mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 06:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix pre-existing integration tests for new JWTAuthenticator features

Browse Source
This commit is contained in:
Ryan Richard
2025-07-17 10:52:29 -07:00
parent 64e5e20010
commit 52622d5e4c
2 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
test/integration/audit_test.go
View File

@@ -209,6 +209,7 @@ func TestAuditLogsDuringLogin_Disruptive(t *testing.T) {
"personalInfo": map[string]any{
"username": "redacted",
"groups": []any{"redacted 2 values"},
"extras": map[string]any{"redacted": "redacted 1 keys"},
},
},
}, allConciergeTCRLogs)
@@ -342,6 +343,25 @@ func TestAuditLogsDuringLogin_Disruptive(t *testing.T) {
for _, log := range allConciergeTCRLogs {
require.NotEmpty(t, log["issuedClientCert"])
delete(log, "issuedClientCert")
// The value at the extras key "authentication.kubernetes.io/credential-id" will be a JWT ID,
// which is hard to predict, so just assert that it is there without worrying about its exact value.
require.Contains(t, log, "personalInfo")
personalInfo, ok := log["personalInfo"].(map[string]any)
require.True(t, ok)
require.NotNil(t, personalInfo["extras"])
extras, ok := personalInfo["extras"].(map[string]any)
require.True(t, ok)
require.Contains(t, extras, "authentication.kubernetes.io/credential-id")
require.Len(t, extras, 1) // should be the only key
id := extras["authentication.kubernetes.io/credential-id"]
idValues, ok := id.([]any)
require.True(t, ok)
require.Len(t, idValues, 1)
require.Regexp(t, "JTI=.+", idValues[0])
// Now that we have made assertions about all the expected extras,
// delete it so we can compare the rest using equals below.
delete(personalInfo, "extras")
}
// All values in the personalInfo map should not be redacted anymore.
@@ -357,6 +377,7 @@ func TestAuditLogsDuringLogin_Disruptive(t *testing.T) {
"personalInfo": map[string]any{
"username": expectedUsername,
"groups": expectedGroups,
// note: also has an "extras" key, which we deleted from the actual value above
},
},
}, allConciergeTCRLogs)

5
test/integration/kube_api_discovery_test.go
View File

@@ -451,8 +451,9 @@ func TestGetAPIResourceList(t *testing.T) { //nolint:gocyclo // each t.Run is pr
}
}
// manually update this value whenever you add additional fields to an API resource and then run the generator
totalExpectedAPIFields := 310
// Manually update this value whenever you add additional fields to an API resource and then run the generator.
// This is to ensure that this test checked every field in our whole API surface area.
totalExpectedAPIFields := 323
// Because we are parsing text from `kubectl explain` and because the format of that text can change
// over time, make a rudimentary assertion that this test exercised the whole tree of all fields of all