go.chromium.org/luci@v0.0.0-20250314024836-d9a61d0730e6/tokenserver/appengine/impl/utils/rpc_utils_test.go (about) 1 // Copyright 2019 The LUCI Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package utils 16 17 import ( 18 "context" 19 "testing" 20 21 "go.chromium.org/luci/appengine/gaetesting" 22 "go.chromium.org/luci/common/testing/ftt" 23 "go.chromium.org/luci/common/testing/truth/assert" 24 "go.chromium.org/luci/common/testing/truth/should" 25 26 "go.chromium.org/luci/tokenserver/api/minter/v1" 27 ) 28 29 func performValidation(ctx context.Context, req *minter.MintProjectTokenRequest) error { 30 if err := ValidateProject(ctx, req.LuciProject); err != nil { 31 return err 32 } 33 if err := ValidateAndNormalizeRequest(ctx, req.OauthScope, &req.MinValidityDuration, req.AuditTags); err != nil { 34 return err 35 } 36 return nil 37 } 38 39 func TestRpcUtils(t *testing.T) { 40 ctx := gaetesting.TestingContext() 41 42 ftt.Run("validateRequest works", t, func(t *ftt.Test) { 43 44 t.Run("empty fields", func(t *ftt.Test) { 45 req := &minter.MintProjectTokenRequest{ 46 LuciProject: "", 47 OauthScope: []string{}, 48 MinValidityDuration: 7200, 49 } 50 51 err := performValidation(ctx, req) 52 assert.Loosely(t, err, should.NotBeNil) 53 }) 54 55 t.Run("empty project", func(t *ftt.Test) { 56 req := &minter.MintProjectTokenRequest{ 57 LuciProject: "", 58 OauthScope: []string{"https://www.googleapis.com/auth/cloud-platform"}, 59 MinValidityDuration: 1800, 60 } 61 err := performValidation(ctx, req) 62 assert.Loosely(t, err, should.ErrLike(`luci_project is empty`)) 63 }) 64 65 t.Run("negative validity", func(t *ftt.Test) { 66 req := &minter.MintProjectTokenRequest{ 67 LuciProject: "foo-project", 68 OauthScope: []string{"https://www.googleapis.com/auth/cloud-platform"}, 69 MinValidityDuration: -1800, 70 } 71 err := performValidation(ctx, req) 72 assert.Loosely(t, err, should.ErrLike(`min_validity_duration must be positive`)) 73 }) 74 75 t.Run("normalize validity", func(t *ftt.Test) { 76 req := &minter.MintProjectTokenRequest{ 77 LuciProject: "foo-project", 78 OauthScope: []string{"https://www.googleapis.com/auth/cloud-platform"}, 79 MinValidityDuration: 0, 80 } 81 err := performValidation(ctx, req) 82 assert.Loosely(t, err, should.BeNil) 83 assert.Loosely(t, req.MinValidityDuration, should.NotEqual(0)) 84 }) 85 86 t.Run("malformed tags", func(t *ftt.Test) { 87 req := &minter.MintProjectTokenRequest{ 88 LuciProject: "foo-project", 89 OauthScope: []string{"https://www.googleapis.com/auth/cloud-platform"}, 90 MinValidityDuration: 0, 91 AuditTags: []string{"malformed"}, 92 } 93 err := performValidation(ctx, req) 94 assert.Loosely(t, err, should.NotBeNil) 95 }) 96 97 t.Run("empty scopes", func(t *ftt.Test) { 98 99 req := &minter.MintProjectTokenRequest{ 100 LuciProject: "foo-project", 101 OauthScope: []string{}, 102 MinValidityDuration: 1800, 103 } 104 105 err := performValidation(ctx, req) 106 assert.Loosely(t, err, should.ErrLike(`oauth_scope is required`)) 107 }) 108 109 t.Run("returns nil for valid request", func(t *ftt.Test) { 110 req := &minter.MintProjectTokenRequest{ 111 LuciProject: "test-project", 112 OauthScope: []string{"https://www.googleapis.com/auth/cloud-platform"}, 113 MinValidityDuration: 3600, 114 } 115 err := performValidation(ctx, req) 116 assert.Loosely(t, err, should.ErrLike("min_validity_duration must not exceed 1800")) 117 }) 118 }) 119 }