Create OIDCClientSecretRequest returns metadata

Sets the Name, Namespace, CreationTimestamp fields in the object meta of the return value. Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-16 14:04:27 -07:00 · 2022-09-16 14:04:27 -07:00 · ee3515f23b
commit ee3515f23b
parent 7997285b19
3 changed files with 74 additions and 1 deletions
--- a/internal/registry/clientsecretrequest/rest.go
+++ b/internal/registry/clientsecretrequest/rest.go
@ -35,6 +35,7 @@ import (
 const Cost = 12

 type byteHasher func(password []byte, cost int) ([]byte, error)
+type timeNowFunc func() metav1.Time

 func NewREST(
 	resource schema.GroupResource,
@ -44,6 +45,7 @@ func NewREST(
 	cost int,
 	randByteGenerator io.Reader,
 	byteHasher byteHasher,
+	timeNowFunc timeNowFunc,
 ) *REST {
 	return &REST{
 		secretStorage:     oidcclientsecretstorage.New(secretsClient),
@ -53,6 +55,7 @@ func NewREST(
 		randByteGenerator: randByteGenerator,
 		byteHasher:        byteHasher,
 		tableConvertor:    rest.NewDefaultTableConvertor(resource),
+		timeNowFunc:       timeNowFunc,
 	}
 }

@ -64,6 +67,7 @@ type REST struct {
 	cost              int
 	byteHasher        byteHasher
 	tableConvertor    rest.TableConvertor
+	timeNowFunc       timeNowFunc
 }

 // Assert that our *REST implements all the optional interfaces that we expect it to implement.
@ -197,6 +201,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation

 	// Return the new secret in plaintext, if one was generated, along with the total number of secrets.
 	return &clientsecretapi.OIDCClientSecretRequest{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:              req.Name,
+			Namespace:         req.Namespace,
+			CreationTimestamp: r.timeNowFunc(),
+		},
 		Status: clientsecretapi.OIDCClientSecretRequestStatus{
 			GeneratedSecret:    secret,
 			TotalClientSecrets: len(hashes),
--- a/internal/registry/clientsecretrequest/rest_test.go
+++ b/internal/registry/clientsecretrequest/rest_test.go
@ -36,7 +36,16 @@ import (
 )

 func TestNew(t *testing.T) {
-	r := NewREST(schema.GroupResource{Group: "bears", Resource: "panda"}, nil, nil, "foobar", 4, nil, nil)
+	r := NewREST(
+		schema.GroupResource{Group: "bears", Resource: "panda"},
+		nil,
+		nil,
+		"foobar",
+		4,
+		nil,
+		nil,
+		nil,
+	)

 	require.NotNil(t, r)
 	require.True(t, r.NamespaceScoped())
@ -96,6 +105,9 @@ func TestCreate(t *testing.T) {
 	fakeHexEncodedRandomBytes := hex.EncodeToString([]byte(fakeRandomBytes))
 	fakeBcryptRandomBytes := fakeHexEncodedRandomBytes + ":4-fake-hash"

+	fakeNow := metav1.Now()
+	fakeTimeNowFunc := func() metav1.Time { return fakeNow }
+
 	tests := []struct {
 		name              string
 		args              args
@ -671,6 +683,11 @@ func TestCreate(t *testing.T) {
 				},
 			}},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-happy-new-secret",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    fakeHexEncodedRandomBytes,
 					TotalClientSecrets: 1,
@ -738,6 +755,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-append-new-secret-hash",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    fakeHexEncodedRandomBytes,
 					TotalClientSecrets: 3,
@ -795,6 +817,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-append-new-secret-hash",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    fakeHexEncodedRandomBytes,
 					TotalClientSecrets: 1,
@ -852,6 +879,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-some-client",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    "",
 					TotalClientSecrets: 1,
@ -1170,6 +1202,11 @@ func TestCreate(t *testing.T) {
 				},
 			}},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-happy-new-secret",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    "",
 					TotalClientSecrets: 0,
@ -1205,6 +1242,11 @@ func TestCreate(t *testing.T) {
 				},
 			}},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-some-client",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    "",
 					TotalClientSecrets: 0,
@ -1260,6 +1302,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-some-client",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    "",
 					TotalClientSecrets: 2,
@ -1313,6 +1360,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-some-client",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    fakeHexEncodedRandomBytes,
 					TotalClientSecrets: 1,
@ -1373,6 +1425,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-some-client",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    fakeHexEncodedRandomBytes,
 					TotalClientSecrets: 1,
@ -1434,6 +1491,11 @@ func TestCreate(t *testing.T) {
 				},
 			},
 			want: &clientsecretapi.OIDCClientSecretRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "client.oauth.pinniped.dev-some-client",
+					Namespace:         namespace,
+					CreationTimestamp: fakeNow,
+				},
 				Status: clientsecretapi.OIDCClientSecretRequestStatus{
 					GeneratedSecret:    fakeHexEncodedRandomBytes,
 					TotalClientSecrets: 1,
@ -1509,6 +1571,7 @@ func TestCreate(t *testing.T) {
 				4,
 				fakeByteGenerator,
 				fakeHasher,
+				fakeTimeNowFunc,
 			)

 			got, err := r.Create(tt.args.ctx, tt.args.obj, tt.args.createValidation, tt.args.options)
--- a/internal/supervisor/apiserver/apiserver.go
+++ b/internal/supervisor/apiserver/apiserver.go
@ -90,6 +90,7 @@ func (c completedConfig) New() (*PinnipedServer, error) {
 				clientsecretrequest.Cost,
 				rand.Reader,
 				bcrypt.GenerateFromPassword,
+				metav1.Now,
 			)
 			return clientSecretReqGVR, clientSecretReqStorage
 		},