ContainerImage.Pinniped/internal/oidc/provider/oidcprovider_test.go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package provider

import (
	"testing"

	"github.com/stretchr/testify/require"
)

func TestFederationDomainValidations(t *testing.T) {
	tests := []struct {
		name      string
		issuer    string
		wantError string
	}{
		{
			name:      "provider must have an issuer",
			issuer:    "",
			wantError: "provider must have an issuer",
		},
		{
			name:      "no scheme",
			issuer:    "tuna.com",
			wantError: `issuer must have "https" scheme`,
		},
		{
			name:      "bad scheme",
			issuer:    "ftp://tuna.com",
			wantError: `issuer must have "https" scheme`,
		},
		{
			name:      "fragment",
			issuer:    "https://tuna.com/fish#some-frag",
			wantError: `issuer must not have fragment`,
		},
		{
			name:      "query",
			issuer:    "https://tuna.com?some=query",
			wantError: `issuer must not have query`,
		},
		{
			name:      "username",
			issuer:    "https://username@tuna.com",
			wantError: `issuer must not have username or password`,
		},
		{
			name:      "password",
			issuer:    "https://username:password@tuna.com",
			wantError: `issuer must not have username or password`,
		},
		{
			name:   "without path",
			issuer: "https://tuna.com",
		},
		{
			name:   "with path",
			issuer: "https://tuna.com/fish/marlin",
		},
		{
			name:      "with http scheme",
			issuer:    "http://tuna.com",
			wantError: `issuer must have "https" scheme`,
		},
		{
			name:      "trailing slash in path",
			issuer:    "https://tuna.com/",
			wantError: `issuer must not have trailing slash in path`,
		},
	}
	for _, tt := range tests {
		tt := tt
		t.Run(tt.name, func(t *testing.T) {
			_, err := NewFederationDomain(tt.issuer)
			if tt.wantError != "" {
				require.EqualError(t, err, tt.wantError)
			} else {
				require.NoError(t, err)
			}
		})
	}
}
Fix linting and unit tests Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 15:48:21 +00:00			`// Copyright 2020 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

Creation and deletion of OIDC Provider discovery endpoints from config - The OIDCProviderConfigWatcherController synchronizes the OIDCProviderConfig settings to dynamically mount and unmount the OIDC discovery endpoints for each provider - Integration test passes but unit tests need to be added still 2020-10-08 02:18:34 +00:00			`package provider`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00
			`import (`
			`"testing"`

			`"github.com/stretchr/testify/require"`
			`)`

Rename off of main Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-12-16 22:27:09 +00:00			`func TestFederationDomainValidations(t *testing.T) {`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`tests := []struct {`
			`name string`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer string`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`wantError string`
			`}{`
			`{`
Creation and deletion of OIDC Provider discovery endpoints from config - The OIDCProviderConfigWatcherController synchronizes the OIDCProviderConfig settings to dynamically mount and unmount the OIDC discovery endpoints for each provider - Integration test passes but unit tests need to be added still 2020-10-08 02:18:34 +00:00			`name: "provider must have an issuer",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "",`
Creation and deletion of OIDC Provider discovery endpoints from config - The OIDCProviderConfigWatcherController synchronizes the OIDCProviderConfig settings to dynamically mount and unmount the OIDC discovery endpoints for each provider - Integration test passes but unit tests need to be added still 2020-10-08 02:18:34 +00:00			`wantError: "provider must have an issuer",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`},`
			`{`
			`name: "no scheme",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "tuna.com",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must have "https" scheme`,
			`},`
			`{`
			`name: "bad scheme",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "ftp://tuna.com",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must have "https" scheme`,
			`},`
			`{`
			`name: "fragment",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://tuna.com/fish#some-frag",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must not have fragment`,
			`},`
			`{`
			`name: "query",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://tuna.com?some=query",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must not have query`,
			`},`
			`{`
			`name: "username",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://username@tuna.com",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must not have username or password`,
			`},`
			`{`
			`name: "password",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://username:password@tuna.com",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must not have username or password`,
			`},`
			`{`
			`name: "without path",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://tuna.com",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`},`
			`{`
			`name: "with path",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://tuna.com/fish/marlin",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`},`
Require `https` scheme for OIDCProviderConfig Issuer field Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-28 19:49:41 +00:00			`{`
			`name: "with http scheme",`
			`issuer: "http://tuna.com",`
			wantError: `issuer must have "https" scheme`,
			`},`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`{`
			`name: "trailing slash in path",`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`issuer: "https://tuna.com/",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			wantError: `issuer must not have trailing slash in path`,
			`},`
			`}`
			`for _, tt := range tests {`
Fix linting and unit tests Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 15:48:21 +00:00			`tt := tt`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`t.Run(tt.name, func(t *testing.T) {`
Rename off of main Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-12-16 22:27:09 +00:00			`_, err := NewFederationDomain(tt.issuer)`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`if tt.wantError != "" {`
			`require.EqualError(t, err, tt.wantError)`
			`} else {`
			`require.NoError(t, err)`
			`}`
			`})`
			`}`
			`}`