chore: move gofakeit integration testing calls (#10684)

# Which Problems Are Solved Flakiness and conflicts in value from gofakeit. # How the Problems Are Solved Move Gofakeit calls to the integration package, to guarantee proper usage and values for integration testing. # Additional Changes None # Additional Context None (cherry picked from commit 492f1826ee)
2025-12-06 16:12:13 +00:00 · 2025-09-10 08:00:31 +02:00
parent 78ded99017
commit b892fc9b28
70 changed files with 1404 additions and 1293 deletions
--- a/internal/api/oidc/integration_test/client_test.go
+++ b/internal/api/oidc/integration_test/client_test.go
@@ -7,7 +7,6 @@ import (
 	"testing"
 	"time"

-	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client"
@@ -25,20 +24,15 @@ import (
 )

 func TestServer_Introspect(t *testing.T) {
-	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
-	app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
-	require.NoError(t, err)
-
-	wantAudience := []string{app.GetClientId(), project.GetId()}
-
 	tests := []struct {
 		name    string
-		api     func(*testing.T) (apiID string, resourceServer rs.ResourceServer)
+		api     func(*testing.T) (clientID string, audience []string, resourceServer rs.ResourceServer)
 		wantErr bool
 	}{
 		{
 			name: "client assertion",
-			api: func(t *testing.T) (string, rs.ResourceServer) {
+			api: func(t *testing.T) (string, []string, rs.ResourceServer) {
+				project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
 				api, err := Instance.CreateAPIClientJWT(CTX, project.GetId())
 				require.NoError(t, err)
 				keyResp, err := Instance.Client.Mgmt.AddAppKey(CTX, &management.AddAppKeyRequest{
@@ -48,63 +42,81 @@ func TestServer_Introspect(t *testing.T) {
 					ExpirationDate: nil,
 				})
 				require.NoError(t, err)
+
+				app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
+				require.NoError(t, err)
+
 				resourceServer, err := Instance.CreateResourceServerJWTProfile(CTX, keyResp.GetKeyDetails())
 				require.NoError(t, err)
-				return api.GetClientId(), resourceServer
+				return app.GetClientId(), []string{app.GetClientId(), project.GetId(), api.GetClientId()}, resourceServer
 			},
 		},
 		{
 			name: "client credentials",
-			api: func(t *testing.T) (string, rs.ResourceServer) {
+			api: func(t *testing.T) (string, []string, rs.ResourceServer) {
+				project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
 				api, err := Instance.CreateAPIClientBasic(CTX, project.GetId())
 				require.NoError(t, err)
+				app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
+				require.NoError(t, err)
+
 				resourceServer, err := Instance.CreateResourceServerClientCredentials(CTX, api.GetClientId(), api.GetClientSecret())
 				require.NoError(t, err)
-				return api.GetClientId(), resourceServer
+				return app.GetClientId(), []string{app.GetClientId(), project.GetId(), api.GetClientId()}, resourceServer
 			},
 		},
 		{
 			name: "client invalid id, error",
-			api: func(t *testing.T) (string, rs.ResourceServer) {
+			api: func(t *testing.T) (string, []string, rs.ResourceServer) {
+				project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
+				app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
+				require.NoError(t, err)
+
 				api, err := Instance.CreateAPIClientBasic(CTX, project.GetId())
 				require.NoError(t, err)
 				resourceServer, err := Instance.CreateResourceServerClientCredentials(CTX, "xxxxx", api.GetClientSecret())
 				require.NoError(t, err)
-				return api.GetClientId(), resourceServer
+				return app.GetClientId(), []string{app.GetClientId(), project.GetId(), api.GetClientId()}, resourceServer
 			},
 			wantErr: true,
 		},
 		{
 			name: "client invalid secret, error",
-			api: func(t *testing.T) (string, rs.ResourceServer) {
+			api: func(t *testing.T) (string, []string, rs.ResourceServer) {
+				project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
+				app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
+				require.NoError(t, err)
+
 				api, err := Instance.CreateAPIClientBasic(CTX, project.GetId())
 				require.NoError(t, err)
 				resourceServer, err := Instance.CreateResourceServerClientCredentials(CTX, api.GetClientId(), "xxxxx")
 				require.NoError(t, err)
-				return api.GetClientId(), resourceServer
+				return app.GetClientId(), []string{app.GetClientId(), project.GetId(), api.GetClientId()}, resourceServer
 			},
 			wantErr: true,
 		},
 		{
 			name: "client credentials on jwt client, error",
-			api: func(t *testing.T) (string, rs.ResourceServer) {
+			api: func(t *testing.T) (string, []string, rs.ResourceServer) {
+				project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
+				app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
+				require.NoError(t, err)
+
 				api, err := Instance.CreateAPIClientJWT(CTX, project.GetId())
 				require.NoError(t, err)
 				resourceServer, err := Instance.CreateResourceServerClientCredentials(CTX, api.GetClientId(), "xxxxx")
 				require.NoError(t, err)
-				return api.GetClientId(), resourceServer
+				return app.GetClientId(), []string{app.GetClientId(), project.GetId(), api.GetClientId()}, resourceServer
 			},
 			wantErr: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			apiID, resourceServer := tt.api(t)
-			// wantAudience grows for every API we add to the project.
-			wantAudience = append(wantAudience, apiID)
+			clientID, wantAudience, resourceServer := tt.api(t)

 			scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess, oidc_api.ScopeResourceOwner}
-			authRequestID := createAuthRequest(t, Instance, app.GetClientId(), redirectURI, scope...)
+			authRequestID := createAuthRequest(t, Instance, clientID, redirectURI, scope...)
 			sessionID, sessionToken, startTime, changeTime := Instance.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId())
 			linkResp, err := Instance.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{
 				AuthRequestId: authRequestID,
@@ -119,7 +131,7 @@ func TestServer_Introspect(t *testing.T) {

 			// code exchange
 			code := assertCodeResponse(t, linkResp.GetCallbackUrl())
-			tokens, err := exchangeTokens(t, Instance, app.GetClientId(), code, redirectURI)
+			tokens, err := exchangeTokens(t, Instance, clientID, code, redirectURI)
 			require.NoError(t, err)
 			assertTokens(t, tokens, true)
 			assertIDTokenClaims(t, tokens.IDTokenClaims, User.GetUserId(), armPasskey, startTime, changeTime, sessionID)
@@ -133,7 +145,7 @@ func TestServer_Introspect(t *testing.T) {

 			require.NoError(t, err)
 			assertIntrospection(t, introspection,
-				Instance.OIDCIssuer(), app.GetClientId(),
+				Instance.OIDCIssuer(), clientID,
 				scope, wantAudience,
 				tokens.Expiry, tokens.Expiry.Add(-12*time.Hour))
 		})
@@ -188,8 +200,8 @@ func assertIntrospection(
 // with clients that have different authentication methods.
 func TestServer_VerifyClient(t *testing.T) {
 	sessionID, sessionToken, startTime, changeTime := Instance.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId())
-	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
-	projectInactive := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
+	project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
+	projectInactive := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)

 	inactiveClient, err := Instance.CreateOIDCInactivateClient(CTX, redirectURI, logoutRedirectURI, project.GetId())
 	require.NoError(t, err)
--- a/internal/api/oidc/integration_test/oidc_test.go
+++ b/internal/api/oidc/integration_test/oidc_test.go
@@ -9,7 +9,6 @@ import (
 	"testing"
 	"time"

-	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
@@ -123,7 +122,7 @@ func Test_ZITADEL_API_missing_authentication(t *testing.T) {

 func Test_ZITADEL_API_missing_mfa_policy(t *testing.T) {
 	clientID, _ := createClient(t, Instance)
-	org := Instance.CreateOrganization(CTXIAM, integration.OrganizationName(), gofakeit.Email())
+	org := Instance.CreateOrganization(CTXIAM, integration.OrganizationName(), integration.Email())
 	userID := org.CreatedAdmins[0].GetUserId()
 	Instance.SetUserPassword(CTXIAM, userID, integration.UserPassword, false)
 	authRequestID := createAuthRequest(t, Instance, clientID, redirectURI, oidc.ScopeOpenID, zitadelAudienceScope)
@@ -421,7 +420,7 @@ type clientOpts struct {
 func createClientWithOpts(t testing.TB, instance *integration.Instance, opts clientOpts) (clientID, projectID string) {
 	ctx := instance.WithAuthorization(CTX, integration.UserTypeOrgOwner)

-	project := instance.CreateProject(ctx, t.(*testing.T), "", gofakeit.AppName(), false, false)
+	project := instance.CreateProject(ctx, t.(*testing.T), "", integration.ProjectName(), false, false)
 	app, err := instance.CreateOIDCClientLoginVersion(ctx, opts.redirectURI, opts.logoutURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, opts.devMode, opts.LoginVersion)
 	require.NoError(t, err)
 	return app.GetClientId(), project.GetId()
--- a/internal/api/oidc/integration_test/token_client_credentials_test.go
+++ b/internal/api/oidc/integration_test/token_client_credentials_test.go
@@ -7,7 +7,6 @@ import (
 	"testing"
 	"time"

-	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
@@ -62,7 +61,7 @@ func TestServer_ClientCredentialsExchange(t *testing.T) {
 		{
 			name: "machine user without secret error",
 			clientID: func() string {
-				name := gofakeit.Username()
+				name := integration.Username()
 				_, err := Instance.Client.Mgmt.AddMachineUser(CTX, &management.AddMachineUserRequest{
 					Name:            name,
 					UserName:        name,
--- a/internal/api/oidc/integration_test/token_device_test.go
+++ b/internal/api/oidc/integration_test/token_device_test.go
@@ -8,7 +8,6 @@ import (
 	"testing"
 	"time"

-	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
@@ -22,7 +21,7 @@ import (
 )

 func TestServer_DeviceAuth(t *testing.T) {
-	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
+	project := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false)
 	client, err := Instance.CreateOIDCClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE)
 	require.NoError(t, err)

--- a/internal/api/oidc/integration_test/userinfo_test.go
+++ b/internal/api/oidc/integration_test/userinfo_test.go
@@ -7,7 +7,6 @@ import (
 	"strings"
 	"testing"

-	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
@@ -77,14 +76,14 @@ func TestServer_UserInfo(t *testing.T) {
 			prepare: func(t *testing.T, clientID string, scope []string) *oidc.Tokens[*oidc.IDTokenClaims] {
 				_, err := Instance.Client.Mgmt.UpdateProject(CTX, &management.UpdateProjectRequest{
 					Id:                   projectID,
-					Name:                 fmt.Sprintf("project-%s", gofakeit.AppName()),
+					Name:                 integration.ProjectName(),
 					ProjectRoleAssertion: true,
 				})
 				require.NoError(t, err)
 				t.Cleanup(func() {
 					_, err := Instance.Client.Mgmt.UpdateProject(CTX, &management.UpdateProjectRequest{
 						Id:                   projectID,
-						Name:                 fmt.Sprintf("project-%s", gofakeit.AppName()),
+						Name:                 integration.ProjectName(),
 						ProjectRoleAssertion: false,
 					})
 					require.NoError(t, err)
@@ -187,7 +186,7 @@ func TestServer_UserInfo_OrgIDRoles(t *testing.T) {

 	_, err := Instance.Client.Mgmt.UpdateProject(CTX, &management.UpdateProjectRequest{
 		Id:                   projectID,
-		Name:                 fmt.Sprintf("project-%s", gofakeit.AppName()),
+		Name:                 integration.ProjectName(),
 		ProjectRoleAssertion: true,
 	})
 	require.NoError(t, err)
@@ -251,7 +250,7 @@ func TestServer_UserInfo_Issue6662(t *testing.T) {
 		roleBar = "bar"
 	)

-	projectID := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false).GetId()
+	projectID := Instance.CreateProject(CTX, t, "", integration.ProjectName(), false, false).GetId()
 	user, _, clientID, clientSecret, err := Instance.CreateOIDCCredentialsClient(CTX)
 	require.NoError(t, err)
 	addProjectRolesGrants(t, user.GetUserId(), projectID, roleFoo, roleBar)
@@ -296,7 +295,7 @@ func addProjectRolesGrants(t *testing.T, userID, projectID string, roles ...stri
 // addProjectOrgGrant adds a new organization which will be granted on the projectID with the specified roles.
 // The userID will be granted in the new organization to the project with the same roles.
 func addProjectOrgGrant(t *testing.T, userID, projectID string, roles ...string) (grantedOrgID string) {
-	grantedOrg := Instance.CreateOrganization(CTXIAM, integration.OrganizationName(), gofakeit.Email())
+	grantedOrg := Instance.CreateOrganization(CTXIAM, integration.OrganizationName(), integration.Email())
 	projectGrant, err := Instance.Client.Mgmt.AddProjectGrant(CTX, &management.AddProjectGrantRequest{
 		ProjectId:    projectID,
 		GrantedOrgId: grantedOrg.GetOrganizationId(),