From ee3515f23b6a2d1f48272a7ef07e09f7406192be Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 16 Sep 2022 14:04:27 -0700 Subject: [PATCH] Create OIDCClientSecretRequest returns metadata Sets the Name, Namespace, CreationTimestamp fields in the object meta of the return value. Co-authored-by: Ryan Richard Co-authored-by: Benjamin A. Petersen --- internal/registry/clientsecretrequest/rest.go | 9 +++ .../registry/clientsecretrequest/rest_test.go | 65 ++++++++++++++++++- internal/supervisor/apiserver/apiserver.go | 1 + 3 files changed, 74 insertions(+), 1 deletion(-) diff --git a/internal/registry/clientsecretrequest/rest.go b/internal/registry/clientsecretrequest/rest.go index 23ce0ead..ab121d07 100644 --- a/internal/registry/clientsecretrequest/rest.go +++ b/internal/registry/clientsecretrequest/rest.go @@ -35,6 +35,7 @@ import ( const Cost = 12 type byteHasher func(password []byte, cost int) ([]byte, error) +type timeNowFunc func() metav1.Time func NewREST( resource schema.GroupResource, @@ -44,6 +45,7 @@ func NewREST( cost int, randByteGenerator io.Reader, byteHasher byteHasher, + timeNowFunc timeNowFunc, ) *REST { return &REST{ secretStorage: oidcclientsecretstorage.New(secretsClient), @@ -53,6 +55,7 @@ func NewREST( randByteGenerator: randByteGenerator, byteHasher: byteHasher, tableConvertor: rest.NewDefaultTableConvertor(resource), + timeNowFunc: timeNowFunc, } } @@ -64,6 +67,7 @@ type REST struct { cost int byteHasher byteHasher tableConvertor rest.TableConvertor + timeNowFunc timeNowFunc } // Assert that our *REST implements all the optional interfaces that we expect it to implement. @@ -197,6 +201,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation // Return the new secret in plaintext, if one was generated, along with the total number of secrets. return &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: req.Name, + Namespace: req.Namespace, + CreationTimestamp: r.timeNowFunc(), + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: secret, TotalClientSecrets: len(hashes), diff --git a/internal/registry/clientsecretrequest/rest_test.go b/internal/registry/clientsecretrequest/rest_test.go index 70181f62..b5f8a6bf 100644 --- a/internal/registry/clientsecretrequest/rest_test.go +++ b/internal/registry/clientsecretrequest/rest_test.go @@ -36,7 +36,16 @@ import ( ) func TestNew(t *testing.T) { - r := NewREST(schema.GroupResource{Group: "bears", Resource: "panda"}, nil, nil, "foobar", 4, nil, nil) + r := NewREST( + schema.GroupResource{Group: "bears", Resource: "panda"}, + nil, + nil, + "foobar", + 4, + nil, + nil, + nil, + ) require.NotNil(t, r) require.True(t, r.NamespaceScoped()) @@ -96,6 +105,9 @@ func TestCreate(t *testing.T) { fakeHexEncodedRandomBytes := hex.EncodeToString([]byte(fakeRandomBytes)) fakeBcryptRandomBytes := fakeHexEncodedRandomBytes + ":4-fake-hash" + fakeNow := metav1.Now() + fakeTimeNowFunc := func() metav1.Time { return fakeNow } + tests := []struct { name string args args @@ -671,6 +683,11 @@ func TestCreate(t *testing.T) { }, }}, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-happy-new-secret", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: fakeHexEncodedRandomBytes, TotalClientSecrets: 1, @@ -738,6 +755,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-append-new-secret-hash", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: fakeHexEncodedRandomBytes, TotalClientSecrets: 3, @@ -795,6 +817,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-append-new-secret-hash", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: fakeHexEncodedRandomBytes, TotalClientSecrets: 1, @@ -852,6 +879,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-some-client", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: "", TotalClientSecrets: 1, @@ -1170,6 +1202,11 @@ func TestCreate(t *testing.T) { }, }}, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-happy-new-secret", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: "", TotalClientSecrets: 0, @@ -1205,6 +1242,11 @@ func TestCreate(t *testing.T) { }, }}, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-some-client", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: "", TotalClientSecrets: 0, @@ -1260,6 +1302,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-some-client", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: "", TotalClientSecrets: 2, @@ -1313,6 +1360,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-some-client", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: fakeHexEncodedRandomBytes, TotalClientSecrets: 1, @@ -1373,6 +1425,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-some-client", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: fakeHexEncodedRandomBytes, TotalClientSecrets: 1, @@ -1434,6 +1491,11 @@ func TestCreate(t *testing.T) { }, }, want: &clientsecretapi.OIDCClientSecretRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "client.oauth.pinniped.dev-some-client", + Namespace: namespace, + CreationTimestamp: fakeNow, + }, Status: clientsecretapi.OIDCClientSecretRequestStatus{ GeneratedSecret: fakeHexEncodedRandomBytes, TotalClientSecrets: 1, @@ -1509,6 +1571,7 @@ func TestCreate(t *testing.T) { 4, fakeByteGenerator, fakeHasher, + fakeTimeNowFunc, ) got, err := r.Create(tt.args.ctx, tt.args.obj, tt.args.createValidation, tt.args.options) diff --git a/internal/supervisor/apiserver/apiserver.go b/internal/supervisor/apiserver/apiserver.go index 2adb83c1..4bae4803 100644 --- a/internal/supervisor/apiserver/apiserver.go +++ b/internal/supervisor/apiserver/apiserver.go @@ -90,6 +90,7 @@ func (c completedConfig) New() (*PinnipedServer, error) { clientsecretrequest.Cost, rand.Reader, bcrypt.GenerateFromPassword, + metav1.Now, ) return clientSecretReqGVR, clientSecretReqStorage },