ContainerImage.Pinniped/internal/controller/identityprovider/idpcache/cache_test.go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package idpcache

import (
	"context"
	"testing"

	"github.com/golang/mock/gomock"
	"github.com/stretchr/testify/require"
	"k8s.io/apiserver/pkg/authentication/authenticator"
	"k8s.io/apiserver/pkg/authentication/user"

	"go.pinniped.dev/internal/controllerlib"
	"go.pinniped.dev/internal/mocks/mocktokenauthenticator"
)

func TestCache(t *testing.T) {
	t.Parallel()

	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	tests := []struct {
		name               string
		mockAuthenticators map[controllerlib.Key]func(*mocktokenauthenticator.MockToken)
		wantResponse       *authenticator.Response
		wantAuthenticated  bool
		wantErr            string
	}{
		{
			name:    "no IDPs",
			wantErr: "no identity providers are loaded",
		},
		{
			name: "multiple IDPs",
			mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){
				controllerlib.Key{Namespace: "foo", Name: "idp-one"}: nil,
				controllerlib.Key{Namespace: "foo", Name: "idp-two"}: nil,
			},
			wantErr: "could not uniquely match against an identity provider",
		},
		{
			name: "success",
			mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){
				controllerlib.Key{
					Namespace: "foo",
					Name:      "idp-one",
				}: func(mockToken *mocktokenauthenticator.MockToken) {
					mockToken.EXPECT().AuthenticateToken(ctx, "test-token").Return(
						&authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}},
						true,
						nil,
					)
				},
			},
			wantResponse:      &authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}},
			wantAuthenticated: true,
		},
	}
	for _, tt := range tests {
		tt := tt
		t.Run(tt.name, func(t *testing.T) {
			t.Parallel()

			ctrl := gomock.NewController(t)
			defer ctrl.Finish()

			cache := New()
			require.NotNil(t, cache)
			require.Implements(t, (*authenticator.Token)(nil), cache)

			for key, mockFunc := range tt.mockAuthenticators {
				mockToken := mocktokenauthenticator.NewMockToken(ctrl)
				if mockFunc != nil {
					mockFunc(mockToken)
				}
				cache.Store(key, mockToken)
			}

			require.Equal(t, len(tt.mockAuthenticators), len(cache.Keys()))

			resp, authenticated, err := cache.AuthenticateToken(ctx, "test-token")
			require.Equal(t, tt.wantResponse, resp)
			require.Equal(t, tt.wantAuthenticated, authenticated)
			if tt.wantErr != "" {
				require.EqualError(t, err, tt.wantErr)
				return
			}
			require.NoError(t, err)

			for _, key := range cache.Keys() {
				cache.Delete(key)
			}
			require.Zero(t, len(cache.Keys()))
		})
	}
}
Save 2 lines by using inline-style comments for Copyright Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-09-16 14:19:51 +00:00			`// Copyright 2020 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`
Add a cache of active IDPs, which implements authenticator.Token. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-09-14 14:36:06 +00:00
			`package idpcache`

			`import (`
			`"context"`
			`"testing"`

			`"github.com/golang/mock/gomock"`
			`"github.com/stretchr/testify/require"`
			`"k8s.io/apiserver/pkg/authentication/authenticator"`
			`"k8s.io/apiserver/pkg/authentication/user"`

Add Go vanity import paths. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-09-18 19:56:24 +00:00			`"go.pinniped.dev/internal/controllerlib"`
			`"go.pinniped.dev/internal/mocks/mocktokenauthenticator"`
Add a cache of active IDPs, which implements authenticator.Token. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-09-14 14:36:06 +00:00			`)`

			`func TestCache(t *testing.T) {`
			`t.Parallel()`

			`ctx, cancel := context.WithCancel(context.Background())`
			`defer cancel()`

			`tests := []struct {`
			`name string`
			`mockAuthenticators map[controllerlib.Key]func(*mocktokenauthenticator.MockToken)`
			`wantResponse *authenticator.Response`
			`wantAuthenticated bool`
			`wantErr string`
			`}{`
			`{`
			`name: "no IDPs",`
			`wantErr: "no identity providers are loaded",`
			`},`
			`{`
			`name: "multiple IDPs",`
			`mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){`
			`controllerlib.Key{Namespace: "foo", Name: "idp-one"}: nil,`
			`controllerlib.Key{Namespace: "foo", Name: "idp-two"}: nil,`
			`},`
			`wantErr: "could not uniquely match against an identity provider",`
			`},`
			`{`
			`name: "success",`
			`mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){`
			`controllerlib.Key{`
			`Namespace: "foo",`
			`Name: "idp-one",`
			`}: func(mockToken *mocktokenauthenticator.MockToken) {`
			`mockToken.EXPECT().AuthenticateToken(ctx, "test-token").Return(`
			`&authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}},`
			`true,`
			`nil,`
			`)`
			`},`
			`},`
			`wantResponse: &authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}},`
			`wantAuthenticated: true,`
			`},`
			`}`
			`for _, tt := range tests {`
			`tt := tt`
			`t.Run(tt.name, func(t *testing.T) {`
			`t.Parallel()`

			`ctrl := gomock.NewController(t)`
			`defer ctrl.Finish()`

			`cache := New()`
			`require.NotNil(t, cache)`
			`require.Implements(t, (*authenticator.Token)(nil), cache)`

			`for key, mockFunc := range tt.mockAuthenticators {`
			`mockToken := mocktokenauthenticator.NewMockToken(ctrl)`
			`if mockFunc != nil {`
			`mockFunc(mockToken)`
			`}`
			`cache.Store(key, mockToken)`
			`}`

			`require.Equal(t, len(tt.mockAuthenticators), len(cache.Keys()))`

			`resp, authenticated, err := cache.AuthenticateToken(ctx, "test-token")`
			`require.Equal(t, tt.wantResponse, resp)`
			`require.Equal(t, tt.wantAuthenticated, authenticated)`
			`if tt.wantErr != "" {`
			`require.EqualError(t, err, tt.wantErr)`
			`return`
			`}`
			`require.NoError(t, err)`

			`for _, key := range cache.Keys() {`
			`cache.Delete(key)`
			`}`
			`require.Zero(t, len(cache.Keys()))`
			`})`
			`}`
			`}`