djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,428 Commits 30 Branches 34 Tags 22 MiB
957892b677
Commit Graph

768 Commits

Author SHA1 Message Date
Ryan Richard
957892b677 handle old versions of k8s in supervisor_federationdomain_status_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard
c701a4a344 remove expectation about TransformsConstantsNamesUnique status condition 
Forgot to remove this in the previous commit which removed writing that
condition from the controller code.
 2023-09-11 11:14:05 -07:00
Ryan Richard
92bf826ec5 rename a local variable in an integration test 2023-09-11 11:14:05 -07:00
Ryan Richard
446384a7f5 add an e2e test for a FederationDomain with multiple IDPs and transforms 2023-09-11 11:14:05 -07:00
Ryan Richard
6d82a11645 CRD already validates that IDP transform constant names are unique 
- Remove that validation from the controller since the CRD already
  validates it during creates and updates.
- Also finish the supervisor_federationdomain_status_test.go by adding
  more tests for both controller validations and CRD validations
 2023-09-11 11:14:05 -07:00
Ryan Richard
bd5cabf0ff fix some here.Doc string indents in federation_domain_watcher_test.go 
To make things visually line up better.
 2023-09-11 11:14:05 -07:00
Ryan Richard
51742366fe wordsmith some FederationDomain status messages 2023-09-11 11:14:05 -07:00
Ryan Richard
5341322071 add integration test for FederationDomain status updates 
- Also fix small bug in controller where it used Sprintf wrong
- Rename WaitForTestFederationDomainStatus test helper to
  WaitForFederationDomainStatusPhase
 2023-09-11 11:14:05 -07:00
Ryan Richard
23ed2856ce small refactor in supervisor_discovery_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard
c771328bb1 Validate transforms examples in federation_domain_watcher.go 
Also changes the transformation pipeline code to sort and uniq
the transformed group names at the end of the pipeline. This makes
the results more predicable without changing the semantics.
 2023-09-11 11:14:05 -07:00
Ryan Richard
52925a2a46 Validate transforms expressions in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
617f57e1c9 Validate transforms const names in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
8e169f9702 Validate IDP objectRef kind names in federation_domain_watcher.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard
40dcc8a7f1 Update integration tests for new FederationDomain phase behavior 
- Refactor testlib.CreateTestFederationDomain helper
- Call testlib.WaitForTestFederationDomainStatus after each integration
  test creates an IDP and expects the FederationDomain to become ready
- Create an IDP for some tests which want the FederationDomain to be
  ready but were previously not creating any IDP
- Expect the new FederationDomain condition type
  "IdentityProvidersFound" in those tests where it is needed

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-09-11 11:14:05 -07:00
Ryan Richard
3521e129cd Change name of FederationDomain printer column back to "Status" 
To be consistent with the name of the pinter columns on our other CRDs,
which call the Phase "Status" in the printer column names.
 2023-09-11 11:14:04 -07:00
Ryan Richard
0b408f4fc0 Change FederationDomain.Status to use Phase and Conditions 2023-09-11 11:14:02 -07:00
Ryan Richard
022fdb9cfd Update a test assertion to make failure easier to understand 2023-09-11 11:12:27 -07:00
Ryan Richard
e4f43683d4 fix more integration tests for multiple IDPs 2023-09-11 11:12:27 -07:00
Ryan Richard
0f23931fe4 Fix some tests in supervisor_login_test.go 2023-09-11 11:11:56 -07:00
Ryan Richard
86c791b8a6 reorganize federation domain packages to be more intuitive 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:11:52 -07:00
Joshua Casey
64f1bff13f Use Conditions from apimachinery, specifically k8s.io/apimachinery/pkg/apis/meta/v1.Conditions 2023-09-11 10:13:39 -07:00
Joshua Casey
3908097c54 Run 'go fix ./...' with go1.21.0 2023-09-06 14:52:01 -05:00
Joshua Casey
12f18cbed8 Inline and remove testutil.TempDir 2023-09-06 14:52:01 -05:00
Joshua Casey
ca05969f8d Integration tests should use 'kubectl explain --output plaintext-openapiv2' 
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
 2023-08-28 10:50:11 -05:00
Joshua Casey
7f0d04dba6 Address PR feedback 2023-08-09 11:42:42 -05:00
Joshua Casey
1707995378 Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy 2023-08-08 20:17:21 -05:00
Joshua Casey
dc61d132cf Address PR feedback, especially to check that the CA bundle is some kind of valid cert 2023-08-03 14:57:21 -05:00
Joshua Casey
959f18b67b Add integration test to verify that the impersonation proxy will use an external TLS serving cert 2023-08-03 14:57:21 -05:00
Joshua Casey
bd035a180e Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS 
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
 2023-08-03 14:57:21 -05:00
Ryan Richard
4512eeca9a Replace agouti and chromedriver with chromedp across the whole project 2023-08-01 11:27:09 -07:00
Joshua Casey
63b5f921e1 Use k8s.io/utils/ptr instead of k8s.io/utils/pointer, which is deprecated 2023-07-28 09:16:02 -05:00
Ryan Richard
6c65fd910e Improve performance of supervisor_oidcclientsecret_test.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-07-13 12:48:46 -07:00
Ryan Richard
914861c5da Increase a test timeout in supervisor_secrets_test.go 2023-06-01 12:54:45 -07:00
Ryan Richard
020e04baf8
Merge branch 'main' into ldap_userAttributeForFilter 2023-05-31 16:42:30 -07:00
Ryan Richard
b6b11a6d0c increase timeout in a test 2023-05-31 15:59:44 -07:00
Ryan Richard
d4710cb16e Add integration test for AD UserAttributeForFilter group search setting 2023-05-31 11:36:49 -07:00
Ryan Richard
0a1f966886 Add ActiveDirectoryIdentityProvider.spec.groupSearch.userAttributeForFilter 
Add the field to the tmpl file and run codegen.
Also update the count of the fields of our APIs in an integration test.
 2023-05-31 11:09:08 -07:00
Ryan Richard
552eceabdb Add integration test for UserAttributeForFilter group search setting 
Also adds new integration test env var to support the new test:
PINNIPED_TEST_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN
 2023-05-31 10:29:44 -07:00
Ryan Richard
e3b7ba3677 Add group search tests for UserAttributeForFilter in ldap_client_test.go 2023-05-31 10:29:44 -07:00
Ryan Richard
bad5e60a8e Add LDAPIdentityProvider.spec.groupSearch.userAttributeForFilter 
Add the field to the tmpl file and run codegen.
Also update the count of the fields of our APIs in an integration test.
 2023-05-25 09:52:15 -07:00
Ryan Richard
187ee80ee3 Handle the new output of kubectl explain which indents differently 2023-05-10 19:56:59 -07:00
Ryan Richard
484f134a98 Handle the new output of kubectl explain which shows GROUP separately 2023-05-10 18:03:40 -07:00
Ryan Richard
1e6e9e0c0e Change tests to expect new error format from pkg golang.org/x/oauth2 2023-05-10 16:52:09 -07:00
Ryan Richard
bc9afc4554 Aggregated API endpoints now must implement rest.SingularNameProvider 
This was a change in the interface requirements introduced in Kube 1.27.
 2023-05-10 16:50:50 -07:00
Ryan Richard
19b60fe563 Clarify audience value in Concierge-only auth doc, and other doc updates 
Also renamed a couple of integration test files to make their names
more clear.
 2023-04-03 16:54:10 -07:00
Ryan Richard
7cd16b179c Fix integration tests to pass with Kube 1.27/1.28 pre-release builds 
Fix test failures that occurred in the k8s-main integration test CI job
when using Kube 1.27 and 1.28 pre-release builds.
 2023-04-03 14:16:47 -07:00
Ryan Richard
a04129548f Increase some test timeouts that failed once on Kind jobs in CI 2023-04-03 11:46:11 -07:00
Joshua Casey
24cf7c5bcd Remove internal/psets in favor of k8s.io/apimachinery/pkg/util/sets 2023-01-31 10:10:44 -06:00
Ryan Richard
2d3e53e6ac Increase timeouts in supervisor_oidcclientsecret_test.go 
They were too short after enabling the race detector for integration
tests in CI.
 2023-01-27 14:23:04 -08:00
Ryan Richard
c6e4133c5e Accept both old and new cert error strings on MacOS in test assertions 
Used this as an opportunity to refactor how some tests were
making assertions about error strings.

New test helpers make it easy for an error string to be expected as an
exact string, as a string built using sprintf, as a regexp, or as a
string built to include the platform-specific x509 error string.

All of these helpers can be used in a single `wantErr` field of a test
table. They can be used for both unit tests and integration tests.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-20 15:01:36 -08:00