Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 20 additions & 11 deletions test/extended/oauth/expiration.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/rest"
e2e "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"

oauthv1 "github.com/openshift/api/oauth/v1"
Expand All @@ -27,14 +28,22 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Token Expiration]", func()
var oc = exutil.NewCLIWithPodSecurityLevel("oauth-expiration", admissionapi.LevelBaseline)
var newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc
var oauthServerCleanup func()
var username string

g.BeforeEach(func() {
var err error
newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc)
username = "testuser-" + oc.Namespace()
newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc, username)
o.Expect(err).ToNot(o.HaveOccurred())
})

g.AfterEach(func() {
if err := oc.AdminUserClient().UserV1().Users().Delete(context.Background(), username, metav1.DeleteOptions{}); err != nil {
e2e.Logf("failed to delete user %s: %v", username, err)
}
if err := oc.AdminUserClient().UserV1().Identities().Delete(context.Background(), "htpasswd:"+username, metav1.DeleteOptions{}); err != nil {
e2e.Logf("failed to delete identity htpasswd:%s: %v", username, err)
}
oauthServerCleanup()
})
Comment thread
coderabbitai[bot] marked this conversation as resolved.

Expand Down Expand Up @@ -65,11 +74,11 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Token Expiration]", func()
})

g.It("works as expected when using a token authorization flow [apigroup:user.openshift.io]", func() {
testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds)
testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username)
})

g.It("works as expected when using a code authorization flow [apigroup:user.openshift.io]", func() {
testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds)
testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username)
})

})
Expand All @@ -80,18 +89,18 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Token Expiration]", func()
})

g.It("works as expected when using a token authorization flow [apigroup:user.openshift.io]", func() {
testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds)
testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username)
})
g.It("works as expected when using a code authorization flow [apigroup:user.openshift.io]", func() {
testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds)
testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username)
})
})
})
})

func testTokenFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32) {
func testTokenFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32, username string) {
// new request token command
requestTokenOptions := newRequestTokenOptions("testuser", "password")
requestTokenOptions := newRequestTokenOptions(username, "password")
// setup for token flow
requestTokenOptions.TokenFlow = true
requestTokenOptions.OsinConfig.CodeChallenge = ""
Expand All @@ -110,14 +119,14 @@ func testTokenFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequest
o.Expect(err).ToNot(o.HaveOccurred())
user, err := userClient.Users().Get(context.Background(), "~", metav1.GetOptions{})
o.Expect(err).ToNot(o.HaveOccurred())
o.Expect(user.Name).To(o.Equal("testuser"))
o.Expect(user.Name).To(o.Equal(username))
// Make sure the token exists with the overridden time
tokenObj, err := oc.AdminOAuthClient().OauthV1().OAuthAccessTokens().Get(context.Background(), toTokenName(token), metav1.GetOptions{})
o.Expect(err).ToNot(o.HaveOccurred())
o.Expect(tokenObj.ExpiresIn).To(o.BeNumerically("==", expectedExpiresIn))
}

func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32) {
func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32, username string) {
anonymousClientConfig := rest.AnonymousClientConfig(oc.AdminConfig())
rt, err := rest.TransportFor(anonymousClientConfig)
o.Expect(err).ToNot(o.HaveOccurred())
Expand All @@ -139,7 +148,7 @@ func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestT
req, err := http.NewRequest("GET", conf.AuthCodeURL(""), nil)
o.Expect(err).ToNot(o.HaveOccurred())

req.SetBasicAuth("testuser", "password")
req.SetBasicAuth(username, "password")
resp, err := rt.RoundTrip(req)
o.Expect(err).ToNot(o.HaveOccurred())
o.Expect(resp.StatusCode).To(o.Equal(http.StatusFound))
Expand Down Expand Up @@ -171,7 +180,7 @@ func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestT

user, err := userClient.Users().Get(context.Background(), "~", metav1.GetOptions{})
o.Expect(err).ToNot(o.HaveOccurred())
o.Expect(user.Name).To(o.Equal("testuser"))
o.Expect(user.Name).To(o.Equal(username))

// Make sure the token exists with the overridden time
tokenObj, err := oauthClientSet.OauthV1().OAuthAccessTokens().Get(context.Background(), toTokenName(token), metav1.GetOptions{})
Expand Down
6 changes: 3 additions & 3 deletions test/extended/oauth/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,12 @@ import (
"github.com/openshift/origin/test/extended/util/oauthserver"
)

func deployOAuthServer(oc *util.CLI) (oauthserver.NewRequestTokenOptionsFunc, func(), error) {
// secret containing htpasswd "file": `htpasswd -cbB htpasswd.tmp testuser password`
func deployOAuthServer(oc *util.CLI, username string) (oauthserver.NewRequestTokenOptionsFunc, func(), error) {
// secret containing htpasswd "file" with the given username and password "password"
secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "htpasswd"},
Data: map[string][]byte{
"htpasswd": []byte("testuser:$2y$05$0Fk2s.0FbLy0FZ82JAqajOV/kbT/wqKX5/QFKgps6J69J2jY6r5ZG"),
"htpasswd": []byte(username + ":$2y$05$0Fk2s.0FbLy0FZ82JAqajOV/kbT/wqKX5/QFKgps6J69J2jY6r5ZG"),
},
}
// provider config
Expand Down
17 changes: 11 additions & 6 deletions test/extended/oauth/htpasswd.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,24 @@ var _ = g.Describe("[sig-auth][Feature:HTPasswdAuth] HTPasswd IDP", func() {
var oc = exutil.NewCLIWithPodSecurityLevel("htpasswd-idp", admissionapi.LevelBaseline)

g.It("should successfully configure htpasswd and be responsive [apigroup:user.openshift.io][apigroup:route.openshift.io]", func() {
newTokenReqOpts, cleanup, err := deployOAuthServer(oc)
username := "testuser-" + oc.Namespace()
newTokenReqOpts, cleanup, err := deployOAuthServer(oc, username)
defer cleanup()
o.Expect(err).ToNot(o.HaveOccurred())
tokenReqOpts := newTokenReqOpts("testuser", "password")
tokenReqOpts := newTokenReqOpts(username, "password")
e2e.Logf("got the OAuth server address: %s", tokenReqOpts.Issuer)
token, err := tokenReqOpts.RequestToken()
o.Expect(err).ToNot(o.HaveOccurred())
defer func() {
oc.AdminUserClient().UserV1().Users().Delete(context.Background(), "testuser", metav1.DeleteOptions{})
oc.AdminUserClient().UserV1().Identities().Delete(context.Background(), "htpasswd:testuser", metav1.DeleteOptions{})
if err := oc.AdminUserClient().UserV1().Users().Delete(context.Background(), username, metav1.DeleteOptions{}); err != nil {
e2e.Logf("failed to delete user %s: %v", username, err)
}
if err := oc.AdminUserClient().UserV1().Identities().Delete(context.Background(), "htpasswd:"+username, metav1.DeleteOptions{}); err != nil {
e2e.Logf("failed to delete identity htpasswd:%s: %v", username, err)
}
}()
tokenUser, err := utiloauth.GetUserForToken(oc.AdminConfig(), token, "testuser")
tokenUser, err := utiloauth.GetUserForToken(oc.AdminConfig(), token, username)
o.Expect(err).ToNot(o.HaveOccurred())
o.Expect(tokenUser.Name).To(o.Equal("testuser"))
o.Expect(tokenUser.Name).To(o.Equal(username))
})
})
2 changes: 1 addition & 1 deletion test/extended/oauth/server_headers.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Headers][apigroup:route.ope

// deploy oauth server
var newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc
newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc)
newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc, "testuser-"+oc.Namespace())
o.Expect(err).ToNot(o.HaveOccurred(), "while attempting to deploy the oauth server")
oauthServerAddr = newRequestTokenOptions("", "").Issuer
})
Expand Down