERNAME and PINNIPED_PASSWORD env vars", func(t *testing.T) {
+		testlib.SkipTestWhenLDAPIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 
 		tempDir := testutil.TempDir(t) // per-test tmp dir to avoid sharing files between tests
 
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
-			t.Skip("LDAP integration test requires connectivity to an LDAP server")
-		}
-
 		expectedUsername := env.SupervisorUpstreamLDAP.TestUserMailAttributeValue
 		expectedGroups := env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs
 
@@ -770,18 +766,13 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 	// Add an Active Directory upstream IDP and try using it to authenticate during kubectl commands
 	// by interacting with the CLI's username and password prompts.
 	t.Run("with Supervisor ActiveDirectory upstream IDP using username and password prompts", func(t *testing.T) {
+		testlib.SkipTestWhenActiveDirectoryIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 
 		tempDir := testutil.TempDir(t) // per-test tmp dir to avoid sharing files between tests
 
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
-			t.Skip("Active Directory integration test requires connectivity to an LDAP server")
-		}
-		if env.SupervisorUpstreamActiveDirectory.Host == "" {
-			t.Skip("Active Directory hostname not specified")
-		}
-
 		expectedUsername := env.SupervisorUpstreamActiveDirectory.TestUserPrincipalNameValue
 		expectedGroups := env.SupervisorUpstreamActiveDirectory.TestUserIndirectGroupsSAMAccountPlusDomainNames
 
@@ -835,19 +826,13 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 	// Add an ActiveDirectory upstream IDP and try using it to authenticate during kubectl commands
 	// by passing username and password via environment variables, thus avoiding the CLI's username and password prompts.
 	t.Run("with Supervisor ActiveDirectory upstream IDP using PINNIPED_USERNAME and PINNIPED_PASSWORD env vars", func(t *testing.T) {
+		testlib.SkipTestWhenActiveDirectoryIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 
 		tempDir := testutil.TempDir(t) // per-test tmp dir to avoid sharing files between tests
 
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
-			t.Skip("ActiveDirectory integration test requires connectivity to an LDAP server")
-		}
-
-		if env.SupervisorUpstreamActiveDirectory.Host == "" {
-			t.Skip("Active Directory hostname not specified")
-		}
-
 		expectedUsername := env.SupervisorUpstreamActiveDirectory.TestUserPrincipalNameValue
 		expectedGroups := env.SupervisorUpstreamActiveDirectory.TestUserIndirectGroupsSAMAccountPlusDomainNames
 
@@ -912,6 +897,8 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 
 	// Add an LDAP upstream IDP and try using it to authenticate during kubectl commands, using the browser flow.
 	t.Run("with Supervisor LDAP upstream IDP and browser flow with with form_post automatic authcode delivery to CLI", func(t *testing.T) {
+		testlib.SkipTestWhenLDAPIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 
@@ -966,6 +953,8 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 
 	// Add an Active Directory upstream IDP and try using it to authenticate during kubectl commands, using the browser flow.
 	t.Run("with Supervisor Active Directory upstream IDP and browser flow with with form_post automatic authcode delivery to CLI", func(t *testing.T) {
+		testlib.SkipTestWhenActiveDirectoryIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 
@@ -974,13 +963,6 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 		// Start a fresh browser driver because we don't want to share cookies between the various tests in this file.
 		page := browsertest.Open(t)
 
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
-			t.Skip("Active Directory integration test requires connectivity to an LDAP server")
-		}
-		if env.SupervisorUpstreamActiveDirectory.Host == "" {
-			t.Skip("Active Directory hostname not specified")
-		}
-
 		expectedUsername := env.SupervisorUpstreamActiveDirectory.TestUserPrincipalNameValue
 		expectedGroups := env.SupervisorUpstreamActiveDirectory.TestUserIndirectGroupsSAMAccountPlusDomainNames
 
@@ -1027,6 +1009,8 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
 
 	// Add an LDAP upstream IDP and try using it to authenticate during kubectl commands, using the env var to choose the browser flow.
 	t.Run("with Supervisor LDAP upstream IDP and browser flow selected by env var override with with form_post automatic authcode delivery to CLI", func(t *testing.T) {
+		testlib.SkipTestWhenLDAPIsUnavailable(t, env)
+
 		testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		t.Cleanup(cancel)
 

test/integration/supervisor_login_test.go

@@ -48,17 +48,12 @@ func TestSupervisorLogin_Browser(t *testing.T) {
 
 	skipLDAPTests := func(t *testing.T) {
 		t.Helper()
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
+		testlib.SkipTestWhenLDAPIsUnavailable(t, env)
-			t.Skip("LDAP integration test requires connectivity to an LDAP server")
-		}
 	}
 
 	skipActiveDirectoryTests := func(t *testing.T) {
 		t.Helper()
-		skipLDAPTests(t)
+		testlib.SkipTestWhenActiveDirectoryIsUnavailable(t, env)
-		if env.SupervisorUpstreamActiveDirectory.Host == "" {
-			t.Skip("Active Directory hostname not specified")
-		}
 	}
 
 	basicOIDCIdentityProviderSpec := func() idpv1alpha1.OIDCIdentityProviderSpec {

test/integration/supervisor_warnings_test.go

@@ -103,9 +103,7 @@ func TestSupervisorWarnings_Browser(t *testing.T) {
 	)
 
 	t.Run("LDAP group refresh flow", func(t *testing.T) {
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
+		testlib.SkipTestWhenLDAPIsUnavailable(t, env)
-			t.Skip("LDAP integration test requires connectivity to an LDAP server")
-		}
 
 		expectedUsername := env.SupervisorUpstreamLDAP.TestUserMailAttributeValue
 
@@ -242,13 +240,9 @@ func TestSupervisorWarnings_Browser(t *testing.T) {
 
 		t.Logf("second kubectl command took %s", time.Since(startTime2).String())
 	})
+
 	t.Run("Active Directory group refresh flow", func(t *testing.T) {
-		if len(env.ToolsNamespace) == 0 && !env.HasCapability(testlib.CanReachInternetLDAPPorts) {
+		testlib.SkipTestWhenActiveDirectoryIsUnavailable(t, env)
-			t.Skip("LDAP integration test requires connectivity to an LDAP server")
-		}
-		if env.SupervisorUpstreamActiveDirectory.Host == "" {
-			t.Skip("Active Directory hostname not specified")
-		}
 
 		expectedUsername, password := testlib.CreateFreshADTestUser(t, env)
 		t.Cleanup(func() {

test/testlib/skip.go

@@ -1,4 +1,4 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package testlib
@@ -8,7 +8,28 @@ import "testing"
 // skipUnlessIntegration skips the current test if `-short` has been passed to `go test`.
 func skipUnlessIntegration(t *testing.T) {
 	t.Helper()
+
 	if testing.Short() {
 		t.Skip("skipping integration test because of '-short' flag")
 	}
 }
+
+func SkipTestWhenLDAPIsUnavailable(t *testing.T, env *TestEnv) {
+	t.Helper()
+
+	if len(env.ToolsNamespace) == 0 && !env.HasCapability(CanReachInternetLDAPPorts) {
+		t.Skip("LDAP integration test requires connectivity to an LDAP server")
+	}
+}
+
+func SkipTestWhenActiveDirectoryIsUnavailable(t *testing.T, env *TestEnv) {
+	t.Helper()
+
+	if !env.HasCapability(CanReachInternetLDAPPorts) {
+		t.Skip("Active Directory integration test requires network connectivity to an AD server")
+	}
+
+	if IntegrationEnv(t).SupervisorUpstreamActiveDirectory.Host == "" {
+		t.Skip("Active Directory hostname not specified")
+	}
+}