new helm chart (#21)

* new chart

* update to version 0.4.0

* remove version 0.1.0

* readme updates

* add flag info

* update name

* fix integration test

* update state param parsing

.travis.yml

@@ -44,7 +44,7 @@ script:
   # Run coverage on unit tests
   - go test -coverprofile=coverage.out ./adapter/... || travis_terminate 1;
   # Run all integration tests
-  - go test -v -race ./tests/integration/... || travis_terminate 1;
+  - go test -v ./tests/integration/... || travis_terminate 1;
 
 after_success:
   - $HOME/gopath/bin/goveralls -service=travis-ci -coverprofile=coverage.out

README.md

@@ -68,7 +68,7 @@ Before you get started, be sure you have the following prerequisites installed.
 
 - [Kubernetes Cluster](https://kubernetes.io/)
 - [Helm](https://helm.sh/)
-- [Istio v1.1](https://istio.io/docs/setup/kubernetes/install/)
+- [Istio v1.1+](https://istio.io/docs/setup/kubernetes/install/)
 
 >> You can also use the [IBM Cloud Kubernetes Service Managed Istio](https://cloud.ibm.com/docs/containers?topic=containers-istio).
 
@@ -92,9 +92,13 @@ To install the chart, initialize Helm in your cluster, define the options that y
 3. Install the chart.
 
     ```bash
-    helm install ./helm/appidentityandaccessadapter --name appidentityandaccessadapter
+    $ helm repo add appidentityandaccessadapter https://raw.githubusercontent.com/ibm-cloud-security/app-identity-and-access-adapter/master/helm/appidentityandaccessadapter
+    $ helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
     ```
 
+>>Helm lets you specify an image tag during installation with the set image.tag flag. For example, `helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter --set image.tag=0.4.0`
+
+>>The chart can also be installed locally. First clone this repo by `git clone [email protected]:ibm-cloud-security/app-identity-and-access-adapter.git`, then install the chart `helm install ./helm/appidentityandaccessadapter --name appidentityandaccessadapter`.
 
 ## Applying an authorization and authentication policy
 

helm/appidentityandaccessadapter/Chart.yaml

@@ -1,6 +1,5 @@
 apiVersion: v1
 name: appidentityandaccessadapter
 namespace: istio-system
-version: 0.1.0
+version: 0.4.0
 description: A Helm chart for the App Identity and Access Adapter
-appVersion: "1.0"

helm/appidentityandaccessadapter/index.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+entries:
+  appidentityandaccessadapter:
+  - apiVersion: v1
+    created: "2019-07-11T11:20:28.607495-05:00"
+    description: A Helm chart for the App Identity and Access Adapter
+    digest: e01cbc4df68ce945fcfbd382a931a987e4c24a588a8ac63a816719d68ea9b5d3
+    name: appidentityandaccessadapter
+    urls:
+    - appidentityandaccessadapter-0.4.0.tgz
+    version: 0.4.0
+generated: "2019-07-11T11:20:28.600058-05:00"

tests/framework/appid.go

@@ -32,9 +32,8 @@ const (
 	applicationFormEncoded = "application/x-www-form-urlencoded"
 	contentType            = "Content-Type"
 	setCookie              = "set-cookie"
-	facebookStateID        = "#facebook_state"
-	samlStateID            = "#SAML_State"
 	widgetURLID            = "#widgetUrl"
+	stateID                = "#cd_form .form-group"
 )
 
 // AppIDManager models the authorization server
@@ -145,7 +144,6 @@ func (m *AppIDManager) initialRequestToFrontend(t *testing.T, path string) (adap
 	// Make request to the frontend
 	req, err := http.NewRequest("GET", path, nil)
 	require.NoError(t, err)
-
 	res, err := m.client.Do(req)
 	require.NoError(t, err)
 
@@ -162,7 +160,6 @@ func (m *AppIDManager) initialRequestToFrontend(t *testing.T, path string) (adap
 
 	url2, err := res.Location()
 	require.NoError(t, err)
-
 	// Follow the redirect to the authorization server
 	redirectRes, err := http.DefaultClient.Get(url2.String()) // Use default to allow redirect
 	require.NoError(t, err)
@@ -174,12 +171,17 @@ func (m *AppIDManager) initialRequestToFrontend(t *testing.T, path string) (adap
 
 	// Parse login page
 	doc, err := goquery.NewDocumentFromReader(redirectRes.Body)
-	state, ok := doc.Find(facebookStateID).Attr("value")
-	if !ok || state == "" {
-		state, ok = doc.Find(samlStateID).Attr("value")
-	}
+	var state string
+	doc.Find(stateID).Each(func(i int, s *goquery.Selection) {
+		_ = s.Find("input").Each(func(i int, q *goquery.Selection) {
+			name, _ := q.Attr("name")
+			value,_ := q.Attr("value")
+			if name == "state" {
+				state = value
+			}
+		})
+	})
 	widgetUrl, okW := doc.Find(widgetURLID).Attr("value")
-	require.True(t, ok)
 	require.True(t, okW)
 	return stateCookie, state, widgetUrl
 }

tests/integration/oidc/oidc_test.go

@@ -18,8 +18,7 @@ import (
 const (
 	sampleAppNamespace = "sample-app"
 	sampleAppService   = "svc-sample-app"
-	sleepTime          = 5
-	randomStringLength = 5
+	sleepTime          = 10
 )
 
 // ApplicationResponseHeaders models the sample application response json
@@ -67,8 +66,8 @@ func TestAuthorizationRedirect(t *testing.T) {
 		Run(func(ctx *framework.Context) {
 			configName := "oidc-config-1"
 			config := buildOIDCConfig(ctx, configName, sampleAppNamespace)
-			randomPath := "/web/home/" + framework.RandString(randomStringLength)
-			policy := buildOIDCPolicy("oidc-policy-1", sampleAppNamespace, sampleAppService, configName, randomPath, "", "ALL")
+			path := "/web/home/1"
+			policy := buildOIDCPolicy("oidc-policy-1", sampleAppNamespace, sampleAppService, configName, path, "", "ALL")
 			err1 := ctx.CRDManager.AddCRD(framework.OidcConfigTemplate, &config)
 			err2 := ctx.CRDManager.AddCRD(framework.PolicyTemplate, &policy)
 			require.NoError(t, err1)
@@ -77,7 +76,7 @@ func TestAuthorizationRedirect(t *testing.T) {
 			time.Sleep(sleepTime * time.Second)
 
 			ctx.StopHttpRedirects()
-			res, err := ctx.SendRequest("GET", randomPath, nil)
+			res, err := ctx.SendRequest("GET", path, nil)
 			require.NoError(t, err)
 			require.Equal(t, http.StatusFound, res.StatusCode)
 			if !strings.HasPrefix(res.Header.Get("location"), ctx.AppIDManager.OAuthServerURL) {
@@ -93,8 +92,8 @@ func TestE2E(t *testing.T) {
 			ctx.EnableRedirects()
 			configName := "oidc-config-2"
 			config := buildOIDCConfig(ctx, configName, sampleAppNamespace)
-			randomPath := "/web/home/" + framework.RandString(randomStringLength)
-			policy := buildOIDCPolicy("oidc-policy-2", sampleAppNamespace, sampleAppService, configName, randomPath, "", "ALL")
+			path := "/web/home/2"
+			policy := buildOIDCPolicy("oidc-policy-2", sampleAppNamespace, sampleAppService, configName, path, "", "ALL")
 			err1 := ctx.CRDManager.AddCRD(framework.OidcConfigTemplate, &config)
 			err2 := ctx.CRDManager.AddCRD(framework.PolicyTemplate, &policy)
 			require.NoError(t, err1)
@@ -103,7 +102,7 @@ func TestE2E(t *testing.T) {
 			time.Sleep(sleepTime * time.Second)
 
 			var output ApplicationResponseHeaders
-			err := ctx.AppIDManager.LoginToCloudDirectory(t, ctx.Env.ClusterRoot, randomPath, &output)
+			err := ctx.AppIDManager.LoginToCloudDirectory(t, ctx.Env.ClusterRoot, path, &output)
 			require.NoError(t, err)
 
 			require.NotNil(t, output)