From 5bc4e678bf1f7a8dcfcffeabb16cdc40b7bb6654 Mon Sep 17 00:00:00 2001
From: "Benjamin A. Petersen" <ben@benjaminapetersen.me>
Date: Tue, 19 Mar 2024 17:45:26 -0400
Subject: [PATCH] WebhookAuthenticator Status integration test refactor to test
 table

---
 ...cierge_webhookauthenticator_status_test.go | 216 ++++++++----------
 1 file changed, 99 insertions(+), 117 deletions(-)

diff --git a/test/integration/concierge_webhookauthenticator_status_test.go b/test/integration/concierge_webhookauthenticator_status_test.go
index 70a139e98..e5aa0fe7e 100644
--- a/test/integration/concierge_webhookauthenticator_status_test.go
+++ b/test/integration/concierge_webhookauthenticator_status_test.go
@@ -21,157 +21,139 @@ func TestConciergeWebhookAuthenticatorStatus_Parallel(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	t.Cleanup(cancel)
 
+	caBundleSomePivotalCA := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lWQUpzNStTbVRtaTJXeUI0bGJJRXBXaUs5a1RkUE1BMEdDU3FHU0liM0RRRUIKQ3dVQU1COHhDekFKQmdOVkJBWVRBbFZUTVJBd0RnWURWUVFLREFkUWFYWnZkR0ZzTUI0WERUSXdNRFV3TkRFMgpNamMxT0ZvWERUSTBNRFV3TlRFMk1qYzFPRm93SHpFTE1Ba0dBMVVFQmhNQ1ZWTXhFREFPQmdOVkJBb01CMUJwCmRtOTBZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRERZWmZvWGR4Z2NXTEMKZEJtbHB5a0tBaG9JMlBuUWtsVFNXMno1cGcwaXJjOGFRL1E3MXZzMTRZYStmdWtFTGlvOTRZYWw4R01DdVFrbApMZ3AvUEE5N1VYelhQNDBpK25iNXcwRGpwWWd2dU9KQXJXMno2MFRnWE5NSFh3VHk4ME1SZEhpUFVWZ0VZd0JpCmtkNThzdEFVS1Y1MnBQTU1reTJjNy9BcFhJNmRXR2xjalUvaFBsNmtpRzZ5dEw2REtGYjJQRWV3MmdJM3pHZ2IKOFVVbnA1V05DZDd2WjNVY0ZHNXlsZEd3aGc3cnZ4U1ZLWi9WOEhCMGJmbjlxamlrSVcxWFM4dzdpUUNlQmdQMApYZWhKZmVITlZJaTJtZlczNlVQbWpMdnVKaGpqNDIrdFBQWndvdDkzdWtlcEgvbWpHcFJEVm9wamJyWGlpTUYrCkYxdnlPNGMxQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1IKTUI4R0ExVWRJd1FZTUJhQUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1JNQjBHQTFVZEpRUVdNQlFHQ0NzRwpBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCCkJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFYbEh4M2tIMDZwY2NDTDlEVE5qTnBCYnlVSytGd2R6T2IwWFYKcmpNaGtxdHVmdEpUUnR5T3hKZ0ZKNXhUR3pCdEtKamcrVU1pczBOV0t0VDBNWThVMU45U2c5SDl0RFpHRHBjVQpxMlVRU0Y4dXRQMVR3dnJIUzIrdzB2MUoxdHgrTEFiU0lmWmJCV0xXQ21EODUzRlVoWlFZekkvYXpFM28vd0p1CmlPUklMdUpNUk5vNlBXY3VLZmRFVkhaS1RTWnk3a25FcHNidGtsN3EwRE91eUFWdG9HVnlkb3VUR0FOdFhXK2YKczNUSTJjKzErZXg3L2RZOEJGQTFzNWFUOG5vZnU3T1RTTzdiS1kzSkRBUHZOeFQzKzVZUXJwNGR1Nmh0YUFMbAppOHNaRkhidmxpd2EzdlhxL3p1Y2JEaHEzQzBhZnAzV2ZwRGxwSlpvLy9QUUFKaTZLQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+
 	tests := []struct {
-		name string
-		run  func(t *testing.T)
+		name            string
+		spec            func() *v1alpha1.WebhookAuthenticatorSpec
+		initialPhase    v1alpha1.WebhookAuthenticatorPhase
+		finalConditions []metav1.Condition
+		run             func(t *testing.T)
 	}{
 		{
 			name: "Basic test to see if the WebhookAuthenticator wakes up or not.",
-			run: func(t *testing.T) {
-				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
-					ctx,
-					t,
-					&testlib.IntegrationEnv(t).TestWebhook,
-					v1alpha1.WebhookAuthenticatorPhaseReady)
-
-				testlib.WaitForWebhookAuthenticatorStatusConditions(
-					ctx, t,
-					webhookAuthenticator.Name,
-					allSuccessfulWebhookAuthenticatorConditions())
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
+				return &testlib.IntegrationEnv(t).TestWebhook
 			},
+			initialPhase:    v1alpha1.WebhookAuthenticatorPhaseReady,
+			finalConditions: allSuccessfulWebhookAuthenticatorConditions(),
 		}, {
 			name: "valid spec with invalid CA in TLS config will result in a WebhookAuthenticator that is not ready",
-			run: func(t *testing.T) {
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
 				caBundleString := "invalid base64-encoded data"
 				webhookSpec := testEnv.TestWebhook.DeepCopy()
 				webhookSpec.TLS = &v1alpha1.TLSSpec{
 					CertificateAuthorityData: caBundleString,
 				}
-
-				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
-					ctx,
-					t,
-					webhookSpec,
-					v1alpha1.WebhookAuthenticatorPhaseError)
-
-				testlib.WaitForWebhookAuthenticatorStatusConditions(
-					ctx, t,
-					webhookAuthenticator.Name,
-					replaceSomeConditions(
-						allSuccessfulWebhookAuthenticatorConditions(),
-						[]metav1.Condition{
-							{
-								Type:    "Ready",
-								Status:  "False",
-								Reason:  "NotReady",
-								Message: "the WebhookAuthenticator is not ready: see other conditions for details",
-							}, {
-								Type:    "AuthenticatorValid",
-								Status:  "Unknown",
-								Reason:  "UnableToValidate",
-								Message: "unable to validate; see other conditions for details",
-							}, {
-								Type:    "TLSConfigurationValid",
-								Status:  "False",
-								Reason:  "InvalidTLSConfiguration",
-								Message: "invalid TLS configuration: illegal base64 data at input byte 7",
-							}, {
-								Type:    "TLSConnectionNegotiationValid",
-								Status:  "Unknown",
-								Reason:  "UnableToValidate",
-								Message: "unable to validate; see other conditions for details",
-							},
-						},
-					))
+				return webhookSpec
 			},
+			initialPhase: v1alpha1.WebhookAuthenticatorPhaseError,
+			finalConditions: replaceSomeConditions(
+				allSuccessfulWebhookAuthenticatorConditions(),
+				[]metav1.Condition{
+					{
+						Type:    "Ready",
+						Status:  "False",
+						Reason:  "NotReady",
+						Message: "the WebhookAuthenticator is not ready: see other conditions for details",
+					}, {
+						Type:    "AuthenticatorValid",
+						Status:  "Unknown",
+						Reason:  "UnableToValidate",
+						Message: "unable to validate; see other conditions for details",
+					}, {
+						Type:    "TLSConfigurationValid",
+						Status:  "False",
+						Reason:  "InvalidTLSConfiguration",
+						Message: "invalid TLS configuration: illegal base64 data at input byte 7",
+					}, {
+						Type:    "TLSConnectionNegotiationValid",
+						Status:  "Unknown",
+						Reason:  "UnableToValidate",
+						Message: "unable to validate; see other conditions for details",
+					},
+				},
+			),
 		}, {
 			name: "valid spec with valid CA in TLS config but does not match issuer server will result in a WebhookAuthenticator that is not ready",
-			run: func(t *testing.T) {
-				caBundleSomePivotalCA := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lWQUpzNStTbVRtaTJXeUI0bGJJRXBXaUs5a1RkUE1BMEdDU3FHU0liM0RRRUIKQ3dVQU1COHhDekFKQmdOVkJBWVRBbFZUTVJBd0RnWURWUVFLREFkUWFYWnZkR0ZzTUI0WERUSXdNRFV3TkRFMgpNamMxT0ZvWERUSTBNRFV3TlRFMk1qYzFPRm93SHpFTE1Ba0dBMVVFQmhNQ1ZWTXhFREFPQmdOVkJBb01CMUJwCmRtOTBZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRERZWmZvWGR4Z2NXTEMKZEJtbHB5a0tBaG9JMlBuUWtsVFNXMno1cGcwaXJjOGFRL1E3MXZzMTRZYStmdWtFTGlvOTRZYWw4R01DdVFrbApMZ3AvUEE5N1VYelhQNDBpK25iNXcwRGpwWWd2dU9KQXJXMno2MFRnWE5NSFh3VHk4ME1SZEhpUFVWZ0VZd0JpCmtkNThzdEFVS1Y1MnBQTU1reTJjNy9BcFhJNmRXR2xjalUvaFBsNmtpRzZ5dEw2REtGYjJQRWV3MmdJM3pHZ2IKOFVVbnA1V05DZDd2WjNVY0ZHNXlsZEd3aGc3cnZ4U1ZLWi9WOEhCMGJmbjlxamlrSVcxWFM4dzdpUUNlQmdQMApYZWhKZmVITlZJaTJtZlczNlVQbWpMdnVKaGpqNDIrdFBQWndvdDkzdWtlcEgvbWpHcFJEVm9wamJyWGlpTUYrCkYxdnlPNGMxQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1IKTUI4R0ExVWRJd1FZTUJhQUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1JNQjBHQTFVZEpRUVdNQlFHQ0NzRwpBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCCkJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFYbEh4M2tIMDZwY2NDTDlEVE5qTnBCYnlVSytGd2R6T2IwWFYKcmpNaGtxdHVmdEpUUnR5T3hKZ0ZKNXhUR3pCdEtKamcrVU1pczBOV0t0VDBNWThVMU45U2c5SDl0RFpHRHBjVQpxMlVRU0Y4dXRQMVR3dnJIUzIrdzB2MUoxdHgrTEFiU0lmWmJCV0xXQ21EODUzRlVoWlFZekkvYXpFM28vd0p1CmlPUklMdUpNUk5vNlBXY3VLZmRFVkhaS1RTWnk3a25FcHNidGtsN3EwRE91eUFWdG9HVnlkb3VUR0FOdFhXK2YKczNUSTJjKzErZXg3L2RZOEJGQTFzNWFUOG5vZnU3T1RTTzdiS1kzSkRBUHZOeFQzKzVZUXJwNGR1Nmh0YUFMbAppOHNaRkhidmxpd2EzdlhxL3p1Y2JEaHEzQzBhZnAzV2ZwRGxwSlpvLy9QUUFKaTZLQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
 				webhookSpec := testEnv.TestWebhook.DeepCopy()
 				webhookSpec.TLS = &v1alpha1.TLSSpec{
 					CertificateAuthorityData: caBundleSomePivotalCA,
 				}
-
-				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
-					ctx,
-					t,
-					webhookSpec,
-					v1alpha1.WebhookAuthenticatorPhaseError)
-
-				testlib.WaitForWebhookAuthenticatorStatusConditions(
-					ctx, t,
-					webhookAuthenticator.Name,
-					replaceSomeConditions(
-						allSuccessfulWebhookAuthenticatorConditions(),
-						[]metav1.Condition{
-							{
-								Type:    "Ready",
-								Status:  "False",
-								Reason:  "NotReady",
-								Message: "the WebhookAuthenticator is not ready: see other conditions for details",
-							}, {
-								Type:    "AuthenticatorValid",
-								Status:  "Unknown",
-								Reason:  "UnableToValidate",
-								Message: "unable to validate; see other conditions for details",
-							}, {
-								Type:    "TLSConnectionNegotiationValid",
-								Status:  "False",
-								Reason:  "UnableToDialServer",
-								Message: "cannot dial server: tls: failed to verify certificate: x509: certificate signed by unknown authority",
-							},
-						},
-					))
+				return webhookSpec
 			},
+			initialPhase: v1alpha1.WebhookAuthenticatorPhaseError,
+			finalConditions: replaceSomeConditions(
+				allSuccessfulWebhookAuthenticatorConditions(),
+				[]metav1.Condition{
+					{
+						Type:    "Ready",
+						Status:  "False",
+						Reason:  "NotReady",
+						Message: "the WebhookAuthenticator is not ready: see other conditions for details",
+					}, {
+						Type:    "AuthenticatorValid",
+						Status:  "Unknown",
+						Reason:  "UnableToValidate",
+						Message: "unable to validate; see other conditions for details",
+					}, {
+						Type:    "TLSConnectionNegotiationValid",
+						Status:  "False",
+						Reason:  "UnableToDialServer",
+						Message: "cannot dial server: tls: failed to verify certificate: x509: certificate signed by unknown authority",
+					},
+				},
+			),
 		}, {
 			name: "invalid with unresponsive endpoint will result in a WebhookAuthenticator that is not ready",
-			run: func(t *testing.T) {
-				caBundleSomePivotalCA := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lWQUpzNStTbVRtaTJXeUI0bGJJRXBXaUs5a1RkUE1BMEdDU3FHU0liM0RRRUIKQ3dVQU1COHhDekFKQmdOVkJBWVRBbFZUTVJBd0RnWURWUVFLREFkUWFYWnZkR0ZzTUI0WERUSXdNRFV3TkRFMgpNamMxT0ZvWERUSTBNRFV3TlRFMk1qYzFPRm93SHpFTE1Ba0dBMVVFQmhNQ1ZWTXhFREFPQmdOVkJBb01CMUJwCmRtOTBZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRERZWmZvWGR4Z2NXTEMKZEJtbHB5a0tBaG9JMlBuUWtsVFNXMno1cGcwaXJjOGFRL1E3MXZzMTRZYStmdWtFTGlvOTRZYWw4R01DdVFrbApMZ3AvUEE5N1VYelhQNDBpK25iNXcwRGpwWWd2dU9KQXJXMno2MFRnWE5NSFh3VHk4ME1SZEhpUFVWZ0VZd0JpCmtkNThzdEFVS1Y1MnBQTU1reTJjNy9BcFhJNmRXR2xjalUvaFBsNmtpRzZ5dEw2REtGYjJQRWV3MmdJM3pHZ2IKOFVVbnA1V05DZDd2WjNVY0ZHNXlsZEd3aGc3cnZ4U1ZLWi9WOEhCMGJmbjlxamlrSVcxWFM4dzdpUUNlQmdQMApYZWhKZmVITlZJaTJtZlczNlVQbWpMdnVKaGpqNDIrdFBQWndvdDkzdWtlcEgvbWpHcFJEVm9wamJyWGlpTUYrCkYxdnlPNGMxQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1IKTUI4R0ExVWRJd1FZTUJhQUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1JNQjBHQTFVZEpRUVdNQlFHQ0NzRwpBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCCkJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFYbEh4M2tIMDZwY2NDTDlEVE5qTnBCYnlVSytGd2R6T2IwWFYKcmpNaGtxdHVmdEpUUnR5T3hKZ0ZKNXhUR3pCdEtKamcrVU1pczBOV0t0VDBNWThVMU45U2c5SDl0RFpHRHBjVQpxMlVRU0Y4dXRQMVR3dnJIUzIrdzB2MUoxdHgrTEFiU0lmWmJCV0xXQ21EODUzRlVoWlFZekkvYXpFM28vd0p1CmlPUklMdUpNUk5vNlBXY3VLZmRFVkhaS1RTWnk3a25FcHNidGtsN3EwRE91eUFWdG9HVnlkb3VUR0FOdFhXK2YKczNUSTJjKzErZXg3L2RZOEJGQTFzNWFUOG5vZnU3T1RTTzdiS1kzSkRBUHZOeFQzKzVZUXJwNGR1Nmh0YUFMbAppOHNaRkhidmxpd2EzdlhxL3p1Y2JEaHEzQzBhZnAzV2ZwRGxwSlpvLy9QUUFKaTZLQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
 				webhookSpec := testEnv.TestWebhook.DeepCopy()
 				webhookSpec.TLS = &v1alpha1.TLSSpec{
 					CertificateAuthorityData: caBundleSomePivotalCA,
 				}
 				webhookSpec.Endpoint = "https://127.0.0.1:443/some-fake-endpoint"
-
-				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
-					ctx,
-					t,
-					webhookSpec,
-					v1alpha1.WebhookAuthenticatorPhaseError)
-
-				testlib.WaitForWebhookAuthenticatorStatusConditions(
-					ctx, t,
-					webhookAuthenticator.Name,
-					replaceSomeConditions(
-						allSuccessfulWebhookAuthenticatorConditions(),
-						[]metav1.Condition{
-							{
-								Type:    "Ready",
-								Status:  "False",
-								Reason:  "NotReady",
-								Message: "the WebhookAuthenticator is not ready: see other conditions for details",
-							}, {
-								Type:    "AuthenticatorValid",
-								Status:  "Unknown",
-								Reason:  "UnableToValidate",
-								Message: "unable to validate; see other conditions for details",
-							}, {
-								Type:    "TLSConnectionNegotiationValid",
-								Status:  "False",
-								Reason:  "UnableToDialServer",
-								Message: "cannot dial server: dial tcp 127.0.0.1:443: connect: connection refused",
-							},
-						},
-					))
+				return webhookSpec
 			},
+			initialPhase: v1alpha1.WebhookAuthenticatorPhaseError,
+			finalConditions: replaceSomeConditions(
+				allSuccessfulWebhookAuthenticatorConditions(),
+				[]metav1.Condition{
+					{
+						Type:    "Ready",
+						Status:  "False",
+						Reason:  "NotReady",
+						Message: "the WebhookAuthenticator is not ready: see other conditions for details",
+					}, {
+						Type:    "AuthenticatorValid",
+						Status:  "Unknown",
+						Reason:  "UnableToValidate",
+						Message: "unable to validate; see other conditions for details",
+					}, {
+						Type:    "TLSConnectionNegotiationValid",
+						Status:  "False",
+						Reason:  "UnableToDialServer",
+						Message: "cannot dial server: dial tcp 127.0.0.1:443: connect: connection refused",
+					},
+				},
+			),
 		},
 	}
 	for _, test := range tests {
 		tt := test
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
-			tt.run(t)
+
+			webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
+				ctx,
+				t,
+				tt.spec(),
+				tt.initialPhase)
+
+			testlib.WaitForWebhookAuthenticatorStatusConditions(
+				ctx, t,
+				webhookAuthenticator.Name,
+				tt.finalConditions)
 		})
 	}
 }