Skip to content

Commit 68f143f

Browse files
committed
fix : handle empty UID case in token claims
Signed-off-by: Rohan Kumar <rohaan@redhat.com>
1 parent 1026e16 commit 68f143f

2 files changed

Lines changed: 28 additions & 2 deletions

File tree

pkg/operations/operations.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,10 @@ func getCurrentUserUIDFromSelfSubjectReview(token string, clientProvider ClientP
149149
return "", err
150150
}
151151

152+
if review.Status.UserInfo.UID == "" {
153+
return "", fmt.Errorf("SelfSubjectReview returned empty UID")
154+
}
155+
152156
return review.Status.UserInfo.UID, nil
153157
}
154158

@@ -162,5 +166,10 @@ func getCurrentUserUIDFromOpenShiftUserAPI(token string, clientProvider ClientPr
162166
return "", err
163167
}
164168

165-
return string(userInfo.GetUID()), nil
169+
uid := string(userInfo.GetUID())
170+
if uid == "" {
171+
return "", fmt.Errorf("OpenShift User API returned empty UID")
172+
}
173+
174+
return uid, nil
166175
}

pkg/operations/operations_test.go

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,22 @@ func TestGetCurrentUserUID(t *testing.T) {
7575
},
7676
errRegexp: "failed to get current user information",
7777
},
78+
{
79+
name: "Should return error when SelfSubjectReview returns empty UID",
80+
provider: testUserIDClientProvider{
81+
userUID: "",
82+
},
83+
errRegexp: "SelfSubjectReview returned empty UID",
84+
},
85+
{
86+
name: "Should return error when OpenShift User API returns empty UID",
87+
provider: testUserIDClientProvider{
88+
returnReviewError: apierrors.NewNotFound(schema.GroupResource{Group: "authentication.k8s.io", Resource: "selfsubjectreviews"}, "self"),
89+
userAPIUID: "",
90+
emptyUserAPIUID: true,
91+
},
92+
errRegexp: "OpenShift User API returned empty UID",
93+
},
7894
}
7995

8096
for _, tt := range tests {
@@ -101,6 +117,7 @@ type testUserIDClientProvider struct {
101117
returnClientError bool
102118
returnReviewError error
103119
returnUserAPIError error
120+
emptyUserAPIUID bool
104121
}
105122

106123
func (p testUserIDClientProvider) NewDevWorkspaceClient() (dynamic.Interface, *rest.Config, error) {
@@ -131,7 +148,7 @@ func (p testUserIDClientProvider) NewOpenShiftUserClient(string) (dynamic.Interf
131148
if p.returnUserAPIError != nil {
132149
return fakedynamic.NewSimpleDynamicClient(&runtime.Scheme{}), &rest.Config{}, nil
133150
}
134-
if p.userAPIUID == "" {
151+
if p.userAPIUID == "" && !p.emptyUserAPIUID {
135152
return nil, nil, fmt.Errorf("(TEST) OpenShift User API not configured")
136153
}
137154
fakeUser := &unstructured.Unstructured{

0 commit comments

Comments
 (0)