Fix some integration tests' handling of groups to work with Okta

This commit is contained in:
Ryan Richard 2022-09-26 12:40:07 -07:00
parent 110681cdb8
commit f302e71b0f
2 changed files with 6 additions and 1 deletions

View File

@ -207,6 +207,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
page := browsertest.Open(t)
expectedUsername := env.SupervisorUpstreamOIDC.Username
expectedGroups := env.SupervisorUpstreamOIDC.ExpectedGroups
// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
testlib.CreateTestClusterRoleBinding(t,
@ -277,7 +278,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) {
// scopes returned by the Supervisor, so list the requested scopes from the CLI flag here. This helper will
// assert that the expected username and groups claims/values are in the downstream ID token.
requireUserCanUseKubectlWithoutAuthenticatingAgain(testCtx, t, env, downstream, kubeconfigPath, sessionCachePath,
pinnipedExe, expectedUsername, []string{}, []string{"offline_access", "openid", "pinniped:request-audience"})
pinnipedExe, expectedUsername, expectedGroups, []string{"offline_access", "openid", "pinniped:request-audience"})
})
t.Run("with Supervisor OIDC upstream IDP and manual authcode copy-paste from browser flow", func(t *testing.T) {

View File

@ -1292,6 +1292,10 @@ func TestSupervisorLogin_Browser(t *testing.T) {
name: "oidc upstream with downstream dynamic client happy path, requesting all scopes",
maybeSkip: skipNever,
createIDP: func(t *testing.T) string {
spec := basicOIDCIdentityProviderSpec()
spec.AuthorizationConfig = idpv1alpha1.OIDCAuthorizationConfig{
AdditionalScopes: env.SupervisorUpstreamOIDC.AdditionalScopes,
}
return testlib.CreateTestOIDCIdentityProvider(t, basicOIDCIdentityProviderSpec(), idpv1alpha1.PhaseReady).Name
},
createOIDCClient: func(t *testing.T, callbackURL string) (string, string) {