Add tests for Github in FederationDomain ListerFinder

2026-01-05 04:56:11 +00:00 · 2024-04-03 15:25:51 -04:00
parent 0c7e95539f
commit 44edba6f75
16 changed files with 349 additions and 84 deletions
--- a/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher.go
+++ b/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher.go
@@ -238,7 +238,7 @@ func validateOrganizationsPolicy(organizationsSpec *v1alpha1.GitHubOrganizations
 }

 func (c *gitHubWatcherController) validateUpstreamAndUpdateConditions(ctx controllerlib.Context, upstream *v1alpha1.GitHubIdentityProvider) (
-	*upstreamgithub.ProviderConfig, // If validated, returns the config
+	*upstreamgithub.Provider, // If validated, returns the config
 	error, // This error will only refer to programmatic errors such as inability to perform a Dial or dereference a pointer, not configuration errors
 ) {
 	conditions := make([]*metav1.Condition, 0)
@@ -291,22 +291,24 @@ func (c *gitHubWatcherController) validateUpstreamAndUpdateConditions(ctx contro
 		return nil, k8sutilerrors.NewAggregate(applicationErrors)
 	}

-	providerConfig := &upstreamgithub.ProviderConfig{
-		Name:               upstream.Name,
-		ResourceUID:        upstream.UID,
-		Host:               hostURL,
-		GroupNameAttribute: groupNameAttribute,
-		UsernameAttribute:  usernameAttribute,
-		OAuth2Config: &oauth2.Config{
-			ClientID:     clientID,
-			ClientSecret: clientSecret,
+	provider := upstreamgithub.New(
+		upstreamgithub.ProviderConfig{
+			Name:               upstream.Name,
+			ResourceUID:        upstream.UID,
+			Host:               hostURL,
+			GroupNameAttribute: groupNameAttribute,
+			UsernameAttribute:  usernameAttribute,
+			OAuth2Config: &oauth2.Config{
+				ClientID:     clientID,
+				ClientSecret: clientSecret,
+			},
+			AllowedOrganizations:    upstream.Spec.AllowAuthentication.Organizations.Allowed,
+			OrganizationLoginPolicy: policy,
+			AuthorizationURL:        fmt.Sprintf("%s/login/oauth/authorize", hostURL),
+			HttpClient:              httpClient,
 		},
-		AllowedOrganizations:    upstream.Spec.AllowAuthentication.Organizations.Allowed,
-		OrganizationLoginPolicy: policy,
-		AuthorizationURL:        fmt.Sprintf("%s/login/oauth/authorize", hostURL),
-		HttpClient:              httpClient,
-	}
-	return providerConfig, k8sutilerrors.NewAggregate(applicationErrors)
+	)
+	return provider, k8sutilerrors.NewAggregate(applicationErrors)
 }

 func validateHost(gitHubAPIConfig v1alpha1.GitHubAPIConfig) (*metav1.Condition, *endpointaddr.HostPort) {
--- a/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher_test.go
+++ b/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher_test.go
@@ -371,7 +371,8 @@ func TestController(t *testing.T) {
 		wantErr                 string
 		wantLogs                []string
 		wantResultingCache      []*upstreamgithub.ProviderConfig
-		wantResultingUpstreams  []v1alpha1.GitHubIdentityProvider
+		// wantResultingCache      []*oidctestutil.TestUpstreamGitHubIdentityProvider
+		wantResultingUpstreams []v1alpha1.GitHubIdentityProvider
 	}{
 		{
 			name: "no GitHubIdentityProviders",
@@ -1717,7 +1718,9 @@ func TestController(t *testing.T) {

 			cache := dynamicupstreamprovider.NewDynamicUpstreamIDPProvider()
 			cache.SetGitHubIdentityProviders([]upstreamprovider.UpstreamGithubIdentityProviderI{
-				&upstreamgithub.ProviderConfig{Name: "initial-entry-to-remove"},
+				upstreamgithub.New(
+					upstreamgithub.ProviderConfig{Name: "initial-entry-to-remove"},
+				),
 			})

 			var log bytes.Buffer
@@ -1757,12 +1760,12 @@ func TestController(t *testing.T) {
 			require.Equal(t, len(tt.wantResultingCache), len(actualIDPList))
 			for i := 0; i < len(tt.wantResultingCache); i++ {
 				// Do not expect any particular order in the cache
-				var actualIDP *upstreamgithub.ProviderConfig
+				var actualIDP *upstreamgithub.Provider
 				for _, possibleIDP := range actualIDPList {
 					if possibleIDP.GetName() == tt.wantResultingCache[i].Name {
 						// For this check, we know that the actual IDPs are going to have type upstreamgithub.ProviderConfig
 						var ok bool
-						actualIDP, ok = possibleIDP.(*upstreamgithub.ProviderConfig)
+						actualIDP, ok = possibleIDP.(*upstreamgithub.Provider)
 						require.True(t, ok)
 						break
 					}
@@ -1785,7 +1788,8 @@ func TestController(t *testing.T) {
 				require.NoError(t, err)

 				compareTLSClientConfigWithinHttpClients(t, phttp.Default(certPool), actualIDP.GetHttpClient())
-				require.Equal(t, tt.wantResultingCache[i].OAuth2Config, actualIDP.OAuth2Config)
+				require.Equal(t, tt.wantResultingCache[i].OAuth2Config, actualIDP.GetOAuth2Config())
+
 			}

 			// Verify the status conditions as reported in Kubernetes