diff --git a/internal/test/mock_server.go b/internal/test/mock_server.go index dc199eea..d7f40bb3 100644 --- a/internal/test/mock_server.go +++ b/internal/test/mock_server.go @@ -3,10 +3,12 @@ package test import ( "encoding/json" "errors" + "fmt" "io" "net/http" "net/http/httptest" "path/filepath" + "strings" "testing" "github.com/stretchr/testify/require" @@ -186,7 +188,10 @@ WaitForStreams: return ctx, nil } -type DiscoveryClientHandler struct{} +type DiscoveryClientHandler struct { + V1Resources []string + Groups []string +} var _ http.Handler = (*DiscoveryClientHandler)(nil) @@ -200,14 +205,24 @@ func (h *DiscoveryClientHandler) ServeHTTP(w http.ResponseWriter, req *http.Requ // Request Performed by DiscoveryClient to Kube API (Get API Groups) if req.URL.Path == "/apis" { w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"kind":"APIGroupList","apiVersion":"v1","groups":[]}`)) + _, _ = fmt.Fprintf(w, `{"kind":"APIGroupList","apiVersion":"v1","groups":[%s]}`, strings.Join(append(h.Groups, + `{"name":"apps","versions":[{"groupVersion":"apps/v1","version":"v1"}],"preferredVersion":{"groupVersion":"apps/v1","version":"v1"}}`, + ), ",")) return } // Request Performed by DiscoveryClient to Kube API (Get API Resources) if req.URL.Path == "/api/v1" { w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"kind":"APIResourceList","apiVersion":"v1","resources":[ - {"name":"pods","singularName":"","namespaced":true,"kind":"Pod","verbs":["get","list","watch","create","update","patch","delete"]} + _, _ = fmt.Fprintf(w, `{"kind":"APIResourceList","apiVersion":"v1","resources":[%s]}`, strings.Join(append(h.V1Resources, + `{"name":"nodes","singularName":"","namespaced":false,"kind":"Node","verbs":["get","list","watch"]}`, + `{"name":"pods","singularName":"","namespaced":true,"kind":"Pod","verbs":["get","list","watch","create","update","patch","delete"]}`, + ), ",")) + return + } + if req.URL.Path == "/apis/apps/v1" { + w.Header().Set("Content-Type", "application/json") + _, _ = w.Write([]byte(`{"kind":"APIResourceList","apiVersion":"v1","groupVersion":"apps/v1","resources":[ + {"name":"deployments","singularName":"","namespaced":true,"kind":"Deployment","verbs":["get","list","watch","create","update","patch","delete"]} ]}`)) return } @@ -264,12 +279,27 @@ const tokenReviewSuccessful = ` }` type TokenReviewHandler struct { + DiscoveryClientHandler TokenReviewed bool } var _ http.Handler = (*TokenReviewHandler)(nil) +func NewTokenReviewHandler() *TokenReviewHandler { + trh := &TokenReviewHandler{} + trh.Groups = []string{ + `{"name":"authentication.k8s.io","versions":[{"groupVersion":"authentication.k8s.io/v1","version":"v1"}],"preferredVersion":{"groupVersion":"authentication.k8s.io/v1","version":"v1"}}`, + } + return trh +} + func (h *TokenReviewHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { + h.DiscoveryClientHandler.ServeHTTP(w, req) + if req.URL.EscapedPath() == "/apis/authentication.k8s.io/v1" { + w.Header().Set("Content-Type", "application/json") + _, _ = w.Write([]byte(`{"kind":"APIResourceList","apiVersion":"v1","groupVersion":"authentication.k8s.io/v1","resources":[{"name":"tokenreviews","singularName":"","namespaced":false,"kind":"TokenReview","verbs":["create"]}]}`)) + return + } if req.URL.EscapedPath() == "/apis/authentication.k8s.io/v1/tokenreviews" { w.Header().Set("Content-Type", "application/json") _, _ = w.Write([]byte(tokenReviewSuccessful)) diff --git a/pkg/http/http_authorization_test.go b/pkg/http/http_authorization_test.go index a8995c45..68987c00 100644 --- a/pkg/http/http_authorization_test.go +++ b/pkg/http/http_authorization_test.go @@ -324,7 +324,7 @@ func (s *AuthorizationSuite) TestAuthorizationRequireOAuthFalse() { } func (s *AuthorizationSuite) TestAuthorizationRawToken() { - tokenReviewHandler := &test.TokenReviewHandler{} + tokenReviewHandler := test.NewTokenReviewHandler() s.MockServer.Handle(tokenReviewHandler) cases := []struct { @@ -367,7 +367,7 @@ func (s *AuthorizationSuite) TestAuthorizationRawToken() { } func (s *AuthorizationSuite) TestAuthorizationOidcToken() { - tokenReviewHandler := &test.TokenReviewHandler{} + tokenReviewHandler := test.NewTokenReviewHandler() s.MockServer.Handle(tokenReviewHandler) oidcTestServer := NewOidcTestServer(s.T()) @@ -412,7 +412,7 @@ func (s *AuthorizationSuite) TestAuthorizationOidcToken() { } func (s *AuthorizationSuite) TestAuthorizationOidcTokenExchange() { - tokenReviewHandler := &test.TokenReviewHandler{} + tokenReviewHandler := test.NewTokenReviewHandler() s.MockServer.Handle(tokenReviewHandler) oidcTestServer := NewOidcTestServer(s.T()) diff --git a/pkg/kubernetes/provider_kubeconfig_test.go b/pkg/kubernetes/provider_kubeconfig_test.go index 33ba60d6..add9475f 100644 --- a/pkg/kubernetes/provider_kubeconfig_test.go +++ b/pkg/kubernetes/provider_kubeconfig_test.go @@ -56,7 +56,7 @@ func (s *ProviderKubeconfigTestSuite) TestWithOpenShiftCluster() { } func (s *ProviderKubeconfigTestSuite) TestVerifyToken() { - s.mockServer.Handle(&test.TokenReviewHandler{}) + s.mockServer.Handle(test.NewTokenReviewHandler()) s.Run("VerifyToken returns UserInfo for non-empty context", func() { userInfo, audiences, err := s.provider.VerifyToken(s.T().Context(), "fake-context", "some-token", "the-audience") diff --git a/pkg/kubernetes/provider_single_test.go b/pkg/kubernetes/provider_single_test.go index 150926b4..ba2c3ec3 100644 --- a/pkg/kubernetes/provider_single_test.go +++ b/pkg/kubernetes/provider_single_test.go @@ -57,7 +57,7 @@ func (s *ProviderSingleTestSuite) TestWithOpenShiftCluster() { } func (s *ProviderSingleTestSuite) TestVerifyToken() { - s.mockServer.Handle(&test.TokenReviewHandler{}) + s.mockServer.Handle(test.NewTokenReviewHandler()) s.Run("VerifyToken returns UserInfo for empty target (default target)", func() { userInfo, audiences, err := s.provider.VerifyToken(s.T().Context(), "", "the-token", "the-audience")