k8s.io/apiserver@v0.31.1/pkg/authentication/request/union/unionauth_test.go (about) 1 /* 2 Copyright 2014 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package union 18 19 import ( 20 "errors" 21 "net/http" 22 "reflect" 23 "strings" 24 "testing" 25 26 "k8s.io/apiserver/pkg/authentication/authenticator" 27 "k8s.io/apiserver/pkg/authentication/user" 28 ) 29 30 type mockAuthRequestHandler struct { 31 returnUser user.Info 32 isAuthenticated bool 33 err error 34 } 35 36 var ( 37 user1 = &user.DefaultInfo{Name: "fresh_ferret", UID: "alfa"} 38 user2 = &user.DefaultInfo{Name: "elegant_sheep", UID: "bravo"} 39 ) 40 41 func (mock *mockAuthRequestHandler) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { 42 return &authenticator.Response{User: mock.returnUser}, mock.isAuthenticated, mock.err 43 } 44 45 func TestAuthenticateRequestSecondPasses(t *testing.T) { 46 handler1 := &mockAuthRequestHandler{returnUser: user1} 47 handler2 := &mockAuthRequestHandler{returnUser: user2, isAuthenticated: true} 48 authRequestHandler := New(handler1, handler2) 49 req, _ := http.NewRequest("GET", "http://example.org", nil) 50 51 resp, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 52 if err != nil { 53 t.Errorf("Unexpected error: %v", err) 54 } 55 if !isAuthenticated { 56 t.Errorf("Unexpectedly unauthenticated: %v", isAuthenticated) 57 } 58 if !reflect.DeepEqual(user2, resp.User) { 59 t.Errorf("Expected %v, got %v", user2, resp.User) 60 } 61 } 62 63 func TestAuthenticateRequestFirstPasses(t *testing.T) { 64 handler1 := &mockAuthRequestHandler{returnUser: user1, isAuthenticated: true} 65 handler2 := &mockAuthRequestHandler{returnUser: user2} 66 authRequestHandler := New(handler1, handler2) 67 req, _ := http.NewRequest("GET", "http://example.org", nil) 68 69 resp, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 70 if err != nil { 71 t.Errorf("Unexpected error: %v", err) 72 } 73 if !isAuthenticated { 74 t.Errorf("Unexpectedly unauthenticated: %v", isAuthenticated) 75 } 76 if !reflect.DeepEqual(user1, resp.User) { 77 t.Errorf("Expected %v, got %v", user2, resp.User) 78 } 79 } 80 81 func TestAuthenticateRequestSuppressUnnecessaryErrors(t *testing.T) { 82 handler1 := &mockAuthRequestHandler{err: errors.New("first")} 83 handler2 := &mockAuthRequestHandler{isAuthenticated: true} 84 authRequestHandler := New(handler1, handler2) 85 req, _ := http.NewRequest("GET", "http://example.org", nil) 86 87 _, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 88 if err != nil { 89 t.Errorf("Unexpected error: %v", err) 90 } 91 if !isAuthenticated { 92 t.Errorf("Unexpectedly unauthenticated: %v", isAuthenticated) 93 } 94 } 95 96 func TestAuthenticateRequestNoAuthenticators(t *testing.T) { 97 authRequestHandler := New() 98 req, _ := http.NewRequest("GET", "http://example.org", nil) 99 100 resp, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 101 if err != nil { 102 t.Errorf("Unexpected error: %v", err) 103 } 104 if isAuthenticated { 105 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 106 } 107 if resp != nil { 108 t.Errorf("Unexpected authenticatedUser: %v", resp) 109 } 110 } 111 112 func TestAuthenticateRequestNonePass(t *testing.T) { 113 handler1 := &mockAuthRequestHandler{} 114 handler2 := &mockAuthRequestHandler{} 115 authRequestHandler := New(handler1, handler2) 116 req, _ := http.NewRequest("GET", "http://example.org", nil) 117 118 _, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 119 if err != nil { 120 t.Errorf("Unexpected error: %v", err) 121 } 122 if isAuthenticated { 123 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 124 } 125 } 126 127 func TestAuthenticateRequestAdditiveErrors(t *testing.T) { 128 handler1 := &mockAuthRequestHandler{err: errors.New("first")} 129 handler2 := &mockAuthRequestHandler{err: errors.New("second")} 130 authRequestHandler := New(handler1, handler2) 131 req, _ := http.NewRequest("GET", "http://example.org", nil) 132 133 _, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 134 if err == nil { 135 t.Errorf("Expected an error") 136 } 137 if !strings.Contains(err.Error(), "first") { 138 t.Errorf("Expected error containing %v, got %v", "first", err) 139 } 140 if !strings.Contains(err.Error(), "second") { 141 t.Errorf("Expected error containing %v, got %v", "second", err) 142 } 143 if isAuthenticated { 144 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 145 } 146 } 147 148 func TestAuthenticateRequestFailEarly(t *testing.T) { 149 handler1 := &mockAuthRequestHandler{err: errors.New("first")} 150 handler2 := &mockAuthRequestHandler{err: errors.New("second")} 151 authRequestHandler := NewFailOnError(handler1, handler2) 152 req, _ := http.NewRequest("GET", "http://example.org", nil) 153 154 _, isAuthenticated, err := authRequestHandler.AuthenticateRequest(req) 155 if err == nil { 156 t.Errorf("Expected an error") 157 } 158 if !strings.Contains(err.Error(), "first") { 159 t.Errorf("Expected error containing %v, got %v", "first", err) 160 } 161 if strings.Contains(err.Error(), "second") { 162 t.Errorf("Did not expect second error, got %v", err) 163 } 164 if isAuthenticated { 165 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 166 } 167 }