From b701a6f0aaa14ce750ad072b0aaeaaa0ba913577 Mon Sep 17 00:00:00 2001 From: Hidetake Iwata Date: Sun, 25 Oct 2020 12:24:35 +0900 Subject: [PATCH] Refactor: aggregate test cases to lease and full options (#406) --- pkg/usecases/credentialplugin/get_token.go | 3 +- .../credentialplugin/get_token_test.go | 260 +++++------------- 2 files changed, 77 insertions(+), 186 deletions(-) diff --git a/pkg/usecases/credentialplugin/get_token.go b/pkg/usecases/credentialplugin/get_token.go index 6fb7ddf..f91b013 100644 --- a/pkg/usecases/credentialplugin/get_token.go +++ b/pkg/usecases/credentialplugin/get_token.go @@ -61,15 +61,14 @@ func (u *GetToken) Do(ctx context.Context, in Input) error { CACertData: in.CACertData, SkipTLSVerify: in.SkipTLSVerify, } - if in.GrantOptionSet.ROPCOption != nil { tokenCacheKey.Username = in.GrantOptionSet.ROPCOption.Username } - cachedTokenSet, err := u.TokenCacheRepository.FindByKey(in.TokenCacheDir, tokenCacheKey) if err != nil { u.Logger.V(1).Infof("could not find a token cache: %s", err) } + certPool := u.NewCertPool() if in.CACertFilename != "" { if err := certPool.AddFile(in.CACertFilename); err != nil { diff --git a/pkg/usecases/credentialplugin/get_token_test.go b/pkg/usecases/credentialplugin/get_token_test.go index ca7be13..61b5aed 100644 --- a/pkg/usecases/credentialplugin/get_token_test.go +++ b/pkg/usecases/credentialplugin/get_token_test.go @@ -29,8 +29,80 @@ func TestGetToken_Do(t *testing.T) { claims.ExpiresAt = issuedIDTokenExpiration.Unix() }) - t.Run("FullOptions", func(t *testing.T) { + t.Run("LeastOptions", func(t *testing.T) { var grantOptionSet authentication.GrantOptionSet + tokenSet := oidc.TokenSet{ + IDToken: issuedIDToken, + RefreshToken: "YOUR_REFRESH_TOKEN", + } + tokenCacheKey := tokencache.Key{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + } + + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.TODO() + in := Input{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + TokenCacheDir: "/path/to/token-cache", + GrantOptionSet: grantOptionSet, + } + mockCertPool := mock_certpool.NewMockInterface(ctrl) + mockAuthentication := mock_authentication.NewMockInterface(ctrl) + mockAuthentication.EXPECT(). + Do(ctx, authentication.Input{ + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + CertPool: mockCertPool, + }, + GrantOptionSet: grantOptionSet, + }). + Return(&authentication.Output{TokenSet: tokenSet}, nil) + tokenCacheRepository := mock_tokencache.NewMockInterface(ctrl) + tokenCacheRepository.EXPECT(). + FindByKey("/path/to/token-cache", tokenCacheKey). + Return(nil, xerrors.New("file not found")) + tokenCacheRepository.EXPECT(). + Save("/path/to/token-cache", tokenCacheKey, tokenSet) + credentialPluginWriter := mock_credentialpluginwriter.NewMockInterface(ctrl) + credentialPluginWriter.EXPECT(). + Write(credentialpluginwriter.Output{ + Token: issuedIDToken, + Expiry: issuedIDTokenExpiration, + }) + u := GetToken{ + Authentication: mockAuthentication, + TokenCacheRepository: tokenCacheRepository, + NewCertPool: func() certpool.Interface { return mockCertPool }, + Writer: credentialPluginWriter, + Logger: logger.New(t), + } + if err := u.Do(ctx, in); err != nil { + t.Errorf("Do returned error: %+v", err) + } + }) + + t.Run("FullOptions", func(t *testing.T) { + grantOptionSet := authentication.GrantOptionSet{ + ROPCOption: &ropc.Option{Username: "YOUR_USERNAME"}, + } + tokenSet := oidc.TokenSet{ + IDToken: issuedIDToken, + RefreshToken: "YOUR_REFRESH_TOKEN", + } + tokenCacheKey := tokencache.Key{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + Username: "YOUR_USERNAME", + CACertFilename: "/path/to/cert", + CACertData: "BASE64ENCODED", + SkipTLSVerify: true, + } + ctrl := gomock.NewController(t) defer ctrl.Finish() ctx := context.TODO() @@ -61,38 +133,13 @@ func TestGetToken_Do(t *testing.T) { }, GrantOptionSet: grantOptionSet, }). - Return(&authentication.Output{ - TokenSet: oidc.TokenSet{ - IDToken: issuedIDToken, - RefreshToken: "YOUR_REFRESH_TOKEN", - }, - }, nil) + Return(&authentication.Output{TokenSet: tokenSet}, nil) tokenCacheRepository := mock_tokencache.NewMockInterface(ctrl) tokenCacheRepository.EXPECT(). - FindByKey("/path/to/token-cache", - tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - }). + FindByKey("/path/to/token-cache", tokenCacheKey). Return(nil, xerrors.New("file not found")) tokenCacheRepository.EXPECT(). - Save("/path/to/token-cache", - tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - }, - oidc.TokenSet{ - IDToken: issuedIDToken, - RefreshToken: "YOUR_REFRESH_TOKEN", - }) + Save("/path/to/token-cache", tokenCacheKey, tokenSet) credentialPluginWriter := mock_credentialpluginwriter.NewMockInterface(ctrl) credentialPluginWriter.EXPECT(). Write(credentialpluginwriter.Output{ @@ -111,161 +158,6 @@ func TestGetToken_Do(t *testing.T) { } }) - t.Run("MultiUserOption", func(t *testing.T) { - username := "YOUR_USERNAME" - grantOptionSetWithUsername := authentication.GrantOptionSet{ - ROPCOption: &ropc.Option{ - Username: username, - }, - } - grantOptionSetWithoutUsername := authentication.GrantOptionSet{} - - anotherIssuedIDToken := testingJWT.EncodeF(t, func(claims *testingJWT.Claims) { - claims.Issuer = "https://accounts.google.com" - claims.Subject = "YOUR_SUBJECT_2" - claims.ExpiresAt = issuedIDTokenExpiration.Unix() - }) - tokenSetForUsername := oidc.TokenSet{ - IDToken: issuedIDToken, - RefreshToken: "YOUR_REFRESH_TOKEN", - } - tokenSetForWithoutUsername := oidc.TokenSet{ - IDToken: anotherIssuedIDToken, - RefreshToken: "YOUR_REFRESH_TOKEN", - } - - ctrl := gomock.NewController(t) - defer ctrl.Finish() - ctx := context.TODO() - inWithUsername := Input{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - TokenCacheDir: "/path/to/token-cache", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - GrantOptionSet: grantOptionSetWithUsername, - } - inWithoutUsername := Input{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - TokenCacheDir: "/path/to/token-cache", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - GrantOptionSet: grantOptionSetWithoutUsername, - } - mockCertPool := mock_certpool.NewMockInterface(ctrl) - mockCertPool.EXPECT(). - AddFile("/path/to/cert").Times(2) - mockCertPool.EXPECT(). - AddBase64Encoded("BASE64ENCODED").Times(2) - mockAuthentication := mock_authentication.NewMockInterface(ctrl) - mockAuthentication.EXPECT(). - Do(ctx, authentication.Input{ - Provider: oidc.Provider{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CertPool: mockCertPool, - SkipTLSVerify: true, - }, - GrantOptionSet: grantOptionSetWithUsername, - CachedTokenSet: &tokenSetForUsername, - }). - Return(&authentication.Output{ - TokenSet: tokenSetForUsername, - }, nil) - mockAuthentication.EXPECT(). - Do(ctx, authentication.Input{ - Provider: oidc.Provider{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CertPool: mockCertPool, - SkipTLSVerify: true, - }, - GrantOptionSet: grantOptionSetWithoutUsername, - CachedTokenSet: &tokenSetForWithoutUsername, - }). - Return(&authentication.Output{ - TokenSet: tokenSetForWithoutUsername, - }, nil) - tokenCacheRepository := mock_tokencache.NewMockInterface(ctrl) - tokenCacheRepository.EXPECT(). - FindByKey("/path/to/token-cache", tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - Username: username, - }). - Return(&tokenSetForUsername, nil) - tokenCacheRepository.EXPECT(). - FindByKey("/path/to/token-cache", tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - Username: "", - }). - Return(&tokenSetForWithoutUsername, nil) - tokenCacheRepository.EXPECT(). - Save("/path/to/token-cache", - tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - Username: username, - }, - tokenSetForUsername) - tokenCacheRepository.EXPECT(). - Save("/path/to/token-cache", - tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - CACertFilename: "/path/to/cert", - CACertData: "BASE64ENCODED", - SkipTLSVerify: true, - Username: "", - }, - tokenSetForWithoutUsername) - credentialPluginWriter := mock_credentialpluginwriter.NewMockInterface(ctrl) - credentialPluginWriter.EXPECT(). - Write(credentialpluginwriter.Output{ - Token: issuedIDToken, - Expiry: issuedIDTokenExpiration, - }) - credentialPluginWriter.EXPECT(). - Write(credentialpluginwriter.Output{ - Token: anotherIssuedIDToken, - Expiry: issuedIDTokenExpiration, - }) - u := GetToken{ - Authentication: mockAuthentication, - TokenCacheRepository: tokenCacheRepository, - NewCertPool: func() certpool.Interface { return mockCertPool }, - Writer: credentialPluginWriter, - Logger: logger.New(t), - } - if err := u.Do(ctx, inWithUsername); err != nil { - t.Errorf("Do returned error: %+v", err) - } - if err := u.Do(ctx, inWithoutUsername); err != nil { - t.Errorf("Do returned error: %+v", err) - } - }) - t.Run("HasValidIDToken", func(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish()