Create OIDCClientSecretRequest returns metadata

Sets the Name, Namespace, CreationTimestamp fields in the object meta
of the return value.

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
This commit is contained in:
Ryan Richard 2022-09-16 14:04:27 -07:00
parent 7997285b19
commit ee3515f23b
3 changed files with 74 additions and 1 deletions

View File

@ -35,6 +35,7 @@ import (
const Cost = 12 const Cost = 12
type byteHasher func(password []byte, cost int) ([]byte, error) type byteHasher func(password []byte, cost int) ([]byte, error)
type timeNowFunc func() metav1.Time
func NewREST( func NewREST(
resource schema.GroupResource, resource schema.GroupResource,
@ -44,6 +45,7 @@ func NewREST(
cost int, cost int,
randByteGenerator io.Reader, randByteGenerator io.Reader,
byteHasher byteHasher, byteHasher byteHasher,
timeNowFunc timeNowFunc,
) *REST { ) *REST {
return &REST{ return &REST{
secretStorage: oidcclientsecretstorage.New(secretsClient), secretStorage: oidcclientsecretstorage.New(secretsClient),
@ -53,6 +55,7 @@ func NewREST(
randByteGenerator: randByteGenerator, randByteGenerator: randByteGenerator,
byteHasher: byteHasher, byteHasher: byteHasher,
tableConvertor: rest.NewDefaultTableConvertor(resource), tableConvertor: rest.NewDefaultTableConvertor(resource),
timeNowFunc: timeNowFunc,
} }
} }
@ -64,6 +67,7 @@ type REST struct {
cost int cost int
byteHasher byteHasher byteHasher byteHasher
tableConvertor rest.TableConvertor tableConvertor rest.TableConvertor
timeNowFunc timeNowFunc
} }
// Assert that our *REST implements all the optional interfaces that we expect it to implement. // Assert that our *REST implements all the optional interfaces that we expect it to implement.
@ -197,6 +201,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
// Return the new secret in plaintext, if one was generated, along with the total number of secrets. // Return the new secret in plaintext, if one was generated, along with the total number of secrets.
return &clientsecretapi.OIDCClientSecretRequest{ return &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: req.Name,
Namespace: req.Namespace,
CreationTimestamp: r.timeNowFunc(),
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: secret, GeneratedSecret: secret,
TotalClientSecrets: len(hashes), TotalClientSecrets: len(hashes),

View File

@ -36,7 +36,16 @@ import (
) )
func TestNew(t *testing.T) { func TestNew(t *testing.T) {
r := NewREST(schema.GroupResource{Group: "bears", Resource: "panda"}, nil, nil, "foobar", 4, nil, nil) r := NewREST(
schema.GroupResource{Group: "bears", Resource: "panda"},
nil,
nil,
"foobar",
4,
nil,
nil,
nil,
)
require.NotNil(t, r) require.NotNil(t, r)
require.True(t, r.NamespaceScoped()) require.True(t, r.NamespaceScoped())
@ -96,6 +105,9 @@ func TestCreate(t *testing.T) {
fakeHexEncodedRandomBytes := hex.EncodeToString([]byte(fakeRandomBytes)) fakeHexEncodedRandomBytes := hex.EncodeToString([]byte(fakeRandomBytes))
fakeBcryptRandomBytes := fakeHexEncodedRandomBytes + ":4-fake-hash" fakeBcryptRandomBytes := fakeHexEncodedRandomBytes + ":4-fake-hash"
fakeNow := metav1.Now()
fakeTimeNowFunc := func() metav1.Time { return fakeNow }
tests := []struct { tests := []struct {
name string name string
args args args args
@ -671,6 +683,11 @@ func TestCreate(t *testing.T) {
}, },
}}, }},
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-happy-new-secret",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: fakeHexEncodedRandomBytes, GeneratedSecret: fakeHexEncodedRandomBytes,
TotalClientSecrets: 1, TotalClientSecrets: 1,
@ -738,6 +755,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-append-new-secret-hash",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: fakeHexEncodedRandomBytes, GeneratedSecret: fakeHexEncodedRandomBytes,
TotalClientSecrets: 3, TotalClientSecrets: 3,
@ -795,6 +817,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-append-new-secret-hash",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: fakeHexEncodedRandomBytes, GeneratedSecret: fakeHexEncodedRandomBytes,
TotalClientSecrets: 1, TotalClientSecrets: 1,
@ -852,6 +879,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-some-client",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: "", GeneratedSecret: "",
TotalClientSecrets: 1, TotalClientSecrets: 1,
@ -1170,6 +1202,11 @@ func TestCreate(t *testing.T) {
}, },
}}, }},
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-happy-new-secret",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: "", GeneratedSecret: "",
TotalClientSecrets: 0, TotalClientSecrets: 0,
@ -1205,6 +1242,11 @@ func TestCreate(t *testing.T) {
}, },
}}, }},
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-some-client",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: "", GeneratedSecret: "",
TotalClientSecrets: 0, TotalClientSecrets: 0,
@ -1260,6 +1302,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-some-client",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: "", GeneratedSecret: "",
TotalClientSecrets: 2, TotalClientSecrets: 2,
@ -1313,6 +1360,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-some-client",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: fakeHexEncodedRandomBytes, GeneratedSecret: fakeHexEncodedRandomBytes,
TotalClientSecrets: 1, TotalClientSecrets: 1,
@ -1373,6 +1425,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-some-client",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: fakeHexEncodedRandomBytes, GeneratedSecret: fakeHexEncodedRandomBytes,
TotalClientSecrets: 1, TotalClientSecrets: 1,
@ -1434,6 +1491,11 @@ func TestCreate(t *testing.T) {
}, },
}, },
want: &clientsecretapi.OIDCClientSecretRequest{ want: &clientsecretapi.OIDCClientSecretRequest{
ObjectMeta: metav1.ObjectMeta{
Name: "client.oauth.pinniped.dev-some-client",
Namespace: namespace,
CreationTimestamp: fakeNow,
},
Status: clientsecretapi.OIDCClientSecretRequestStatus{ Status: clientsecretapi.OIDCClientSecretRequestStatus{
GeneratedSecret: fakeHexEncodedRandomBytes, GeneratedSecret: fakeHexEncodedRandomBytes,
TotalClientSecrets: 1, TotalClientSecrets: 1,
@ -1509,6 +1571,7 @@ func TestCreate(t *testing.T) {
4, 4,
fakeByteGenerator, fakeByteGenerator,
fakeHasher, fakeHasher,
fakeTimeNowFunc,
) )
got, err := r.Create(tt.args.ctx, tt.args.obj, tt.args.createValidation, tt.args.options) got, err := r.Create(tt.args.ctx, tt.args.obj, tt.args.createValidation, tt.args.options)

View File

@ -90,6 +90,7 @@ func (c completedConfig) New() (*PinnipedServer, error) {
clientsecretrequest.Cost, clientsecretrequest.Cost,
rand.Reader, rand.Reader,
bcrypt.GenerateFromPassword, bcrypt.GenerateFromPassword,
metav1.Now,
) )
return clientSecretReqGVR, clientSecretReqStorage return clientSecretReqGVR, clientSecretReqStorage
}, },