OIDC policy

[crstrn13]

Summary
Added OIDC policy extension tests for Authorino, covering different authentication flows and hostname configurations.

Test Coverage

• Public Client (PKCE flow)
• Service Client (M2M flow)
• Confidential Client (Auth code flow)

Each flow tested against:

• Gateway/Route targets
• Wildcard/FQDN hostnames
• Auth/Unauth scenarios

Requirements

• Requires Authorino with extensions support (@pytest.mark.extensions)
• Keycloak as OIDC provider

[trepel]

@crstrn13 Great work! The tests passed and there are only small typos there. I am just not sure about that to_dict methods so I pinged Aleks to see what he thinks about it.

[trepel]

Nice! LGTM now.

@crstrn13 I leave merging this to you since we need to make sure that extensions are installed as part of nightlies first. Feel free to ping me for review for that work too.

[averevki]

"Error from server (BadRequest): error when creating \"STDIN\": OIDCPolicy in version \"v1alpha1\" cannot be handled as a OIDCPolicy: strict decoding error: unknown field \"spec.provider.clientSecret\"\n"

tbh it is very hard to understand what these test are doing now. I don't see you add any new classes/methods to delegate the setup logic from the test, you only work with functions and fixtures which can be converted and reused later if they are part of the testsuite structure.

I see you are doing a lot of asserts here now. Do you actually check for properties that kuadrant adds? Or some of the asserts check for values added from keycloak and standard protocols? I think starting with simpler oidcpolicy test will be more helpful, but I might be wrong as I didn't understand these tests completely yet lol

[averevki]

"Error from server (BadRequest): error when creating \"STDIN\": OIDCPolicy in version \"v1alpha1\" cannot be handled as a OIDCPolicy: strict decoding error: unknown field \"spec.provider.clientSecret\"\n"

[averevki]

LGTM!