mirror of
https://github.com/int128/kubelogin.git
synced 2026-02-14 16:39:51 +00:00
Refactor: aggregate test cases to lease and full options (#406)
This commit is contained in:
Hidetake Iwata
GitHub
@@ -61,15 +61,14 @@ func (u *GetToken) Do(ctx context.Context, in Input) error {
|
||||
CACertData: in.CACertData,
|
||||
SkipTLSVerify: in.SkipTLSVerify,
|
||||
}
|
||||
|
||||
if in.GrantOptionSet.ROPCOption != nil {
|
||||
tokenCacheKey.Username = in.GrantOptionSet.ROPCOption.Username
|
||||
}
|
||||
|
||||
cachedTokenSet, err := u.TokenCacheRepository.FindByKey(in.TokenCacheDir, tokenCacheKey)
|
||||
if err != nil {
|
||||
u.Logger.V(1).Infof("could not find a token cache: %s", err)
|
||||
}
|
||||
|
||||
certPool := u.NewCertPool()
|
||||
if in.CACertFilename != "" {
|
||||
if err := certPool.AddFile(in.CACertFilename); err != nil {
|
||||
|
||||
@@ -29,8 +29,80 @@ func TestGetToken_Do(t *testing.T) {
|
||||
claims.ExpiresAt = issuedIDTokenExpiration.Unix()
|
||||
})
|
||||
|
||||
t.Run("FullOptions", func(t *testing.T) {
|
||||
t.Run("LeastOptions", func(t *testing.T) {
|
||||
var grantOptionSet authentication.GrantOptionSet
|
||||
tokenSet := oidc.TokenSet{
|
||||
IDToken: issuedIDToken,
|
||||
RefreshToken: "YOUR_REFRESH_TOKEN",
|
||||
}
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
}
|
||||
|
||||
ctrl := gomock.NewController(t)
|
||||
defer ctrl.Finish()
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}
|
||||
mockCertPool := mock_certpool.NewMockInterface(ctrl)
|
||||
mockAuthentication := mock_authentication.NewMockInterface(ctrl)
|
||||
mockAuthentication.EXPECT().
|
||||
Do(ctx, authentication.Input{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
CertPool: mockCertPool,
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}).
|
||||
Return(&authentication.Output{TokenSet: tokenSet}, nil)
|
||||
tokenCacheRepository := mock_tokencache.NewMockInterface(ctrl)
|
||||
tokenCacheRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokenCacheKey).
|
||||
Return(nil, xerrors.New("file not found"))
|
||||
tokenCacheRepository.EXPECT().
|
||||
Save("/path/to/token-cache", tokenCacheKey, tokenSet)
|
||||
credentialPluginWriter := mock_credentialpluginwriter.NewMockInterface(ctrl)
|
||||
credentialPluginWriter.EXPECT().
|
||||
Write(credentialpluginwriter.Output{
|
||||
Token: issuedIDToken,
|
||||
Expiry: issuedIDTokenExpiration,
|
||||
})
|
||||
u := GetToken{
|
||||
Authentication: mockAuthentication,
|
||||
TokenCacheRepository: tokenCacheRepository,
|
||||
NewCertPool: func() certpool.Interface { return mockCertPool },
|
||||
Writer: credentialPluginWriter,
|
||||
Logger: logger.New(t),
|
||||
}
|
||||
if err := u.Do(ctx, in); err != nil {
|
||||
t.Errorf("Do returned error: %+v", err)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("FullOptions", func(t *testing.T) {
|
||||
grantOptionSet := authentication.GrantOptionSet{
|
||||
ROPCOption: &ropc.Option{Username: "YOUR_USERNAME"},
|
||||
}
|
||||
tokenSet := oidc.TokenSet{
|
||||
IDToken: issuedIDToken,
|
||||
RefreshToken: "YOUR_REFRESH_TOKEN",
|
||||
}
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Username: "YOUR_USERNAME",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
}
|
||||
|
||||
ctrl := gomock.NewController(t)
|
||||
defer ctrl.Finish()
|
||||
ctx := context.TODO()
|
||||
@@ -61,38 +133,13 @@ func TestGetToken_Do(t *testing.T) {
|
||||
},
|
||||
GrantOptionSet: grantOptionSet,
|
||||
}).
|
||||
Return(&authentication.Output{
|
||||
TokenSet: oidc.TokenSet{
|
||||
IDToken: issuedIDToken,
|
||||
RefreshToken: "YOUR_REFRESH_TOKEN",
|
||||
},
|
||||
}, nil)
|
||||
Return(&authentication.Output{TokenSet: tokenSet}, nil)
|
||||
tokenCacheRepository := mock_tokencache.NewMockInterface(ctrl)
|
||||
tokenCacheRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache",
|
||||
tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
}).
|
||||
FindByKey("/path/to/token-cache", tokenCacheKey).
|
||||
Return(nil, xerrors.New("file not found"))
|
||||
tokenCacheRepository.EXPECT().
|
||||
Save("/path/to/token-cache",
|
||||
tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
},
|
||||
oidc.TokenSet{
|
||||
IDToken: issuedIDToken,
|
||||
RefreshToken: "YOUR_REFRESH_TOKEN",
|
||||
})
|
||||
Save("/path/to/token-cache", tokenCacheKey, tokenSet)
|
||||
credentialPluginWriter := mock_credentialpluginwriter.NewMockInterface(ctrl)
|
||||
credentialPluginWriter.EXPECT().
|
||||
Write(credentialpluginwriter.Output{
|
||||
@@ -111,161 +158,6 @@ func TestGetToken_Do(t *testing.T) {
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("MultiUserOption", func(t *testing.T) {
|
||||
username := "YOUR_USERNAME"
|
||||
grantOptionSetWithUsername := authentication.GrantOptionSet{
|
||||
ROPCOption: &ropc.Option{
|
||||
Username: username,
|
||||
},
|
||||
}
|
||||
grantOptionSetWithoutUsername := authentication.GrantOptionSet{}
|
||||
|
||||
anotherIssuedIDToken := testingJWT.EncodeF(t, func(claims *testingJWT.Claims) {
|
||||
claims.Issuer = "https://accounts.google.com"
|
||||
claims.Subject = "YOUR_SUBJECT_2"
|
||||
claims.ExpiresAt = issuedIDTokenExpiration.Unix()
|
||||
})
|
||||
tokenSetForUsername := oidc.TokenSet{
|
||||
IDToken: issuedIDToken,
|
||||
RefreshToken: "YOUR_REFRESH_TOKEN",
|
||||
}
|
||||
tokenSetForWithoutUsername := oidc.TokenSet{
|
||||
IDToken: anotherIssuedIDToken,
|
||||
RefreshToken: "YOUR_REFRESH_TOKEN",
|
||||
}
|
||||
|
||||
ctrl := gomock.NewController(t)
|
||||
defer ctrl.Finish()
|
||||
ctx := context.TODO()
|
||||
inWithUsername := Input{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
GrantOptionSet: grantOptionSetWithUsername,
|
||||
}
|
||||
inWithoutUsername := Input{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
TokenCacheDir: "/path/to/token-cache",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
GrantOptionSet: grantOptionSetWithoutUsername,
|
||||
}
|
||||
mockCertPool := mock_certpool.NewMockInterface(ctrl)
|
||||
mockCertPool.EXPECT().
|
||||
AddFile("/path/to/cert").Times(2)
|
||||
mockCertPool.EXPECT().
|
||||
AddBase64Encoded("BASE64ENCODED").Times(2)
|
||||
mockAuthentication := mock_authentication.NewMockInterface(ctrl)
|
||||
mockAuthentication.EXPECT().
|
||||
Do(ctx, authentication.Input{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CertPool: mockCertPool,
|
||||
SkipTLSVerify: true,
|
||||
},
|
||||
GrantOptionSet: grantOptionSetWithUsername,
|
||||
CachedTokenSet: &tokenSetForUsername,
|
||||
}).
|
||||
Return(&authentication.Output{
|
||||
TokenSet: tokenSetForUsername,
|
||||
}, nil)
|
||||
mockAuthentication.EXPECT().
|
||||
Do(ctx, authentication.Input{
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CertPool: mockCertPool,
|
||||
SkipTLSVerify: true,
|
||||
},
|
||||
GrantOptionSet: grantOptionSetWithoutUsername,
|
||||
CachedTokenSet: &tokenSetForWithoutUsername,
|
||||
}).
|
||||
Return(&authentication.Output{
|
||||
TokenSet: tokenSetForWithoutUsername,
|
||||
}, nil)
|
||||
tokenCacheRepository := mock_tokencache.NewMockInterface(ctrl)
|
||||
tokenCacheRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
Username: username,
|
||||
}).
|
||||
Return(&tokenSetForUsername, nil)
|
||||
tokenCacheRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
Username: "",
|
||||
}).
|
||||
Return(&tokenSetForWithoutUsername, nil)
|
||||
tokenCacheRepository.EXPECT().
|
||||
Save("/path/to/token-cache",
|
||||
tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
Username: username,
|
||||
},
|
||||
tokenSetForUsername)
|
||||
tokenCacheRepository.EXPECT().
|
||||
Save("/path/to/token-cache",
|
||||
tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
CACertFilename: "/path/to/cert",
|
||||
CACertData: "BASE64ENCODED",
|
||||
SkipTLSVerify: true,
|
||||
Username: "",
|
||||
},
|
||||
tokenSetForWithoutUsername)
|
||||
credentialPluginWriter := mock_credentialpluginwriter.NewMockInterface(ctrl)
|
||||
credentialPluginWriter.EXPECT().
|
||||
Write(credentialpluginwriter.Output{
|
||||
Token: issuedIDToken,
|
||||
Expiry: issuedIDTokenExpiration,
|
||||
})
|
||||
credentialPluginWriter.EXPECT().
|
||||
Write(credentialpluginwriter.Output{
|
||||
Token: anotherIssuedIDToken,
|
||||
Expiry: issuedIDTokenExpiration,
|
||||
})
|
||||
u := GetToken{
|
||||
Authentication: mockAuthentication,
|
||||
TokenCacheRepository: tokenCacheRepository,
|
||||
NewCertPool: func() certpool.Interface { return mockCertPool },
|
||||
Writer: credentialPluginWriter,
|
||||
Logger: logger.New(t),
|
||||
}
|
||||
if err := u.Do(ctx, inWithUsername); err != nil {
|
||||
t.Errorf("Do returned error: %+v", err)
|
||||
}
|
||||
if err := u.Do(ctx, inWithoutUsername); err != nil {
|
||||
t.Errorf("Do returned error: %+v", err)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("HasValidIDToken", func(t *testing.T) {
|
||||
ctrl := gomock.NewController(t)
|
||||
defer ctrl.Finish()
|
||||
|
||||
Reference in New Issue
Block a user