refactor(test): restructure OIDC policy tests and add redirect bug coverage#1011
refactor(test): restructure OIDC policy tests and add redirect bug coverage#1011crstrn13 wants to merge 3 commits into
Conversation
Signed-off-by: Alexander Cristurean <acristur@redhat.com>
Signed-off-by: Alexander Cristurean <acristur@redhat.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (10)
💤 Files with no reviewable changes (1)
👮 Files not reviewed due to content moderation or server errors (9)
📝 Walkthrough
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: Alexander Cristurean <acristur@redhat.com>
05c67ae to
36f2d11
Compare
|
|
||
| def expose_hostname(self, name, gateway: Gateway) -> Hostname: | ||
| hostname = f"{name}.{self.base_domain}" | ||
| hostname = f"{name}-{self.cluster.project}.{self.base_domain}" |
There was a problem hiding this comment.
OpenShiftExposer creates Routes and the resulting hostname is {name}.{cluster.apps_url}, which naturally includes the project context since Routes are namespace-scoped. On Kind, the LoadBalancerServiceExposer was just doing {name}.test.com — no project/namespace in the hostname at all. Adding cluster.project makes the Kind hostname format mirror what OpenShift produces, so tests don't break when switching between the two environments.
Description
Restructures the OIDC policy test suite for clarity, reduces duplication, and adds new test coverage for the OIDCPolicy bug fixes from kuadrant-operator#2032.
Changes
Test restructuring:
OIDCTestClientwrapper class (testsuite/oidc/test_client.py) — tests now create Keycloak clients directly viaClientConfig+KeycloakOpenID, removing an unnecessary abstraction layerClientConfigdataclass totestsuite/oidc/keycloak/objects.pyalongside other Keycloak object wrappersauthfixture to the OIDC conftest (was duplicated across 4 test files)New test coverage (kuadrant-operator#2032):
test_oidc_policy_redirect.py— validates fixes for:test_oidc_policy_custom_redirect.py— validates customredirectURI:provider.redirectURIis set, the authorize redirect uses the custom callback URL/auth/callbackInfrastructure:
LoadBalancerServiceExposerhostname now includescluster.projectto avoid collisions when multiple namespaces share a domainKnown gaps
=in JWT base64 values (operator Bug 2) — this is only exercisable via the full OIDC authorization code flow (callback route), which requires programmatic Keycloak login. The operator has unit tests for this fix.Verification
pylint,mypy,black)