github.com/Axway/agent-sdk@v1.1.101/pkg/apic/provisioning/idp/provisioner_test.go (about) 1 package idp 2 3 import ( 4 "context" 5 "net/http" 6 "os" 7 "testing" 8 "time" 9 10 management "github.com/Axway/agent-sdk/pkg/apic/apiserver/models/management/v1alpha1" 11 "github.com/Axway/agent-sdk/pkg/apic/provisioning" 12 "github.com/Axway/agent-sdk/pkg/authz/oauth" 13 "github.com/Axway/agent-sdk/pkg/config" 14 "github.com/Axway/agent-sdk/pkg/util" 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func TestProvisioner(t *testing.T) { 19 publicKey, err := os.ReadFile("../../../authz/oauth/testdata/publickey") 20 assert.Nil(t, err) 21 certificate, err := util.ReadPublicKeyBytes("../../../authz/oauth/testdata/client_cert.pem") 22 assert.Nil(t, err) 23 24 s := oauth.NewMockIDPServer() 25 defer s.Close() 26 idpCfg := &config.IDPConfiguration{ 27 Name: "test", 28 Type: "generic", 29 AuthConfig: &config.IDPAuthConfiguration{ 30 Type: config.Client, 31 ClientID: "test", 32 ClientSecret: "test", 33 UseRegistrationToken: true, 34 }, 35 GrantType: oauth.GrantTypeClientCredentials, 36 AuthMethod: config.ClientSecretBasic, 37 MetadataURL: s.GetMetadataURL(), 38 } 39 40 s.SetMetadataResponseCode(http.StatusOK) 41 p, err := oauth.NewProvider(idpCfg, config.NewTLSConfig(), "", 30*time.Second) 42 assert.Nil(t, err) 43 assert.NotNil(t, p) 44 45 idpReg := oauth.NewIdpRegistry() 46 err = idpReg.RegisterProvider(context.Background(), idpCfg, config.NewTLSConfig(), "", 30*time.Second) 47 assert.Nil(t, err) 48 49 cases := []struct { 50 name string 51 idpType string 52 appKey string 53 credTokenURL string 54 tokenAuthMethod string 55 publicKey string 56 certificate string 57 registrationResponseCode int 58 unRegistrationResponseCode int 59 useRegistrationAccessToken bool 60 expectRegistrationErr bool 61 expectUnRegistrationErr bool 62 }{ 63 { 64 name: "provisioner for non-IdP credential", 65 credTokenURL: "", 66 registrationResponseCode: http.StatusCreated, 67 unRegistrationResponseCode: http.StatusNoContent, 68 }, 69 { 70 name: "provisioner for IdP credential with client_credential", 71 credTokenURL: s.GetTokenURL(), 72 tokenAuthMethod: config.ClientSecretPost, 73 registrationResponseCode: http.StatusCreated, 74 unRegistrationResponseCode: http.StatusNoContent, 75 appKey: "test-app-key", 76 useRegistrationAccessToken: true, 77 }, 78 { 79 name: "provisioner for IdP credential with private_key_jwt", 80 credTokenURL: s.GetTokenURL(), 81 tokenAuthMethod: config.PrivateKeyJWT, 82 registrationResponseCode: http.StatusCreated, 83 unRegistrationResponseCode: http.StatusNoContent, 84 publicKey: string(publicKey), 85 }, 86 { 87 name: "provisioner for IdP credential with tls_client_auth", 88 credTokenURL: s.GetTokenURL(), 89 tokenAuthMethod: config.TLSClientAuth, 90 registrationResponseCode: http.StatusCreated, 91 unRegistrationResponseCode: http.StatusNoContent, 92 certificate: string(certificate), 93 }, 94 } 95 for _, tc := range cases { 96 t.Run(tc.name, func(t *testing.T) { 97 app := management.NewManagedApplication("", "") 98 app.Spec.Security.EncryptionKey = tc.appKey 99 cred := management.NewCredential("", "") 100 cred.Spec.Data = map[string]interface{}{ 101 IDPTokenURL: tc.credTokenURL, 102 provisioning.OauthTokenAuthMethod: tc.tokenAuthMethod, 103 provisioning.OauthJwks: tc.publicKey, 104 provisioning.OauthCertificate: tc.certificate, 105 } 106 107 provisioner, err := NewProvisioner(context.Background(), idpReg, app, cred) 108 if tc.credTokenURL == "" { 109 assert.NotNil(t, err) 110 return 111 } 112 assert.Nil(t, err) 113 114 s.SetRegistrationResponseCode(tc.registrationResponseCode) 115 s.SetUseRegistrationAccessToken(tc.useRegistrationAccessToken) 116 err = provisioner.RegisterClient() 117 if tc.expectRegistrationErr { 118 assert.NotNil(t, err) 119 return 120 } 121 assert.Nil(t, err) 122 123 data := provisioner.GetIDPCredentialData() 124 assert.NotEmpty(t, data.GetClientID()) 125 assert.NotEmpty(t, data.GetClientSecret()) 126 127 cr, ok := data.(*credData) 128 assert.True(t, ok) 129 130 details, err := provisioner.GetAgentDetails() 131 assert.Nil(t, err) 132 assert.NotNil(t, details) 133 if tc.useRegistrationAccessToken { 134 assert.NotEmpty(t, cr.registrationAccessToken) 135 assert.NotEmpty(t, details) 136 } 137 cred.Data = map[string]interface{}{ 138 provisioning.OauthClientID: data.GetClientID(), 139 provisioning.OauthRegistrationToken: cr.registrationAccessToken, 140 } 141 util.SetAgentDetails(cred, util.MapStringStringToMapStringInterface(details)) 142 143 provisioner, err = NewProvisioner(context.Background(), idpReg, app, cred) 144 assert.Nil(t, err) 145 146 s.SetRegistrationResponseCode(tc.unRegistrationResponseCode) 147 err = provisioner.UnregisterClient() 148 if tc.expectUnRegistrationErr { 149 assert.NotNil(t, err) 150 return 151 } 152 assert.Nil(t, err) 153 assert.NotNil(t, p) 154 }) 155 } 156 }