diff --git a/test/integration/concierge_tls_spec_test.go b/test/integration/concierge_tls_spec_test.go index 314cc7495..b9a42c5e7 100644 --- a/test/integration/concierge_tls_spec_test.go +++ b/test/integration/concierge_tls_spec_test.go @@ -46,9 +46,9 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { `) testCases := []struct { - name string - tlsYAML string - expectedError string + name string + tlsYAML string + expectedErrorSnippets []string }{ { name: "should disallow certificate authority data source with missing name", @@ -58,7 +58,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { kind: Secret key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`}, }, { name: "should disallow certificate authority data source with empty value for name", @@ -69,7 +69,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: "" key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`}, }, { name: "should disallow certificate authority data source with missing key", @@ -79,7 +79,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { kind: Secret name: foo `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`}, }, { name: "should disallow certificate authority data source with empty value for key", @@ -90,7 +90,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: foo key: "" `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`}, }, { name: "should disallow certificate authority data source with missing kind", @@ -100,7 +100,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`}, }, { name: "should disallow certificate authority data source with empty value for kind", @@ -111,7 +111,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`}, }, { name: "should disallow certificate authority data source with invalid kind", @@ -122,7 +122,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`}, }, { name: "should create a custom resource passing all validations using a Secret source", @@ -133,7 +133,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: "", + expectedErrorSnippets: nil, }, { name: "should create a custom resource passing all validations using a ConfigMap source", @@ -144,12 +144,12 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: "", + expectedErrorSnippets: nil, }, { - name: "should create a custom resource without any tls spec", - tlsYAML: "", - expectedError: "", + name: "should create a custom resource without any tls spec", + tlsYAML: "", + expectedErrorSnippets: nil, }, } @@ -171,7 +171,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { t, webhookYamlBytes, `webhookauthenticator.authentication.concierge.pinniped.dev`, - tc.expectedError, + tc.expectedErrorSnippets, "WebhookAuthenticator", webhookResourceName, ) @@ -188,7 +188,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) { t, jwtAuthenticatorYamlBytes, `jwtauthenticator.authentication.concierge.pinniped.dev`, - tc.expectedError, + tc.expectedErrorSnippets, "JWTAuthenticator", jwtAuthenticatorResourceName, ) @@ -201,7 +201,7 @@ func performKubectlApply( t *testing.T, yamlBytes []byte, expectedSuccessPrefix string, - expectedError string, + expectedErrorSnippets []string, resourceType string, resourceName string, ) { @@ -227,11 +227,17 @@ func performKubectlApply( require.NoError(t, exec.Command("kubectl", []string{"delete", "--ignore-not-found", "-f", yamlFilepath}...).Run()) }) - if expectedError == "" { - require.Empty(t, stdErr.String()) - require.Regexp(t, regexp.QuoteMeta(expectedSuccessPrefix)+regexp.QuoteMeta(fmt.Sprintf("/%s created\n", resourceName)), stdOut.String()) - require.NoError(t, err) - } else { - require.Equal(t, fmt.Sprintf(expectedError, resourceType, resourceName), strings.TrimSuffix(stdErr.String(), "\n")) + if len(expectedErrorSnippets) > 0 { + actualErrorString := strings.TrimSuffix(stdErr.String(), "\n") + for i, snippet := range expectedErrorSnippets { + if i == 0 { + snippet = fmt.Sprintf(snippet, resourceType, resourceName) + } + require.Contains(t, actualErrorString, snippet) + } + return } + require.Empty(t, stdErr.String()) + require.Regexp(t, regexp.QuoteMeta(expectedSuccessPrefix)+regexp.QuoteMeta(fmt.Sprintf("/%s created\n", resourceName)), stdOut.String()) + require.NoError(t, err) } diff --git a/test/integration/supervisor_tls_spec_test.go b/test/integration/supervisor_tls_spec_test.go index 8d14708a5..a8a6ab607 100644 --- a/test/integration/supervisor_tls_spec_test.go +++ b/test/integration/supervisor_tls_spec_test.go @@ -76,10 +76,10 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { `) testCases := []struct { - name string - tlsYAML string - expectedError string - expectedGitHubError string + name string + tlsYAML string + expectedErrorSnippets []string + expectedGitHubErrorSnippets []string }{ { name: "should disallow certificate authority data source with missing name", @@ -89,11 +89,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { kind: Secret key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`, - expectedGitHubError: here.Doc(` - The %s "%s" is invalid: - * spec.githubAPI.tls.certificateAuthorityDataSource.name: Required value - * : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`), + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`}, + expectedGitHubErrorSnippets: []string{ + `The %s "%s" is invalid:`, + "* spec.githubAPI.tls.certificateAuthorityDataSource.name: Required value", + }, }, { name: "should disallow certificate authority data source with empty value for name", @@ -104,8 +104,8 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: "" key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`, - expectedGitHubError: `The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`}, + expectedGitHubErrorSnippets: []string{`The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`}, }, { name: "should disallow certificate authority data source with missing key", @@ -115,11 +115,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { kind: Secret name: foo `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`, - expectedGitHubError: here.Doc(` - The %s "%s" is invalid: - * spec.githubAPI.tls.certificateAuthorityDataSource.key: Required value - * : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`), + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`}, + expectedGitHubErrorSnippets: []string{ + `The %s "%s" is invalid:`, + "* spec.githubAPI.tls.certificateAuthorityDataSource.key: Required value", + }, }, { name: "should disallow certificate authority data source with empty value for key", @@ -130,8 +130,8 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: foo key: "" `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`, - expectedGitHubError: `The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`, + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`}, + expectedGitHubErrorSnippets: []string{`The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`}, }, { name: "should disallow certificate authority data source with missing kind", @@ -141,11 +141,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`, - expectedGitHubError: here.Doc(` - The %s "%s" is invalid: - * spec.githubAPI.tls.certificateAuthorityDataSource.kind: Required value - * : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`), + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`}, + expectedGitHubErrorSnippets: []string{ + `The %s "%s" is invalid:`, + "* spec.githubAPI.tls.certificateAuthorityDataSource.kind: Required value", + }, }, { name: "should disallow certificate authority data source with empty value for kind", @@ -156,11 +156,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`, - expectedGitHubError: here.Doc(` - The %s "%s" is invalid: - * spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap" - * : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`), + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`}, + expectedGitHubErrorSnippets: []string{ + `The %s "%s" is invalid:`, + `spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`, + }, }, { name: "should disallow certificate authority data source with invalid kind", @@ -171,11 +171,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`, - expectedGitHubError: here.Doc(` - The %s "%s" is invalid: - * spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap" - * : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`), + expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`}, + expectedGitHubErrorSnippets: []string{ + `The %s "%s" is invalid:`, + `spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`, + }, }, { name: "should create a custom resource passing all validations using a Secret source", @@ -186,7 +186,8 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: "", + expectedErrorSnippets: nil, + expectedGitHubErrorSnippets: nil, }, { name: "should create a custom resource passing all validations using a ConfigMap source", @@ -197,12 +198,14 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { name: foo key: bar `), - expectedError: "", + expectedErrorSnippets: nil, + expectedGitHubErrorSnippets: nil, }, { - name: "should create a custom resource without any tls spec", - tlsYAML: "", - expectedError: "", + name: "should create a custom resource without any tls spec", + tlsYAML: "", + expectedErrorSnippets: nil, + expectedGitHubErrorSnippets: nil, }, } @@ -224,7 +227,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { t, yamlBytes, `oidcidentityprovider.idp.supervisor.pinniped.dev`, - tc.expectedError, + tc.expectedErrorSnippets, "OIDCIdentityProvider", resourceName, ) @@ -239,7 +242,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { t, yamlBytes, `ldapidentityprovider.idp.supervisor.pinniped.dev`, - tc.expectedError, + tc.expectedErrorSnippets, "LDAPIdentityProvider", resourceName, ) @@ -254,7 +257,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { t, yamlBytes, `activedirectoryidentityprovider.idp.supervisor.pinniped.dev`, - tc.expectedError, + tc.expectedErrorSnippets, "ActiveDirectoryIdentityProvider", resourceName, ) @@ -264,9 +267,6 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { // GitHub is nested deeper indentedTLSYAMLForGitHub := strings.ReplaceAll(indentedTLSYAML, "\n", "\n ") - // This is how kubectl shows this error - expectedGitHubError := strings.ReplaceAll(tc.expectedGitHubError, "invalid:\n", "invalid: \n") - resourceName := "test-github-idp-" + testlib.RandHex(t, 7) yamlBytes := []byte(fmt.Sprintf(githubIDPTemplate, env.APIGroupSuffix, resourceName, indentedTLSYAMLForGitHub)) @@ -275,7 +275,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) { t, yamlBytes, `githubidentityprovider.idp.supervisor.pinniped.dev`, - expectedGitHubError, + tc.expectedGitHubErrorSnippets, "GitHubIdentityProvider", resourceName, )