github.com/verrazzano/verrazzano@v1.7.1/authproxy/src/auth/login_test.go (about) 1 // Copyright (c) 2023, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 package auth 5 6 import ( 7 "net/http" 8 "net/http/httptest" 9 "strings" 10 "testing" 11 12 "github.com/coreos/go-oidc/v3/oidc" 13 "github.com/stretchr/testify/assert" 14 "github.com/verrazzano/verrazzano/authproxy/internal/testutil/testserver" 15 globalconst "github.com/verrazzano/verrazzano/pkg/constants" 16 "go.uber.org/zap" 17 "golang.org/x/oauth2" 18 v1 "k8s.io/api/core/v1" 19 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 20 k8sclient "sigs.k8s.io/controller-runtime/pkg/client" 21 "sigs.k8s.io/controller-runtime/pkg/client/fake" 22 ) 23 24 // TestPerformLoginRedirect tests that the redirect occurs without an error 25 // GIVEN a login request 26 // WHEN the redirect is processed 27 // THEN no error occurs 28 func TestPerformLoginRedirect(t *testing.T) { 29 authenticator := OIDCAuthenticator{ 30 oidcConfig: &OIDCConfiguration{ 31 ClientID: "", 32 }, 33 ExternalProvider: &oidc.Provider{}, 34 } 35 36 req := httptest.NewRequest(http.MethodGet, "https://authproxy.io", strings.NewReader("")) 37 38 w := httptest.NewRecorder() 39 err := authenticator.performLoginRedirect(req, w) 40 assert.NoError(t, err) 41 } 42 43 // TestCreateContextWithHTTPClient tests that the context client can be created 44 func TestCreateContextWithHTTPClient(t *testing.T) { 45 46 tests := []struct { 47 name string 48 objects []k8sclient.Object 49 }{ 50 // GIVEN a request to create a context client 51 // WHEN the CA cert does not exist 52 // THEN a client with no CA certificates is created 53 { 54 name: "no CA cert", 55 }, 56 // GIVEN a request to create a context client 57 // WHEN the CA exists 58 // THEN a client with the CA certificate is created 59 { 60 name: "CA cert exists", 61 objects: []k8sclient.Object{ 62 &v1.Secret{ 63 ObjectMeta: metav1.ObjectMeta{ 64 Name: globalconst.VerrazzanoSystemNamespace, 65 Namespace: globalconst.PrivateCABundle, 66 }, 67 Data: map[string][]byte{ 68 "cacert.pem": []byte("cert"), 69 }, 70 }, 71 }, 72 }, 73 } 74 for _, tt := range tests { 75 t.Run(tt.name, func(t *testing.T) { 76 client := fake.NewClientBuilder().WithObjects(tt.objects...).Build() 77 78 authenticator := OIDCAuthenticator{ 79 Log: zap.S(), 80 k8sClient: client, 81 } 82 83 context, err := authenticator.createContextWithHTTPClient() 84 assert.NoError(t, err) 85 assert.NotNil(t, context) 86 httpClientAny := context.Value(oauth2.HTTPClient) 87 assert.NotNil(t, httpClientAny) 88 89 httpClient, ok := httpClientAny.(*http.Client) 90 assert.True(t, ok) 91 assert.NotNil(t, httpClient) 92 assert.NotNil(t, httpClient.Transport) 93 }) 94 } 95 } 96 97 // TestInitExternalOIDCProvider tests that the OIDC provider can be initialized for the login flow 98 // GIVEN a request to initialize the OIDC provider 99 // WHEN the OIDC server responds with correct initialization information 100 // THEN no error is returned 101 102 func TestInitExternalOIDCProvider(t *testing.T) { 103 client := fake.NewClientBuilder().Build() 104 105 server := testserver.FakeOIDCProviderServer(t) 106 107 authenticator := OIDCAuthenticator{ 108 Log: zap.S(), 109 k8sClient: client, 110 oidcConfig: &OIDCConfiguration{ 111 ExternalURL: server.URL, 112 }, 113 } 114 115 err := authenticator.initExternalOIDCProvider() 116 assert.NoError(t, err) 117 }