Some updates based on PR review

2026-04-15 07:06:45 +00:00 · 2021-04-27 12:43:09 -07:00
parent b3b108500a
commit 263a33cc85
33 changed files with 441 additions and 613 deletions
--- a/test/integration/e2e_test.go
+++ b/test/integration/e2e_test.go
@@ -327,6 +327,8 @@ status:
 `,
 		string(kubectlOutput3))

+	expectedGroupsPlusUnauthenticated := append([]string{}, env.SupervisorUpstreamOIDC.ExpectedGroups...)
+	expectedGroupsPlusUnauthenticated = append(expectedGroupsPlusUnauthenticated, "system:authenticated")
 	// Validate that `pinniped whoami` returns the correct identity.
 	assertWhoami(
 		ctx,
@@ -335,6 +337,6 @@ status:
 		pinnipedExe,
 		kubeconfigPath,
 		env.SupervisorUpstreamOIDC.Username,
-		append(env.SupervisorUpstreamOIDC.ExpectedGroups, "system:authenticated"),
+		expectedGroupsPlusUnauthenticated,
 	)
 }
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@@ -78,18 +78,18 @@ func TestSupervisorLogin(t *testing.T) {
 				)
 				ldapIDP := library.CreateTestLDAPIdentityProvider(t, idpv1alpha1.LDAPIdentityProviderSpec{
 					Host: env.SupervisorUpstreamLDAP.Host,
-					TLS: &idpv1alpha1.LDAPIdentityProviderTLSSpec{
+					TLS: &idpv1alpha1.TLSSpec{
 						CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorUpstreamLDAP.CABundle)),
 					},
-					Bind: idpv1alpha1.LDAPIdentityProviderBindSpec{
+					Bind: idpv1alpha1.LDAPIdentityProviderBind{
 						SecretName: secret.Name,
 					},
-					UserSearch: idpv1alpha1.LDAPIdentityProviderUserSearchSpec{
+					UserSearch: idpv1alpha1.LDAPIdentityProviderUserSearch{
 						Base:   env.SupervisorUpstreamLDAP.UserSearchBase,
 						Filter: "",
-						Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributesSpec{
+						Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
 							Username: env.SupervisorUpstreamLDAP.TestUserMailAttributeName,
-							UniqueID: env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
+							UID:      env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
 						},
 					},
 					DryRunAuthenticationUsername: env.SupervisorUpstreamLDAP.TestUserMailAttributeValue,
@@ -129,18 +129,18 @@ func TestSupervisorLogin(t *testing.T) {
 				)
 				ldapIDP := library.CreateTestLDAPIdentityProvider(t, idpv1alpha1.LDAPIdentityProviderSpec{
 					Host: env.SupervisorUpstreamLDAP.Host,
-					TLS: &idpv1alpha1.LDAPIdentityProviderTLSSpec{
+					TLS: &idpv1alpha1.TLSSpec{
 						CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorUpstreamLDAP.CABundle)),
 					},
-					Bind: idpv1alpha1.LDAPIdentityProviderBindSpec{
+					Bind: idpv1alpha1.LDAPIdentityProviderBind{
 						SecretName: secret.Name,
 					},
-					UserSearch: idpv1alpha1.LDAPIdentityProviderUserSearchSpec{
+					UserSearch: idpv1alpha1.LDAPIdentityProviderUserSearch{
 						Base:   env.SupervisorUpstreamLDAP.UserSearchBase,
 						Filter: "cn={}", // try using a non-default search filter
-						Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributesSpec{
+						Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
 							Username: "dn", // try using the user's DN as the downstream username
-							UniqueID: env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
+							UID:      env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
 						},
 					},
 					DryRunAuthenticationUsername: "", // try without dry run
@@ -467,8 +467,8 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho
 	require.NoError(t, err)

 	// Set the custom username/password headers for the LDAP authorize request.
-	authRequest.Header.Set("X-Pinniped-Upstream-Username", upstreamUsername)
-	authRequest.Header.Set("X-Pinniped-Upstream-Password", upstreamPassword)
+	authRequest.Header.Set("X-Pinniped-Idp-Username", upstreamUsername)
+	authRequest.Header.Set("X-Pinniped-Idp-Password", upstreamPassword)

 	authResponse, err := httpClient.Do(authRequest)
 	require.NoError(t, err)