github/kubelogin
1
0
Fork 0
mirror of https://github.com/int128/kubelogin.git synced 2026-02-14 16:39:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor integration-test (#1242)

Browse Source 
* Refactor integration-test

* Refactor
This commit is contained in:
Hidetake Iwata
2025-01-13 16:29:27 +09:00
committed by GitHub
parent 8c7903b2db
commit 0c160f9db2
9 changed files with 108 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
integration_test/credetial_plugin_test.go
View File

@@ -43,7 +43,7 @@ func TestCredentialPlugin(t *testing.T) {
args: []string{"--certificate-authority", keypair.Server.CACertPath}, args: []string{"--certificate-authority", keypair.Server.CACertPath},
}, },
} { } {
httpDriverOption := httpdriver.Option{ httpDriverConfig := httpdriver.Config{
TLSConfig: tc.keyPair.TLSConfig, TLSConfig: tc.keyPair.TLSConfig,
BodyContains: "Authenticated", BodyContains: "Authenticated",
} }
@@ -53,7 +53,7 @@ func TestCredentialPlugin(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, tc.keyPair, testconfig.TestConfig{ svc := oidcserver.New(t, tc.keyPair, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -67,20 +67,20 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpDriverOption), httpDriver: httpdriver.New(ctx, t, httpDriverConfig),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: tc.args, args: tc.args,
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("ROPC", func(t *testing.T) { t.Run("ROPC", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, tc.keyPair, testconfig.TestConfig{ svc := oidcserver.New(t, tc.keyPair, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -95,7 +95,7 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.Zero(t), httpDriver: httpdriver.Zero(t),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
@@ -104,17 +104,17 @@ func TestCredentialPlugin(t *testing.T) {
"--password", "PASS1", "--password", "PASS1",
}, tc.args...), }, tc.args...),
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("TokenCacheLifecycle", func(t *testing.T) { t.Run("TokenCacheLifecycle", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, tc.keyPair, testconfig.TestConfig{}) svc := oidcserver.New(t, tc.keyPair, testconfig.Config{})
t.Run("NoCache", func(t *testing.T) { t.Run("NoCache", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{ svc.SetConfig(testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -129,29 +129,29 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpDriverOption), httpDriver: httpdriver.New(ctx, t, httpDriverConfig),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: tc.args, args: tc.args,
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("Valid", func(t *testing.T) { t.Run("Valid", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{}) svc.SetConfig(testconfig.Config{})
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.Zero(t), httpDriver: httpdriver.Zero(t),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: tc.args, args: tc.args,
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("Refresh", func(t *testing.T) { t.Run("Refresh", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{ svc.SetConfig(testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -166,16 +166,16 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpDriverOption), httpDriver: httpdriver.New(ctx, t, httpDriverConfig),
now: now.Add(2 * time.Hour), now: now.Add(2 * time.Hour),
stdout: &stdout, stdout: &stdout,
args: tc.args, args: tc.args,
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(3*time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(3*time.Hour))
}) })
t.Run("RefreshAgain", func(t *testing.T) { t.Run("RefreshAgain", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{ svc.SetConfig(testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -189,13 +189,13 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpDriverOption), httpDriver: httpdriver.New(ctx, t, httpDriverConfig),
now: now.Add(4 * time.Hour), now: now.Add(4 * time.Hour),
stdout: &stdout, stdout: &stdout,
args: tc.args, args: tc.args,
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(5*time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(5*time.Hour))
}) })
}) })
}) })
@@ -206,7 +206,7 @@ func TestCredentialPlugin(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -220,19 +220,19 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{BodyContains: "Authenticated"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "Authenticated"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("Enforce", func(t *testing.T) { t.Run("Enforce", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -246,13 +246,13 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{BodyContains: "Authenticated"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "Authenticated"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: []string{"--oidc-use-pkce"}, args: []string{"--oidc-use-pkce"},
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
}) })
@@ -260,7 +260,7 @@ func TestCredentialPlugin(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.Server, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.Server, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -274,20 +274,20 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{TLSConfig: keypair.Server.TLSConfig, BodyContains: "Authenticated"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{TLSConfig: keypair.Server.TLSConfig, BodyContains: "Authenticated"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: []string{"--certificate-authority-data", keypair.Server.CACertBase64}, args: []string{"--certificate-authority-data", keypair.Server.CACertBase64},
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("ExtraScopes", func(t *testing.T) { t.Run("ExtraScopes", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "email profile openid", Scope: "email profile openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -301,8 +301,8 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{BodyContains: "Authenticated"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "Authenticated"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: []string{ args: []string{
@@ -310,14 +310,14 @@ func TestCredentialPlugin(t *testing.T) {
"--oidc-extra-scope", "profile", "--oidc-extra-scope", "profile",
}, },
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("OpenURLAfterAuthentication", func(t *testing.T) { t.Run("OpenURLAfterAuthentication", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -331,20 +331,20 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{BodyContains: "URL=https://example.com/success"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "URL=https://example.com/success"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: []string{"--open-url-after-authentication", "https://example.com/success"}, args: []string{"--open-url-after-authentication", "https://example.com/success"},
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("RedirectURLHostname", func(t *testing.T) { t.Run("RedirectURLHostname", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://127.0.0.1:", RedirectURIPrefix: "http://127.0.0.1:",
@@ -358,20 +358,20 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{BodyContains: "Authenticated"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "Authenticated"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: []string{"--oidc-redirect-url-hostname", "127.0.0.1"}, args: []string{"--oidc-redirect-url-hostname", "127.0.0.1"},
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("RedirectURLHTTPS", func(t *testing.T) { t.Run("RedirectURLHTTPS", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "https://localhost:", RedirectURIPrefix: "https://localhost:",
@@ -385,8 +385,8 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{ httpDriver: httpdriver.New(ctx, t, httpdriver.Config{
TLSConfig: keypair.Server.TLSConfig, TLSConfig: keypair.Server.TLSConfig,
BodyContains: "Authenticated", BodyContains: "Authenticated",
}), }),
@@ -397,14 +397,14 @@ func TestCredentialPlugin(t *testing.T) {
"--local-server-key", keypair.Server.KeyPath, "--local-server-key", keypair.Server.KeyPath,
}, },
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
t.Run("ExtraParams", func(t *testing.T) { t.Run("ExtraParams", func(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ svc := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -422,8 +422,8 @@ func TestCredentialPlugin(t *testing.T) {
var stdout bytes.Buffer var stdout bytes.Buffer
runGetToken(t, ctx, getTokenConfig{ runGetToken(t, ctx, getTokenConfig{
tokenCacheDir: tokenCacheDir, tokenCacheDir: tokenCacheDir,
issuerURL: sv.IssuerURL(), issuerURL: svc.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{BodyContains: "Authenticated"}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "Authenticated"}),
now: now, now: now,
stdout: &stdout, stdout: &stdout,
args: []string{ args: []string{
@@ -431,7 +431,7 @@ func TestCredentialPlugin(t *testing.T) {
"--oidc-auth-request-extra-params", "reauth=false", "--oidc-auth-request-extra-params", "reauth=false",
}, },
}) })
assertCredentialPluginStdout(t, &stdout, sv.LastTokenResponse().IDToken, now.Add(time.Hour)) assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
}) })
} }

18
integration_test/httpdriver/http_driver.go
View File

@@ -10,14 +10,14 @@ import (
"testing" "testing"
) )
type Option struct { type Config struct {
TLSConfig *tls.Config TLSConfig *tls.Config
BodyContains string BodyContains string
} }
// New returns a client to simulate browser access. // New returns a client to simulate browser access.
func New(ctx context.Context, t *testing.T, o Option) *client { func New(ctx context.Context, t *testing.T, config Config) *client {
return &client{ctx, t, o} return &client{ctx, t, config}
} }
// Zero returns a client which call is not expected. // Zero returns a client which call is not expected.
@@ -26,13 +26,13 @@ func Zero(t *testing.T) *zeroClient {
} }
type client struct { type client struct {
ctx context.Context ctx context.Context
t *testing.T t *testing.T
o Option config Config
} }
func (c *client) Open(url string) error { func (c *client) Open(url string) error {
client := http.Client{Transport: &http.Transport{TLSClientConfig: c.o.TLSConfig}} client := http.Client{Transport: &http.Transport{TLSClientConfig: c.config.TLSConfig}}
req, err := http.NewRequest("GET", url, nil) req, err := http.NewRequest("GET", url, nil)
if err != nil { if err != nil {
c.t.Errorf("could not create a request: %s", err) c.t.Errorf("could not create a request: %s", err)
@@ -54,8 +54,8 @@ func (c *client) Open(url string) error {
return nil return nil
} }
body := string(b) body := string(b)
if !strings.Contains(body, c.o.BodyContains) { if !strings.Contains(body, c.config.BodyContains) {
c.t.Errorf("body should contain %s but was %s", c.o.BodyContains, body) c.t.Errorf("body should contain %s but was %s", c.config.BodyContains, body)
} }
return nil return nil
} }

21
integration_test/oidcserver/handler/handler.go
View File

@@ -6,6 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"testing" "testing"
"github.com/int128/kubelogin/integration_test/oidcserver/service" "github.com/int128/kubelogin/integration_test/oidcserver/service"
@@ -28,10 +29,8 @@ type Handlers struct {
} }
func (h *Handlers) handleError(w http.ResponseWriter, r *http.Request, f func() error) { func (h *Handlers) handleError(w http.ResponseWriter, r *http.Request, f func() error) {
wr := &responseWriterRecorder{w, 200}
err := f() err := f()
if err == nil { if err == nil {
h.t.Logf("%d %s %s", wr.statusCode, r.Method, r.RequestURI)
return return
} }
if errResp := new(service.ErrorResponse); errors.As(err, &errResp) { if errResp := new(service.ErrorResponse); errors.As(err, &errResp) {
@@ -48,16 +47,6 @@ func (h *Handlers) handleError(w http.ResponseWriter, r *http.Request, f func()
http.Error(w, err.Error(), 500) http.Error(w, err.Error(), 500)
} }
type responseWriterRecorder struct {
http.ResponseWriter
statusCode int
}
func (w *responseWriterRecorder) WriteHeader(statusCode int) {
w.ResponseWriter.WriteHeader(statusCode)
w.statusCode = statusCode
}
func (h *Handlers) Discovery(w http.ResponseWriter, r *http.Request) { func (h *Handlers) Discovery(w http.ResponseWriter, r *http.Request) {
h.handleError(w, r, func() error { h.handleError(w, r, func() error {
discoveryResponse := h.provider.Discovery() discoveryResponse := h.provider.Discovery()
@@ -98,8 +87,12 @@ func (h *Handlers) AuthenticateCode(w http.ResponseWriter, r *http.Request) {
if err != nil { if err != nil {
return fmt.Errorf("authentication error: %w", err) return fmt.Errorf("authentication error: %w", err)
} }
to := fmt.Sprintf("%s?state=%s&code=%s", redirectURI, state, code) redirectTo, err := url.Parse(redirectURI)
http.Redirect(w, r, to, 302) if err != nil {
return fmt.Errorf("invalid redirect_uri: %w", err)
}
redirectTo.RawQuery = url.Values{"state": {state}, "code": {code}}.Encode()
http.Redirect(w, r, redirectTo.String(), http.StatusFound)
return nil return nil
}) })
} }

22
integration_test/oidcserver/oidcserver.go
View File

@@ -17,20 +17,20 @@ import (
) )
// New starts a server for the OpenID Connect provider. // New starts a server for the OpenID Connect provider.
func New(t *testing.T, k keypair.KeyPair, c testconfig.TestConfig) service.Service { func New(t *testing.T, kp keypair.KeyPair, config testconfig.Config) service.Service {
mux := http.NewServeMux() mux := http.NewServeMux()
serverURL := startServer(t, mux, k) serverURL := startServer(t, mux, kp)
svc := service.New(t, serverURL, c) svc := service.New(t, serverURL, config)
handler.Register(t, mux, svc) handler.Register(t, mux, svc)
return svc return svc
} }
func startServer(t *testing.T, h http.Handler, k keypair.KeyPair) string { func startServer(t *testing.T, h http.Handler, kp keypair.KeyPair) string {
if k == keypair.None { if kp == keypair.None {
sv := httptest.NewServer(h) srv := httptest.NewServer(h)
t.Cleanup(sv.Close) t.Cleanup(srv.Close)
return sv.URL return srv.URL
} }
// Unfortunately, httptest package did not work with keypair.KeyPair. // Unfortunately, httptest package did not work with keypair.KeyPair.
@@ -38,15 +38,15 @@ func startServer(t *testing.T, h http.Handler, k keypair.KeyPair) string {
portAllocator := httptest.NewUnstartedServer(h) portAllocator := httptest.NewUnstartedServer(h)
t.Cleanup(portAllocator.Close) t.Cleanup(portAllocator.Close)
serverURL := fmt.Sprintf("https://localhost:%d", portAllocator.Listener.Addr().(*net.TCPAddr).Port) serverURL := fmt.Sprintf("https://localhost:%d", portAllocator.Listener.Addr().(*net.TCPAddr).Port)
sv := &http.Server{Handler: h} srv := &http.Server{Handler: h}
go func() { go func() {
err := sv.ServeTLS(portAllocator.Listener, k.CertPath, k.KeyPath) err := srv.ServeTLS(portAllocator.Listener, kp.CertPath, kp.KeyPath)
if err != nil && !errors.Is(err, http.ErrServerClosed) { if err != nil && !errors.Is(err, http.ErrServerClosed) {
t.Error(err) t.Error(err)
} }
}() }()
t.Cleanup(func() { t.Cleanup(func() {
if err := sv.Shutdown(context.TODO()); err != nil { if err := srv.Shutdown(context.TODO()); err != nil {
t.Errorf("could not shutdown the server: %s", err) t.Errorf("could not shutdown the server: %s", err)
} }
}) })

6
integration_test/oidcserver/service/service.go
View File

@@ -15,7 +15,7 @@ import (
testingJWT "github.com/int128/kubelogin/pkg/testing/jwt" testingJWT "github.com/int128/kubelogin/pkg/testing/jwt"
) )
func New(t *testing.T, issuerURL string, config testconfig.TestConfig) Service { func New(t *testing.T, issuerURL string, config testconfig.Config) Service {
return &service{ return &service{
config: config, config: config,
t: t, t: t,
@@ -24,7 +24,7 @@ func New(t *testing.T, issuerURL string, config testconfig.TestConfig) Service {
} }
type service struct { type service struct {
config testconfig.TestConfig config testconfig.Config
t *testing.T t *testing.T
issuerURL string issuerURL string
lastAuthenticationRequest *AuthenticationRequest lastAuthenticationRequest *AuthenticationRequest
@@ -35,7 +35,7 @@ func (svc *service) IssuerURL() string {
return svc.issuerURL return svc.issuerURL
} }
func (svc *service) SetConfig(cfg testconfig.TestConfig) { func (svc *service) SetConfig(cfg testconfig.Config) {
svc.config = cfg svc.config = cfg
} }

2
integration_test/oidcserver/service/types.go
View File

@@ -13,7 +13,7 @@ type Service interface {
Provider Provider
IssuerURL() string IssuerURL() string
SetConfig(config testconfig.TestConfig) SetConfig(config testconfig.Config)
LastTokenResponse() *TokenResponse LastTokenResponse() *TokenResponse
} }

4
integration_test/oidcserver/testconfig/types.go
View File

@@ -21,8 +21,8 @@ type Response struct {
CodeChallengeMethodsSupported []string CodeChallengeMethodsSupported []string
} }
// TestConfig represents a configuration of the OpenID Connect provider. // Config represents a configuration of the OpenID Connect provider.
type TestConfig struct { type Config struct {
Want Want Want Want
Response Response Response Response
} }

28
integration_test/standalone_test.go
View File

@@ -36,7 +36,7 @@ func TestStandalone(t *testing.T) {
keyPair: keypair.Server, keyPair: keypair.Server,
}, },
} { } {
httpDriverOption := httpdriver.Option{ httpDriverOption := httpdriver.Config{
TLSConfig: tc.keyPair.TLSConfig, TLSConfig: tc.keyPair.TLSConfig,
BodyContains: "Authenticated", BodyContains: "Authenticated",
} }
@@ -46,7 +46,7 @@ func TestStandalone(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, tc.keyPair, testconfig.TestConfig{ sv := oidcserver.New(t, tc.keyPair, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -75,7 +75,7 @@ func TestStandalone(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, tc.keyPair, testconfig.TestConfig{ sv := oidcserver.New(t, tc.keyPair, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -110,14 +110,14 @@ func TestStandalone(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, tc.keyPair, testconfig.TestConfig{}) sv := oidcserver.New(t, tc.keyPair, testconfig.Config{})
kubeConfigFilename := kubeconfig.Create(t, &kubeconfig.Values{ kubeConfigFilename := kubeconfig.Create(t, &kubeconfig.Values{
Issuer: sv.IssuerURL(), Issuer: sv.IssuerURL(),
IDPCertificateAuthority: tc.keyPair.CACertPath, IDPCertificateAuthority: tc.keyPair.CACertPath,
}) })
t.Run("NoToken", func(t *testing.T) { t.Run("NoToken", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{ sv.SetConfig(testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -139,7 +139,7 @@ func TestStandalone(t *testing.T) {
}) })
}) })
t.Run("Valid", func(t *testing.T) { t.Run("Valid", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{}) sv.SetConfig(testconfig.Config{})
runStandalone(t, ctx, standaloneConfig{ runStandalone(t, ctx, standaloneConfig{
issuerURL: sv.IssuerURL(), issuerURL: sv.IssuerURL(),
kubeConfigFilename: kubeConfigFilename, kubeConfigFilename: kubeConfigFilename,
@@ -152,7 +152,7 @@ func TestStandalone(t *testing.T) {
}) })
}) })
t.Run("Refresh", func(t *testing.T) { t.Run("Refresh", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{ sv.SetConfig(testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -175,7 +175,7 @@ func TestStandalone(t *testing.T) {
}) })
}) })
t.Run("RefreshAgain", func(t *testing.T) { t.Run("RefreshAgain", func(t *testing.T) {
sv.SetConfig(testconfig.TestConfig{ sv.SetConfig(testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -204,7 +204,7 @@ func TestStandalone(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.Server, testconfig.TestConfig{ sv := oidcserver.New(t, keypair.Server, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -220,7 +220,7 @@ func TestStandalone(t *testing.T) {
runStandalone(t, ctx, standaloneConfig{ runStandalone(t, ctx, standaloneConfig{
issuerURL: sv.IssuerURL(), issuerURL: sv.IssuerURL(),
kubeConfigFilename: kubeConfigFilename, kubeConfigFilename: kubeConfigFilename,
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{TLSConfig: keypair.Server.TLSConfig}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{TLSConfig: keypair.Server.TLSConfig}),
now: now, now: now,
}) })
kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{ kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{
@@ -232,7 +232,7 @@ func TestStandalone(t *testing.T) {
t.Run("env_KUBECONFIG", func(t *testing.T) { t.Run("env_KUBECONFIG", func(t *testing.T) {
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ sv := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "openid", Scope: "openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -247,7 +247,7 @@ func TestStandalone(t *testing.T) {
t.Setenv("KUBECONFIG", kubeConfigFilename+string(os.PathListSeparator)+"kubeconfig/testdata/dummy.yaml") t.Setenv("KUBECONFIG", kubeConfigFilename+string(os.PathListSeparator)+"kubeconfig/testdata/dummy.yaml")
runStandalone(t, ctx, standaloneConfig{ runStandalone(t, ctx, standaloneConfig{
issuerURL: sv.IssuerURL(), issuerURL: sv.IssuerURL(),
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{}),
now: now, now: now,
}) })
kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{ kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{
@@ -260,7 +260,7 @@ func TestStandalone(t *testing.T) {
t.Parallel() t.Parallel()
ctx, cancel := context.WithTimeout(context.TODO(), timeout) ctx, cancel := context.WithTimeout(context.TODO(), timeout)
defer cancel() defer cancel()
sv := oidcserver.New(t, keypair.None, testconfig.TestConfig{ sv := oidcserver.New(t, keypair.None, testconfig.Config{
Want: testconfig.Want{ Want: testconfig.Want{
Scope: "profile groups openid", Scope: "profile groups openid",
RedirectURIPrefix: "http://localhost:", RedirectURIPrefix: "http://localhost:",
@@ -276,7 +276,7 @@ func TestStandalone(t *testing.T) {
runStandalone(t, ctx, standaloneConfig{ runStandalone(t, ctx, standaloneConfig{
issuerURL: sv.IssuerURL(), issuerURL: sv.IssuerURL(),
kubeConfigFilename: kubeConfigFilename, kubeConfigFilename: kubeConfigFilename,
httpDriver: httpdriver.New(ctx, t, httpdriver.Option{}), httpDriver: httpdriver.New(ctx, t, httpdriver.Config{}),
now: now, now: now,
}) })
kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{ kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{

10
mocks/github.com/int128/kubelogin/integration_test/oidcserver/service_mock/mock_Service.go
View File

@@ -440,7 +440,7 @@ func (_c *MockService_Refresh_Call) RunAndReturn(run func(string) (*service.Toke
} }
// SetConfig provides a mock function with given fields: config // SetConfig provides a mock function with given fields: config
func (_m *MockService) SetConfig(config testconfig.TestConfig) { func (_m *MockService) SetConfig(config testconfig.Config) {
_m.Called(config) _m.Called(config)
} }
@@ -450,14 +450,14 @@ type MockService_SetConfig_Call struct {
} }
// SetConfig is a helper method to define mock.On call // SetConfig is a helper method to define mock.On call
// - config testconfig.TestConfig // - config testconfig.Config
func (_e *MockService_Expecter) SetConfig(config interface{}) *MockService_SetConfig_Call { func (_e *MockService_Expecter) SetConfig(config interface{}) *MockService_SetConfig_Call {
return &MockService_SetConfig_Call{Call: _e.mock.On("SetConfig", config)} return &MockService_SetConfig_Call{Call: _e.mock.On("SetConfig", config)}
} }
func (_c *MockService_SetConfig_Call) Run(run func(config testconfig.TestConfig)) *MockService_SetConfig_Call { func (_c *MockService_SetConfig_Call) Run(run func(config testconfig.Config)) *MockService_SetConfig_Call {
_c.Call.Run(func(args mock.Arguments) { _c.Call.Run(func(args mock.Arguments) {
run(args[0].(testconfig.TestConfig)) run(args[0].(testconfig.Config))
}) })
return _c return _c
} }
@@ -467,7 +467,7 @@ func (_c *MockService_SetConfig_Call) Return() *MockService_SetConfig_Call {
return _c return _c
} }
func (_c *MockService_SetConfig_Call) RunAndReturn(run func(testconfig.TestConfig)) *MockService_SetConfig_Call { func (_c *MockService_SetConfig_Call) RunAndReturn(run func(testconfig.Config)) *MockService_SetConfig_Call {
_c.Run(run) _c.Run(run)
return _c return _c
} }