djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix internal/oidc/provider/manager/manager_test.go

Browse Source 
Co-authored-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
Benjamin A. Petersen 2023-06-14 16:31:57 -04:00 committed by Ryan Richard
parent 5c0425fb71
commit 8f6a12eae4
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
internal/oidc/provider/manager/manager_test.go
View File

@ -21,6 +21,7 @@ import (
supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake" supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake"
"go.pinniped.dev/internal/here" "go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/idtransform"
"go.pinniped.dev/internal/oidc" "go.pinniped.dev/internal/oidc"
"go.pinniped.dev/internal/oidc/discovery" "go.pinniped.dev/internal/oidc/discovery"
"go.pinniped.dev/internal/oidc/jwks" "go.pinniped.dev/internal/oidc/jwks"
@ -38,6 +39,7 @@ func TestManager(t *testing.T) {
nextHandler http.HandlerFunc nextHandler http.HandlerFunc
fallbackHandlerWasCalled bool fallbackHandlerWasCalled bool
dynamicJWKSProvider jwks.DynamicJWKSProvider dynamicJWKSProvider jwks.DynamicJWKSProvider
federationDomainIDPs []*provider.FederationDomainIdentityProvider
kubeClient *fake.Clientset kubeClient *fake.Clientset
) )
@ -50,6 +52,7 @@ func TestManager(t *testing.T) {
issuer2KeyID = "issuer2-key" issuer2KeyID = "issuer2-key"
upstreamIDPAuthorizationURL = "https://test-upstream.com/auth" upstreamIDPAuthorizationURL = "https://test-upstream.com/auth"
upstreamIDPName = "test-idp" upstreamIDPName = "test-idp"
upstreamResourceUID = "test-resource-uid"
upstreamIDPType = "oidc" upstreamIDPType = "oidc"
downstreamClientID = "pinniped-cli" downstreamClientID = "pinniped-cli"
downstreamRedirectURL = "http://127.0.0.1:12345/callback" downstreamRedirectURL = "http://127.0.0.1:12345/callback"
@ -245,9 +248,19 @@ func TestManager(t *testing.T) {
parsedUpstreamIDPAuthorizationURL, err := url.Parse(upstreamIDPAuthorizationURL) parsedUpstreamIDPAuthorizationURL, err := url.Parse(upstreamIDPAuthorizationURL)
r.NoError(err) r.NoError(err)
federationDomainIDPs = []*provider.FederationDomainIdentityProvider{
{
DisplayName: upstreamIDPName,
UID: upstreamResourceUID,
Transforms: idtransform.NewTransformationPipeline(),
},
}
idpLister := oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder(). idpLister := oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().
WithName(upstreamIDPName). WithName(upstreamIDPName).
WithClientID("test-client-id"). WithClientID("test-client-id").
WithResourceUID(upstreamResourceUID).
WithAuthorizationURL(*parsedUpstreamIDPAuthorizationURL). WithAuthorizationURL(*parsedUpstreamIDPAuthorizationURL).
WithScopes([]string{"test-scope"}). WithScopes([]string{"test-scope"}).
WithIDTokenClaim("iss", "https://some-issuer.com"). WithIDTokenClaim("iss", "https://some-issuer.com").
@ -332,6 +345,7 @@ func TestManager(t *testing.T) {
requireJWKSRequestToBeHandled(issuer2DifferentCaseHostname, "?some=query", issuer2KeyID) requireJWKSRequestToBeHandled(issuer2DifferentCaseHostname, "?some=query", issuer2KeyID)
authRequestParams := "?" + url.Values{ authRequestParams := "?" + url.Values{
"pinniped_idp_name": []string{upstreamIDPName},
"response_type": []string{"code"}, "response_type": []string{"code"},
"scope": []string{"openid profile email username groups"}, "scope": []string{"openid profile email username groups"},
"client_id": []string{downstreamClientID}, "client_id": []string{downstreamClientID},
@ -377,9 +391,9 @@ func TestManager(t *testing.T) {
when("given some valid providers via SetFederationDomains()", func() { when("given some valid providers via SetFederationDomains()", func() {
it.Before(func() { it.Before(func() {
fd1, err := provider.NewFederationDomainIssuer(issuer1, []*provider.FederationDomainIdentityProvider{}) fd1, err := provider.NewFederationDomainIssuer(issuer1, federationDomainIDPs)
r.NoError(err) r.NoError(err)
fd2, err := provider.NewFederationDomainIssuer(issuer2, []*provider.FederationDomainIdentityProvider{}) fd2, err := provider.NewFederationDomainIssuer(issuer2, federationDomainIDPs)
r.NoError(err) r.NoError(err)
subject.SetFederationDomains(fd1, fd2) subject.SetFederationDomains(fd1, fd2)
@ -420,9 +434,9 @@ func TestManager(t *testing.T) {
when("given the same valid providers as arguments to SetFederationDomains() in reverse order", func() { when("given the same valid providers as arguments to SetFederationDomains() in reverse order", func() {
it.Before(func() { it.Before(func() {
fd1, err := provider.NewFederationDomainIssuer(issuer1, []*provider.FederationDomainIdentityProvider{}) fd1, err := provider.NewFederationDomainIssuer(issuer1, federationDomainIDPs)
r.NoError(err) r.NoError(err)
fd2, err := provider.NewFederationDomainIssuer(issuer2, []*provider.FederationDomainIdentityProvider{}) fd2, err := provider.NewFederationDomainIssuer(issuer2, federationDomainIDPs)
r.NoError(err) r.NoError(err)
subject.SetFederationDomains(fd2, fd1) subject.SetFederationDomains(fd2, fd1)