github/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-14 18:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions

Browse Source
This commit is contained in:
Joshua Casey
2024-07-24 10:25:00 -05:00
committed by Ryan Richard
parent b7c26c43ca
commit 4ec5766ea9
2 changed files with 75 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
test/integration/concierge_tls_spec_test.go
View File

@@ -46,9 +46,9 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
`)
testCases := []struct {
name string
tlsYAML string
expectedError string
name string
tlsYAML string
expectedErrorSnippets []string
}{
{
name: "should disallow certificate authority data source with missing name",
@@ -58,7 +58,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
kind: Secret
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`},
},
{
name: "should disallow certificate authority data source with empty value for name",
@@ -69,7 +69,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: ""
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`},
},
{
name: "should disallow certificate authority data source with missing key",
@@ -79,7 +79,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
kind: Secret
name: foo
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`},
},
{
name: "should disallow certificate authority data source with empty value for key",
@@ -90,7 +90,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: foo
key: ""
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`},
},
{
name: "should disallow certificate authority data source with missing kind",
@@ -100,7 +100,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`},
},
{
name: "should disallow certificate authority data source with empty value for kind",
@@ -111,7 +111,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`},
},
{
name: "should disallow certificate authority data source with invalid kind",
@@ -122,7 +122,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`},
},
{
name: "should create a custom resource passing all validations using a Secret source",
@@ -133,7 +133,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: "",
expectedErrorSnippets: nil,
},
{
name: "should create a custom resource passing all validations using a ConfigMap source",
@@ -144,12 +144,12 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: "",
expectedErrorSnippets: nil,
},
{
name: "should create a custom resource without any tls spec",
tlsYAML: "",
expectedError: "",
name: "should create a custom resource without any tls spec",
tlsYAML: "",
expectedErrorSnippets: nil,
},
}
@@ -171,7 +171,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
t,
webhookYamlBytes,
`webhookauthenticator.authentication.concierge.pinniped.dev`,
tc.expectedError,
tc.expectedErrorSnippets,
"WebhookAuthenticator",
webhookResourceName,
)
@@ -188,7 +188,7 @@ func TestTLSSpecKubeBuilderValidationConcierge_Parallel(t *testing.T) {
t,
jwtAuthenticatorYamlBytes,
`jwtauthenticator.authentication.concierge.pinniped.dev`,
tc.expectedError,
tc.expectedErrorSnippets,
"JWTAuthenticator",
jwtAuthenticatorResourceName,
)
@@ -201,7 +201,7 @@ func performKubectlApply(
t *testing.T,
yamlBytes []byte,
expectedSuccessPrefix string,
expectedError string,
expectedErrorSnippets []string,
resourceType string,
resourceName string,
) {
@@ -227,11 +227,17 @@ func performKubectlApply(
require.NoError(t, exec.Command("kubectl", []string{"delete", "--ignore-not-found", "-f", yamlFilepath}...).Run())
})
if expectedError == "" {
require.Empty(t, stdErr.String())
require.Regexp(t, regexp.QuoteMeta(expectedSuccessPrefix)+regexp.QuoteMeta(fmt.Sprintf("/%s created\n", resourceName)), stdOut.String())
require.NoError(t, err)
} else {
require.Equal(t, fmt.Sprintf(expectedError, resourceType, resourceName), strings.TrimSuffix(stdErr.String(), "\n"))
if len(expectedErrorSnippets) > 0 {
actualErrorString := strings.TrimSuffix(stdErr.String(), "\n")
for i, snippet := range expectedErrorSnippets {
if i == 0 {
snippet = fmt.Sprintf(snippet, resourceType, resourceName)
}
require.Contains(t, actualErrorString, snippet)
}
return
}
require.Empty(t, stdErr.String())
require.Regexp(t, regexp.QuoteMeta(expectedSuccessPrefix)+regexp.QuoteMeta(fmt.Sprintf("/%s created\n", resourceName)), stdOut.String())
require.NoError(t, err)
}

90
test/integration/supervisor_tls_spec_test.go
View File

@@ -76,10 +76,10 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
`)
testCases := []struct {
name string
tlsYAML string
expectedError string
expectedGitHubError string
name string
tlsYAML string
expectedErrorSnippets []string
expectedGitHubErrorSnippets []string
}{
{
name: "should disallow certificate authority data source with missing name",
@@ -89,11 +89,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
kind: Secret
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`,
expectedGitHubError: here.Doc(`
The %s "%s" is invalid:
* spec.githubAPI.tls.certificateAuthorityDataSource.name: Required value
* <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`),
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Required value`},
expectedGitHubErrorSnippets: []string{
`The %s "%s" is invalid:`,
"* spec.githubAPI.tls.certificateAuthorityDataSource.name: Required value",
},
},
{
name: "should disallow certificate authority data source with empty value for name",
@@ -104,8 +104,8 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: ""
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`,
expectedGitHubError: `The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`},
expectedGitHubErrorSnippets: []string{`The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.name: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.name in body should be at least 1 chars long`},
},
{
name: "should disallow certificate authority data source with missing key",
@@ -115,11 +115,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
kind: Secret
name: foo
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`,
expectedGitHubError: here.Doc(`
The %s "%s" is invalid:
* spec.githubAPI.tls.certificateAuthorityDataSource.key: Required value
* <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`),
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Required value`},
expectedGitHubErrorSnippets: []string{
`The %s "%s" is invalid:`,
"* spec.githubAPI.tls.certificateAuthorityDataSource.key: Required value",
},
},
{
name: "should disallow certificate authority data source with empty value for key",
@@ -130,8 +130,8 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: foo
key: ""
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`,
expectedGitHubError: `The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`,
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`},
expectedGitHubErrorSnippets: []string{`The %s "%s" is invalid: spec.githubAPI.tls.certificateAuthorityDataSource.key: Invalid value: "": spec.githubAPI.tls.certificateAuthorityDataSource.key in body should be at least 1 chars long`},
},
{
name: "should disallow certificate authority data source with missing kind",
@@ -141,11 +141,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`,
expectedGitHubError: here.Doc(`
The %s "%s" is invalid:
* spec.githubAPI.tls.certificateAuthorityDataSource.kind: Required value
* <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`),
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Required value`},
expectedGitHubErrorSnippets: []string{
`The %s "%s" is invalid:`,
"* spec.githubAPI.tls.certificateAuthorityDataSource.kind: Required value",
},
},
{
name: "should disallow certificate authority data source with empty value for kind",
@@ -156,11 +156,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`,
expectedGitHubError: here.Doc(`
The %s "%s" is invalid:
* spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"
* <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`),
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`},
expectedGitHubErrorSnippets: []string{
`The %s "%s" is invalid:`,
`spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "": supported values: "Secret", "ConfigMap"`,
},
},
{
name: "should disallow certificate authority data source with invalid kind",
@@ -171,11 +171,11 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: `The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`,
expectedGitHubError: here.Doc(`
The %s "%s" is invalid:
* spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"
* <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation`),
expectedErrorSnippets: []string{`The %s "%s" is invalid: spec.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`},
expectedGitHubErrorSnippets: []string{
`The %s "%s" is invalid:`,
`spec.githubAPI.tls.certificateAuthorityDataSource.kind: Unsupported value: "sorcery": supported values: "Secret", "ConfigMap"`,
},
},
{
name: "should create a custom resource passing all validations using a Secret source",
@@ -186,7 +186,8 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: "",
expectedErrorSnippets: nil,
expectedGitHubErrorSnippets: nil,
},
{
name: "should create a custom resource passing all validations using a ConfigMap source",
@@ -197,12 +198,14 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
name: foo
key: bar
`),
expectedError: "",
expectedErrorSnippets: nil,
expectedGitHubErrorSnippets: nil,
},
{
name: "should create a custom resource without any tls spec",
tlsYAML: "",
expectedError: "",
name: "should create a custom resource without any tls spec",
tlsYAML: "",
expectedErrorSnippets: nil,
expectedGitHubErrorSnippets: nil,
},
}
@@ -224,7 +227,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
t,
yamlBytes,
`oidcidentityprovider.idp.supervisor.pinniped.dev`,
tc.expectedError,
tc.expectedErrorSnippets,
"OIDCIdentityProvider",
resourceName,
)
@@ -239,7 +242,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
t,
yamlBytes,
`ldapidentityprovider.idp.supervisor.pinniped.dev`,
tc.expectedError,
tc.expectedErrorSnippets,
"LDAPIdentityProvider",
resourceName,
)
@@ -254,7 +257,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
t,
yamlBytes,
`activedirectoryidentityprovider.idp.supervisor.pinniped.dev`,
tc.expectedError,
tc.expectedErrorSnippets,
"ActiveDirectoryIdentityProvider",
resourceName,
)
@@ -264,9 +267,6 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
// GitHub is nested deeper
indentedTLSYAMLForGitHub := strings.ReplaceAll(indentedTLSYAML, "\n", "\n ")
// This is how kubectl shows this error
expectedGitHubError := strings.ReplaceAll(tc.expectedGitHubError, "invalid:\n", "invalid: \n")
resourceName := "test-github-idp-" + testlib.RandHex(t, 7)
yamlBytes := []byte(fmt.Sprintf(githubIDPTemplate,
env.APIGroupSuffix, resourceName, indentedTLSYAMLForGitHub))
@@ -275,7 +275,7 @@ func TestTLSSpecKubeBuilderValidationSupervisor_Parallel(t *testing.T) {
t,
yamlBytes,
`githubidentityprovider.idp.supervisor.pinniped.dev`,
expectedGitHubError,
tc.expectedGitHubErrorSnippets,
"GitHubIdentityProvider",
resourceName,
)