Add WebhookAuthenticator integration tests, expand unit tests

- Add WebhookAuthenticator unit tests, update generated code - Add validateTLSNegotiation(), update tests - Update validateTLSNegotiation, add unit tests, factor out helpers - Update generated code
2026-01-07 14:05:50 +00:00 · 2024-02-21 15:05:01 -05:00
parent ef36b454ba
commit 590e2d18f7
37 changed files with 1338 additions and 194 deletions
--- a/generated/1.27/README.adoc
+++ b/generated/1.27/README.adoc
@@ -154,6 +154,18 @@ WebhookAuthenticator describes the configuration of a webhook authenticator.



+[id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-webhookauthenticatorphase"]
+==== WebhookAuthenticatorPhase (string) 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus[$$WebhookAuthenticatorStatus$$]
+****
+
+
+
 [id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec"]
 ==== WebhookAuthenticatorSpec 

@@ -186,6 +198,7 @@ Status of a webhook authenticator.
 |===
 | Field | Description
 | *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#condition-v1-meta[$$Condition$$] array__ | Represents the observations of the authenticator's current state.
+| *`phase`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-webhookauthenticatorphase[$$WebhookAuthenticatorPhase$$]__ | Phase summarizes the overall status of the WebhookAuthenticator.
 |===


--- a/generated/1.27/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go
+++ b/generated/1.27/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go
@@ -1,10 +1,23 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

 package v1alpha1

 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

+type WebhookAuthenticatorPhase string
+
+const (
+	// WebhookAuthenticatorPhasePending is the default phase for newly-created WebhookAuthenticator resources.
+	WebhookAuthenticatorPhasePending WebhookAuthenticatorPhase = "Pending"
+
+	// WebhookAuthenticatorPhaseReady is the phase for an WebhookAuthenticator resource in a healthy state.
+	WebhookAuthenticatorPhaseReady WebhookAuthenticatorPhase = "Ready"
+
+	// WebhookAuthenticatorPhaseError is the phase for an WebhookAuthenticator in an unhealthy state.
+	WebhookAuthenticatorPhaseError WebhookAuthenticatorPhase = "Error"
+)
+
 // Status of a webhook authenticator.
 type WebhookAuthenticatorStatus struct {
 	// Represents the observations of the authenticator's current state.
@@ -13,6 +26,10 @@ type WebhookAuthenticatorStatus struct {
 	// +listType=map
 	// +listMapKey=type
 	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	// Phase summarizes the overall status of the WebhookAuthenticator.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase WebhookAuthenticatorPhase `json:"phase,omitempty"`
 }

 // Spec for configuring a webhook authenticator.
--- a/generated/1.27/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
+++ b/generated/1.27/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
@@ -144,6 +144,14 @@ spec:
                x-kubernetes-list-map-keys:
                - type
                x-kubernetes-list-type: map
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the WebhookAuthenticator.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
            type: object
        required:
        - spec