diff --git a/test/extended/oauth/expiration.go b/test/extended/oauth/expiration.go index ea7175d61655..596b495ef575 100644 --- a/test/extended/oauth/expiration.go +++ b/test/extended/oauth/expiration.go @@ -14,6 +14,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" + e2e "k8s.io/kubernetes/test/e2e/framework" admissionapi "k8s.io/pod-security-admission/api" oauthv1 "github.com/openshift/api/oauth/v1" @@ -27,14 +28,22 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Token Expiration]", func() var oc = exutil.NewCLIWithPodSecurityLevel("oauth-expiration", admissionapi.LevelBaseline) var newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc var oauthServerCleanup func() + var username string g.BeforeEach(func() { var err error - newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc) + username = "testuser-" + oc.Namespace() + newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc, username) o.Expect(err).ToNot(o.HaveOccurred()) }) g.AfterEach(func() { + if err := oc.AdminUserClient().UserV1().Users().Delete(context.Background(), username, metav1.DeleteOptions{}); err != nil { + e2e.Logf("failed to delete user %s: %v", username, err) + } + if err := oc.AdminUserClient().UserV1().Identities().Delete(context.Background(), "htpasswd:"+username, metav1.DeleteOptions{}); err != nil { + e2e.Logf("failed to delete identity htpasswd:%s: %v", username, err) + } oauthServerCleanup() }) @@ -65,11 +74,11 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Token Expiration]", func() }) g.It("works as expected when using a token authorization flow [apigroup:user.openshift.io]", func() { - testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds) + testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username) }) g.It("works as expected when using a code authorization flow [apigroup:user.openshift.io]", func() { - testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds) + testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username) }) }) @@ -80,18 +89,18 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Token Expiration]", func() }) g.It("works as expected when using a token authorization flow [apigroup:user.openshift.io]", func() { - testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds) + testTokenFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username) }) g.It("works as expected when using a code authorization flow [apigroup:user.openshift.io]", func() { - testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds) + testCodeFlow(oc, newRequestTokenOptions, oAuthClientResource, accessTokenMaxAgeSeconds, username) }) }) }) }) -func testTokenFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32) { +func testTokenFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32, username string) { // new request token command - requestTokenOptions := newRequestTokenOptions("testuser", "password") + requestTokenOptions := newRequestTokenOptions(username, "password") // setup for token flow requestTokenOptions.TokenFlow = true requestTokenOptions.OsinConfig.CodeChallenge = "" @@ -110,14 +119,14 @@ func testTokenFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequest o.Expect(err).ToNot(o.HaveOccurred()) user, err := userClient.Users().Get(context.Background(), "~", metav1.GetOptions{}) o.Expect(err).ToNot(o.HaveOccurred()) - o.Expect(user.Name).To(o.Equal("testuser")) + o.Expect(user.Name).To(o.Equal(username)) // Make sure the token exists with the overridden time tokenObj, err := oc.AdminOAuthClient().OauthV1().OAuthAccessTokens().Get(context.Background(), toTokenName(token), metav1.GetOptions{}) o.Expect(err).ToNot(o.HaveOccurred()) o.Expect(tokenObj.ExpiresIn).To(o.BeNumerically("==", expectedExpiresIn)) } -func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32) { +func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc, client *oauthv1.OAuthClient, expectedExpiresIn int32, username string) { anonymousClientConfig := rest.AnonymousClientConfig(oc.AdminConfig()) rt, err := rest.TransportFor(anonymousClientConfig) o.Expect(err).ToNot(o.HaveOccurred()) @@ -139,7 +148,7 @@ func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestT req, err := http.NewRequest("GET", conf.AuthCodeURL(""), nil) o.Expect(err).ToNot(o.HaveOccurred()) - req.SetBasicAuth("testuser", "password") + req.SetBasicAuth(username, "password") resp, err := rt.RoundTrip(req) o.Expect(err).ToNot(o.HaveOccurred()) o.Expect(resp.StatusCode).To(o.Equal(http.StatusFound)) @@ -171,7 +180,7 @@ func testCodeFlow(oc *exutil.CLI, newRequestTokenOptions oauthserver.NewRequestT user, err := userClient.Users().Get(context.Background(), "~", metav1.GetOptions{}) o.Expect(err).ToNot(o.HaveOccurred()) - o.Expect(user.Name).To(o.Equal("testuser")) + o.Expect(user.Name).To(o.Equal(username)) // Make sure the token exists with the overridden time tokenObj, err := oauthClientSet.OauthV1().OAuthAccessTokens().Get(context.Background(), toTokenName(token), metav1.GetOptions{}) diff --git a/test/extended/oauth/helpers.go b/test/extended/oauth/helpers.go index f4433d627057..3b6115c674a7 100644 --- a/test/extended/oauth/helpers.go +++ b/test/extended/oauth/helpers.go @@ -15,12 +15,12 @@ import ( "github.com/openshift/origin/test/extended/util/oauthserver" ) -func deployOAuthServer(oc *util.CLI) (oauthserver.NewRequestTokenOptionsFunc, func(), error) { - // secret containing htpasswd "file": `htpasswd -cbB htpasswd.tmp testuser password` +func deployOAuthServer(oc *util.CLI, username string) (oauthserver.NewRequestTokenOptionsFunc, func(), error) { + // secret containing htpasswd "file" with the given username and password "password" secret := corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Name: "htpasswd"}, Data: map[string][]byte{ - "htpasswd": []byte("testuser:$2y$05$0Fk2s.0FbLy0FZ82JAqajOV/kbT/wqKX5/QFKgps6J69J2jY6r5ZG"), + "htpasswd": []byte(username + ":$2y$05$0Fk2s.0FbLy0FZ82JAqajOV/kbT/wqKX5/QFKgps6J69J2jY6r5ZG"), }, } // provider config diff --git a/test/extended/oauth/htpasswd.go b/test/extended/oauth/htpasswd.go index 797ca0109064..7df30f7bed95 100644 --- a/test/extended/oauth/htpasswd.go +++ b/test/extended/oauth/htpasswd.go @@ -33,19 +33,24 @@ var _ = g.Describe("[sig-auth][Feature:HTPasswdAuth] HTPasswd IDP", func() { var oc = exutil.NewCLIWithPodSecurityLevel("htpasswd-idp", admissionapi.LevelBaseline) g.It("should successfully configure htpasswd and be responsive [apigroup:user.openshift.io][apigroup:route.openshift.io]", func() { - newTokenReqOpts, cleanup, err := deployOAuthServer(oc) + username := "testuser-" + oc.Namespace() + newTokenReqOpts, cleanup, err := deployOAuthServer(oc, username) defer cleanup() o.Expect(err).ToNot(o.HaveOccurred()) - tokenReqOpts := newTokenReqOpts("testuser", "password") + tokenReqOpts := newTokenReqOpts(username, "password") e2e.Logf("got the OAuth server address: %s", tokenReqOpts.Issuer) token, err := tokenReqOpts.RequestToken() o.Expect(err).ToNot(o.HaveOccurred()) defer func() { - oc.AdminUserClient().UserV1().Users().Delete(context.Background(), "testuser", metav1.DeleteOptions{}) - oc.AdminUserClient().UserV1().Identities().Delete(context.Background(), "htpasswd:testuser", metav1.DeleteOptions{}) + if err := oc.AdminUserClient().UserV1().Users().Delete(context.Background(), username, metav1.DeleteOptions{}); err != nil { + e2e.Logf("failed to delete user %s: %v", username, err) + } + if err := oc.AdminUserClient().UserV1().Identities().Delete(context.Background(), "htpasswd:"+username, metav1.DeleteOptions{}); err != nil { + e2e.Logf("failed to delete identity htpasswd:%s: %v", username, err) + } }() - tokenUser, err := utiloauth.GetUserForToken(oc.AdminConfig(), token, "testuser") + tokenUser, err := utiloauth.GetUserForToken(oc.AdminConfig(), token, username) o.Expect(err).ToNot(o.HaveOccurred()) - o.Expect(tokenUser.Name).To(o.Equal("testuser")) + o.Expect(tokenUser.Name).To(o.Equal(username)) }) }) diff --git a/test/extended/oauth/server_headers.go b/test/extended/oauth/server_headers.go index 84d8ca113869..58a835d849df 100644 --- a/test/extended/oauth/server_headers.go +++ b/test/extended/oauth/server_headers.go @@ -30,7 +30,7 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] [Headers][apigroup:route.ope // deploy oauth server var newRequestTokenOptions oauthserver.NewRequestTokenOptionsFunc - newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc) + newRequestTokenOptions, oauthServerCleanup, err = deployOAuthServer(oc, "testuser-"+oc.Namespace()) o.Expect(err).ToNot(o.HaveOccurred(), "while attempting to deploy the oauth server") oauthServerAddr = newRequestTokenOptions("", "").Issuer })