djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix some integration tests' handling of groups to work with Okta

Browse Source
This commit is contained in:
Ryan Richard 2022-09-26 12:40:07 -07:00
parent 110681cdb8
commit f302e71b0f
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/integration/e2e_test.go
View File

@ -207,6 +207,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
page := browsertest.Open(t) page := browsertest.Open(t)
expectedUsername := env.SupervisorUpstreamOIDC.Username expectedUsername := env.SupervisorUpstreamOIDC.Username
expectedGroups := env.SupervisorUpstreamOIDC.ExpectedGroups
// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster. // Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
testlib.CreateTestClusterRoleBinding(t, testlib.CreateTestClusterRoleBinding(t,
@ -277,7 +278,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
// scopes returned by the Supervisor, so list the requested scopes from the CLI flag here. This helper will // scopes returned by the Supervisor, so list the requested scopes from the CLI flag here. This helper will
// assert that the expected username and groups claims/values are in the downstream ID token. // assert that the expected username and groups claims/values are in the downstream ID token.
requireUserCanUseKubectlWithoutAuthenticatingAgain(testCtx, t, env, downstream, kubeconfigPath, sessionCachePath, requireUserCanUseKubectlWithoutAuthenticatingAgain(testCtx, t, env, downstream, kubeconfigPath, sessionCachePath,
pinnipedExe, expectedUsername, []string{}, []string{"offline_access", "openid", "pinniped:request-audience"}) pinnipedExe, expectedUsername, expectedGroups, []string{"offline_access", "openid", "pinniped:request-audience"})
}) })
t.Run("with Supervisor OIDC upstream IDP and manual authcode copy-paste from browser flow", func(t *testing.T) { t.Run("with Supervisor OIDC upstream IDP and manual authcode copy-paste from browser flow", func(t *testing.T) {

4
test/integration/supervisor_login_test.go
View File

@ -1292,6 +1292,10 @@ func TestSupervisorLogin_Browser(t *testing.T) {
name: "oidc upstream with downstream dynamic client happy path, requesting all scopes", name: "oidc upstream with downstream dynamic client happy path, requesting all scopes",
maybeSkip: skipNever, maybeSkip: skipNever,
createIDP: func(t *testing.T) string { createIDP: func(t *testing.T) string {
spec := basicOIDCIdentityProviderSpec()
spec.AuthorizationConfig = idpv1alpha1.OIDCAuthorizationConfig{
AdditionalScopes: env.SupervisorUpstreamOIDC.AdditionalScopes,
}
return testlib.CreateTestOIDCIdentityProvider(t, basicOIDCIdentityProviderSpec(), idpv1alpha1.PhaseReady).Name return testlib.CreateTestOIDCIdentityProvider(t, basicOIDCIdentityProviderSpec(), idpv1alpha1.PhaseReady).Name
}, },
createOIDCClient: func(t *testing.T, callbackURL string) (string, string) { createOIDCClient: func(t *testing.T, callbackURL string) (string, string) {