diff --git a/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go.tmpl b/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go.tmpl index ea0550904..837fed2dd 100644 --- a/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go.tmpl +++ b/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go.tmpl @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.21/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.21/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.21/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.21/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.22/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.22/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.22/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.22/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.23/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.23/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.23/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.23/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.24/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.24/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.24/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.24/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.25/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.25/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.25/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.25/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.26/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.26/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.26/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.26/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.27/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.27/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.27/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.27/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.28/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.28/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.28/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.28/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/1.29/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/1.29/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/1.29/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/1.29/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/generated/latest/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go b/generated/latest/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go index ea0550904..837fed2dd 100644 --- a/generated/latest/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go +++ b/generated/latest/apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -54,7 +54,8 @@ type OIDCDiscoveryResponseIDPEndpoint struct { // IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint. type IDPDiscoveryResponse struct { - PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"` + PinnipedSupportedIDPTypes []PinnipedSupportedIDPType `json:"pinniped_supported_identity_provider_types"` } // PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's @@ -64,3 +65,8 @@ type PinnipedIDP struct { Type IDPType `json:"type"` Flows []IDPFlow `json:"flows,omitempty"` } + +// PinnipedSupportedIDPType describes a single identity provider type. +type PinnipedSupportedIDPType struct { + Type IDPType `json:"type"` +} diff --git a/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler.go b/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler.go index c63fd8383..aef99618c 100644 --- a/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler.go +++ b/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler.go @@ -37,15 +37,23 @@ func NewHandler(upstreamIDPs federationdomainproviders.FederationDomainIdentityP } func responseAsJSON(upstreamIDPs federationdomainproviders.FederationDomainIdentityProvidersListerI) ([]byte, error) { - r := v1alpha1.IDPDiscoveryResponse{PinnipedIDPs: []v1alpha1.PinnipedIDP{}} + r := v1alpha1.IDPDiscoveryResponse{ + PinnipedSupportedIDPTypes: []v1alpha1.PinnipedSupportedIDPType{ + {Type: v1alpha1.IDPTypeActiveDirectory}, + {Type: v1alpha1.IDPTypeLDAP}, + {Type: v1alpha1.IDPTypeOIDC}, + }, + } + upstreams := upstreamIDPs.GetIdentityProviders() + r.PinnipedIDPs = make([]v1alpha1.PinnipedIDP, len(upstreams)) // The cache of IDPs could change at any time, so always recalculate the list. - for _, federationDomainIdentityProvider := range upstreamIDPs.GetIdentityProviders() { - r.PinnipedIDPs = append(r.PinnipedIDPs, v1alpha1.PinnipedIDP{ + for i, federationDomainIdentityProvider := range upstreams { + r.PinnipedIDPs[i] = v1alpha1.PinnipedIDP{ Name: federationDomainIdentityProvider.GetDisplayName(), Type: federationDomainIdentityProvider.GetIDPDiscoveryType(), Flows: federationDomainIdentityProvider.GetIDPDiscoveryFlows(), - }) + } } // Nobody like an API that changes the results unnecessarily. :) diff --git a/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go b/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go index 892a1dc84..a8f6aa62f 100644 --- a/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go +++ b/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go @@ -20,8 +20,9 @@ func TestIDPDiscovery(t *testing.T) { tests := []struct { name string - method string - path string + method string + path string + idpLister *testidplister.TestFederationDomainIdentityProvidersListerFinder wantStatus int wantContentType string @@ -30,9 +31,19 @@ func TestIDPDiscovery(t *testing.T) { wantBodyString string }{ { - name: "happy path", - method: http.MethodGet, - path: "/some/path" + oidc.WellKnownEndpointPath, + name: "happy path", + method: http.MethodGet, + path: "/some/path" + oidc.WellKnownEndpointPath, + idpLister: testidplister.NewUpstreamIDPListerBuilder(). + WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("z-some-oidc-idp").WithAllowPasswordGrant(true).Build()). + WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("x-some-oidc-idp").Build()). + WithLDAP(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("a-some-ldap-idp").Build()). + WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("a-some-oidc-idp").Build()). + WithLDAP(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("z-some-ldap-idp").Build()). + WithLDAP(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("x-some-ldap-idp").Build()). + WithActiveDirectory(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("z-some-ad-idp").Build()). + WithActiveDirectory(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("y-some-ad-idp").Build()). + BuildFederationDomainIdentityProvidersListerFinder(), wantStatus: http.StatusOK, wantContentType: "application/json", wantFirstResponseBodyJSON: here.Doc(`{ @@ -45,6 +56,43 @@ func TestIDPDiscovery(t *testing.T) { {"name": "z-some-ad-idp", "type": "activedirectory", "flows": ["cli_password", "browser_authcode"]}, {"name": "z-some-ldap-idp", "type": "ldap", "flows": ["cli_password", "browser_authcode"]}, {"name": "z-some-oidc-idp", "type": "oidc", "flows": ["browser_authcode", "cli_password"]} + ], + "pinniped_supported_identity_provider_types": [ + {"type": "activedirectory"}, + {"type": "ldap"}, + {"type": "oidc"} + ] + }`), + wantSecondResponseBodyJSON: here.Doc(`{ + "pinniped_identity_providers": [ + {"name": "some-other-ad-idp-1", "type": "activedirectory", "flows": ["cli_password", "browser_authcode"]}, + {"name": "some-other-ad-idp-2", "type": "activedirectory", "flows": ["cli_password", "browser_authcode"]}, + {"name": "some-other-ldap-idp-1", "type": "ldap", "flows": ["cli_password", "browser_authcode"]}, + {"name": "some-other-ldap-idp-2", "type": "ldap", "flows": ["cli_password", "browser_authcode"]}, + {"name": "some-other-oidc-idp-1", "type": "oidc", "flows": ["browser_authcode", "cli_password"]}, + {"name": "some-other-oidc-idp-2", "type": "oidc", "flows": ["browser_authcode"]} + ], + "pinniped_supported_identity_provider_types": [ + {"type": "activedirectory"}, + {"type": "ldap"}, + {"type": "oidc"} + ] + }`), + }, + { + name: "no starting idps", + method: http.MethodGet, + path: "/some/path" + oidc.WellKnownEndpointPath, + idpLister: testidplister.NewUpstreamIDPListerBuilder(). + BuildFederationDomainIdentityProvidersListerFinder(), + wantStatus: http.StatusOK, + wantContentType: "application/json", + wantFirstResponseBodyJSON: here.Doc(`{ + "pinniped_identity_providers": [], + "pinniped_supported_identity_provider_types": [ + {"type": "activedirectory"}, + {"type": "ldap"}, + {"type": "oidc"} ] }`), wantSecondResponseBodyJSON: here.Doc(`{ @@ -55,13 +103,21 @@ func TestIDPDiscovery(t *testing.T) { {"name": "some-other-ldap-idp-2", "type": "ldap", "flows": ["cli_password", "browser_authcode"]}, {"name": "some-other-oidc-idp-1", "type": "oidc", "flows": ["browser_authcode", "cli_password"]}, {"name": "some-other-oidc-idp-2", "type": "oidc", "flows": ["browser_authcode"]} + ], + "pinniped_supported_identity_provider_types": [ + {"type": "activedirectory"}, + {"type": "ldap"}, + {"type": "oidc"} ] }`), }, { - name: "bad method", - method: http.MethodPost, - path: oidc.WellKnownEndpointPath, + name: "bad method", + method: http.MethodPost, + path: oidc.WellKnownEndpointPath, + idpLister: testidplister.NewUpstreamIDPListerBuilder(). + WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("some-oidc-idp").Build()). + BuildFederationDomainIdentityProvidersListerFinder(), wantStatus: http.StatusMethodNotAllowed, wantContentType: "text/plain; charset=utf-8", wantBodyString: "Method not allowed (try GET)\n", @@ -70,18 +126,8 @@ func TestIDPDiscovery(t *testing.T) { for _, test := range tests { test := test t.Run(test.name, func(t *testing.T) { - idpLister := testidplister.NewUpstreamIDPListerBuilder(). - WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("z-some-oidc-idp").WithAllowPasswordGrant(true).Build()). - WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("x-some-oidc-idp").Build()). - WithLDAP(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("a-some-ldap-idp").Build()). - WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("a-some-oidc-idp").Build()). - WithLDAP(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("z-some-ldap-idp").Build()). - WithLDAP(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("x-some-ldap-idp").Build()). - WithActiveDirectory(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("z-some-ad-idp").Build()). - WithActiveDirectory(oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("y-some-ad-idp").Build()). - BuildFederationDomainIdentityProvidersListerFinder() - - handler := NewHandler(idpLister) + require.NotNil(t, test.idpLister) + handler := NewHandler(test.idpLister) req := httptest.NewRequest(test.method, test.path, nil) rsp := httptest.NewRecorder() handler.ServeHTTP(rsp, req) @@ -99,15 +145,15 @@ func TestIDPDiscovery(t *testing.T) { } // Change the list of IDPs in the cache. - idpLister.SetLDAPIdentityProviders([]*oidctestutil.TestUpstreamLDAPIdentityProvider{ + test.idpLister.SetLDAPIdentityProviders([]*oidctestutil.TestUpstreamLDAPIdentityProvider{ oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("some-other-ldap-idp-1").Build(), oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("some-other-ldap-idp-2").Build(), }) - idpLister.SetOIDCIdentityProviders([]*oidctestutil.TestUpstreamOIDCIdentityProvider{ + test.idpLister.SetOIDCIdentityProviders([]*oidctestutil.TestUpstreamOIDCIdentityProvider{ oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("some-other-oidc-idp-1").WithAllowPasswordGrant(true).Build(), oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("some-other-oidc-idp-2").Build(), }) - idpLister.SetActiveDirectoryIdentityProviders([]*oidctestutil.TestUpstreamLDAPIdentityProvider{ + test.idpLister.SetActiveDirectoryIdentityProviders([]*oidctestutil.TestUpstreamLDAPIdentityProvider{ oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("some-other-ad-idp-2").Build(), oidctestutil.NewTestUpstreamLDAPIdentityProviderBuilder().WithName("some-other-ad-idp-1").Build(), }) diff --git a/internal/federationdomain/endpointsmanager/manager_test.go b/internal/federationdomain/endpointsmanager/manager_test.go index 75534df8f..dc8d84091 100644 --- a/internal/federationdomain/endpointsmanager/manager_test.go +++ b/internal/federationdomain/endpointsmanager/manager_test.go @@ -118,8 +118,18 @@ func TestManager(t *testing.T) { r.Equal(http.StatusOK, recorder.Code, "unexpected response:", recorder) responseBody, err := io.ReadAll(recorder.Body) r.NoError(err) - r.Equal( - fmt.Sprintf(`{"pinniped_identity_providers":[%s]}`+"\n", strings.Join(expectedIDPJSONList, ",")), + + expectedResponse := here.Docf(`{ + "pinniped_identity_providers": [%s], + "pinniped_supported_identity_provider_types": [ + {"type":"activedirectory"}, + {"type":"ldap"}, + {"type":"oidc"} + ] +}`, strings.Join(expectedIDPJSONList, ",")) + + r.JSONEq( + expectedResponse, string(responseBody), ) }