2022-09-07 11:56:56 +00:00
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"os"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func testSetup(t *testing.T) *httptest.Server {
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
// TODO: mock calls
|
|
|
|
// mux.HandleFunc("/admin/directory/v1/groups", func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// w.Header().Add("Content-Type", "application/json")
|
|
|
|
// json.NewEncoder(w).Encode(&admin.Groups{
|
|
|
|
// Groups: []*admin.Group{},
|
|
|
|
// })
|
|
|
|
// })
|
|
|
|
return httptest.NewServer(mux)
|
|
|
|
}
|
|
|
|
|
|
|
|
func newConnector(config *Config, serverURL string) (*googleConnector, error) {
|
|
|
|
log := logrus.New()
|
|
|
|
conn, err := config.Open("id", log)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
googleConn, ok := conn.(*googleConnector)
|
|
|
|
if !ok {
|
|
|
|
return nil, fmt.Errorf("failed to convert to googleConnector")
|
|
|
|
}
|
|
|
|
return googleConn, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func tempServiceAccountKey() (string, error) {
|
|
|
|
fd, err := os.CreateTemp("", "google_service_account_key")
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
defer fd.Close()
|
|
|
|
err = json.NewEncoder(fd).Encode(map[string]string{
|
|
|
|
"type": "service_account",
|
|
|
|
"project_id": "sample-project",
|
|
|
|
"private_key_id": "sample-key-id",
|
|
|
|
"private_key": "-----BEGIN PRIVATE KEY-----\nsample-key\n-----END PRIVATE KEY-----\n",
|
|
|
|
"client_id": "sample-client-id",
|
|
|
|
"client_x509_cert_url": "localhost",
|
|
|
|
})
|
|
|
|
return fd.Name(), err
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestOpen(t *testing.T) {
|
|
|
|
ts := testSetup(t)
|
|
|
|
defer ts.Close()
|
|
|
|
|
|
|
|
type testCase struct {
|
|
|
|
config *Config
|
|
|
|
expectedErr string
|
|
|
|
|
|
|
|
// string to set in GOOGLE_APPLICATION_CREDENTIALS. As local development environments can
|
|
|
|
// already contain ADC, test cases will be built uppon this setting this env variable
|
|
|
|
adc string
|
|
|
|
}
|
|
|
|
|
|
|
|
serviceAccountFilePath, err := tempServiceAccountKey()
|
|
|
|
assert.Nil(t, err)
|
|
|
|
|
|
|
|
for name, reference := range map[string]testCase{
|
2022-09-28 17:59:28 +00:00
|
|
|
"not_requesting_groups": {
|
|
|
|
config: &Config{
|
|
|
|
ClientID: "testClient",
|
|
|
|
ClientSecret: "testSecret",
|
|
|
|
RedirectURI: ts.URL + "/callback",
|
|
|
|
Scopes: []string{"openid"},
|
|
|
|
},
|
|
|
|
expectedErr: "",
|
|
|
|
},
|
2022-09-07 11:56:56 +00:00
|
|
|
"missing_admin_email": {
|
|
|
|
config: &Config{
|
|
|
|
ClientID: "testClient",
|
|
|
|
ClientSecret: "testSecret",
|
|
|
|
RedirectURI: ts.URL + "/callback",
|
|
|
|
Scopes: []string{"openid", "groups"},
|
2022-09-28 17:59:28 +00:00
|
|
|
Groups: []string{"someGroup"},
|
2022-09-07 11:56:56 +00:00
|
|
|
},
|
|
|
|
expectedErr: "requires adminEmail",
|
|
|
|
},
|
|
|
|
"service_account_key_not_found": {
|
|
|
|
config: &Config{
|
|
|
|
ClientID: "testClient",
|
|
|
|
ClientSecret: "testSecret",
|
|
|
|
RedirectURI: ts.URL + "/callback",
|
|
|
|
Scopes: []string{"openid", "groups"},
|
|
|
|
AdminEmail: "foo@bar.com",
|
|
|
|
ServiceAccountFilePath: "not_found.json",
|
2022-09-28 17:59:28 +00:00
|
|
|
Groups: []string{"someGroup"},
|
2022-09-07 11:56:56 +00:00
|
|
|
},
|
|
|
|
expectedErr: "error reading credentials",
|
|
|
|
},
|
|
|
|
"service_account_key_valid": {
|
|
|
|
config: &Config{
|
|
|
|
ClientID: "testClient",
|
|
|
|
ClientSecret: "testSecret",
|
|
|
|
RedirectURI: ts.URL + "/callback",
|
|
|
|
Scopes: []string{"openid", "groups"},
|
|
|
|
AdminEmail: "foo@bar.com",
|
|
|
|
ServiceAccountFilePath: serviceAccountFilePath,
|
2022-09-28 17:59:28 +00:00
|
|
|
Groups: []string{"someGroup"},
|
2022-09-07 11:56:56 +00:00
|
|
|
},
|
|
|
|
expectedErr: "",
|
|
|
|
},
|
|
|
|
"adc": {
|
|
|
|
config: &Config{
|
|
|
|
ClientID: "testClient",
|
|
|
|
ClientSecret: "testSecret",
|
|
|
|
RedirectURI: ts.URL + "/callback",
|
|
|
|
Scopes: []string{"openid", "groups"},
|
|
|
|
AdminEmail: "foo@bar.com",
|
2022-09-28 17:59:28 +00:00
|
|
|
Groups: []string{"someGroup"},
|
2022-09-07 11:56:56 +00:00
|
|
|
},
|
|
|
|
adc: serviceAccountFilePath,
|
|
|
|
expectedErr: "",
|
|
|
|
},
|
|
|
|
"adc_priority": {
|
|
|
|
config: &Config{
|
|
|
|
ClientID: "testClient",
|
|
|
|
ClientSecret: "testSecret",
|
|
|
|
RedirectURI: ts.URL + "/callback",
|
|
|
|
Scopes: []string{"openid", "groups"},
|
|
|
|
AdminEmail: "foo@bar.com",
|
|
|
|
ServiceAccountFilePath: serviceAccountFilePath,
|
2022-09-28 17:59:28 +00:00
|
|
|
Groups: []string{"someGroup"},
|
2022-09-07 11:56:56 +00:00
|
|
|
},
|
|
|
|
adc: "/dev/null",
|
|
|
|
expectedErr: "",
|
|
|
|
},
|
|
|
|
} {
|
|
|
|
reference := reference
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
|
|
|
os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", reference.adc)
|
|
|
|
conn, err := newConnector(reference.config, ts.URL)
|
|
|
|
|
|
|
|
if reference.expectedErr == "" {
|
|
|
|
assert.Nil(err)
|
|
|
|
assert.NotNil(conn)
|
|
|
|
} else {
|
|
|
|
assert.ErrorContains(err, reference.expectedErr)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|