github.com/enmand/kubernetes@v1.2.0-alpha.0/pkg/credentialprovider/gcp/jwt_test.go (about) 1 /* 2 Copyright 2014 The Kubernetes Authors All rights reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package gcp_credentials 18 19 import ( 20 "fmt" 21 "io/ioutil" 22 "net/http" 23 "net/http/httptest" 24 "os" 25 "strings" 26 "testing" 27 28 "k8s.io/kubernetes/pkg/credentialprovider" 29 ) 30 31 const email = "foo@bar.com" 32 33 // From oauth2/jwt_test.go 34 var ( 35 dummyPrivateKey = `-----BEGIN RSA PRIVATE KEY----- 36 MIIEpAIBAAKCAQEAx4fm7dngEmOULNmAs1IGZ9Apfzh+BkaQ1dzkmbUgpcoghucE 37 DZRnAGd2aPyB6skGMXUytWQvNYav0WTR00wFtX1ohWTfv68HGXJ8QXCpyoSKSSFY 38 fuP9X36wBSkSX9J5DVgiuzD5VBdzUISSmapjKm+DcbRALjz6OUIPEWi1Tjl6p5RK 39 1w41qdbmt7E5/kGhKLDuT7+M83g4VWhgIvaAXtnhklDAggilPPa8ZJ1IFe31lNlr 40 k4DRk38nc6sEutdf3RL7QoH7FBusI7uXV03DC6dwN1kP4GE7bjJhcRb/7jYt7CQ9 41 /E9Exz3c0yAp0yrTg0Fwh+qxfH9dKwN52S7SBwIDAQABAoIBAQCaCs26K07WY5Jt 42 3a2Cw3y2gPrIgTCqX6hJs7O5ByEhXZ8nBwsWANBUe4vrGaajQHdLj5OKfsIDrOvn 43 2NI1MqflqeAbu/kR32q3tq8/Rl+PPiwUsW3E6Pcf1orGMSNCXxeducF2iySySzh3 44 nSIhCG5uwJDWI7a4+9KiieFgK1pt/Iv30q1SQS8IEntTfXYwANQrfKUVMmVF9aIK 45 6/WZE2yd5+q3wVVIJ6jsmTzoDCX6QQkkJICIYwCkglmVy5AeTckOVwcXL0jqw5Kf 46 5/soZJQwLEyBoQq7Kbpa26QHq+CJONetPP8Ssy8MJJXBT+u/bSseMb3Zsr5cr43e 47 DJOhwsThAoGBAPY6rPKl2NT/K7XfRCGm1sbWjUQyDShscwuWJ5+kD0yudnT/ZEJ1 48 M3+KS/iOOAoHDdEDi9crRvMl0UfNa8MAcDKHflzxg2jg/QI+fTBjPP5GOX0lkZ9g 49 z6VePoVoQw2gpPFVNPPTxKfk27tEzbaffvOLGBEih0Kb7HTINkW8rIlzAoGBAM9y 50 1yr+jvfS1cGFtNU+Gotoihw2eMKtIqR03Yn3n0PK1nVCDKqwdUqCypz4+ml6cxRK 51 J8+Pfdh7D+ZJd4LEG6Y4QRDLuv5OA700tUoSHxMSNn3q9As4+T3MUyYxWKvTeu3U 52 f2NWP9ePU0lV8ttk7YlpVRaPQmc1qwooBA/z/8AdAoGAW9x0HWqmRICWTBnpjyxx 53 QGlW9rQ9mHEtUotIaRSJ6K/F3cxSGUEkX1a3FRnp6kPLcckC6NlqdNgNBd6rb2rA 54 cPl/uSkZP42Als+9YMoFPU/xrrDPbUhu72EDrj3Bllnyb168jKLa4VBOccUvggxr 55 Dm08I1hgYgdN5huzs7y6GeUCgYEAj+AZJSOJ6o1aXS6rfV3mMRve9bQ9yt8jcKXw 56 5HhOCEmMtaSKfnOF1Ziih34Sxsb7O2428DiX0mV/YHtBnPsAJidL0SdLWIapBzeg 57 KHArByIRkwE6IvJvwpGMdaex1PIGhx5i/3VZL9qiq/ElT05PhIb+UXgoWMabCp84 58 OgxDK20CgYAeaFo8BdQ7FmVX2+EEejF+8xSge6WVLtkaon8bqcn6P0O8lLypoOhd 59 mJAYH8WU+UAy9pecUnDZj14LAGNVmYcse8HFX71MoshnvCTFEPVo4rZxIAGwMpeJ 60 5jgQ3slYLpqrGlcbLgUXBUgzEO684Wk/UV9DFPlHALVqCfXQ9dpJPg== 61 -----END RSA PRIVATE KEY-----` 62 63 jsonKey = fmt.Sprintf(`{"private_key":"%[1]s", "client_email":"%[2]s"}`, 64 strings.Replace(dummyPrivateKey, "\n", "\\n", -1), email) 65 ) 66 67 func TestJwtProvider(t *testing.T) { 68 token := "asdhflkjsdfkjhsdf" 69 70 // Modeled after oauth2/jwt_test.go 71 ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 72 w.Header().Set("Content-Type", "application/json") 73 w.Write([]byte(fmt.Sprintf(`{ 74 "access_token": "%[1]s", 75 "scope": "user", 76 "token_type": "bearer", 77 "expires_in": 3600 78 }`, token))) 79 })) 80 defer ts.Close() 81 82 file, err := ioutil.TempFile(os.TempDir(), "temp") 83 if err != nil { 84 t.Fatalf("Error creating temp file: %v", err) 85 } 86 87 filename := file.Name() 88 _, err = file.WriteString(jsonKey) 89 if err != nil { 90 t.Fatalf("Error writing temp file: %v", err) 91 } 92 93 provider := &jwtProvider{ 94 path: &filename, 95 tokenUrl: ts.URL, 96 } 97 if !provider.Enabled() { 98 t.Fatalf("Provider is unexpectedly disabled") 99 } 100 101 keyring := &credentialprovider.BasicDockerKeyring{} 102 keyring.Add(provider.Provide()) 103 104 // Verify that we get the expected username/password combo for 105 // a gcr.io image name. 106 registryUrl := "gcr.io/foo/bar" 107 creds, ok := keyring.Lookup(registryUrl) 108 if !ok { 109 t.Errorf("Didn't find expected URL: %s", registryUrl) 110 return 111 } 112 if len(creds) > 1 { 113 t.Errorf("Got more hits than expected: %s", creds) 114 } 115 val := creds[0] 116 117 if "_token" != val.Username { 118 t.Errorf("Unexpected username value, want: _token, got: %s", val.Username) 119 } 120 if token != val.Password { 121 t.Errorf("Unexpected password value, want: %s, got: %s", token, val.Password) 122 } 123 if email != val.Email { 124 t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email) 125 } 126 }