Refactor: extract integration_test.authCodeFlowConfig

2026-02-14 16:39:51 +00:00 · 2020-04-10 16:31:49 +09:00
parent 3fb074a4a8
commit 6f6e0723f1
3 changed files with 88 additions and 41 deletions
--- a/integration_test/credetial_plugin_test.go
+++ b/integration_test/credetial_plugin_test.go
@@ -96,9 +96,13 @@ func testCredentialPlugin(t *testing.T, tc credentialPluginTestCase) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), tc.Keys)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://localhost:", nil, &idToken)
-		writerMock := newCredentialPluginWriterMock(t, ctrl, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
+		writerMock := newCredentialPluginWriterMock(t, ctrl, &cfg.idToken)
 		browserMock := newBrowserMock(ctx, t, ctrl, tc.Keys)

 		args := []string{
@@ -211,19 +215,23 @@ func testCredentialPlugin(t *testing.T, tc credentialPluginTestCase) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), tc.Keys)
 		defer server.Shutdown(t, ctx)
-		validIDToken := newIDToken(t, serverURL, "YOUR_NONCE", tokenExpiryFuture)
-		expiredIDToken := newIDToken(t, serverURL, "YOUR_NONCE", tokenExpiryPast)

-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://localhost:", nil, &validIDToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
 		provider.EXPECT().Refresh("EXPIRED_REFRESH_TOKEN").
 			Return(nil, &idp.ErrorResponse{Code: "invalid_request", Description: "token has expired"}).
 			MaxTimes(2) // package oauth2 will retry refreshing the token

+		expiredIDToken := newIDToken(t, serverURL, "YOUR_NONCE", tokenExpiryPast)
 		setupTokenCache(t, tc, serverURL, tokencache.Value{
 			IDToken:      expiredIDToken,
 			RefreshToken: "EXPIRED_REFRESH_TOKEN",
 		})
-		writerMock := newCredentialPluginWriterMock(t, ctrl, &validIDToken)
+		writerMock := newCredentialPluginWriterMock(t, ctrl, &cfg.idToken)
 		browserMock := newBrowserMock(ctx, t, ctrl, tc.Keys)

 		args := []string{
@@ -233,7 +241,7 @@ func testCredentialPlugin(t *testing.T, tc credentialPluginTestCase) {
 		args = append(args, tc.ExtraArgs...)
 		runGetTokenCmd(t, ctx, browserMock, writerMock, args)
 		assertTokenCache(t, tc, serverURL, tokencache.Value{
-			IDToken:      validIDToken,
+			IDToken:      cfg.idToken,
 			RefreshToken: "YOUR_REFRESH_TOKEN",
 		})
 	})
@@ -248,9 +256,13 @@ func testCredentialPlugin(t *testing.T, tc credentialPluginTestCase) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), tc.Keys)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "email profile openid", "http://localhost:", nil, &idToken)
-		writerMock := newCredentialPluginWriterMock(t, ctrl, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "email profile openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
+		writerMock := newCredentialPluginWriterMock(t, ctrl, &cfg.idToken)
 		browserMock := newBrowserMock(ctx, t, ctrl, tc.Keys)

 		args := []string{
@@ -273,9 +285,13 @@ func testCredentialPlugin(t *testing.T, tc credentialPluginTestCase) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), tc.Keys)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://127.0.0.1:", nil, &idToken)
-		writerMock := newCredentialPluginWriterMock(t, ctrl, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://127.0.0.1:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
+		writerMock := newCredentialPluginWriterMock(t, ctrl, &cfg.idToken)
 		browserMock := newBrowserMock(ctx, t, ctrl, tc.Keys)

 		args := []string{
@@ -297,12 +313,17 @@ func testCredentialPlugin(t *testing.T, tc credentialPluginTestCase) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), tc.Keys)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://localhost:", map[string]string{
-			"ttl":    "86400",
-			"reauth": "false",
-		}, &idToken)
-		writerMock := newCredentialPluginWriterMock(t, ctrl, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://localhost:",
+			extraParams: map[string]string{
+				"ttl":    "86400",
+				"reauth": "false",
+			},
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
+		writerMock := newCredentialPluginWriterMock(t, ctrl, &cfg.idToken)
 		browserMock := newBrowserMock(ctx, t, ctrl, tc.Keys)

 		args := []string{
--- a/integration_test/helpers_test.go
+++ b/integration_test/helpers_test.go
@@ -34,19 +34,29 @@ func newIDToken(t *testing.T, issuer, nonce string, expiry time.Time) string {
 	})
 }

-func setupAuthCodeFlow(t *testing.T, provider *mock_idp.MockProvider, serverURL, scope, redirectURIPrefix string, extraParams map[string]string, idToken *string) {
+type authCodeFlowConfig struct {
+	serverURL         string
+	scope             string
+	redirectURIPrefix string
+	extraParams       map[string]string
+
+	// setupAuthCodeFlow will set this after authentication
+	idToken string
+}
+
+func setupAuthCodeFlow(t *testing.T, provider *mock_idp.MockProvider, c *authCodeFlowConfig) {
 	var nonce string
-	provider.EXPECT().Discovery().Return(idp.NewDiscoveryResponse(serverURL))
+	provider.EXPECT().Discovery().Return(idp.NewDiscoveryResponse(c.serverURL))
 	provider.EXPECT().GetCertificates().Return(idp.NewCertificatesResponse(jwt.PrivateKey))
 	provider.EXPECT().AuthenticateCode(gomock.Any()).
 		DoAndReturn(func(req idp.AuthenticationRequest) (string, error) {
-			if req.Scope != scope {
-				t.Errorf("scope wants `%s` but was `%s`", scope, req.Scope)
+			if req.Scope != c.scope {
+				t.Errorf("scope wants `%s` but was `%s`", c.scope, req.Scope)
 			}
-			if !strings.HasPrefix(req.RedirectURI, redirectURIPrefix) {
-				t.Errorf("redirectURI wants prefix `%s` but was `%s`", redirectURIPrefix, req.RedirectURI)
+			if !strings.HasPrefix(req.RedirectURI, c.redirectURIPrefix) {
+				t.Errorf("redirectURI wants prefix `%s` but was `%s`", c.redirectURIPrefix, req.RedirectURI)
 			}
-			for k, v := range extraParams {
+			for k, v := range c.extraParams {
 				got := req.RawQuery.Get(k)
 				if got != v {
 					t.Errorf("parameter %s wants `%s` but was `%s`", k, v, got)
@@ -57,8 +67,8 @@ func setupAuthCodeFlow(t *testing.T, provider *mock_idp.MockProvider, serverURL,
 		})
 	provider.EXPECT().Exchange("YOUR_AUTH_CODE").
 		DoAndReturn(func(string) (*idp.TokenResponse, error) {
-			*idToken = newIDToken(t, serverURL, nonce, tokenExpiryFuture)
-			return idp.NewTokenResponse(*idToken, "YOUR_REFRESH_TOKEN"), nil
+			c.idToken = newIDToken(t, c.serverURL, nonce, tokenExpiryFuture)
+			return idp.NewTokenResponse(c.idToken, "YOUR_REFRESH_TOKEN"), nil
 		})
 }

--- a/integration_test/standalone_test.go
+++ b/integration_test/standalone_test.go
@@ -49,8 +49,12 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), idpTLS)
 		defer server.Shutdown(t, ctx)
 		browserMock := newBrowserMock(ctx, t, ctrl, idpTLS)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://localhost:", nil, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
 		kubeConfigFilename := kubeconfig.Create(t, &kubeconfig.Values{
 			Issuer:                  serverURL,
 			IDPCertificateAuthority: idpTLS.CACertPath,
@@ -62,7 +66,7 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		}
 		runRootCmd(t, ctx, browserMock, args)
 		kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{
-			IDToken:      idToken,
+			IDToken:      cfg.idToken,
 			RefreshToken: "YOUR_REFRESH_TOKEN",
 		})
 	})
@@ -174,8 +178,12 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), idpTLS)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://localhost:", nil, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
 		provider.EXPECT().Refresh("EXPIRED_REFRESH_TOKEN").
 			Return(nil, &idp.ErrorResponse{Code: "invalid_request", Description: "token has expired"}).
 			MaxTimes(2) // package oauth2 will retry refreshing the token
@@ -194,7 +202,7 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		}
 		runRootCmd(t, ctx, browserMock, args)
 		kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{
-			IDToken:      idToken,
+			IDToken:      cfg.idToken,
 			RefreshToken: "YOUR_REFRESH_TOKEN",
 		})
 	})
@@ -209,8 +217,12 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), idpTLS)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "openid", "http://localhost:", nil, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
 		browserMock := newBrowserMock(ctx, t, ctrl, idpTLS)

 		kubeConfigFilename := kubeconfig.Create(t, &kubeconfig.Values{
@@ -226,7 +238,7 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		}
 		runRootCmd(t, ctx, browserMock, args)
 		kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{
-			IDToken:      idToken,
+			IDToken:      cfg.idToken,
 			RefreshToken: "YOUR_REFRESH_TOKEN",
 		})
 	})
@@ -241,8 +253,12 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		provider := mock_idp.NewMockProvider(ctrl)
 		serverURL, server := localserver.Start(t, idp.NewHandler(t, provider), idpTLS)
 		defer server.Shutdown(t, ctx)
-		var idToken string
-		setupAuthCodeFlow(t, provider, serverURL, "profile groups openid", "http://localhost:", nil, &idToken)
+		cfg := authCodeFlowConfig{
+			serverURL:         serverURL,
+			scope:             "profile groups openid",
+			redirectURIPrefix: "http://localhost:",
+		}
+		setupAuthCodeFlow(t, provider, &cfg)
 		browserMock := newBrowserMock(ctx, t, ctrl, idpTLS)

 		kubeConfigFilename := kubeconfig.Create(t, &kubeconfig.Values{
@@ -257,7 +273,7 @@ func testStandalone(t *testing.T, idpTLS keys.Keys) {
 		}
 		runRootCmd(t, ctx, browserMock, args)
 		kubeconfig.Verify(t, kubeConfigFilename, kubeconfig.AuthProviderConfig{
-			IDToken:      idToken,
+			IDToken:      cfg.idToken,
 			RefreshToken: "YOUR_REFRESH_TOKEN",
 		})
 	})