WebhookAuthenticator Status integration test refactor to test table

2026-01-06 05:27:23 +00:00 · 2024-03-19 17:45:26 -04:00
parent 90e7343fb5
commit 5bc4e678bf
1 changed files with 99 additions and 117 deletions
--- a/test/integration/concierge_webhookauthenticator_status_test.go
+++ b/test/integration/concierge_webhookauthenticator_status_test.go
@@ -21,157 +21,139 @@ func TestConciergeWebhookAuthenticatorStatus_Parallel(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	t.Cleanup(cancel)
 	caBundleSomePivotalCA := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lWQUpzNStTbVRtaTJXeUI0bGJJRXBXaUs5a1RkUE1BMEdDU3FHU0liM0RRRUIKQ3dVQU1COHhDekFKQmdOVkJBWVRBbFZUTVJBd0RnWURWUVFLREFkUWFYWnZkR0ZzTUI0WERUSXdNRFV3TkRFMgpNamMxT0ZvWERUSTBNRFV3TlRFMk1qYzFPRm93SHpFTE1Ba0dBMVVFQmhNQ1ZWTXhFREFPQmdOVkJBb01CMUJwCmRtOTBZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRERZWmZvWGR4Z2NXTEMKZEJtbHB5a0tBaG9JMlBuUWtsVFNXMno1cGcwaXJjOGFRL1E3MXZzMTRZYStmdWtFTGlvOTRZYWw4R01DdVFrbApMZ3AvUEE5N1VYelhQNDBpK25iNXcwRGpwWWd2dU9KQXJXMno2MFRnWE5NSFh3VHk4ME1SZEhpUFVWZ0VZd0JpCmtkNThzdEFVS1Y1MnBQTU1reTJjNy9BcFhJNmRXR2xjalUvaFBsNmtpRzZ5dEw2REtGYjJQRWV3MmdJM3pHZ2IKOFVVbnA1V05DZDd2WjNVY0ZHNXlsZEd3aGc3cnZ4U1ZLWi9WOEhCMGJmbjlxamlrSVcxWFM4dzdpUUNlQmdQMApYZWhKZmVITlZJaTJtZlczNlVQbWpMdnVKaGpqNDIrdFBQWndvdDkzdWtlcEgvbWpHcFJEVm9wamJyWGlpTUYrCkYxdnlPNGMxQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1IKTUI4R0ExVWRJd1FZTUJhQUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1JNQjBHQTFVZEpRUVdNQlFHQ0NzRwpBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCCkJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFYbEh4M2tIMDZwY2NDTDlEVE5qTnBCYnlVSytGd2R6T2IwWFYKcmpNaGtxdHVmdEpUUnR5T3hKZ0ZKNXhUR3pCdEtKamcrVU1pczBOV0t0VDBNWThVMU45U2c5SDl0RFpHRHBjVQpxMlVRU0Y4dXRQMVR3dnJIUzIrdzB2MUoxdHgrTEFiU0lmWmJCV0xXQ21EODUzRlVoWlFZekkvYXpFM28vd0p1CmlPUklMdUpNUk5vNlBXY3VLZmRFVkhaS1RTWnk3a25FcHNidGtsN3EwRE91eUFWdG9HVnlkb3VUR0FOdFhXK2YKczNUSTJjKzErZXg3L2RZOEJGQTFzNWFUOG5vZnU3T1RTTzdiS1kzSkRBUHZOeFQzKzVZUXJwNGR1Nmh0YUFMbAppOHNaRkhidmxpd2EzdlhxL3p1Y2JEaHEzQzBhZnAzV2ZwRGxwSlpvLy9QUUFKaTZLQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
 	tests := []struct {
-		name string
+		name            string
-		run  func(t *testing.T)
+		spec            func() *v1alpha1.WebhookAuthenticatorSpec
 		initialPhase    v1alpha1.WebhookAuthenticatorPhase
 		finalConditions []metav1.Condition
 		run             func(t *testing.T)
 	}{
 		{
 			name: "Basic test to see if the WebhookAuthenticator wakes up or not.",
-			run: func(t *testing.T) {
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
-				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
+				return &testlib.IntegrationEnv(t).TestWebhook
 					ctx,
 					t,
 					&testlib.IntegrationEnv(t).TestWebhook,
 					v1alpha1.WebhookAuthenticatorPhaseReady)
 				testlib.WaitForWebhookAuthenticatorStatusConditions(
 					ctx, t,
 					webhookAuthenticator.Name,
 					allSuccessfulWebhookAuthenticatorConditions())
 			},
 			initialPhase:    v1alpha1.WebhookAuthenticatorPhaseReady,
 			finalConditions: allSuccessfulWebhookAuthenticatorConditions(),
 		}, {
 			name: "valid spec with invalid CA in TLS config will result in a WebhookAuthenticator that is not ready",
-			run: func(t *testing.T) {
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
 				caBundleString := "invalid base64-encoded data"
 				webhookSpec := testEnv.TestWebhook.DeepCopy()
 				webhookSpec.TLS = &v1alpha1.TLSSpec{
 					CertificateAuthorityData: caBundleString,
 				}
-
+				return webhookSpec
 				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
 					ctx,
 					t,
 					webhookSpec,
 					v1alpha1.WebhookAuthenticatorPhaseError)
 				testlib.WaitForWebhookAuthenticatorStatusConditions(
 					ctx, t,
 					webhookAuthenticator.Name,
 					replaceSomeConditions(
 						allSuccessfulWebhookAuthenticatorConditions(),
 						[]metav1.Condition{
 							{
 								Type:    "Ready",
 								Status:  "False",
 								Reason:  "NotReady",
 								Message: "the WebhookAuthenticator is not ready: see other conditions for details",
 							}, {
 								Type:    "AuthenticatorValid",
 								Status:  "Unknown",
 								Reason:  "UnableToValidate",
 								Message: "unable to validate; see other conditions for details",
 							}, {
 								Type:    "TLSConfigurationValid",
 								Status:  "False",
 								Reason:  "InvalidTLSConfiguration",
 								Message: "invalid TLS configuration: illegal base64 data at input byte 7",
 							}, {
 								Type:    "TLSConnectionNegotiationValid",
 								Status:  "Unknown",
 								Reason:  "UnableToValidate",
 								Message: "unable to validate; see other conditions for details",
 							},
 						},
 					))
 			},
 			initialPhase: v1alpha1.WebhookAuthenticatorPhaseError,
 			finalConditions: replaceSomeConditions(
 				allSuccessfulWebhookAuthenticatorConditions(),
 				[]metav1.Condition{
 					{
 						Type:    "Ready",
 						Status:  "False",
 						Reason:  "NotReady",
 						Message: "the WebhookAuthenticator is not ready: see other conditions for details",
 					}, {
 						Type:    "AuthenticatorValid",
 						Status:  "Unknown",
 						Reason:  "UnableToValidate",
 						Message: "unable to validate; see other conditions for details",
 					}, {
 						Type:    "TLSConfigurationValid",
 						Status:  "False",
 						Reason:  "InvalidTLSConfiguration",
 						Message: "invalid TLS configuration: illegal base64 data at input byte 7",
 					}, {
 						Type:    "TLSConnectionNegotiationValid",
 						Status:  "Unknown",
 						Reason:  "UnableToValidate",
 						Message: "unable to validate; see other conditions for details",
 					},
 				},
 			),
 		}, {
 			name: "valid spec with valid CA in TLS config but does not match issuer server will result in a WebhookAuthenticator that is not ready",
-			run: func(t *testing.T) {
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
 				caBundleSomePivotalCA := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lWQUpzNStTbVRtaTJXeUI0bGJJRXBXaUs5a1RkUE1BMEdDU3FHU0liM0RRRUIKQ3dVQU1COHhDekFKQmdOVkJBWVRBbFZUTVJBd0RnWURWUVFLREFkUWFYWnZkR0ZzTUI0WERUSXdNRFV3TkRFMgpNamMxT0ZvWERUSTBNRFV3TlRFMk1qYzFPRm93SHpFTE1Ba0dBMVVFQmhNQ1ZWTXhFREFPQmdOVkJBb01CMUJwCmRtOTBZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRERZWmZvWGR4Z2NXTEMKZEJtbHB5a0tBaG9JMlBuUWtsVFNXMno1cGcwaXJjOGFRL1E3MXZzMTRZYStmdWtFTGlvOTRZYWw4R01DdVFrbApMZ3AvUEE5N1VYelhQNDBpK25iNXcwRGpwWWd2dU9KQXJXMno2MFRnWE5NSFh3VHk4ME1SZEhpUFVWZ0VZd0JpCmtkNThzdEFVS1Y1MnBQTU1reTJjNy9BcFhJNmRXR2xjalUvaFBsNmtpRzZ5dEw2REtGYjJQRWV3MmdJM3pHZ2IKOFVVbnA1V05DZDd2WjNVY0ZHNXlsZEd3aGc3cnZ4U1ZLWi9WOEhCMGJmbjlxamlrSVcxWFM4dzdpUUNlQmdQMApYZWhKZmVITlZJaTJtZlczNlVQbWpMdnVKaGpqNDIrdFBQWndvdDkzdWtlcEgvbWpHcFJEVm9wamJyWGlpTUYrCkYxdnlPNGMxQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1IKTUI4R0ExVWRJd1FZTUJhQUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1JNQjBHQTFVZEpRUVdNQlFHQ0NzRwpBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCCkJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFYbEh4M2tIMDZwY2NDTDlEVE5qTnBCYnlVSytGd2R6T2IwWFYKcmpNaGtxdHVmdEpUUnR5T3hKZ0ZKNXhUR3pCdEtKamcrVU1pczBOV0t0VDBNWThVMU45U2c5SDl0RFpHRHBjVQpxMlVRU0Y4dXRQMVR3dnJIUzIrdzB2MUoxdHgrTEFiU0lmWmJCV0xXQ21EODUzRlVoWlFZekkvYXpFM28vd0p1CmlPUklMdUpNUk5vNlBXY3VLZmRFVkhaS1RTWnk3a25FcHNidGtsN3EwRE91eUFWdG9HVnlkb3VUR0FOdFhXK2YKczNUSTJjKzErZXg3L2RZOEJGQTFzNWFUOG5vZnU3T1RTTzdiS1kzSkRBUHZOeFQzKzVZUXJwNGR1Nmh0YUFMbAppOHNaRkhidmxpd2EzdlhxL3p1Y2JEaHEzQzBhZnAzV2ZwRGxwSlpvLy9QUUFKaTZLQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
 				webhookSpec := testEnv.TestWebhook.DeepCopy()
 				webhookSpec.TLS = &v1alpha1.TLSSpec{
 					CertificateAuthorityData: caBundleSomePivotalCA,
 				}
-
+				return webhookSpec
 				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
 					ctx,
 					t,
 					webhookSpec,
 					v1alpha1.WebhookAuthenticatorPhaseError)
 				testlib.WaitForWebhookAuthenticatorStatusConditions(
 					ctx, t,
 					webhookAuthenticator.Name,
 					replaceSomeConditions(
 						allSuccessfulWebhookAuthenticatorConditions(),
 						[]metav1.Condition{
 							{
 								Type:    "Ready",
 								Status:  "False",
 								Reason:  "NotReady",
 								Message: "the WebhookAuthenticator is not ready: see other conditions for details",
 							}, {
 								Type:    "AuthenticatorValid",
 								Status:  "Unknown",
 								Reason:  "UnableToValidate",
 								Message: "unable to validate; see other conditions for details",
 							}, {
 								Type:    "TLSConnectionNegotiationValid",
 								Status:  "False",
 								Reason:  "UnableToDialServer",
 								Message: "cannot dial server: tls: failed to verify certificate: x509: certificate signed by unknown authority",
 							},
 						},
 					))
 			},
 			initialPhase: v1alpha1.WebhookAuthenticatorPhaseError,
 			finalConditions: replaceSomeConditions(
 				allSuccessfulWebhookAuthenticatorConditions(),
 				[]metav1.Condition{
 					{
 						Type:    "Ready",
 						Status:  "False",
 						Reason:  "NotReady",
 						Message: "the WebhookAuthenticator is not ready: see other conditions for details",
 					}, {
 						Type:    "AuthenticatorValid",
 						Status:  "Unknown",
 						Reason:  "UnableToValidate",
 						Message: "unable to validate; see other conditions for details",
 					}, {
 						Type:    "TLSConnectionNegotiationValid",
 						Status:  "False",
 						Reason:  "UnableToDialServer",
 						Message: "cannot dial server: tls: failed to verify certificate: x509: certificate signed by unknown authority",
 					},
 				},
 			),
 		}, {
 			name: "invalid with unresponsive endpoint will result in a WebhookAuthenticator that is not ready",
-			run: func(t *testing.T) {
+			spec: func() *v1alpha1.WebhookAuthenticatorSpec {
 				caBundleSomePivotalCA := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lWQUpzNStTbVRtaTJXeUI0bGJJRXBXaUs5a1RkUE1BMEdDU3FHU0liM0RRRUIKQ3dVQU1COHhDekFKQmdOVkJBWVRBbFZUTVJBd0RnWURWUVFLREFkUWFYWnZkR0ZzTUI0WERUSXdNRFV3TkRFMgpNamMxT0ZvWERUSTBNRFV3TlRFMk1qYzFPRm93SHpFTE1Ba0dBMVVFQmhNQ1ZWTXhFREFPQmdOVkJBb01CMUJwCmRtOTBZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRERZWmZvWGR4Z2NXTEMKZEJtbHB5a0tBaG9JMlBuUWtsVFNXMno1cGcwaXJjOGFRL1E3MXZzMTRZYStmdWtFTGlvOTRZYWw4R01DdVFrbApMZ3AvUEE5N1VYelhQNDBpK25iNXcwRGpwWWd2dU9KQXJXMno2MFRnWE5NSFh3VHk4ME1SZEhpUFVWZ0VZd0JpCmtkNThzdEFVS1Y1MnBQTU1reTJjNy9BcFhJNmRXR2xjalUvaFBsNmtpRzZ5dEw2REtGYjJQRWV3MmdJM3pHZ2IKOFVVbnA1V05DZDd2WjNVY0ZHNXlsZEd3aGc3cnZ4U1ZLWi9WOEhCMGJmbjlxamlrSVcxWFM4dzdpUUNlQmdQMApYZWhKZmVITlZJaTJtZlczNlVQbWpMdnVKaGpqNDIrdFBQWndvdDkzdWtlcEgvbWpHcFJEVm9wamJyWGlpTUYrCkYxdnlPNGMxQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1IKTUI4R0ExVWRJd1FZTUJhQUZNTWJpSXFhdVkwajRVWWphWDl0bDJzby9LQ1JNQjBHQTFVZEpRUVdNQlFHQ0NzRwpBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCCkJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFYbEh4M2tIMDZwY2NDTDlEVE5qTnBCYnlVSytGd2R6T2IwWFYKcmpNaGtxdHVmdEpUUnR5T3hKZ0ZKNXhUR3pCdEtKamcrVU1pczBOV0t0VDBNWThVMU45U2c5SDl0RFpHRHBjVQpxMlVRU0Y4dXRQMVR3dnJIUzIrdzB2MUoxdHgrTEFiU0lmWmJCV0xXQ21EODUzRlVoWlFZekkvYXpFM28vd0p1CmlPUklMdUpNUk5vNlBXY3VLZmRFVkhaS1RTWnk3a25FcHNidGtsN3EwRE91eUFWdG9HVnlkb3VUR0FOdFhXK2YKczNUSTJjKzErZXg3L2RZOEJGQTFzNWFUOG5vZnU3T1RTTzdiS1kzSkRBUHZOeFQzKzVZUXJwNGR1Nmh0YUFMbAppOHNaRkhidmxpd2EzdlhxL3p1Y2JEaHEzQzBhZnAzV2ZwRGxwSlpvLy9QUUFKaTZLQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
 				webhookSpec := testEnv.TestWebhook.DeepCopy()
 				webhookSpec.TLS = &v1alpha1.TLSSpec{
 					CertificateAuthorityData: caBundleSomePivotalCA,
 				}
 				webhookSpec.Endpoint = "https://127.0.0.1:443/some-fake-endpoint"
-
+				return webhookSpec
 				webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
 					ctx,
 					t,
 					webhookSpec,
 					v1alpha1.WebhookAuthenticatorPhaseError)
 				testlib.WaitForWebhookAuthenticatorStatusConditions(
 					ctx, t,
 					webhookAuthenticator.Name,
 					replaceSomeConditions(
 						allSuccessfulWebhookAuthenticatorConditions(),
 						[]metav1.Condition{
 							{
 								Type:    "Ready",
 								Status:  "False",
 								Reason:  "NotReady",
 								Message: "the WebhookAuthenticator is not ready: see other conditions for details",
 							}, {
 								Type:    "AuthenticatorValid",
 								Status:  "Unknown",
 								Reason:  "UnableToValidate",
 								Message: "unable to validate; see other conditions for details",
 							}, {
 								Type:    "TLSConnectionNegotiationValid",
 								Status:  "False",
 								Reason:  "UnableToDialServer",
 								Message: "cannot dial server: dial tcp 127.0.0.1:443: connect: connection refused",
 							},
 						},
 					))
 			},
 			initialPhase: v1alpha1.WebhookAuthenticatorPhaseError,
 			finalConditions: replaceSomeConditions(
 				allSuccessfulWebhookAuthenticatorConditions(),
 				[]metav1.Condition{
 					{
 						Type:    "Ready",
 						Status:  "False",
 						Reason:  "NotReady",
 						Message: "the WebhookAuthenticator is not ready: see other conditions for details",
 					}, {
 						Type:    "AuthenticatorValid",
 						Status:  "Unknown",
 						Reason:  "UnableToValidate",
 						Message: "unable to validate; see other conditions for details",
 					}, {
 						Type:    "TLSConnectionNegotiationValid",
 						Status:  "False",
 						Reason:  "UnableToDialServer",
 						Message: "cannot dial server: dial tcp 127.0.0.1:443: connect: connection refused",
 					},
 				},
 			),
 		},
 	}
 	for _, test := range tests {
 		tt := test
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
-			tt.run(t)
+
 			webhookAuthenticator := testlib.CreateTestWebhookAuthenticator(
 				ctx,
 				t,
 				tt.spec(),
 				tt.initialPhase)
 			testlib.WaitForWebhookAuthenticatorStatusConditions(
 				ctx, t,
 				webhookAuthenticator.Name,
 				tt.finalConditions)
 		})
 	}
 }