Andrew Keesler
8a916ce8ae
test/integration: add test helper to avoid race conditions
...
We were seeing a race in this test code since the require.NoError() and
require.Eventually() would write to the same testing.T state on separate
goroutines. Hopefully this helper function should cover the cases when we want
to require.NoError() inside a require.Eventually() without causing a race.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Margo Crawford <margaretc@vmware.com>
Co-authored-by: Monis Khan <i@monis.app>
2021-01-14 10:19:35 -05:00
Monis Khan
3c3da9e75d
Wire in new env vars for user info testing
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-12 11:23:25 -05:00
Margo Crawford
5611212ea9
Changing references from 1.19 to 1.20
2021-01-07 15:25:47 -08:00
aram price
cc5af1a810
Fix lint error
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-18 15:28:56 -08:00
Ryan Richard
2f518b8b7c
TLSCertObserverController Syncs less often by adjusting its filters
...
- Only watches Secrets of type "kubernetes.io/tls"
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-18 15:10:48 -08:00
Ryan Richard
b96d49df0f
Rename all "op" and "opc" usages
...
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-17 11:34:49 -08:00
Margo Crawford
196e43aa48
Rename off of main
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-16 14:27:09 -08:00
Matt Moyer
7dae166a69
Merge branch 'main' into username-and-subject-claims
2020-12-16 15:23:19 -06:00
Ryan Richard
dcb19150fc
Nest claim configs one level deeper in JWTAuthenticatorSpec
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-16 09:42:19 -08:00
aram price
78df80f128
Tests ensure OIDCProvider secrets exist
...
... whenever one is successfully created.
2020-12-15 18:26:27 -08:00
Ryan Richard
40c6a67631
Merge branch 'main' into username-and-subject-claims
2020-12-15 18:09:44 -08:00
Ryan Richard
91af51d38e
Fix integration tests to work with the username and sub claims
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-15 17:16:08 -08:00
Andrew Keesler
0758ecfea8
Tests wait for OIDCProvider secrets to be set
...
Signed-off-by: aram price <pricear@vmware.com>
2020-12-15 15:46:55 -08:00
Matt Moyer
ff49647de4
Add some missing test logs in test/library/client.go.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:34:50 -06:00
Matt Moyer
e0eba9d5a6
Refactor library.CreateTestJWTAuthenticator() so we can also use the supervisor as an upstream.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:34:50 -06:00
Matt Moyer
8cdcb89cef
Add a library.PinnipedCLIPath() test helper, with caching.
...
Caching saves us a little bit of time now that we're using the CLI in more and more tests.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:34:49 -06:00
Matt Moyer
70fd330178
Add library.CreateTestClusterRoleBinding test helper.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:34:49 -06:00
Matt Moyer
ad5e257600
Add a library.RandHex() test helper.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:34:49 -06:00
Matt Moyer
4088793cc5
Add a .ProxyEnv() helper on the test environment.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:28:04 -06:00
Matt Moyer
f9691208d5
Add library.NewRestConfigFromKubeconfig() test helper.
...
This is extracted from library.NewClientsetForKubeConfig(). It is useful so you can assert properties of the loaded, parsed kubeconfig.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-15 12:28:03 -06:00
Andrew Keesler
50f9b434e7
SameIssuerHostMustUseSameSecret is a valid OIDCProvider status
...
I saw this message in our CI logs, which led me to this fix.
could not update status: OIDCProvider.config.supervisor.pinniped.dev "acceptance-provider" is invalid: status.status: Unsupported value: "SameIssuerHostMustUseSameSecret": supported values: "Success", "Duplicate", "Invalid"
Also - correct an integration test error message that was misleading.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-15 11:53:53 -05:00
Andrew Keesler
4c0fb12cf6
test/integration: only set JWTAuthenticator CA bundle when it exists
...
See comment in code.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-09 10:15:53 -05:00
Andrew Keesler
57103e0a9f
Add JWTAuthenticator controller
...
See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-08 15:41:48 -05:00
Matt Moyer
9455a66be8
This trailing dash is now taken care of by the library method.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-03 13:56:24 -06:00
Matt Moyer
cb5e494815
Dump out proxy access logs in TestSupervisorLogin.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-03 11:28:48 -06:00
Matt Moyer
1d44a0cdfa
Add a small integration test library to dump pod logs on test failures.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-03 09:39:33 -06:00
Matt Moyer
1fa41c4d0a
Merge remote-tracking branch 'origin/main' into callback-endpoint
2020-12-03 08:50:31 -06:00
Matt Moyer
37c5e121c4
Fix a test issue with IPv6 localhost interfaces.
...
This fixes a regression introduced by 24c4bc0dd4
. It could occasionally cause the tests to fail when run on a machine with an IPv6 localhost interface. As a fix I added a wrapper for the new Go 1.15 `LookupIP()` method, and created a partially-functional backport for Go 1.14. This should be easy to delete in the future.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-02 17:49:21 -06:00
Matt Moyer
879525faac
Clean up the browsertest package a bit.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-02 17:20:24 -06:00
Matt Moyer
0ccf14801e
Expose the MaskTokens function so other test code can use it.
...
This is just a small helper to make test output more readable.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-02 15:55:34 -06:00
Matt Moyer
273ac62ec2
Extend the test client helpers in ./test/library/client.go.
...
This adds a few new "create test object" helpers and extends `CreateTestOIDCProvider()` to optionally wait for the created OIDCProvider to enter some expected status condition.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-02 15:55:34 -06:00
Matt Moyer
545c26e5fe
Refactor browser-related test functions to a ./test/library/browsertest
package.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-02 15:55:34 -06:00
Margo Crawford
d60c184424
Add pkce and openidconnect storage
...
- Also refactor authorizationcode_test
Signed-off-by: Ryan Richard <rrichard@vmware.com>
2020-12-01 17:18:32 -08:00
Ryan Richard
f38c150f6a
Finished tests for pkce storage and added it to kubestorage
...
- Also fixed some lint errors with v1.33.0 of the linter
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-01 14:53:22 -08:00
Matt Moyer
bc700d58ae
Split test environment variables so there's a specific supervisor upstream client.
...
Prior to this we re-used the CLI testing client to test the authorize flow of the supervisor, but they really need to be separate upstream clients. For example, the supervisor client should be a non-public client with a client secret and a different callback endpoint.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-20 08:03:06 -06:00
Matt Moyer
b17ac6ec0b
Update integration tests to run Dex over HTTPS.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-16 20:23:20 -06:00
Matt Moyer
c8b17978a9
Convert CLI tests to work through an HTTP forward proxy.
...
This change deploys a small Squid-based proxy into the `dex` namespace in our integration test environment. This lets us use the cluster-local DNS name (`http://dex.dex.svc.cluster.local/dex `) as the OIDC issuer. It will make generating certificates easier, and most importantly it will mean that our CLI can see Dex at the same name/URL as the supervisor running inside the cluster.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-16 17:16:58 -06:00
Matt Moyer
2bf5c8b48b
Replace the OIDCProvider field SNICertificateSecretName with a TLS.SecretName field.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 18:15:03 -06:00
Matt Moyer
2b8773aa54
Rename OIDCProviderConfig to OIDCProvider.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 17:40:39 -06:00
Andrew Keesler
fb3c5749e8
test/integration: protect from NPE and follow doc conventions
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-02 11:51:02 -05:00
Matt Moyer
9e1922f1ed
Split the config CRDs into two API groups.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 19:22:46 -05:00
Matt Moyer
34da8c7877
Rename existing references to "IDP" and "Identity Provider".
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:12:01 -05:00
Matt Moyer
0f25657a35
Rename WebhookIdentityProvider to WebhookAuthenticator.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:11:53 -05:00
Matt Moyer
e69183aa8a
Rename idp.concierge.pinniped.dev
to authentication.concierge.pinniped.dev
.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 14:07:40 -05:00
Matt Moyer
81390bba89
Rename idp.pinniped.dev
to idp.concierge.pinniped.dev
.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 14:07:39 -05:00
Ryan Richard
1f1b6c884e
Add integration test: supervisor TLS termination and SNI virtual hosting
...
- Also reduce the minimum allowed TLS version to v1.2, because v1.3
is not yet supported by some common clients, e.g. the default MacOS
curl command
2020-10-27 14:57:25 -07:00
Matt Moyer
fe3b44b134
Add some verbose logging to TestCLILoginOIDC.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-22 10:33:37 -05:00
Ryan Richard
52ebd77527
Add optional PINNIPED_TEST_SUPERVISOR_HTTPS_CA_BUNDLE for integration tests
...
- Not used by any of our integration test clusters yet
- Planning to use it later for the kind clusters and maybe for
the acceptance clusters too (although the acceptance clusters might
not need to use self-signed certs so maybe not)
2020-10-20 16:46:33 -07:00
Ryan Richard
276dff5772
Introduce PINNIPED_TEST_SUPERVISOR_HTTPS_ADDRESS
...
- We plan to use this on acceptance clusters
- We also plan to use this for a future story in the kind-based tests,
but not yet
2020-10-20 15:57:10 -07:00
Ryan Richard
9ba93d66c3
test/integration: prefactoring for testing virtual hosts
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-20 17:00:36 -04:00