mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-10 07:58:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

KubeStorage annotates every Secret with garbage-collect-after timestamp

Browse Source 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Ryan Richard
2020-12-10 14:47:58 -08:00
committed by Margo Crawford
parent b0c354637d
commit afd216308b
14 changed files with 339 additions and 305 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
test/integration/storage_test.go
View File

@@ -14,10 +14,12 @@ import (
"github.com/ory/fosite"
"github.com/ory/fosite/compose"
"github.com/stretchr/testify/require"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"go.pinniped.dev/internal/fositestorage/authorizationcode"
"go.pinniped.dev/internal/testutil"
"go.pinniped.dev/test/library"
)
@@ -54,7 +56,8 @@ func TestAuthorizeCodeStorage(t *testing.T) {
err := json.Unmarshal([]byte(authorizationcode.ExpectedAuthorizeCodeSessionJSONFromFuzzing), session)
require.NoError(t, err)
storage := authorizationcode.New(secrets)
sessionStorageLifetime := 5 * time.Minute
storage := authorizationcode.New(secrets, time.Now, sessionStorageLifetime)
// the session for this signature should not exist yet
notFoundRequest, err := storage.GetAuthorizeCodeSession(ctx, signature, nil)
@@ -75,6 +78,19 @@ func TestAuthorizeCodeStorage(t *testing.T) {
require.NoError(t, err)
require.JSONEq(t, authorizationcode.ExpectedAuthorizeCodeSessionJSONFromFuzzing, string(initialSecret.Data["pinniped-storage-data"]))
// check that the Secret got the expected annotations
actualGCAfterValue := initialSecret.Annotations["storage.pinniped.dev/garbage-collect-after"]
require.NotEmpty(t, actualGCAfterValue)
parsedActualGCAfterValue, err := time.Parse(time.RFC3339, actualGCAfterValue)
require.NoError(t, err)
testutil.RequireTimeInDelta(t, time.Now().Add(sessionStorageLifetime), parsedActualGCAfterValue, 30*time.Second)
// check that the Secret got the right labels
require.Equal(t, map[string]string{"storage.pinniped.dev/type": "authcode"}, initialSecret.Labels)
// check that the Secret got the right type
require.Equal(t, v1.SecretType("storage.pinniped.dev/authcode"), initialSecret.Type)
// we should be able to get the session now and the request should be the same as what we put in
request, err := storage.GetAuthorizeCodeSession(ctx, signature, nil)
require.NoError(t, err)