-
Notifications
You must be signed in to change notification settings - Fork 1
/
handler_test.go
108 lines (89 loc) · 3.75 KB
/
handler_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package auth_test
import (
"context"
"net/http"
"testing"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/golang-jwt/jwt/v4"
auth "token_authorizer"
"token_authorizer/mock"
"github.com/golang/mock/gomock"
"github.com/stretchr/testify/assert"
)
func TestAuthorizationHandler(t *testing.T) {
ctx := context.Background()
t.Run("args invalid", func(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
validator := mock.NewMockTokenValidatorInterface(ctrl)
consumer := mock.NewMockAwsConsumerInterface(ctrl)
handler := auth.NewHandler(consumer, validator)
response, err := handler(ctx, auth.Event{})
assert.NoError(t, err)
assert.Equal(t, "invalid arguments", response.Body)
assert.Equal(t, http.StatusBadRequest, response.StatusCode)
})
t.Run("args valid - global rules", func(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
var rules []auth.Rule
rules = append(rules, auth.Rule{
Role: "one",
ClaimValues: []byte("{\"namespace_id\": \"1\"}"),
})
rules = append(rules, auth.Rule{
Role: "two",
ClaimValues: []byte("{\"namespace_id\": \"2\"}"),
})
claims := auth.Claims{ClaimsJSON: rules[0].ClaimValues,
RegisteredClaims: &jwt.RegisteredClaims{
Subject: "hans",
}}
validator := mock.NewMockTokenValidatorInterface(ctrl)
validator.EXPECT().RetrieveClaimsFromToken(gomock.Any(), gomock.Eq("token")).Return(&claims, nil)
validator.EXPECT().ValidateClaimsForRule(gomock.Any(), gomock.Eq(&claims), gomock.Eq("one"), gomock.Eq(rules)).Return(&rules[0], nil)
consumer := mock.NewMockAwsConsumerInterface(ctrl)
consumer.EXPECT().RetrieveRulesFromRoleTags(gomock.Any(), gomock.Eq("one")).Return(nil, nil)
consumer.EXPECT().AssumeRole(gomock.Any(), gomock.Eq(&rules[0]), gomock.Eq("hans")).Return(&sts.Credentials{}, nil)
consumer.EXPECT().Rules().Return(rules)
handler := auth.NewHandler(consumer, validator)
event := auth.Event{
Headers: auth.EventHeaders{Authorization: "token", Accept: "application/json"},
Query: auth.EventQuery{Role: "one"},
}
response, err := handler(ctx, event)
assert.NoError(t, err)
assert.Equal(t, "{\"AccessKeyId\":null,\"Expiration\":null,\"SecretAccessKey\":null,\"SessionToken\":null}", response.Body)
assert.Equal(t, http.StatusOK, response.StatusCode)
})
t.Run("args valid - iam rules", func(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
var globalRules []auth.Rule
var iamRules []auth.Rule
iamRules = append(iamRules, auth.Rule{
Role: "one",
ClaimValues: []byte("{\"namespace_id\": \"1\"}"),
})
claims := auth.Claims{ClaimsJSON: iamRules[0].ClaimValues,
RegisteredClaims: &jwt.RegisteredClaims{
Subject: "hans",
}}
validator := mock.NewMockTokenValidatorInterface(ctrl)
validator.EXPECT().RetrieveClaimsFromToken(gomock.Any(), gomock.Eq("token")).Return(&claims, nil)
validator.EXPECT().ValidateClaimsForRule(gomock.Any(), gomock.Eq(&claims), gomock.Eq("one"), gomock.Eq(iamRules)).Return(&iamRules[0], nil)
consumer := mock.NewMockAwsConsumerInterface(ctrl)
consumer.EXPECT().RetrieveRulesFromRoleTags(gomock.Any(), gomock.Eq("one")).Return(iamRules, nil)
consumer.EXPECT().AssumeRole(gomock.Any(), gomock.Eq(&iamRules[0]), gomock.Eq("hans")).Return(&sts.Credentials{}, nil)
consumer.EXPECT().Rules().Return(globalRules)
handler := auth.NewHandler(consumer, validator)
event := auth.Event{
Headers: auth.EventHeaders{Authorization: "token", Accept: "application/json"},
Query: auth.EventQuery{Role: "one"},
}
response, err := handler(ctx, event)
assert.NoError(t, err)
assert.Equal(t, "{\"AccessKeyId\":null,\"Expiration\":null,\"SecretAccessKey\":null,\"SessionToken\":null}", response.Body)
assert.Equal(t, http.StatusOK, response.StatusCode)
})
}