k8s.io/apiserver@v0.31.1/pkg/authentication/token/union/unionauth_test.go (about) 1 /* 2 Copyright 2017 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package union 18 19 import ( 20 "context" 21 "errors" 22 "reflect" 23 "strings" 24 "testing" 25 26 "k8s.io/apiserver/pkg/authentication/authenticator" 27 "k8s.io/apiserver/pkg/authentication/user" 28 ) 29 30 type mockAuthRequestHandler struct { 31 returnUser user.Info 32 isAuthenticated bool 33 err error 34 } 35 36 var ( 37 user1 = &user.DefaultInfo{Name: "fresh_ferret", UID: "alfa"} 38 user2 = &user.DefaultInfo{Name: "elegant_sheep", UID: "bravo"} 39 ) 40 41 func (mock *mockAuthRequestHandler) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { 42 return &authenticator.Response{User: mock.returnUser}, mock.isAuthenticated, mock.err 43 } 44 45 func TestAuthenticateTokenSecondPasses(t *testing.T) { 46 handler1 := &mockAuthRequestHandler{returnUser: user1} 47 handler2 := &mockAuthRequestHandler{returnUser: user2, isAuthenticated: true} 48 authRequestHandler := New(handler1, handler2) 49 50 resp, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 51 if err != nil { 52 t.Errorf("Unexpected error: %v", err) 53 } 54 if !isAuthenticated { 55 t.Errorf("Unexpectedly unauthenticated: %v", isAuthenticated) 56 } 57 if !reflect.DeepEqual(user2, resp.User) { 58 t.Errorf("Expected %v, got %v", user2, resp.User) 59 } 60 } 61 62 func TestAuthenticateTokenFirstPasses(t *testing.T) { 63 handler1 := &mockAuthRequestHandler{returnUser: user1, isAuthenticated: true} 64 handler2 := &mockAuthRequestHandler{returnUser: user2} 65 authRequestHandler := New(handler1, handler2) 66 67 resp, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 68 if err != nil { 69 t.Errorf("Unexpected error: %v", err) 70 } 71 if !isAuthenticated { 72 t.Errorf("Unexpectedly unauthenticated: %v", isAuthenticated) 73 } 74 if !reflect.DeepEqual(user1, resp.User) { 75 t.Errorf("Expected %v, got %v", user1, resp.User) 76 } 77 } 78 79 func TestAuthenticateTokenSuppressUnnecessaryErrors(t *testing.T) { 80 handler1 := &mockAuthRequestHandler{err: errors.New("first")} 81 handler2 := &mockAuthRequestHandler{isAuthenticated: true} 82 authRequestHandler := New(handler1, handler2) 83 84 _, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 85 if err != nil { 86 t.Errorf("Unexpected error: %v", err) 87 } 88 if !isAuthenticated { 89 t.Errorf("Unexpectedly unauthenticated: %v", isAuthenticated) 90 } 91 } 92 93 func TestAuthenticateTokenNoAuthenticators(t *testing.T) { 94 authRequestHandler := New() 95 96 resp, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 97 if err != nil { 98 t.Errorf("Unexpected error: %v", err) 99 } 100 if isAuthenticated { 101 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 102 } 103 if resp != nil { 104 t.Errorf("Unexpected authenticatedUser: %v", resp) 105 } 106 } 107 108 func TestAuthenticateTokenNonePass(t *testing.T) { 109 handler1 := &mockAuthRequestHandler{} 110 handler2 := &mockAuthRequestHandler{} 111 authRequestHandler := New(handler1, handler2) 112 113 _, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 114 if err != nil { 115 t.Errorf("Unexpected error: %v", err) 116 } 117 if isAuthenticated { 118 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 119 } 120 } 121 122 func TestAuthenticateTokenAdditiveErrors(t *testing.T) { 123 handler1 := &mockAuthRequestHandler{err: errors.New("first")} 124 handler2 := &mockAuthRequestHandler{err: errors.New("second")} 125 authRequestHandler := New(handler1, handler2) 126 127 _, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 128 if err == nil { 129 t.Errorf("Expected an error") 130 } 131 if !strings.Contains(err.Error(), "first") { 132 t.Errorf("Expected error containing %v, got %v", "first", err) 133 } 134 if !strings.Contains(err.Error(), "second") { 135 t.Errorf("Expected error containing %v, got %v", "second", err) 136 } 137 if isAuthenticated { 138 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 139 } 140 } 141 142 func TestAuthenticateTokenFailEarly(t *testing.T) { 143 handler1 := &mockAuthRequestHandler{err: errors.New("first")} 144 handler2 := &mockAuthRequestHandler{err: errors.New("second")} 145 authRequestHandler := NewFailOnError(handler1, handler2) 146 147 _, isAuthenticated, err := authRequestHandler.AuthenticateToken(context.Background(), "foo") 148 if err == nil { 149 t.Errorf("Expected an error") 150 } 151 if !strings.Contains(err.Error(), "first") { 152 t.Errorf("Expected error containing %v, got %v", "first", err) 153 } 154 if strings.Contains(err.Error(), "second") { 155 t.Errorf("Did not expect second error, got %v", err) 156 } 157 if isAuthenticated { 158 t.Errorf("Unexpectedly authenticated: %v", isAuthenticated) 159 } 160 }