github.com/kyma-incubator/compass/components/director@v0.0.0-20230623144113-d764f56ff805/internal/selfregmanager/caller_provider_test.go

github.com/kyma-incubator/compass/components/director@v0.0.0-20230623144113-d764f56ff805/internal/selfregmanager/caller_provider_test.go (about)

     1  package selfregmanager_test
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	"github.com/kyma-incubator/compass/components/director/internal/selfregmanager"
     8  
     9  	"github.com/kyma-incubator/compass/components/director/internal/securehttp"
    10  	"github.com/kyma-incubator/compass/components/director/pkg/auth"
    11  	"github.com/kyma-incubator/compass/components/director/pkg/config"
    12  	"github.com/kyma-incubator/compass/components/director/pkg/oauth"
    13  	"github.com/pkg/errors"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func TestCallerProvider_GetCaller(t *testing.T) {
    18  	var (
    19  		firstRegion                  = "eu-1"
    20  		firstClientID                = "client-id"
    21  		firstClientSecret            = "client-secret"
    22  		firstTokenURL                = "token-url"
    23  		secondRegion                 = "eu-2"
    24  		secondClientID               = "client-id-2"
    25  		secondClientSecret           = "client-secret-2"
    26  		secondTokenURL               = "token-url-2"
    27  		tokenPath                    = "/oauth/token"
    28  		timeout                      = 15 * time.Second
    29  		externalClientCertSecretName = "resource-name"
    30  	)
    31  
    32  	const (
    33  		certificate = "-----BEGIN CERTIFICATE-----\nMIIDbjCCAlYCCQDg7pmtw8dIVTANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJC\nRzENMAsGA1UECAwEVGVzdDENMAsGA1UEBwwEVGVzdDENMAsGA1UECgwEVGVzdDEN\nMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDEfMB0GCSqGSIb3DQEJARYQdGVz\ndEBleGFtcGxlLmNvbTAeFw0yMjAxMjQxMTM4MDFaFw0zMjAxMjIxMTM4MDFaMHkx\nCzAJBgNVBAYTAkJHMQ0wCwYDVQQIDARUZXN0MQ0wCwYDVQQHDARUZXN0MQ0wCwYD\nVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDARUZXN0MR8wHQYJKoZI\nhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAuiFt98GUVTDSCHsOlBcblvUB/02uEmsalsG+DKEufzIVrp4DCxsA\nEsIN85Ywkd1Fsl0vwg9+3ibQlf1XtyXqJ6/jwm2zFdJPM3u2JfGGiiQpscHYp5hS\nlVscBjxZh1CQMKeBXltDsD64EV+XgHGN1aaw9mWKb6iSKsHLhBz594jYMFCnP3wH\nw9/hm6zBAhoF4Xr6UMOp4ZzzY8nzLCGPQuQ9UGp4lyAethrBpsqI6zAxjPKlqhmx\nL3591wkQgTzuL9th54yLEmyEvPTE26ONJBKylH2BqbAFiZPrwet0+PRJSflAfMU8\nYHqqo2AkaY1lmMAZiKDhj1RxMe/jt3HmVQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB\nAQBx8BRhJ59UA3JDL+FHNKwIpxFewxjJwIGWqJTsOh4+rjPK3QeSnF0vt4cnLrCY\n+FLuhhUdFxjeFqJtWN7tHDK3ywSn/yZQTD5Nwcy/F1RmLjl91hjudxO/VewznOlq\nHJlDoM7kW9kOG6xS2HbbSaC1CzU33E90QOwcyCoeVXJ8aMDe6v/kWC65RoI9evg5\n2OxoARA8fpjyUphMTXuVNVI1kd2Uskpo8PePbc1h3OJVzYPIQ4+qMGsu7n3ZdwzI\nqDs2kdBD77k6cBQS+n7g5ETwv5OAgl5q1O17ye/YFNA/T3FhL9to6Nmrkqt7rlnF\nL8uAkeTGuHEATjmosQWUmbYi\n-----END CERTIFICATE-----\n"
    34  		key         = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAuiFt98GUVTDSCHsOlBcblvUB/02uEmsalsG+DKEufzIVrp4D\nCxsAEsIN85Ywkd1Fsl0vwg9+3ibQlf1XtyXqJ6/jwm2zFdJPM3u2JfGGiiQpscHY\np5hSlVscBjxZh1CQMKeBXltDsD64EV+XgHGN1aaw9mWKb6iSKsHLhBz594jYMFCn\nP3wHw9/hm6zBAhoF4Xr6UMOp4ZzzY8nzLCGPQuQ9UGp4lyAethrBpsqI6zAxjPKl\nqhmxL3591wkQgTzuL9th54yLEmyEvPTE26ONJBKylH2BqbAFiZPrwet0+PRJSflA\nfMU8YHqqo2AkaY1lmMAZiKDhj1RxMe/jt3HmVQIDAQABAoIBAH+9xa0N6/FzqhIr\n8ltsaID38cD33QnC++KPYRFl5XViOEM5KrmKdEhragvM/dR92gGJtucmn1lzph/q\nWTLXEJbgPh4ID6pgRf79Xos38bAJFZxrf3e2MKdUei1FaeRWRD9AFqddV100DjvO\nMTnztPX2iujv00zCkl5J1pT7FgrtcYgDPxXQK7dIcHrc9bV9fdTQUnpbVIs/9U7a\n7Qk/eJnEkezbjQCk7+Pgt3ymR29s4vJvyPen3jek0FKhQCxAg6iA5ZOtY+J5AS9e\n3ozZLUEa3b0eOABMw8QnKMtGTmIhLbf9JhISK2Ltsisc/yHHH3KfFE2nayqjvLZf\n5GR62hkCgYEA612EgoRHg4+BSfPfLNG3xsSnM+a98nZOmyxgZ3eNFWpSvi+7MemL\nCJHpwwje412OU1wCc2MtWYvGFY+heL62FxT8+JJLntykZcTQzQoHX3wvaMwopWRi\nJdrv3tEDtSJo9za54kfrNqnVyaxu82r7zgxVbcNiAVR+n7cRXuov288CgYEAynLm\nVI7cIKBOM6U44unkKyIS99Bh57FPjE1QAIsEOiNCWZay4qmzdEboOXjtC95Qyyxn\nTb+MONybwXKkGiLZQZQ2SlgjtEMBDQ+ofk2fK+yHWf4VeLtYWJdBESaAz85xGCCY\nYqlqbFEQd8cl86gTne+emLXp8KrDMuXhbbPvMJsCgYEAgBISAacS9t6GfoQqA0xW\nkNz/EnnTD/UaTst15bci2O1S+tQkK0OmeNJU/eB80AFfabKeTsU/rwMklSTjuz0i\n/ipYgLWyWk47UnknGPsFCgscDQ1SbLTTxz972KWpO83uid6IhT2XGtaNU0D12pRz\nUipZ7fEsCgc9I5FM7XXG9vcCgYBp6xN2ygeBSl2fx6GrlpM5veoOnYeboLjtvsVM\ng28Cu8/K731H+WFaRH7bEtlyjC3ZHrItiznhxgn3e/M/eVwRY2nEG7kSZrv2CWsu\nKY5NfMKT4st5Dwt5zijMwEhEcM3awbL4a4qygPcMs7S3dghNaUCgxQxQTgcyafM3\nYhySYQKBgF7pqQW7ESo1Mp9by+HzJBJsSju5zPBrCZrx8rFAMLCk1uDAIRcUuQtq\n+YwKU8ViemkOHWfN6bePap3/kdVHUxj2xJ6xTAUYHpVOQVMhTw1UmOikiV4FwUo+\nGb5Nk5evWBGhsl2LFqoOqhvFpjftv8+qgRHxmWtj4EoJYWng+hRz\n-----END RSA PRIVATE KEY-----\n"
    35  	)
    36  
    37  	firstCallerCreds, err := auth.NewOAuthMtlsCredentials(firstClientID, certificate, key, firstTokenURL, tokenPath, externalClientCertSecretName)
    38  	require.NoError(t, err)
    39  
    40  	firstExpectedCallerCfg := securehttp.CallerConfig{
    41  		Credentials:       firstCallerCreds,
    42  		ClientTimeout:     timeout,
    43  		SkipSSLValidation: false,
    44  	}
    45  	firstExpectedCaller, err := securehttp.NewCaller(firstExpectedCallerCfg)
    46  	require.NoError(t, err)
    47  
    48  	cfg := config.SelfRegConfig{
    49  		OAuthMode:         oauth.Mtls,
    50  		OauthTokenPath:    tokenPath,
    51  		SkipSSLValidation: false,
    52  		ClientTimeout:     timeout,
    53  		RegionToInstanceConfig: map[string]config.InstanceConfig{
    54  			firstRegion: {
    55  				ClientID:     firstClientID,
    56  				ClientSecret: firstClientSecret,
    57  				URL:          "url",
    58  				TokenURL:     firstTokenURL,
    59  				Cert:         certificate,
    60  				Key:          key,
    61  			},
    62  			secondRegion: {
    63  				ClientID:     secondClientID,
    64  				ClientSecret: secondClientSecret,
    65  				URL:          "url",
    66  				TokenURL:     secondTokenURL,
    67  				Cert:         certificate,
    68  				Key:          key,
    69  			}},
    70  		ExternalClientCertSecretName: externalClientCertSecretName,
    71  	}
    72  
    73  	testCases := []struct {
    74  		Name                      string
    75  		Config                    config.SelfRegConfig
    76  		Region                    string
    77  		ExpectedExternalSvcCaller selfregmanager.ExternalSvcCaller
    78  		ExpectedErr               error
    79  	}{
    80  		{
    81  			Name:                      "Success",
    82  			Config:                    cfg,
    83  			Region:                    firstRegion,
    84  			ExpectedExternalSvcCaller: firstExpectedCaller,
    85  			ExpectedErr:               nil,
    86  		},
    87  		{
    88  			Name:                      "Returns error when region is missing in the config",
    89  			Config:                    cfg,
    90  			Region:                    "fake-region",
    91  			ExpectedExternalSvcCaller: nil,
    92  			ExpectedErr:               errors.New("missing configuration for region: fake-region"),
    93  		},
    94  	}
    95  	for _, testCase := range testCases {
    96  		t.Run(testCase.Name, func(t *testing.T) {
    97  			c := &selfregmanager.CallerProvider{}
    98  			actualCaller, err := c.GetCaller(testCase.Config, testCase.Region)
    99  
   100  			if testCase.ExpectedErr != nil {
   101  				require.Error(t, err)
   102  				require.Contains(t, err.Error(), testCase.ExpectedErr.Error())
   103  			} else {
   104  				require.NoError(t, err)
   105  				ac, ok := actualCaller.(*securehttp.Caller)
   106  				require.True(t, ok)
   107  				ec, ok := testCase.ExpectedExternalSvcCaller.(*securehttp.Caller)
   108  				require.True(t, ok)
   109  
   110  				require.Equal(t, ec.Credentials, ac.Credentials)
   111  				require.Equal(t, ec.Provider.Name(), ac.Provider.Name())
   112  			}
   113  		})
   114  	}
   115  }