Always pass spec to CreateTestWebhookAuthenticator

2026-01-08 15:21:55 +00:00 · 2024-03-18 16:14:42 -04:00
parent a45a537cdb
commit 097e6d5340
9 changed files with 29 additions and 31 deletions
--- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go
+++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go
@@ -1163,7 +1163,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://www.example.com/foo/bar/#do-not-include-fragment",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 				},
 			},
@@ -1176,7 +1176,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://www.example.com/foo/bar/#do-not-include-fragment",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 					Status: auth1alpha1.JWTAuthenticatorStatus{
 						Conditions: conditionstestutil.Replace(
@@ -1210,7 +1210,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://www.example.com/foo/bar/?query-params=not-allowed",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 				},
 			},
@@ -1223,7 +1223,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://www.example.com/foo/bar/?query-params=not-allowed",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 					Status: auth1alpha1.JWTAuthenticatorStatus{
 						Conditions: conditionstestutil.Replace(
@@ -1257,7 +1257,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://www.example.com/foo/bar/.well-known/openid-configuration",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 				},
 			},
@@ -1270,7 +1270,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://www.example.com/foo/bar/.well-known/openid-configuration",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 					Status: auth1alpha1.JWTAuthenticatorStatus{
 						Conditions: conditionstestutil.Replace(
@@ -1345,7 +1345,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   goodIssuer + "/path/to/not/found",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 				},
 			},
@@ -1358,7 +1358,7 @@ func TestController(t *testing.T) {
 					Spec: auth1alpha1.JWTAuthenticatorSpec{
 						Issuer:   goodIssuer + "/path/to/not/found",
 						Audience: goodAudience,
-						TLS:      conciergetestutil.TlsSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
+						TLS:      conciergetestutil.TLSSpecFromTLSConfig(goodOIDCIssuerServer.TLS),
 					},
 					Status: auth1alpha1.JWTAuthenticatorStatus{
 						Conditions: conditionstestutil.Replace(
--- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go
+++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go
@@ -99,7 +99,6 @@ func TestController(t *testing.T) {
 	}), func(thisServer *httptest.Server) {
 		thisTLSConfig := ptls.Default(nil)
 		thisTLSConfig.Certificates = []tls.Certificate{
-			// public and private key pair, but server will only use private for serving
 			*hostAsLocalhostServingCert,
 		}
 		thisServer.TLS = thisTLSConfig
@@ -219,6 +218,7 @@ func TestController(t *testing.T) {
 			Message:            "the WebhookAuthenticator is not ready: see other conditions for details",
 		}
 	}
+
 	happyAuthenticatorValid := func(time metav1.Time, observedGeneration int64) metav1.Condition {
 		return metav1.Condition{
 			Type:               "AuthenticatorValid",
@@ -1038,8 +1038,6 @@ func TestNewWebhookAuthenticator(t *testing.T) {
 			},
 		}, conditions)
 		require.Nil(t, res)
-		// TODO: should this trigger the sync loop again with an error, or should this have been only
-		// status and log, indicating user must correct?
 		require.EqualError(t, err, "invalid TLS configuration: illegal base64 data at input byte 7")
 	})

@@ -1079,8 +1077,6 @@ func TestNewWebhookAuthenticator(t *testing.T) {
 	})

 	t.Run("success, webhook authenticator created", func(t *testing.T) {
-		// TODO(BEN): when enhancing webhook authenticator integration test, can prob
-		// steal this and create a super simpler server
 		caBundle, url := testutil.TLSTestServer(t, func(w http.ResponseWriter, r *http.Request) {
 			body, err := io.ReadAll(r.Body)
 			require.NoError(t, err)