go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authdb/internal/certs/certs_test.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authdb/internal/certs/certs_test.go (about)

     1  // Copyright 2019 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package certs
    16  
    17  import (
    18  	"context"
    19  	"encoding/json"
    20  	"net/http"
    21  	"testing"
    22  	"time"
    23  
    24  	"go.chromium.org/luci/auth/identity"
    25  	"go.chromium.org/luci/common/clock/testclock"
    26  
    27  	"go.chromium.org/luci/server/auth/internal"
    28  	"go.chromium.org/luci/server/auth/signing"
    29  	"go.chromium.org/luci/server/auth/signing/signingtest"
    30  	"go.chromium.org/luci/server/caching"
    31  
    32  	. "github.com/smartystreets/goconvey/convey"
    33  )
    34  
    35  func TestWorks(t *testing.T) {
    36  	Convey("GetCertificates works", t, func(c C) {
    37  		tokenService := signingtest.NewSigner(&signing.ServiceInfo{
    38  			AppID:              "token-server",
    39  			ServiceAccountName: "token-server-account@example.com",
    40  		})
    41  
    42  		ctx, tc := testclock.UseTime(context.Background(), time.Time{})
    43  		ctx = caching.WithEmptyProcessCache(ctx)
    44  
    45  		calls := 0
    46  
    47  		ctx = internal.WithTestTransport(ctx, func(r *http.Request, body string) (int, string) {
    48  			calls++
    49  			if r.URL.String() != "http://token-server/auth/api/v1/server/certificates" {
    50  				return 404, "Wrong URL"
    51  			}
    52  			certs, err := tokenService.Certificates(ctx)
    53  			if err != nil {
    54  				panic(err)
    55  			}
    56  			blob, err := json.Marshal(certs)
    57  			if err != nil {
    58  				panic(err)
    59  			}
    60  			return 200, string(blob)
    61  		})
    62  
    63  		bundle := Bundle{ServiceURL: "http://token-server"}
    64  
    65  		id, certs, err := bundle.GetCerts(ctx)
    66  		So(err, ShouldBeNil)
    67  		So(id, ShouldEqual, identity.Identity("user:token-server-account@example.com"))
    68  		So(certs, ShouldNotBeNil)
    69  		So(calls, ShouldEqual, 1)
    70  
    71  		// Reuses stuff from cache.
    72  		id, certs, err = bundle.GetCerts(ctx)
    73  		So(err, ShouldBeNil)
    74  		So(id, ShouldEqual, identity.Identity("user:token-server-account@example.com"))
    75  		So(certs, ShouldNotBeNil)
    76  		So(calls, ShouldEqual, 1)
    77  
    78  		tc.Add(time.Hour + 5*time.Minute)
    79  
    80  		// Until it expires.
    81  		id, certs, err = bundle.GetCerts(ctx)
    82  		So(err, ShouldBeNil)
    83  		So(id, ShouldEqual, identity.Identity("user:token-server-account@example.com"))
    84  		So(certs, ShouldNotBeNil)
    85  		So(calls, ShouldEqual, 2)
    86  	})
    87  }