mirror of
https://github.com/int128/kubelogin.git
synced 2026-02-14 16:39:51 +00:00
Include essential options to token cache key (#1161)
This commit is contained in:
Hidetake Iwata
GitHub
@@ -7,6 +7,7 @@ import (
|
||||
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/int128/kubelogin/pkg/oidc"
|
||||
"github.com/int128/kubelogin/pkg/tlsclientconfig"
|
||||
"github.com/int128/kubelogin/pkg/tokencache"
|
||||
)
|
||||
|
||||
@@ -16,12 +17,15 @@ func TestRepository_FindByKey(t *testing.T) {
|
||||
t.Run("Success", func(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
key := tokencache.Key{
|
||||
IssuerURL: "YOUR_ISSUER",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
ExtraScopes: []string{"openid", "email"},
|
||||
CACertFilename: "/path/to/cert",
|
||||
SkipTLSVerify: false,
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "YOUR_ISSUER",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
ExtraScopes: []string{"openid", "email"},
|
||||
},
|
||||
TLSClientConfig: tlsclientconfig.Config{
|
||||
CACertFilename: []string{"/path/to/cert"},
|
||||
},
|
||||
}
|
||||
json := `{"id_token":"YOUR_ID_TOKEN","refresh_token":"YOUR_REFRESH_TOKEN"}`
|
||||
filename, err := computeFilename(key)
|
||||
@@ -50,12 +54,15 @@ func TestRepository_Save(t *testing.T) {
|
||||
t.Run("Success", func(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
key := tokencache.Key{
|
||||
IssuerURL: "YOUR_ISSUER",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
ExtraScopes: []string{"openid", "email"},
|
||||
CACertFilename: "/path/to/cert",
|
||||
SkipTLSVerify: false,
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "YOUR_ISSUER",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
ExtraScopes: []string{"openid", "email"},
|
||||
},
|
||||
TLSClientConfig: tlsclientconfig.Config{
|
||||
CACertFilename: []string{"/path/to/cert"},
|
||||
},
|
||||
}
|
||||
tokenSet := oidc.TokenSet{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"}
|
||||
if err := r.Save(dir, key, tokenSet); err != nil {
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
package tokencache
|
||||
|
||||
import (
|
||||
"github.com/int128/kubelogin/pkg/oidc"
|
||||
"github.com/int128/kubelogin/pkg/tlsclientconfig"
|
||||
)
|
||||
|
||||
// Key represents a key of a token cache.
|
||||
type Key struct {
|
||||
IssuerURL string
|
||||
ClientID string
|
||||
ClientSecret string
|
||||
Username string
|
||||
ExtraScopes []string
|
||||
CACertFilename string
|
||||
CACertData string
|
||||
SkipTLSVerify bool
|
||||
Provider oidc.Provider
|
||||
TLSClientConfig tlsclientconfig.Config
|
||||
Username string
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ package credentialplugin
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/google/wire"
|
||||
"github.com/int128/kubelogin/pkg/credentialplugin"
|
||||
@@ -51,13 +50,8 @@ func (u *GetToken) Do(ctx context.Context, in Input) error {
|
||||
|
||||
u.Logger.V(1).Infof("finding a token from cache directory %s", in.TokenCacheDir)
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: in.Provider.IssuerURL,
|
||||
ClientID: in.Provider.ClientID,
|
||||
ClientSecret: in.Provider.ClientSecret,
|
||||
ExtraScopes: in.Provider.ExtraScopes,
|
||||
CACertFilename: strings.Join(in.TLSClientConfig.CACertFilename, ","),
|
||||
CACertData: strings.Join(in.TLSClientConfig.CACertData, ","),
|
||||
SkipTLSVerify: in.TLSClientConfig.SkipTLSVerify,
|
||||
Provider: in.Provider,
|
||||
TLSClientConfig: in.TLSClientConfig,
|
||||
}
|
||||
if in.GrantOptionSet.ROPCOption != nil {
|
||||
tokenCacheKey.Username = in.GrantOptionSet.ROPCOption.Username
|
||||
|
||||
@@ -51,9 +51,11 @@ func TestGetToken_Do(t *testing.T) {
|
||||
|
||||
t.Run("NoTokenCache", func(t *testing.T) {
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
},
|
||||
}
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
@@ -103,10 +105,12 @@ func TestGetToken_Do(t *testing.T) {
|
||||
ROPCOption: &ropc.Option{Username: "YOUR_USERNAME"},
|
||||
}
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Username: "YOUR_USERNAME",
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
},
|
||||
Username: "YOUR_USERNAME",
|
||||
}
|
||||
|
||||
ctx := context.TODO()
|
||||
@@ -154,9 +158,11 @@ func TestGetToken_Do(t *testing.T) {
|
||||
|
||||
t.Run("HasValidIDToken", func(t *testing.T) {
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
},
|
||||
}
|
||||
|
||||
ctx := context.TODO()
|
||||
@@ -175,9 +181,11 @@ func TestGetToken_Do(t *testing.T) {
|
||||
Return(mockCloser, nil)
|
||||
mockRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
},
|
||||
}).
|
||||
Return(&issuedTokenSet, nil)
|
||||
mockWriter := writer_mock.NewMockInterface(t)
|
||||
@@ -198,9 +206,11 @@ func TestGetToken_Do(t *testing.T) {
|
||||
|
||||
t.Run("AuthenticationError", func(t *testing.T) {
|
||||
tokenCacheKey := tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
},
|
||||
}
|
||||
ctx := context.TODO()
|
||||
in := Input{
|
||||
@@ -225,9 +235,11 @@ func TestGetToken_Do(t *testing.T) {
|
||||
Return(mockCloser, nil)
|
||||
mockRepository.EXPECT().
|
||||
FindByKey("/path/to/token-cache", tokencache.Key{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
Provider: oidc.Provider{
|
||||
IssuerURL: "https://accounts.google.com",
|
||||
ClientID: "YOUR_CLIENT_ID",
|
||||
ClientSecret: "YOUR_CLIENT_SECRET",
|
||||
},
|
||||
}).
|
||||
Return(nil, errors.New("file not found"))
|
||||
u := GetToken{
|
||||
|
||||
Reference in New Issue
Block a user