mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-05 21:15:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update hack/prepare-supervisor-on-kind.sh for GitHub IDPs

Browse Source
This commit is contained in:
Ryan Richard
2024-05-16 13:49:53 -07:00
parent b00cf65732
commit 2054708c53
1 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
hack/prepare-supervisor-on-kind.sh
View File

@@ -94,13 +94,6 @@ if [[ "$use_oidc_upstream" == "no" && "$use_ldap_upstream" == "no" && "$use_ad_u
exit 1
fi
if [[ "$use_github_upstream" == "yes" ]]; then
if [[ "${PINNIPED_TEST_SUPERVISOR_UPSTREAM_GITHUB_CLIENT_ID:-}" == "" || "${PINNIPED_TEST_SUPERVISOR_UPSTREAM_GITHUB_CLIENT_SECRET:-}" == "" ]]; then
echo "Error: Please set environment vars PINNIPED_TEST_SUPERVISOR_UPSTREAM_GITHUB_CLIENT_ID and PINNIPED_TEST_SUPERVISOR_UPSTREAM_GITHUB_CLIENT_SECRET when using --github flag"
exit 1
fi
fi
# Read the env vars output by hack/prepare-for-integration-tests.sh
source /tmp/integration-test-env
@@ -303,7 +296,7 @@ EOF
fi
if [[ "$use_github_upstream" == "yes" ]]; then
# Make an GitHubIdentityProvider. Needs to be configured with an actual GitHub App or GitHub OAuth App.
# Make an GitHubIdentityProvider. Needs to be configured with an actual GitHub App or GitHub OAuth App.
cat <<EOF | kubectl apply --namespace "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" -f -
apiVersion: idp.supervisor.pinniped.dev/v1alpha1
kind: GitHubIdentityProvider
@@ -317,7 +310,7 @@ spec:
policy: AllGitHubUsers
EOF
# Make a Secret for the above GitHubIdentityProvider to describe the GitHub client configured.
# Make a Secret for the above GitHubIdentityProvider to describe the GitHub client configured.
cat <<EOF | kubectl apply --namespace "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" -f -
apiVersion: v1
kind: Secret
@@ -325,9 +318,15 @@ type: "secrets.pinniped.dev/github-client"
metadata:
name: my-github-provider-client-secret
stringData:
clientID: "$PINNIPED_TEST_SUPERVISOR_UPSTREAM_GITHUB_CLIENT_ID"
clientSecret: "$PINNIPED_TEST_SUPERVISOR_UPSTREAM_GITHUB_CLIENT_SECRET"
clientID: "$PINNIPED_TEST_GITHUB_APP_CLIENT_ID"
clientSecret: "$PINNIPED_TEST_GITHUB_APP_CLIENT_SECRET"
EOF
# Grant the test user some RBAC permissions so we can play with kubectl as that user.
# TODO
# kubectl create clusterrolebinding github-test-user-can-view --clusterrole view \
# --user "$PINNIPED_TEST_GITHUB_TODO_WE_DONT_HAVE_THIS_VARIABLE_YET" \
# --dry-run=client --output yaml | kubectl apply -f -
fi
# Create a CA and TLS serving certificates for the Supervisor's FederationDomain.
@@ -591,6 +590,12 @@ if [[ "$use_ad_upstream" == "yes" ]]; then
echo
fi
if [[ "$use_github_upstream" == "yes" ]]; then
echo " GitHub Username: $PINNIPED_TEST_GITHUB_USER_USERNAME (or use your own account)"
echo " GitHub Password: $PINNIPED_TEST_GITHUB_USER_PASSWORD (also requires OTP, or use your own account)"
echo
fi
# Echo the commands that may be used to login and print the identity of the currently logged in user.
# Once the CLI has cached your tokens, it will automatically refresh your short-lived credentials whenever
# they expire, so you should not be prompted to log in again for the rest of the day.