mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,319 Commits 21 Branches 50 Tags
7d83e209c803b6aa7ce299eeb36a5149e062b9d0
Commit Graph

1030 Commits

Author SHA1 Message Date
Joshua Casey
7d83e209c8 Integration tests should expect that the Supervisor hostname might be an IP address 2024-08-31 08:51:31 -05:00
Joshua Casey
1bbfa4984d Test refactor for clarity 2024-08-30 17:50:29 -05:00
Joshua Casey
557dee06f0 Allow the integration tests to set an IP address for the Supervisor issuer 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-30 15:48:04 -05:00
Joshua Casey
c0bab69cd1 Allow the Dex hostname to be set by integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-30 12:42:03 -05:00
Ryan Richard
c1328d9619 update expectation in supervisor_ldap_idp_test.go 2024-08-06 16:08:25 -07:00
Joshua Casey
f918edd846 Add integration tests to ensure that LDAP/AD conditions with status Unknown if they cannot be validated 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-06 16:08:25 -07:00
Ryan Richard
229b6a262e when dialing github to test connection, dial api.github.com 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-06 08:58:30 -07:00
Ashish Amarnath
6fdfee36fe fix typo in integration test function comments 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 23:33:31 -07:00
Ryan Richard
2af510a3ee Revert "add integration test for TLS config validation in GitHubIdentityProvider" 
This reverts commit 23129da3e2.
 2024-08-05 12:52:41 -07:00
Ryan Richard
fdeca2c026 Revert "add integration test for TLS config validation in OIDCIdentityProvider" 
This reverts commit 59402bca7b.
 2024-08-05 12:52:29 -07:00
Ryan Richard
23fd15f840 Revert "Add integration tests for tls spec validation in JWTAuthenticator and WebhookAuthenticator" 
This reverts commit c3405095b2.
 2024-08-05 12:52:21 -07:00
Ashish Amarnath
b70db9dc03 refactor to use new certificateAuthorityDataSourceKind enum 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
4eb9a09385 test more condition message cases in concierge_tls_spec_test.go and supervisor_tls_spec_test.go 2024-08-05 11:32:21 -07:00
Ryan Richard
db2d7c8c50 assert on condition message in concierge_tls_spec_test.go and supervisor_tls_spec_test.go 2024-08-05 11:32:21 -07:00
Ryan Richard
2ebf9d3d00 minor test refactor 2024-08-05 11:32:21 -07:00
Ashish Amarnath
23129da3e2 add integration test for TLS config validation in GitHubIdentityProvider 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ashish Amarnath
59402bca7b add integration test for TLS config validation in OIDCIdentityProvider 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ashish Amarnath
c3405095b2 Add integration tests for tls spec validation in JWTAuthenticator and WebhookAuthenticator 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
2181418cc5 refactor test helpers in supervisor_login_test.go 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
e0235ed190 update docs and change struct name in types_tls.go.tmpl files 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
02e41baa47 small refactors 2024-08-05 11:32:21 -07:00
Ryan Richard
ed502949dd webhookcachefiller and jwtcachefiller always update status when needed 
Even when the authenticator is found in the cache, try to update its
status. Failing to do so would mean that the actual status will not
be overwritten by the controller's newly computed desired status.

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
a0c259ffbc update expectation conditions message when CA bundle is not configured 
fix a typo where we intended to use a configmap instead of a secret

Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
290676e4d1 improve info/debug log messages for jwtcachefiller & webhookcachefiller 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
8725ab4caa do not make any assumption about OIDC issuer 404 page body in test 
Instead of using Dex or Okta, use a fake localhost issuer which
does not exist. This will give a consistent connection error
message. Needed because Dex and Okta return different 404 error
pages, so we can't easily make a test assertion that works for both.

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
3891f90f43 skip external CA bundle tests when CA bundle is empty 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
9f17ba5ae4 change wording of TLS config loaded success messages 2024-08-05 11:32:20 -07:00
Joshua Casey
9a16dc28b7 Fix another integration test 2024-08-05 11:32:20 -07:00
Joshua Casey
de86809b69 Fix some integration tests 2024-08-05 11:32:20 -07:00
Joshua Casey
9420bfde5b webhookcachefiller controller loops over all webhookauthenticators 2024-08-05 11:32:20 -07:00
Ryan Richard
adb460b644 refactor integration test to use proper test table 2024-08-05 11:32:20 -07:00
Ryan Richard
06b47a5792 jwtcachefiller controller loops over all jwtauthenticators 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
ca2dd2d476 refactor InferSupervisorIssuerURL() func; remove a TODO 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
60f82d2a55 Fix integration test typo 2024-08-05 11:32:20 -07:00
Joshua Casey
4ec5766ea9 Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions 2024-08-05 11:32:20 -07:00
Joshua Casey
b7c26c43ca Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the Supervisor TLS config static validation integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
4b2ed52f44 Add GitHubIdentityProvider to the Supervisor TLS config static validation integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
f381c92f0b Use templates to reduce duplication in concierge_tls_spec_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
3a303cc8fb Supervisor TLS Spec validation integration tests should use helper method 2024-08-05 11:32:20 -07:00
Joshua Casey
d74c2a6e3f Supervisor TLS spec integration tests should use an OIDC issuer url from the test environment 2024-08-05 11:32:19 -07:00
Joshua Casey
0f9352db3b Integration tests should use a helper func to infer Supervisor's downstream issuer URL 2024-08-05 11:32:19 -07:00
Joshua Casey
afec420ce6 Add JWTAuthenticators to the static validation checks for concierge TLS spec 2024-08-05 11:32:19 -07:00
Joshua Casey
d5e3ad9da0 Concierge external TLS static integration tests use the real URL of the deployed local-user-authenticator 2024-08-05 11:32:19 -07:00
Ryan Richard
a4ad5d68a9 Fix *_tls_spec_test.go for old versions of Kubernetes 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
30c0fd479e Fix e2e_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
756966c55b add "Status" printer column to JWTAuthenticator and WebhookAuthenticator 2024-08-05 11:32:19 -07:00
Joshua Casey
bf1c02d328 jwtauthenticator controller redoes validations when external CA bundle changes 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Joshua Casey
6e9023e090 add code review todos and light refactoring 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
1b7a26d932 test secret and configmap filtering in concierge authenticator controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
cb4b63f8b3 integration tests for concierge authenticators 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00