Fix some integration tests' handling of groups to work with Okta
This commit is contained in:
Ryan Richard
parent
110681cdb8
commit
f302e71b0f
|
|
@ -207,6 +207,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
|
||||||
page := browsertest.Open(t)
|
page := browsertest.Open(t)
|
||||||
|
|
||||||
expectedUsername := env.SupervisorUpstreamOIDC.Username
|
expectedUsername := env.SupervisorUpstreamOIDC.Username
|
||||||
|
expectedGroups := env.SupervisorUpstreamOIDC.ExpectedGroups
|
||||||
|
|
||||||
// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
|
// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
|
||||||
testlib.CreateTestClusterRoleBinding(t,
|
testlib.CreateTestClusterRoleBinding(t,
|
||||||
|
|
@ -277,7 +278,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
|
||||||
// scopes returned by the Supervisor, so list the requested scopes from the CLI flag here. This helper will
|
// scopes returned by the Supervisor, so list the requested scopes from the CLI flag here. This helper will
|
||||||
// assert that the expected username and groups claims/values are in the downstream ID token.
|
// assert that the expected username and groups claims/values are in the downstream ID token.
|
||||||
requireUserCanUseKubectlWithoutAuthenticatingAgain(testCtx, t, env, downstream, kubeconfigPath, sessionCachePath,
|
requireUserCanUseKubectlWithoutAuthenticatingAgain(testCtx, t, env, downstream, kubeconfigPath, sessionCachePath,
|
||||||
pinnipedExe, expectedUsername, []string{}, []string{"offline_access", "openid", "pinniped:request-audience"})
|
pinnipedExe, expectedUsername, expectedGroups, []string{"offline_access", "openid", "pinniped:request-audience"})
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("with Supervisor OIDC upstream IDP and manual authcode copy-paste from browser flow", func(t *testing.T) {
|
t.Run("with Supervisor OIDC upstream IDP and manual authcode copy-paste from browser flow", func(t *testing.T) {
|
||||||
|
|
|
||||||
|
|
@ -1292,6 +1292,10 @@ func TestSupervisorLogin_Browser(t *testing.T) {
|
||||||
name: "oidc upstream with downstream dynamic client happy path, requesting all scopes",
|
name: "oidc upstream with downstream dynamic client happy path, requesting all scopes",
|
||||||
maybeSkip: skipNever,
|
maybeSkip: skipNever,
|
||||||
createIDP: func(t *testing.T) string {
|
createIDP: func(t *testing.T) string {
|
||||||
|
spec := basicOIDCIdentityProviderSpec()
|
||||||
|
spec.AuthorizationConfig = idpv1alpha1.OIDCAuthorizationConfig{
|
||||||
|
AdditionalScopes: env.SupervisorUpstreamOIDC.AdditionalScopes,
|
||||||
|
}
|
||||||
return testlib.CreateTestOIDCIdentityProvider(t, basicOIDCIdentityProviderSpec(), idpv1alpha1.PhaseReady).Name
|
return testlib.CreateTestOIDCIdentityProvider(t, basicOIDCIdentityProviderSpec(), idpv1alpha1.PhaseReady).Name
|
||||||
},
|
},
|
||||||
createOIDCClient: func(t *testing.T, callbackURL string) (string, string) {
|
createOIDCClient: func(t *testing.T, callbackURL string) (string, string) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue