Ryan Richard
4b4cc93ae7
specify the container name when fetching keys from kube cert agent pod
...
Avoid errors seen when the cluster has been configured to automatically
inject additional sidecar containers into every pod.
2023-09-18 09:19:57 -07:00
Ryan Richard
2cecc17ef0
add celformer unit test demonstrating string regexp in CEL expressions
2023-09-13 12:31:00 -07:00
Ryan Richard
84498d5a55
fix imports grouping in manager.go
2023-09-12 09:34:19 -07:00
Ryan Richard
a7bd494ec3
update FederationDomain.status.conditions to come from metav1
2023-09-11 13:06:52 -07:00
Ryan Richard
b6f0dc3ba7
Fix conflicts caused from rebasing main into multiple IDPs branch
2023-09-11 11:15:40 -07:00
Ryan Richard
e2bdab9e2d
add the IDP display name to the downstream ID token's sub
claim
...
To make the subject of the downstream ID token more unique when
there are multiple IDPs. It is possible to define two IDPs in a
FederationDomain using the same identity provider CR, in which
case the only thing that would make the subject claim different
is adding the IDP display name into the values of the subject claim.
2023-09-11 11:15:40 -07:00
Ryan Richard
28210ab14d
add units tests to token_handler_test.go
2023-09-11 11:15:40 -07:00
Ryan Richard
5ad7e9a8ca
started add units tests for identity transforms to token_handler_test.go
2023-09-11 11:14:06 -07:00
Ryan Richard
7f70fcf679
add units tests to post_login_handler_test.go
2023-09-11 11:14:06 -07:00
Ryan Richard
f653942065
add new unit tests in callback_handler_test.go
2023-09-11 11:14:06 -07:00
Ryan Richard
d4611b829d
use slices.Contains() instead of custom func in token_handler_test.go
2023-09-11 11:14:06 -07:00
Ryan Richard
b2656b9cb1
add new unit tests in auth_handler_test.go
2023-09-11 11:14:06 -07:00
Ryan Richard
0a21cb6d08
Replace more pointer.String() with the new ptr.To()
2023-09-11 11:14:06 -07:00
Ryan Richard
6d82a11645
CRD already validates that IDP transform constant names are unique
...
- Remove that validation from the controller since the CRD already
validates it during creates and updates.
- Also finish the supervisor_federationdomain_status_test.go by adding
more tests for both controller validations and CRD validations
2023-09-11 11:14:05 -07:00
Ryan Richard
bd5cabf0ff
fix some here.Doc string indents in federation_domain_watcher_test.go
...
To make things visually line up better.
2023-09-11 11:14:05 -07:00
Ryan Richard
51742366fe
wordsmith some FederationDomain status messages
2023-09-11 11:14:05 -07:00
Ryan Richard
5341322071
add integration test for FederationDomain status updates
...
- Also fix small bug in controller where it used Sprintf wrong
- Rename WaitForTestFederationDomainStatus test helper to
WaitForFederationDomainStatusPhase
2023-09-11 11:14:05 -07:00
Ryan Richard
84041e0c55
add unit test for ApplyIdentityTransformations helper
2023-09-11 11:14:05 -07:00
Ryan Richard
4b75ced52c
add unit tests for getters in federation_domain_issuer_test.go
2023-09-11 11:14:05 -07:00
Ryan Richard
61bb01b31d
extract a helper function in federation_domain_watcher.go
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
64f41d0d0c
use multiple IDPs in manager_test.go
2023-09-11 11:14:05 -07:00
Ryan Richard
e42e3ca421
Status condition messages for IDP transforms show index of invalid IDP
2023-09-11 11:14:05 -07:00
Ryan Richard
b89e6d9d93
Make it possible to compare transformation pipelines in unit tests
2023-09-11 11:14:05 -07:00
Ryan Richard
c771328bb1
Validate transforms examples in federation_domain_watcher.go
...
Also changes the transformation pipeline code to sort and uniq
the transformed group names at the end of the pipeline. This makes
the results more predicable without changing the semantics.
2023-09-11 11:14:05 -07:00
Ryan Richard
52925a2a46
Validate transforms expressions in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
013030041a
Add helper for happy/sad conditions to federation_domain_watcher_test.go
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:05 -07:00
Ryan Richard
be973bc87e
Allow for slower CI workers in celformer_test.go
2023-09-11 11:14:05 -07:00
Ryan Richard
617f57e1c9
Validate transforms const names in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
Ryan Richard
8e169f9702
Validate IDP objectRef kind names in federation_domain_watcher.go
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
32063db46e
Validate apiGroup names are valid in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
Ryan Richard
31d67a1af3
Validate display names are unique in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
Ryan Richard
a9f2f672c7
Handle some unexpected errors in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
Ryan Richard
76709892bc
Refactor: extract helper functions in federation_domain_watcher.go
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
a38fb16295
Load FederationDomain endpoints before updating its status
...
- Avoid a possible race condition where the status says "Ready" but
the endpoints take another moment to become available, potentially
casing a fast client to get a 404 after observing that the status
is "Ready" and then immediately trying to use the endpoints.
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
e334ad6f7e
Fix lint errors in federation_domain_watcher.go, and adjust unit test
2023-09-11 11:14:05 -07:00
Ryan Richard
97a374c00b
Refactor federation_domain_watcher_test.go and add new test to its table
2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
fe9364c58b
Expand IdentityProvidersFound condition in federation_domain_watcher
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
e9fb4242d5
Update federation_domain_watcher with new IdentityProviderFound
...
- adds the truthy condition
- TODOs for falsy conditions
- addiional notes for other conditions
- tests updated to pass with the new condition
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:04 -07:00
Ryan Richard
48e44e13c6
Change federation_domain_watcher_test.go to use a test table style
2023-09-11 11:14:04 -07:00
Ryan Richard
5e2f98af65
Update informers unit test for FederationDomainWatcherController
2023-09-11 11:14:04 -07:00
Ryan Richard
0b408f4fc0
Change FederationDomain.Status to use Phase and Conditions
2023-09-11 11:14:02 -07:00
Ryan Richard
022fdb9cfd
Update a test assertion to make failure easier to understand
2023-09-11 11:12:27 -07:00
Ryan Richard
2c4927debe
update unit test that fails on slow CI workers
2023-09-11 11:11:56 -07:00
Ryan Richard
0f23931fe4
Fix some tests in supervisor_login_test.go
2023-09-11 11:11:56 -07:00
Ryan Richard
048f05d39c
fix callback_handler_test.go
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:11:56 -07:00
Ryan Richard
b71e5964aa
fix token_handler_test.go
2023-09-11 11:11:56 -07:00
Benjamin A. Petersen
9d792352bf
test FederationDomainIdentityProvidersListerFinder
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:11:56 -07:00
Ryan Richard
86c791b8a6
reorganize federation domain packages to be more intuitive
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:11:52 -07:00
Benjamin A. Petersen
3160b5bad1
Reorganized FederationDomain packages to avoid circular dependency
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Ryan Richard
610f886fd8
Fix auth_handler_test.go
2023-09-11 11:09:50 -07:00