2020-09-16 14:19:51 +00:00
|
|
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2020-09-14 14:36:06 +00:00
|
|
|
|
|
|
|
package idpcache
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/golang/mock/gomock"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"k8s.io/apiserver/pkg/authentication/authenticator"
|
|
|
|
"k8s.io/apiserver/pkg/authentication/user"
|
|
|
|
|
2020-09-18 19:56:24 +00:00
|
|
|
"go.pinniped.dev/internal/controllerlib"
|
|
|
|
"go.pinniped.dev/internal/mocks/mocktokenauthenticator"
|
2020-09-14 14:36:06 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCache(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
mockAuthenticators map[controllerlib.Key]func(*mocktokenauthenticator.MockToken)
|
|
|
|
wantResponse *authenticator.Response
|
|
|
|
wantAuthenticated bool
|
|
|
|
wantErr string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "no IDPs",
|
|
|
|
wantErr: "no identity providers are loaded",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "multiple IDPs",
|
|
|
|
mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){
|
|
|
|
controllerlib.Key{Namespace: "foo", Name: "idp-one"}: nil,
|
|
|
|
controllerlib.Key{Namespace: "foo", Name: "idp-two"}: nil,
|
|
|
|
},
|
|
|
|
wantErr: "could not uniquely match against an identity provider",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "success",
|
|
|
|
mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){
|
|
|
|
controllerlib.Key{
|
|
|
|
Namespace: "foo",
|
|
|
|
Name: "idp-one",
|
|
|
|
}: func(mockToken *mocktokenauthenticator.MockToken) {
|
|
|
|
mockToken.EXPECT().AuthenticateToken(ctx, "test-token").Return(
|
|
|
|
&authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}},
|
|
|
|
true,
|
|
|
|
nil,
|
|
|
|
)
|
|
|
|
},
|
|
|
|
},
|
|
|
|
wantResponse: &authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}},
|
|
|
|
wantAuthenticated: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
tt := tt
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
ctrl := gomock.NewController(t)
|
|
|
|
defer ctrl.Finish()
|
|
|
|
|
|
|
|
cache := New()
|
|
|
|
require.NotNil(t, cache)
|
|
|
|
require.Implements(t, (*authenticator.Token)(nil), cache)
|
|
|
|
|
|
|
|
for key, mockFunc := range tt.mockAuthenticators {
|
|
|
|
mockToken := mocktokenauthenticator.NewMockToken(ctrl)
|
|
|
|
if mockFunc != nil {
|
|
|
|
mockFunc(mockToken)
|
|
|
|
}
|
|
|
|
cache.Store(key, mockToken)
|
|
|
|
}
|
|
|
|
|
|
|
|
require.Equal(t, len(tt.mockAuthenticators), len(cache.Keys()))
|
|
|
|
|
|
|
|
resp, authenticated, err := cache.AuthenticateToken(ctx, "test-token")
|
|
|
|
require.Equal(t, tt.wantResponse, resp)
|
|
|
|
require.Equal(t, tt.wantAuthenticated, authenticated)
|
|
|
|
if tt.wantErr != "" {
|
|
|
|
require.EqualError(t, err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
for _, key := range cache.Keys() {
|
|
|
|
cache.Delete(key)
|
|
|
|
}
|
|
|
|
require.Zero(t, len(cache.Keys()))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|