Context
PR #111 added unit tests on `KeycloakProvider.GetEndpointOverrides` covering the struct values it returns. The reconciler-level test (`TestBuildSecurityPolicySpec` in `internal/controller/reconcilers/auth/reconciler_test.go`) does not currently exercise the split-endpoint behavior end-to-end.
Ask
Add a reconciler test that builds a `SecurityPolicy` via `buildSecurityPolicySpec` with a `KeycloakProvider` configured with both internal service config and `KEYCLOAK_EXTERNAL_URL`, and asserts:
- `spec.OIDC.Provider.TokenEndpoint` host equals the in-cluster service hostname
- `spec.OIDC.Provider.AuthorizationEndpoint` host equals the `ExternalURL` host
- `spec.OIDC.Provider.EndSessionEndpoint` host equals the `ExternalURL` host
Catches future regressions where the override-application logic in `reconciler.go` gets refactored without touching `keycloak_test.go`.
Reference
Stylistic note from code review of #111.
Context
PR #111 added unit tests on `KeycloakProvider.GetEndpointOverrides` covering the struct values it returns. The reconciler-level test (`TestBuildSecurityPolicySpec` in `internal/controller/reconcilers/auth/reconciler_test.go`) does not currently exercise the split-endpoint behavior end-to-end.
Ask
Add a reconciler test that builds a `SecurityPolicy` via `buildSecurityPolicySpec` with a `KeycloakProvider` configured with both internal service config and `KEYCLOAK_EXTERNAL_URL`, and asserts:
Catches future regressions where the override-application logic in `reconciler.go` gets refactored without touching `keycloak_test.go`.
Reference
Stylistic note from code review of #111.