From c0bab69cd1b6247b159cdd26b7b3181129a3abe9 Mon Sep 17 00:00:00 2001
From: Joshua Casey <joshuatcasey@gmail.com>
Date: Fri, 30 Aug 2024 12:42:03 -0500
Subject: [PATCH] Allow the Dex hostname to be set by integration tests

Co-authored-by: Ryan Richard <richardry@vmware.com>
---
 test/deploy/tools/cert-issuer.yaml | 9 ++++++---
 test/deploy/tools/dex.yaml         | 5 +++--
 test/deploy/tools/values.yaml      | 7 ++++++-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/test/deploy/tools/cert-issuer.yaml b/test/deploy/tools/cert-issuer.yaml
index b777e64aa..5eca49eea 100644
--- a/test/deploy/tools/cert-issuer.yaml
+++ b/test/deploy/tools/cert-issuer.yaml
@@ -1,4 +1,4 @@
-#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:data", "data")
@@ -56,6 +56,9 @@ spec:
         image: #@ data.values.cfssl_image
         imagePullPolicy: IfNotPresent
         command: ["/bin/bash"]
+        env:
+        - name: DEX_ISSUER_HOSTNAME
+          value: #@ data.values.dex_issuer_hostname
         args:
         - -c
         - |
@@ -74,8 +77,8 @@ spec:
             -ca ca.pem -ca-key ca-key.pem \
             -config /tmp/cfssl-default.json \
             -profile www \
-            -cn "dex.tools.svc.cluster.local" \
-            -hostname "dex.tools.svc.cluster.local" \
+            -cn "${DEX_ISSUER_HOSTNAME}" \
+            -hostname "${DEX_ISSUER_HOSTNAME}" \
             /tmp/csr.json \
             | cfssljson -bare dex
 
diff --git a/test/deploy/tools/dex.yaml b/test/deploy/tools/dex.yaml
index 06c266de1..e982361c0 100644
--- a/test/deploy/tools/dex.yaml
+++ b/test/deploy/tools/dex.yaml
@@ -1,4 +1,4 @@
-#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:data", "data")
@@ -6,7 +6,8 @@
 #@ load("@ytt:yaml", "yaml")
 
 #@ def dexConfig():
-issuer: https://dex.tools.svc.cluster.local/dex
+#! example: https://dex.tools.svc.cluster.local/dex
+issuer: #@ "https://" + data.values.dex_issuer_hostname + "/dex"
 storage:
   type: sqlite3
   config:
diff --git a/test/deploy/tools/values.yaml b/test/deploy/tools/values.yaml
index 8f563949f..271ca95cf 100644
--- a/test/deploy/tools/values.yaml
+++ b/test/deploy/tools/values.yaml
@@ -1,4 +1,4 @@
-#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@data/values
@@ -16,6 +16,11 @@ ports:
   #! our Kind configuration which maps 127.0.0.1:12346 to port 31235 on the Kind worker node.
   local: 12346
 
+
+#! dex_issuer_hostname can be used to provide Dex with a DNS record or IP address for its hostname,
+#! which is used to construct an issuer uri and create a certificate to serve TLS.
+dex_issuer_hostname: dex.tools.svc.cluster.local
+
 #! supervisor_redirect_uris is an array of redirect uris that dex will use for its pinniped-supervisor client.
 #! usage: --data-value-yaml "supervisor_redirect_uris=[some-redirect.com,some-other-redirect.com]"
 supervisor_redirect_uris: []