bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity

fix(auth): mark OIDC healthz probes anonymous

Browse Source
This commit is contained in:
Andrew Stoltz
2026-06-04 11:03:20 -05:00
parent 300f8ad546
commit 81a3ddac4c
4 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/bluejay-infra-lint/FleetManifestLintTests.cs
View File

@@ -487,16 +487,16 @@ public sealed class FleetManifestLintTests
}
[Fact]
public void Distribution_OidcEnforcement_MustStayOffUntilHealthzAllowAnonymousProofLands()
public void Distribution_OidcEnforcement_MustKeepHealthzAnonymousContractVisibleInManifest()
{
var distribution = Inventory.Documents
.Single(document => document.Kind == "Deployment" && document.Namespace == "fc-distribution" && document.Name == "fc-distribution");
var container = distribution.MainContainerMappings().Should().ContainSingle().Subject;
EnvValue(container, "FlowerCore__Auth__Oidc__Enabled").Should().Be("true");
EnvValue(container, "FlowerCore__Auth__Enabled").Should().Be("false");
EnvValue(container, "FlowerCore__Auth__Enabled").Should().Be("true");
ProbeHttpGetPath(container, "readinessProbe").Should().Be("/healthz");
PodAnnotation(distribution, "flowercore.io/healthz-auth-policy").Should().NotBe("allow-anonymous");
PodAnnotation(distribution, "flowercore.io/healthz-auth-policy").Should().Be("allow-anonymous");
}
[Fact]