-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathauthenticator_test.go
More file actions
137 lines (118 loc) · 3.87 KB
/
Copy pathauthenticator_test.go
File metadata and controls
137 lines (118 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
package tests
import (
"bytes"
"encoding/pem"
"path/filepath"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/cyberark/conjur-authn-k8s-client/pkg/access_token/memory"
"github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/common"
"github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/jwt"
"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
"github.com/cyberark/conjur-opentelemetry-tracer/pkg/trace"
)
const tmpJwtTokenPath = "good_jwt.token"
type assertFunc func(t *testing.T,
authn *jwt.Authenticator,
err error,
)
func TestAuthenticator_Authenticate(t *testing.T) {
testCases := []struct {
name string
jwtTokenPath string
assert assertFunc
skipWritingCSRFile bool
wrongUrl bool
}{
{
name: "happy path",
jwtTokenPath: tmpJwtTokenPath,
assert: func(t *testing.T, authn *jwt.Authenticator, err error) {
assert.NoError(t, err)
// Check that the access token was set correctly
token, _ := authn.GetAccessToken().Read()
assert.Equal(t, token, []byte("some token"))
},
},
{
name: "wrong url given",
jwtTokenPath: tmpJwtTokenPath,
assert: func(t *testing.T, authn *jwt.Authenticator, err error) {
assert.NotNil(t, err)
assert.True(t, strings.Contains(err.Error(), "Failed to send https authenticate request or receive response"))
},
wrongUrl: true,
},
{
name: "token doesn't exist",
assert: func(t *testing.T, authn *jwt.Authenticator, err error) {
assert.NotNil(t, err)
assert.True(t, strings.Contains(err.Error(), "Failed to read JWT from"))
},
jwtTokenPath: "/tmp/nonExistingPath",
},
{
name: "Token path is empty",
assert: func(t *testing.T, authn *jwt.Authenticator, err error) {
assert.NotNil(t, err)
assert.True(t, strings.Contains(err.Error(), "Failed to read JWT from"))
},
jwtTokenPath: "",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
// SETUP
// Create a temporary file for storing the client cert. This will allow multiple tests to run in parallel
tmpDir := t.TempDir()
clientCertPath := filepath.Join(tmpDir, "etc:conjur:ssl:client.pem")
certLogPath := filepath.Join(tmpDir, "tmp:conjur_copy_text_output.log")
tokenPath := filepath.Join(tmpDir, "run:conjur:access-token")
// Start up a test server to mock the Conjur server's auth endpoints
ts := common.NewTestAuthServer(clientCertPath, certLogPath, "some token", tc.skipWritingCSRFile)
defer ts.Server.Close()
// Create an authenticator with dummy config
at, _ := memory.NewAccessToken()
sslcert := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: ts.Server.Certificate().Raw,
})
cfg := jwt.Config{
JWTTokenFilePath: tc.jwtTokenPath,
Common: common.Config{
SSLCertificate: sslcert,
TokenFilePath: tokenPath,
TokenRefreshTimeout: 0,
URL: ts.Server.URL,
Username: nil,
Account: "account",
ClientCertPath: clientCertPath,
ClientCertRetryCountLimit: 0,
ContainerMode: "doesntmatter",
},
}
if tc.wrongUrl {
cfg.Common.URL = "http://wrong-url"
}
// EXERCISE
authn, err := jwt.NewWithAccessToken(cfg, at)
if !assert.NoError(t, err) {
return
}
// Intercept the logs to check for the cert placement error
var logTxt bytes.Buffer
log.ErrorLogger.SetOutput(&logTxt)
// Run tests with No-op tracer and its context
ctx, noopTracer, cleanup, _ := trace.Create(
trace.NoopProviderType,
trace.TracerProviderConfig{},
)
// Call the main method of the authenticator. This is where most of the internal implementation happens
err = authn.AuthenticateWithContext(ctx, noopTracer)
cleanup(ctx)
// ASSERT
tc.assert(t, authn, err)
})
}
}