mirror of
https://github.com/int128/kubelogin.git
synced 2026-02-14 16:39:51 +00:00
Extract struct tokencache.Config (#1226)
This commit is contained in:
Hidetake Iwata
GitHub
@@ -24,9 +24,9 @@ func (_m *MockInterface) EXPECT() *MockInterface_Expecter {
|
||||
return &MockInterface_Expecter{mock: &_m.Mock}
|
||||
}
|
||||
|
||||
// FindByKey provides a mock function with given fields: dir, storage, key
|
||||
func (_m *MockInterface) FindByKey(dir string, storage tokencache.Storage, key tokencache.Key) (*oidc.TokenSet, error) {
|
||||
ret := _m.Called(dir, storage, key)
|
||||
// FindByKey provides a mock function with given fields: config, key
|
||||
func (_m *MockInterface) FindByKey(config tokencache.Config, key tokencache.Key) (*oidc.TokenSet, error) {
|
||||
ret := _m.Called(config, key)
|
||||
|
||||
if len(ret) == 0 {
|
||||
panic("no return value specified for FindByKey")
|
||||
@@ -34,19 +34,19 @@ func (_m *MockInterface) FindByKey(dir string, storage tokencache.Storage, key t
|
||||
|
||||
var r0 *oidc.TokenSet
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) (*oidc.TokenSet, error)); ok {
|
||||
return rf(dir, storage, key)
|
||||
if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) (*oidc.TokenSet, error)); ok {
|
||||
return rf(config, key)
|
||||
}
|
||||
if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) *oidc.TokenSet); ok {
|
||||
r0 = rf(dir, storage, key)
|
||||
if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) *oidc.TokenSet); ok {
|
||||
r0 = rf(config, key)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).(*oidc.TokenSet)
|
||||
}
|
||||
}
|
||||
|
||||
if rf, ok := ret.Get(1).(func(string, tokencache.Storage, tokencache.Key) error); ok {
|
||||
r1 = rf(dir, storage, key)
|
||||
if rf, ok := ret.Get(1).(func(tokencache.Config, tokencache.Key) error); ok {
|
||||
r1 = rf(config, key)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
@@ -60,16 +60,15 @@ type MockInterface_FindByKey_Call struct {
|
||||
}
|
||||
|
||||
// FindByKey is a helper method to define mock.On call
|
||||
// - dir string
|
||||
// - storage tokencache.Storage
|
||||
// - config tokencache.Config
|
||||
// - key tokencache.Key
|
||||
func (_e *MockInterface_Expecter) FindByKey(dir interface{}, storage interface{}, key interface{}) *MockInterface_FindByKey_Call {
|
||||
return &MockInterface_FindByKey_Call{Call: _e.mock.On("FindByKey", dir, storage, key)}
|
||||
func (_e *MockInterface_Expecter) FindByKey(config interface{}, key interface{}) *MockInterface_FindByKey_Call {
|
||||
return &MockInterface_FindByKey_Call{Call: _e.mock.On("FindByKey", config, key)}
|
||||
}
|
||||
|
||||
func (_c *MockInterface_FindByKey_Call) Run(run func(dir string, storage tokencache.Storage, key tokencache.Key)) *MockInterface_FindByKey_Call {
|
||||
func (_c *MockInterface_FindByKey_Call) Run(run func(config tokencache.Config, key tokencache.Key)) *MockInterface_FindByKey_Call {
|
||||
_c.Call.Run(func(args mock.Arguments) {
|
||||
run(args[0].(string), args[1].(tokencache.Storage), args[2].(tokencache.Key))
|
||||
run(args[0].(tokencache.Config), args[1].(tokencache.Key))
|
||||
})
|
||||
return _c
|
||||
}
|
||||
@@ -79,14 +78,14 @@ func (_c *MockInterface_FindByKey_Call) Return(_a0 *oidc.TokenSet, _a1 error) *M
|
||||
return _c
|
||||
}
|
||||
|
||||
func (_c *MockInterface_FindByKey_Call) RunAndReturn(run func(string, tokencache.Storage, tokencache.Key) (*oidc.TokenSet, error)) *MockInterface_FindByKey_Call {
|
||||
func (_c *MockInterface_FindByKey_Call) RunAndReturn(run func(tokencache.Config, tokencache.Key) (*oidc.TokenSet, error)) *MockInterface_FindByKey_Call {
|
||||
_c.Call.Return(run)
|
||||
return _c
|
||||
}
|
||||
|
||||
// Lock provides a mock function with given fields: dir, storage, key
|
||||
func (_m *MockInterface) Lock(dir string, storage tokencache.Storage, key tokencache.Key) (io.Closer, error) {
|
||||
ret := _m.Called(dir, storage, key)
|
||||
// Lock provides a mock function with given fields: config, key
|
||||
func (_m *MockInterface) Lock(config tokencache.Config, key tokencache.Key) (io.Closer, error) {
|
||||
ret := _m.Called(config, key)
|
||||
|
||||
if len(ret) == 0 {
|
||||
panic("no return value specified for Lock")
|
||||
@@ -94,19 +93,19 @@ func (_m *MockInterface) Lock(dir string, storage tokencache.Storage, key tokenc
|
||||
|
||||
var r0 io.Closer
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) (io.Closer, error)); ok {
|
||||
return rf(dir, storage, key)
|
||||
if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) (io.Closer, error)); ok {
|
||||
return rf(config, key)
|
||||
}
|
||||
if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) io.Closer); ok {
|
||||
r0 = rf(dir, storage, key)
|
||||
if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) io.Closer); ok {
|
||||
r0 = rf(config, key)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).(io.Closer)
|
||||
}
|
||||
}
|
||||
|
||||
if rf, ok := ret.Get(1).(func(string, tokencache.Storage, tokencache.Key) error); ok {
|
||||
r1 = rf(dir, storage, key)
|
||||
if rf, ok := ret.Get(1).(func(tokencache.Config, tokencache.Key) error); ok {
|
||||
r1 = rf(config, key)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
@@ -120,16 +119,15 @@ type MockInterface_Lock_Call struct {
|
||||
}
|
||||
|
||||
// Lock is a helper method to define mock.On call
|
||||
// - dir string
|
||||
// - storage tokencache.Storage
|
||||
// - config tokencache.Config
|
||||
// - key tokencache.Key
|
||||
func (_e *MockInterface_Expecter) Lock(dir interface{}, storage interface{}, key interface{}) *MockInterface_Lock_Call {
|
||||
return &MockInterface_Lock_Call{Call: _e.mock.On("Lock", dir, storage, key)}
|
||||
func (_e *MockInterface_Expecter) Lock(config interface{}, key interface{}) *MockInterface_Lock_Call {
|
||||
return &MockInterface_Lock_Call{Call: _e.mock.On("Lock", config, key)}
|
||||
}
|
||||
|
||||
func (_c *MockInterface_Lock_Call) Run(run func(dir string, storage tokencache.Storage, key tokencache.Key)) *MockInterface_Lock_Call {
|
||||
func (_c *MockInterface_Lock_Call) Run(run func(config tokencache.Config, key tokencache.Key)) *MockInterface_Lock_Call {
|
||||
_c.Call.Run(func(args mock.Arguments) {
|
||||
run(args[0].(string), args[1].(tokencache.Storage), args[2].(tokencache.Key))
|
||||
run(args[0].(tokencache.Config), args[1].(tokencache.Key))
|
||||
})
|
||||
return _c
|
||||
}
|
||||
@@ -139,22 +137,22 @@ func (_c *MockInterface_Lock_Call) Return(_a0 io.Closer, _a1 error) *MockInterfa
|
||||
return _c
|
||||
}
|
||||
|
||||
func (_c *MockInterface_Lock_Call) RunAndReturn(run func(string, tokencache.Storage, tokencache.Key) (io.Closer, error)) *MockInterface_Lock_Call {
|
||||
func (_c *MockInterface_Lock_Call) RunAndReturn(run func(tokencache.Config, tokencache.Key) (io.Closer, error)) *MockInterface_Lock_Call {
|
||||
_c.Call.Return(run)
|
||||
return _c
|
||||
}
|
||||
|
||||
// Save provides a mock function with given fields: dir, storage, key, tokenSet
|
||||
func (_m *MockInterface) Save(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet) error {
|
||||
ret := _m.Called(dir, storage, key, tokenSet)
|
||||
// Save provides a mock function with given fields: config, key, tokenSet
|
||||
func (_m *MockInterface) Save(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet) error {
|
||||
ret := _m.Called(config, key, tokenSet)
|
||||
|
||||
if len(ret) == 0 {
|
||||
panic("no return value specified for Save")
|
||||
}
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key, oidc.TokenSet) error); ok {
|
||||
r0 = rf(dir, storage, key, tokenSet)
|
||||
if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key, oidc.TokenSet) error); ok {
|
||||
r0 = rf(config, key, tokenSet)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
@@ -168,17 +166,16 @@ type MockInterface_Save_Call struct {
|
||||
}
|
||||
|
||||
// Save is a helper method to define mock.On call
|
||||
// - dir string
|
||||
// - storage tokencache.Storage
|
||||
// - config tokencache.Config
|
||||
// - key tokencache.Key
|
||||
// - tokenSet oidc.TokenSet
|
||||
func (_e *MockInterface_Expecter) Save(dir interface{}, storage interface{}, key interface{}, tokenSet interface{}) *MockInterface_Save_Call {
|
||||
return &MockInterface_Save_Call{Call: _e.mock.On("Save", dir, storage, key, tokenSet)}
|
||||
func (_e *MockInterface_Expecter) Save(config interface{}, key interface{}, tokenSet interface{}) *MockInterface_Save_Call {
|
||||
return &MockInterface_Save_Call{Call: _e.mock.On("Save", config, key, tokenSet)}
|
||||
}
|
||||
|
||||
func (_c *MockInterface_Save_Call) Run(run func(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet)) *MockInterface_Save_Call {
|
||||
func (_c *MockInterface_Save_Call) Run(run func(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet)) *MockInterface_Save_Call {
|
||||
_c.Call.Run(func(args mock.Arguments) {
|
||||
run(args[0].(string), args[1].(tokencache.Storage), args[2].(tokencache.Key), args[3].(oidc.TokenSet))
|
||||
run(args[0].(tokencache.Config), args[1].(tokencache.Key), args[2].(oidc.TokenSet))
|
||||
})
|
||||
return _c
|
||||
}
|
||||
@@ -188,7 +185,7 @@ func (_c *MockInterface_Save_Call) Return(_a0 error) *MockInterface_Save_Call {
|
||||
return _c
|
||||
}
|
||||
|
||||
func (_c *MockInterface_Save_Call) RunAndReturn(run func(string, tokencache.Storage, tokencache.Key, oidc.TokenSet) error) *MockInterface_Save_Call {
|
||||
func (_c *MockInterface_Save_Call) RunAndReturn(run func(tokencache.Config, tokencache.Key, oidc.TokenSet) error) *MockInterface_Save_Call {
|
||||
_c.Call.Return(run)
|
||||
return _c
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/int128/kubelogin/pkg/oidc"
|
||||
"github.com/int128/kubelogin/pkg/testing/logger"
|
||||
"github.com/int128/kubelogin/pkg/tlsclientconfig"
|
||||
"github.com/int128/kubelogin/pkg/tokencache"
|
||||
"github.com/int128/kubelogin/pkg/usecases/authentication"
|
||||
"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
|
||||
"github.com/int128/kubelogin/pkg/usecases/credentialplugin"
|
||||
@@ -113,11 +114,13 @@ func TestCmd_Run(t *testing.T) {
|
||||
"--oidc-client-id", "YOUR_CLIENT_ID",
|
||||
},
|
||||
in: credentialplugin.Input{
|
||||
TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://issuer.example.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
},
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
|
||||
},
|
||||
GrantOptionSet: authentication.GrantOptionSet{
|
||||
AuthCodeBrowserOption: &authcode.BrowserOption{
|
||||
BindAddress: defaultListenAddress,
|
||||
@@ -138,13 +141,15 @@ func TestCmd_Run(t *testing.T) {
|
||||
"-v1",
|
||||
},
|
||||
in: credentialplugin.Input{
|
||||
TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://issuer.example.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
ExtraScopes: []string{"email", "profile"},
|
||||
},
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
|
||||
},
|
||||
GrantOptionSet: authentication.GrantOptionSet{
|
||||
AuthCodeBrowserOption: &authcode.BrowserOption{
|
||||
BindAddress: defaultListenAddress,
|
||||
@@ -162,12 +167,14 @@ func TestCmd_Run(t *testing.T) {
|
||||
"--oidc-use-access-token=true",
|
||||
},
|
||||
in: credentialplugin.Input{
|
||||
TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://issuer.example.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
UseAccessToken: true,
|
||||
},
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
|
||||
},
|
||||
GrantOptionSet: authentication.GrantOptionSet{
|
||||
AuthCodeBrowserOption: &authcode.BrowserOption{
|
||||
BindAddress: defaultListenAddress,
|
||||
@@ -188,11 +195,13 @@ func TestCmd_Run(t *testing.T) {
|
||||
"--token-cache-dir", "~/.kube/oidc-cache",
|
||||
},
|
||||
in: credentialplugin.Input{
|
||||
TokenCacheDir: filepath.Join(userHomeDir, ".kube/oidc-cache"),
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://issuer.example.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
},
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: filepath.Join(userHomeDir, ".kube/oidc-cache"),
|
||||
},
|
||||
GrantOptionSet: authentication.GrantOptionSet{
|
||||
AuthCodeBrowserOption: &authcode.BrowserOption{
|
||||
BindAddress: defaultListenAddress,
|
||||
|
||||
@@ -96,11 +96,13 @@ func (cmd *GetToken) New() *cobra.Command {
|
||||
UseAccessToken: o.UseAccessToken,
|
||||
ExtraScopes: o.ExtraScopes,
|
||||
},
|
||||
ForceRefresh: o.ForceRefresh,
|
||||
TokenCacheDir: o.TokenCacheDir,
|
||||
TokenCacheStorage: tokenStorage,
|
||||
GrantOptionSet: grantOptionSet,
|
||||
TLSClientConfig: o.tlsOptions.tlsClientConfig(),
|
||||
ForceRefresh: o.ForceRefresh,
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: o.TokenCacheDir,
|
||||
Storage: tokenStorage,
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
TLSClientConfig: o.tlsOptions.tlsClientConfig(),
|
||||
}
|
||||
if err := cmd.GetToken.Do(c.Context(), in); err != nil {
|
||||
return fmt.Errorf("get-token: %w", err)
|
||||
|
||||
@@ -25,9 +25,9 @@ var Set = wire.NewSet(
|
||||
)
|
||||
|
||||
type Interface interface {
|
||||
FindByKey(dir string, storage tokencache.Storage, key tokencache.Key) (*oidc.TokenSet, error)
|
||||
Save(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet) error
|
||||
Lock(dir string, storage tokencache.Storage, key tokencache.Key) (io.Closer, error)
|
||||
FindByKey(config tokencache.Config, key tokencache.Key) (*oidc.TokenSet, error)
|
||||
Save(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet) error
|
||||
Lock(config tokencache.Config, key tokencache.Key) (io.Closer, error)
|
||||
}
|
||||
|
||||
type entity struct {
|
||||
@@ -47,33 +47,33 @@ const keyringService = "kubelogin"
|
||||
// keyringItemPrefix is used as the prefix in the keyring items.
|
||||
const keyringItemPrefix = "kubelogin/tokencache/"
|
||||
|
||||
func (r *Repository) FindByKey(dir string, storage tokencache.Storage, key tokencache.Key) (*oidc.TokenSet, error) {
|
||||
func (r *Repository) FindByKey(config tokencache.Config, key tokencache.Key) (*oidc.TokenSet, error) {
|
||||
checksum, err := computeChecksum(key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not compute the key: %w", err)
|
||||
}
|
||||
switch storage {
|
||||
switch config.Storage {
|
||||
case tokencache.StorageAuto:
|
||||
t, err := readFromKeyring(checksum)
|
||||
if errors.Is(err, keyring.ErrUnsupportedPlatform) ||
|
||||
errors.Is(err, keyring.ErrNotFound) {
|
||||
return readFromFile(dir, checksum)
|
||||
return readFromFile(config, checksum)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return t, nil
|
||||
case tokencache.StorageDisk:
|
||||
return readFromFile(dir, checksum)
|
||||
return readFromFile(config, checksum)
|
||||
case tokencache.StorageKeyring:
|
||||
return readFromKeyring(checksum)
|
||||
default:
|
||||
return nil, fmt.Errorf("unknown storage mode: %v", storage)
|
||||
return nil, fmt.Errorf("unknown storage mode: %v", config.Storage)
|
||||
}
|
||||
}
|
||||
|
||||
func readFromFile(dir, checksum string) (*oidc.TokenSet, error) {
|
||||
p := filepath.Join(dir, checksum)
|
||||
func readFromFile(config tokencache.Config, checksum string) (*oidc.TokenSet, error) {
|
||||
p := filepath.Join(config.Directory, checksum)
|
||||
b, err := os.ReadFile(p)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not open file %s: %w", p, err)
|
||||
@@ -110,37 +110,37 @@ func decodeKey(b []byte) (*oidc.TokenSet, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (r *Repository) Save(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet) error {
|
||||
func (r *Repository) Save(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet) error {
|
||||
checksum, err := computeChecksum(key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not compute the key: %w", err)
|
||||
}
|
||||
switch storage {
|
||||
switch config.Storage {
|
||||
case tokencache.StorageAuto:
|
||||
if err := writeToKeyring(checksum, tokenSet); err != nil {
|
||||
if errors.Is(err, keyring.ErrUnsupportedPlatform) {
|
||||
return writeToFile(dir, checksum, tokenSet)
|
||||
return writeToFile(config, checksum, tokenSet)
|
||||
}
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
case tokencache.StorageDisk:
|
||||
return writeToFile(dir, checksum, tokenSet)
|
||||
return writeToFile(config, checksum, tokenSet)
|
||||
case tokencache.StorageKeyring:
|
||||
return writeToKeyring(checksum, tokenSet)
|
||||
default:
|
||||
return fmt.Errorf("unknown storage mode: %v", storage)
|
||||
return fmt.Errorf("unknown storage mode: %v", config.Storage)
|
||||
}
|
||||
}
|
||||
|
||||
func writeToFile(dir, checksum string, tokenSet oidc.TokenSet) error {
|
||||
p := filepath.Join(dir, checksum)
|
||||
func writeToFile(config tokencache.Config, checksum string, tokenSet oidc.TokenSet) error {
|
||||
p := filepath.Join(config.Directory, checksum)
|
||||
b, err := encodeKey(tokenSet)
|
||||
if err != nil {
|
||||
return fmt.Errorf("file %s: %w", p, err)
|
||||
}
|
||||
if err := os.MkdirAll(dir, 0700); err != nil {
|
||||
return fmt.Errorf("could not create directory %s: %w", dir, err)
|
||||
if err := os.MkdirAll(config.Directory, 0700); err != nil {
|
||||
return fmt.Errorf("could not create directory %s: %w", config.Directory, err)
|
||||
}
|
||||
if err := os.WriteFile(p, b, 0600); err != nil {
|
||||
return fmt.Errorf("could not create file %s: %w", p, err)
|
||||
@@ -160,23 +160,19 @@ func writeToKeyring(checksum string, tokenSet oidc.TokenSet) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *Repository) Lock(tokenCacheDir string, storage tokencache.Storage, key tokencache.Key) (io.Closer, error) {
|
||||
func (r *Repository) Lock(config tokencache.Config, key tokencache.Key) (io.Closer, error) {
|
||||
checksum, err := computeChecksum(key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not compute the key: %w", err)
|
||||
}
|
||||
// NOTE: Both keyring and disk storage types use files for locking
|
||||
// No sensitive data is stored in the lock file
|
||||
return lockFile(tokenCacheDir, checksum)
|
||||
}
|
||||
|
||||
func lockFile(tokenCacheDir, checksum string) (io.Closer, error) {
|
||||
if err := os.MkdirAll(tokenCacheDir, 0700); err != nil {
|
||||
return nil, fmt.Errorf("could not create directory %s: %w", tokenCacheDir, err)
|
||||
if err := os.MkdirAll(config.Directory, 0700); err != nil {
|
||||
return nil, fmt.Errorf("could not create directory %s: %w", config.Directory, err)
|
||||
}
|
||||
// Do not lock the token cache file.
|
||||
// https://github.com/int128/kubelogin/issues/1144
|
||||
lockFilepath := filepath.Join(tokenCacheDir, checksum+".lock")
|
||||
lockFilepath := filepath.Join(config.Directory, checksum+".lock")
|
||||
lockFile := flock.New(lockFilepath)
|
||||
if err := lockFile.Lock(); err != nil {
|
||||
return nil, fmt.Errorf("could not lock the cache file %s: %w", lockFilepath, err)
|
||||
|
||||
@@ -16,6 +16,10 @@ func TestRepository_FindByKey(t *testing.T) {
|
||||
|
||||
t.Run("Success", func(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
config := tokencache.Config{
|
||||
Directory: dir,
|
||||
Storage: tokencache.StorageDisk,
|
||||
}
|
||||
key := tokencache.Key{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "YOUR_ISSUER",
|
||||
@@ -27,6 +31,7 @@ func TestRepository_FindByKey(t *testing.T) {
|
||||
CACertFilename: []string{"/path/to/cert"},
|
||||
},
|
||||
}
|
||||
|
||||
json := `{"id_token":"YOUR_ID_TOKEN","refresh_token":"YOUR_REFRESH_TOKEN"}`
|
||||
filename, err := computeChecksum(key)
|
||||
if err != nil {
|
||||
@@ -37,7 +42,7 @@ func TestRepository_FindByKey(t *testing.T) {
|
||||
t.Fatalf("could not write to the temp file: %s", err)
|
||||
}
|
||||
|
||||
got, err := r.FindByKey(dir, tokencache.StorageDisk, key)
|
||||
got, err := r.FindByKey(config, key)
|
||||
if err != nil {
|
||||
t.Errorf("err wants nil but %+v", err)
|
||||
}
|
||||
@@ -53,6 +58,10 @@ func TestRepository_Save(t *testing.T) {
|
||||
|
||||
t.Run("Success", func(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
config := tokencache.Config{
|
||||
Directory: dir,
|
||||
Storage: tokencache.StorageDisk,
|
||||
}
|
||||
key := tokencache.Key{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "YOUR_ISSUER",
|
||||
@@ -65,7 +74,7 @@ func TestRepository_Save(t *testing.T) {
|
||||
},
|
||||
}
|
||||
tokenSet := oidc.TokenSet{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"}
|
||||
if err := r.Save(dir, tokencache.StorageDisk, key, tokenSet); err != nil {
|
||||
if err := r.Save(config, key, tokenSet); err != nil {
|
||||
t.Errorf("err wants nil but %+v", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -12,6 +12,15 @@ type Key struct {
|
||||
Username string
|
||||
}
|
||||
|
||||
// Config represents a configuration for the token cache.
|
||||
type Config struct {
|
||||
// Directory is a path to the directory to store a token cache.
|
||||
// Note that a lock file is created into this directory even if the keyring is used.
|
||||
Directory string
|
||||
|
||||
Storage Storage
|
||||
}
|
||||
|
||||
// Storage is an enum of different storage strategies.
|
||||
type Storage byte
|
||||
|
||||
|
||||
@@ -31,12 +31,11 @@ type Interface interface {
|
||||
|
||||
// Input represents an input DTO of the GetToken use-case.
|
||||
type Input struct {
|
||||
Provider oidc.Provider
|
||||
ForceRefresh bool
|
||||
TokenCacheDir string
|
||||
TokenCacheStorage tokencache.Storage
|
||||
GrantOptionSet authentication.GrantOptionSet
|
||||
TLSClientConfig tlsclientconfig.Config
|
||||
Provider oidc.Provider
|
||||
ForceRefresh bool
|
||||
TokenCacheConfig tokencache.Config
|
||||
GrantOptionSet authentication.GrantOptionSet
|
||||
TLSClientConfig tlsclientconfig.Config
|
||||
}
|
||||
|
||||
type GetToken struct {
|
||||
@@ -57,7 +56,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error {
|
||||
}
|
||||
u.Logger.V(1).Infof("credential plugin is called with apiVersion: %s", credentialPluginInput.ClientAuthenticationAPIVersion)
|
||||
|
||||
u.Logger.V(1).Infof("finding a token from cache directory %s", in.TokenCacheDir)
|
||||
u.Logger.V(1).Infof("finding a token cache")
|
||||
tokenCacheKey := tokencache.Key{
|
||||
Provider: in.Provider,
|
||||
TLSClientConfig: in.TLSClientConfig,
|
||||
@@ -67,7 +66,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error {
|
||||
}
|
||||
|
||||
u.Logger.V(1).Infof("acquiring the lock of token cache")
|
||||
lock, err := u.TokenCacheRepository.Lock(in.TokenCacheDir, in.TokenCacheStorage, tokenCacheKey)
|
||||
lock, err := u.TokenCacheRepository.Lock(in.TokenCacheConfig, tokenCacheKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not lock the token cache: %w", err)
|
||||
}
|
||||
@@ -78,7 +77,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error {
|
||||
}
|
||||
}()
|
||||
|
||||
cachedTokenSet, err := u.TokenCacheRepository.FindByKey(in.TokenCacheDir, in.TokenCacheStorage, tokenCacheKey)
|
||||
cachedTokenSet, err := u.TokenCacheRepository.FindByKey(in.TokenCacheConfig, tokenCacheKey)
|
||||
if err != nil {
|
||||
u.Logger.V(1).Infof("could not find a token cache: %s", err)
|
||||
}
|
||||
@@ -126,7 +125,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error {
|
||||
}
|
||||
u.Logger.V(1).Infof("you got a token: %s", idTokenClaims.Pretty)
|
||||
u.Logger.V(1).Infof("you got a valid token until %s", idTokenClaims.Expiry)
|
||||
if err := u.TokenCacheRepository.Save(in.TokenCacheDir, in.TokenCacheStorage, tokenCacheKey, authenticationOutput.TokenSet); err != nil {
|
||||
if err := u.TokenCacheRepository.Save(in.TokenCacheConfig, tokenCacheKey, authenticationOutput.TokenSet); err != nil {
|
||||
return fmt.Errorf("could not write the token cache: %w", err)
|
||||
}
|
||||
u.Logger.V(1).Infof("writing the token to client-go")
|
||||
|
||||
@@ -64,8 +64,10 @@ func TestGetToken_Do(t *testing.T) {
|
||||
}
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
Provider: dummyProvider,
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
Provider: dummyProvider,
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: "/path/to/token-cache",
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}
|
||||
mockAuthentication := authentication_mock.NewMockInterface(t)
|
||||
@@ -81,13 +83,13 @@ func TestGetToken_Do(t *testing.T) {
|
||||
Return(nil)
|
||||
mockRepository := repository_mock.NewMockInterface(t)
|
||||
mockRepository.EXPECT().
|
||||
Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey).
|
||||
Lock(in.TokenCacheConfig, tokenCacheKey).
|
||||
Return(mockCloser, nil)
|
||||
mockRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey).
|
||||
FindByKey(in.TokenCacheConfig, tokenCacheKey).
|
||||
Return(nil, errors.New("file not found"))
|
||||
mockRepository.EXPECT().
|
||||
Save("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey, issuedTokenSet).
|
||||
Save(in.TokenCacheConfig, tokenCacheKey, issuedTokenSet).
|
||||
Return(nil)
|
||||
mockReader := reader_mock.NewMockInterface(t)
|
||||
mockReader.EXPECT().
|
||||
@@ -125,8 +127,10 @@ func TestGetToken_Do(t *testing.T) {
|
||||
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
Provider: dummyProvider,
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
Provider: dummyProvider,
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: "/path/to/token-cache",
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}
|
||||
mockAuthentication := authentication_mock.NewMockInterface(t)
|
||||
@@ -142,13 +146,13 @@ func TestGetToken_Do(t *testing.T) {
|
||||
Return(nil)
|
||||
mockRepository := repository_mock.NewMockInterface(t)
|
||||
mockRepository.EXPECT().
|
||||
Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey).
|
||||
Lock(in.TokenCacheConfig, tokenCacheKey).
|
||||
Return(mockCloser, nil)
|
||||
mockRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey).
|
||||
FindByKey(in.TokenCacheConfig, tokenCacheKey).
|
||||
Return(nil, errors.New("file not found"))
|
||||
mockRepository.EXPECT().
|
||||
Save("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey, issuedTokenSet).
|
||||
Save(in.TokenCacheConfig, tokenCacheKey, issuedTokenSet).
|
||||
Return(nil)
|
||||
mockReader := reader_mock.NewMockInterface(t)
|
||||
mockReader.EXPECT().
|
||||
@@ -182,8 +186,10 @@ func TestGetToken_Do(t *testing.T) {
|
||||
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
Provider: dummyProvider,
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
Provider: dummyProvider,
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: "/path/to/token-cache",
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}
|
||||
mockCloser := io_mock.NewMockCloser(t)
|
||||
@@ -192,10 +198,10 @@ func TestGetToken_Do(t *testing.T) {
|
||||
Return(nil)
|
||||
mockRepository := repository_mock.NewMockInterface(t)
|
||||
mockRepository.EXPECT().
|
||||
Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey).
|
||||
Lock(in.TokenCacheConfig, tokenCacheKey).
|
||||
Return(mockCloser, nil)
|
||||
mockRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokencache.Key{
|
||||
FindByKey(in.TokenCacheConfig, tokencache.Key{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
@@ -234,8 +240,10 @@ func TestGetToken_Do(t *testing.T) {
|
||||
}
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
Provider: dummyProvider,
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
Provider: dummyProvider,
|
||||
TokenCacheConfig: tokencache.Config{
|
||||
Directory: "/path/to/token-cache",
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}
|
||||
mockAuthentication := authentication_mock.NewMockInterface(t)
|
||||
@@ -251,10 +259,10 @@ func TestGetToken_Do(t *testing.T) {
|
||||
Return(nil)
|
||||
mockRepository := repository_mock.NewMockInterface(t)
|
||||
mockRepository.EXPECT().
|
||||
Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey).
|
||||
Lock(in.TokenCacheConfig, tokenCacheKey).
|
||||
Return(mockCloser, nil)
|
||||
mockRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokencache.Key{
|
||||
FindByKey(in.TokenCacheConfig, tokencache.Key{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
|
||||
Reference in New Issue
Block a user