k8s.io/apiserver@v0.31.1/pkg/authentication/token/tokenfile/tokenfile_test.go (about) 1 /* 2 Copyright 2014 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package tokenfile 18 19 import ( 20 "context" 21 "io/ioutil" 22 "os" 23 "reflect" 24 "testing" 25 26 "k8s.io/apiserver/pkg/authentication/user" 27 ) 28 29 func TestTokenFile(t *testing.T) { 30 auth, err := newWithContents(t, ` 31 token1,user1,uid1 32 token2,user2,uid2 33 token3,user3,uid3,"group1,group2" 34 token4,user4,uid4,"group2" 35 token5,user5,uid5,group5 36 token6,user6,uid6,group5,otherdata 37 token7,user7,uid7,"group1,group2",otherdata 38 `) 39 if err != nil { 40 t.Fatalf("unable to read tokenfile: %v", err) 41 } 42 43 testCases := []struct { 44 Token string 45 User *user.DefaultInfo 46 Ok bool 47 Err bool 48 }{ 49 { 50 Token: "token1", 51 User: &user.DefaultInfo{Name: "user1", UID: "uid1"}, 52 Ok: true, 53 }, 54 { 55 Token: "token2", 56 User: &user.DefaultInfo{Name: "user2", UID: "uid2"}, 57 Ok: true, 58 }, 59 { 60 Token: "token3", 61 User: &user.DefaultInfo{Name: "user3", UID: "uid3", Groups: []string{"group1", "group2"}}, 62 Ok: true, 63 }, 64 { 65 Token: "token4", 66 User: &user.DefaultInfo{Name: "user4", UID: "uid4", Groups: []string{"group2"}}, 67 Ok: true, 68 }, 69 { 70 Token: "token5", 71 User: &user.DefaultInfo{Name: "user5", UID: "uid5", Groups: []string{"group5"}}, 72 Ok: true, 73 }, 74 { 75 Token: "token6", 76 User: &user.DefaultInfo{Name: "user6", UID: "uid6", Groups: []string{"group5"}}, 77 Ok: true, 78 }, 79 { 80 Token: "token7", 81 User: &user.DefaultInfo{Name: "user7", UID: "uid7", Groups: []string{"group1", "group2"}}, 82 Ok: true, 83 }, 84 { 85 Token: "token8", 86 }, 87 } 88 for i, testCase := range testCases { 89 resp, ok, err := auth.AuthenticateToken(context.Background(), testCase.Token) 90 if testCase.User == nil { 91 if resp != nil { 92 t.Errorf("%d: unexpected non-nil user %#v", i, resp.User) 93 } 94 } else if !reflect.DeepEqual(testCase.User, resp.User) { 95 t.Errorf("%d: expected user %#v, got %#v", i, testCase.User, resp.User) 96 } 97 98 if testCase.Ok != ok { 99 t.Errorf("%d: expected auth %v, got %v", i, testCase.Ok, ok) 100 } 101 switch { 102 case err == nil && testCase.Err: 103 t.Errorf("%d: unexpected nil error", i) 104 case err != nil && !testCase.Err: 105 t.Errorf("%d: unexpected error: %v", i, err) 106 } 107 } 108 } 109 110 func TestBadTokenFile(t *testing.T) { 111 _, err := newWithContents(t, ` 112 token1,user1,uid1 113 token2,user2,uid2 114 token3,user3 115 token4 116 `) 117 if err == nil { 118 t.Fatalf("unexpected non error") 119 } 120 } 121 122 func TestInsufficientColumnsTokenFile(t *testing.T) { 123 _, err := newWithContents(t, "token4\n") 124 if err == nil { 125 t.Fatalf("unexpected non error") 126 } 127 } 128 129 func TestEmptyTokenTokenFile(t *testing.T) { 130 auth, err := newWithContents(t, ",user5,uid5\n") 131 if err != nil { 132 t.Fatalf("unexpected error %v", err) 133 } 134 if len(auth.tokens) != 0 { 135 t.Fatalf("empty token should not be recorded") 136 } 137 } 138 139 func newWithContents(t *testing.T, contents string) (auth *TokenAuthenticator, err error) { 140 f, err := ioutil.TempFile("", "tokenfile_test") 141 if err != nil { 142 t.Fatalf("unexpected error creating tokenfile: %v", err) 143 } 144 f.Close() 145 defer os.Remove(f.Name()) 146 147 if err := ioutil.WriteFile(f.Name(), []byte(contents), 0700); err != nil { 148 t.Fatalf("unexpected error writing tokenfile: %v", err) 149 } 150 151 return NewCSV(f.Name()) 152 }