Revert "add integration test for TLS config validation in OIDCIdentityProvider"

This reverts commit 59402bca7b.

test/integration/supervisor_upstream_test.go

@@ -5,7 +5,6 @@ package integration
 
 import (
 	"encoding/base64"
-	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -127,252 +126,6 @@ oidc: issuer did not match the issuer returned by provider, expected "` + env.Su
 			expectedTLSConfigValidCondition(env.SupervisorUpstreamOIDC.CABundle != ""),
 		})
 	})
-
-	t.Run("invalid when tlsSpec supplies both certificateAuthorityData and certificateAuthorityDataSource", func(t *testing.T) {
-		t.Parallel()
-		spec := idpv1alpha1.OIDCIdentityProviderSpec{
-			Issuer: env.SupervisorUpstreamOIDC.Issuer,
-			TLS: &idpv1alpha1.TLSSpec{
-				CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorUpstreamOIDC.CABundle)),
-				CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{
-					Kind: "ConfigMap",
-					Name: "does=not-matter",
-					Key:  "also-does-not-matter",
-				},
-			},
-			AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
-				AdditionalScopes: []string{"email", "profile"},
-			},
-			Client: idpv1alpha1.OIDCClient{
-				SecretName: testlib.CreateOIDCClientCredentialsSecret(t, "test-client-id", "test-client-secret").Name,
-			},
-		}
-		upstream := testlib.CreateTestOIDCIdentityProvider(t, spec, idpv1alpha1.PhaseError)
-		expectUpstreamConditions(t, upstream, []metav1.Condition{
-			{
-				Type:    "ClientCredentialsSecretValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "loaded client credentials",
-			},
-			{
-				Type:    "OIDCDiscoverySucceeded",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: "spec.tls is invalid: both tls.certificateAuthorityDataSource and tls.certificateAuthorityData provided",
-			},
-			{
-				Type:    "AdditionalAuthorizeParametersValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "additionalAuthorizeParameters parameter names are allowed",
-			},
-			{
-				Type:    "TLSConfigurationValid",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: "spec.tls is invalid: both tls.certificateAuthorityDataSource and tls.certificateAuthorityData provided",
-			},
-		})
-	})
-
-	t.Run("invalid when spec.tls.certificateAuthorityDataSource refers to a configmap that does not exist", func(t *testing.T) {
-		t.Parallel()
-		spec := idpv1alpha1.OIDCIdentityProviderSpec{
-			Issuer: env.SupervisorUpstreamOIDC.Issuer,
-			TLS: &idpv1alpha1.TLSSpec{
-				CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{
-					Kind: "ConfigMap",
-					Name: "does=not-exist",
-					Key:  "does-not-matter",
-				},
-			},
-			AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
-				AdditionalScopes: []string{"email", "profile"},
-			},
-			Client: idpv1alpha1.OIDCClient{
-				SecretName: testlib.CreateOIDCClientCredentialsSecret(t, "test-client-id", "test-client-secret").Name,
-			},
-		}
-		upstream := testlib.CreateTestOIDCIdentityProvider(t, spec, idpv1alpha1.PhaseError)
-		expectUpstreamConditions(t, upstream, []metav1.Condition{
-			{
-				Type:    "ClientCredentialsSecretValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "loaded client credentials",
-			},
-			{
-				Type:    "OIDCDiscoverySucceeded",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: "spec.tls.certificateAuthorityDataSource is invalid: failed to get configmap \"supervisor/does=not-exist\": configmap \"does=not-exist\" not found",
-			},
-			{
-				Type:    "AdditionalAuthorizeParametersValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "additionalAuthorizeParameters parameter names are allowed",
-			},
-			{
-				Type:    "TLSConfigurationValid",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: "spec.tls.certificateAuthorityDataSource is invalid: failed to get configmap \"supervisor/does=not-exist\": configmap \"does=not-exist\" not found",
-			},
-		})
-	})
-
-	t.Run("invalid when spec.tls.certificateAuthorityDataSource refers to a secret that does not exist", func(t *testing.T) {
-		t.Parallel()
-		spec := idpv1alpha1.OIDCIdentityProviderSpec{
-			Issuer: env.SupervisorUpstreamOIDC.Issuer,
-			TLS: &idpv1alpha1.TLSSpec{
-				CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{
-					Kind: "Secret",
-					Name: "does=not-exist",
-					Key:  "does-not-matter",
-				},
-			},
-			AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
-				AdditionalScopes: []string{"email", "profile"},
-			},
-			Client: idpv1alpha1.OIDCClient{
-				SecretName: testlib.CreateOIDCClientCredentialsSecret(t, "test-client-id", "test-client-secret").Name,
-			},
-		}
-		upstream := testlib.CreateTestOIDCIdentityProvider(t, spec, idpv1alpha1.PhaseError)
-		expectUpstreamConditions(t, upstream, []metav1.Condition{
-			{
-				Type:    "ClientCredentialsSecretValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "loaded client credentials",
-			},
-			{
-				Type:    "OIDCDiscoverySucceeded",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: "spec.tls.certificateAuthorityDataSource is invalid: failed to get secret \"supervisor/does=not-exist\": secret \"does=not-exist\" not found",
-			},
-			{
-				Type:    "AdditionalAuthorizeParametersValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "additionalAuthorizeParameters parameter names are allowed",
-			},
-			{
-				Type:    "TLSConfigurationValid",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: "spec.tls.certificateAuthorityDataSource is invalid: failed to get secret \"supervisor/does=not-exist\": secret \"does=not-exist\" not found",
-			},
-		})
-	})
-
-	t.Run("invalid when spec.tls.certificateAuthorityDataSource refers to a configmap that does not have valid PEM bytes", func(t *testing.T) {
-		t.Parallel()
-
-		badCABundleConfigMap := testlib.CreateTestConfigMap(t, env.SupervisorNamespace, "ca-bundle", map[string]string{
-			"ca.crt": "This is not a real CA bundle",
-		})
-
-		spec := idpv1alpha1.OIDCIdentityProviderSpec{
-			Issuer: env.SupervisorUpstreamOIDC.Issuer,
-			TLS: &idpv1alpha1.TLSSpec{
-				CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{
-					Kind: "ConfigMap",
-					Name: badCABundleConfigMap.Name,
-					Key:  "ca.crt",
-				},
-			},
-			AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
-				AdditionalScopes: []string{"email", "profile"},
-			},
-			Client: idpv1alpha1.OIDCClient{
-				SecretName: testlib.CreateOIDCClientCredentialsSecret(t, "test-client-id", "test-client-secret").Name,
-			},
-		}
-		upstream := testlib.CreateTestOIDCIdentityProvider(t, spec, idpv1alpha1.PhaseError)
-		expectUpstreamConditions(t, upstream, []metav1.Condition{
-			{
-				Type:    "ClientCredentialsSecretValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "loaded client credentials",
-			},
-			{
-				Type:    "OIDCDiscoverySucceeded",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: fmt.Sprintf("spec.tls.certificateAuthorityDataSource is invalid: failed to get configmap \"supervisor/%s\": configmap \"%s\" not found", badCABundleConfigMap.Name, badCABundleConfigMap.Name),
-			},
-			{
-				Type:    "AdditionalAuthorizeParametersValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "additionalAuthorizeParameters parameter names are allowed",
-			},
-			{
-				Type:    "TLSConfigurationValid",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: fmt.Sprintf("spec.tls.certificateAuthorityDataSource is invalid: failed to get configmap \"supervisor/%s\": configmap \"%s\" not found", badCABundleConfigMap.Name, badCABundleConfigMap.Name),
-			},
-		})
-	})
-
-	t.Run("invalid when spec.tls.certificateAuthorityDataSource refers to a key in a configmap that does not exist", func(t *testing.T) {
-		t.Parallel()
-
-		badCABundleConfigMap := testlib.CreateTestConfigMap(t, env.SupervisorNamespace, "ca-bundle", map[string]string{
-			"ca.crt": "This is not a real CA bundle",
-		})
-
-		spec := idpv1alpha1.OIDCIdentityProviderSpec{
-			Issuer: env.SupervisorUpstreamOIDC.Issuer,
-			TLS: &idpv1alpha1.TLSSpec{
-				CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{
-					Kind: "ConfigMap",
-					Name: badCABundleConfigMap.Name,
-					Key:  "key-not-present",
-				},
-			},
-			AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
-				AdditionalScopes: []string{"email", "profile"},
-			},
-			Client: idpv1alpha1.OIDCClient{
-				SecretName: testlib.CreateOIDCClientCredentialsSecret(t, "test-client-id", "test-client-secret").Name,
-			},
-		}
-		upstream := testlib.CreateTestOIDCIdentityProvider(t, spec, idpv1alpha1.PhaseError)
-		expectUpstreamConditions(t, upstream, []metav1.Condition{
-			{
-				Type:    "ClientCredentialsSecretValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "loaded client credentials",
-			},
-			{
-				Type:    "OIDCDiscoverySucceeded",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: fmt.Sprintf("spec.tls.certificateAuthorityDataSource is invalid: key \"key-not-present\" not found in configmap \"supervisor/%s\"", badCABundleConfigMap.Name),
-			},
-			{
-				Type:    "AdditionalAuthorizeParametersValid",
-				Status:  "True",
-				Reason:  "Success",
-				Message: "additionalAuthorizeParameters parameter names are allowed",
-			},
-			{
-				Type:    "TLSConfigurationValid",
-				Status:  "False",
-				Reason:  "InvalidTLSConfig",
-				Message: fmt.Sprintf("spec.tls.certificateAuthorityDataSource is invalid: key \"key-not-present\" not found in configmap \"supervisor/%s\"", badCABundleConfigMap.Name),
-			},
-		})
-	})
 }
 
 func expectUpstreamConditions(t *testing.T, upstream *idpv1alpha1.OIDCIdentityProvider, expected []metav1.Condition) {