From a4747843c94d03e147a36f8f6625ff2cf73bec05 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Fri, 30 May 2025 14:37:54 -0400
Subject: [PATCH 1/2] Factor out wait for exporter function

---
 tests.bats | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/tests.bats b/tests.bats
index 06d741f..87d3aec 100644
--- a/tests.bats
+++ b/tests.bats
@@ -1,6 +1,17 @@
 setup() {
   bats_load_library bats-support
   bats_load_library bats-assert
+
+  bats_require_minimum_version 1.5.0
+}
+
+wait_for_exporter() {
+  kubectl -n default wait --timeout 20m --for=condition=Online --for=condition=Registered \
+    exporters.jumpstarter.dev/test-exporter-oidc
+  kubectl -n default wait --timeout 20m --for=condition=Online --for=condition=Registered \
+    exporters.jumpstarter.dev/test-exporter-sa
+  kubectl -n default wait --timeout 20m --for=condition=Online --for=condition=Registered \
+    exporters.jumpstarter.dev/test-exporter-legacy
 }
 
 @test "can create clients with admin cli" {
@@ -78,17 +89,12 @@ while true; do
 done
 EOF
 
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-oidc
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-sa
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-legacy
+
+  wait_for_exporter
 }
 
 @test "can specify client config only using environment variables" {
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-oidc
+  wait_for_exporter
 
   JMP_NAMEPSACE=default \
   JMP_NAME=test-exporter-legacy \
@@ -98,8 +104,7 @@ EOF
 }
 
 @test "can operate on leases" {
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-oidc
+  wait_for_exporter
 
   jmp config client use test-client-oidc
 
@@ -110,12 +115,7 @@ EOF
 }
 
 @test "can lease and connect to exporters" {
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-oidc
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-sa
-  kubectl -n default wait --for=condition=Online --for=condition=Registered \
-    exporters.jumpstarter.dev/test-exporter-legacy
+  wait_for_exporter
 
   jmp shell --client test-client-oidc   --selector example.com/board=oidc   j power on
   jmp shell --client test-client-sa     --selector example.com/board=sa     j power on

From 5a942b1e6c3b7937deeca9877e55ce420fd79ac4 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Fri, 30 May 2025 14:39:03 -0400
Subject: [PATCH 2/2] Test client object provisioning

---
 dex.values.yaml  | 4 ++++
 tests.bats       | 8 ++++++++
 values.kind.yaml | 2 ++
 3 files changed, 14 insertions(+)

diff --git a/dex.values.yaml b/dex.values.yaml
index ee43f1e..9cb2868 100644
--- a/dex.values.yaml
+++ b/dex.values.yaml
@@ -22,6 +22,10 @@ config:
       hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" # password
       username: "test-client-oidc"
       userID: "73bca0b9-9be6-4e73-a8fb-347c2ac23255"
+    - email: "test-client-oidc-provisioning@example.com"
+      hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" # password
+      username: "test-client-oidc-provisioning"
+      userID: "464d9494-5cc3-44e1-a380-c0403bd31fcb"
     - email: "test-exporter-oidc@example.com"
       hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" # password
       username: "test-exporter-oidc"
diff --git a/tests.bats b/tests.bats
index 87d3aec..ee617a6 100644
--- a/tests.bats
+++ b/tests.bats
@@ -42,6 +42,11 @@ wait_for_exporter() {
     --issuer https://dex.dex.svc.cluster.local:5556 \
     --username test-client-oidc@example.com --password password --unsafe
 
+  jmp login --client test-client-oidc-provisioning \
+    --endpoint "$ENDPOINT" --namespace default --name "" \
+    --issuer https://dex.dex.svc.cluster.local:5556 \
+    --username test-client-oidc-provisioning@example.com --password password --unsafe
+
   jmp login --client test-client-sa \
     --endpoint "$ENDPOINT" --namespace default --name test-client-sa \
     --issuer https://dex.dex.svc.cluster.local:5556 \
@@ -120,6 +125,9 @@ EOF
   jmp shell --client test-client-oidc   --selector example.com/board=oidc   j power on
   jmp shell --client test-client-sa     --selector example.com/board=sa     j power on
   jmp shell --client test-client-legacy --selector example.com/board=legacy j power on
+
+  wait_for_exporter
+  jmp shell --client test-client-oidc-provisioning --selector example.com/board=oidc j power on
 }
 
 @test "can get crds with admin cli" {
diff --git a/values.kind.yaml b/values.kind.yaml
index baa65f2..95c45ce 100644
--- a/values.kind.yaml
+++ b/values.kind.yaml
@@ -7,6 +7,8 @@ jumpstarter-controller:
   grpc:
     mode: "ingress"
   config:
+    provisioning:
+      enabled: true
     authentication:
       jwt:
       - issuer: