istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/credentialfetcher/plugin/mock.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Test only: this is the mock plugin of credentialfetcher. 16 17 package plugin 18 19 import ( 20 "fmt" 21 "net/http" 22 "net/http/httptest" 23 "net/url" 24 "os" 25 "sync" 26 27 "istio.io/istio/pkg/log" 28 ) 29 30 const fakeTokenPrefix = "fake-token-" 31 32 var mockcredLog = log.RegisterScope("mockcred", "Mock credential fetcher for istio agent") 33 34 // MockPlugin is the plugin object. 35 type MockPlugin struct { 36 token string 37 } 38 39 // CreateMockPlugin creates a mock credential fetcher plugin. Return the pointer to the created plugin. 40 func CreateMockPlugin(token string) *MockPlugin { 41 p := &MockPlugin{ 42 token: token, 43 } 44 return p 45 } 46 47 // GetPlatformCredential returns a constant token string. 48 func (p *MockPlugin) GetPlatformCredential() (string, error) { 49 mockcredLog.Debugf("mock plugin returns a constant token.") 50 return p.token, nil 51 } 52 53 // GetIdentityProvider returns the name of the identity provider that can authenticate the workload credential. 54 func (p *MockPlugin) GetIdentityProvider() string { 55 return "fakeIDP" 56 } 57 58 func (p *MockPlugin) Stop() {} 59 60 // MetadataServer mocks GCE metadata server. 61 type MetadataServer struct { 62 server *httptest.Server 63 64 numGetTokenCall int 65 credential string 66 mutex sync.RWMutex 67 } 68 69 // StartMetadataServer starts a mock GCE metadata server. 70 func StartMetadataServer() (*MetadataServer, error) { 71 ms := &MetadataServer{} 72 httpServer := httptest.NewServer(http.HandlerFunc(ms.getToken)) 73 ms.server = httpServer 74 url, err := url.Parse(httpServer.URL) 75 if err != nil { 76 return nil, fmt.Errorf("parse URL failed: %v", err) 77 } 78 if err := os.Setenv("GCE_METADATA_HOST", url.Host); err != nil { 79 fmt.Printf("Error running os.Setenv: %v", err) 80 ms.Stop() 81 return nil, err 82 } 83 return ms, nil 84 } 85 86 func (ms *MetadataServer) setToken(t string) { 87 ms.mutex.Lock() 88 defer ms.mutex.Unlock() 89 ms.credential = t 90 } 91 92 // NumGetTokenCall returns the number of token fetching request. 93 func (ms *MetadataServer) NumGetTokenCall() int { 94 ms.mutex.RLock() 95 defer ms.mutex.RUnlock() 96 97 return ms.numGetTokenCall 98 } 99 100 // Reset resets members to default values. 101 func (ms *MetadataServer) Reset() { 102 ms.mutex.Lock() 103 defer ms.mutex.Unlock() 104 105 ms.numGetTokenCall = 0 106 ms.credential = "" 107 } 108 109 func (ms *MetadataServer) getToken(w http.ResponseWriter, req *http.Request) { 110 ms.mutex.Lock() 111 defer ms.mutex.Unlock() 112 113 ms.numGetTokenCall++ 114 token := fmt.Sprintf("%s%d", fakeTokenPrefix, ms.numGetTokenCall) 115 if ms.credential != "" { 116 token = ms.credential 117 } 118 fmt.Fprint(w, token) 119 } 120 121 func (ms *MetadataServer) Stop() { 122 ms.server.Close() 123 }