gplazma: oidc rewrite OidcAuthPluginTest

Motivation: A recent patch introduced the concept of profiles. This means that the plugin class itself is no longer responsible for converting OIDC claims into dCache concepts. That responsibility is delegated to the configured Profile. Therefore, the unit tests for the plugin class no longer need to verify correct behaviour for specific OIDC claims. Instead, the unit tests can now focus on verifying that the response from a profile is handled correctly by the plugin. Making this change provides greater seperation of concerns, and therefore code that is easier to maintain. Modification: Update OidcAuthPluginTest to remove tests targeting specific claims. Instead, those tests now focus on verifying that the plugin handles the response from the configured profile correctly. Result: No user- or admin observable changes. Code base is now somewhat easier to maintain. Target: master Requires-notes: no Requires-book: no Patch: https://rb.dcache.org/r/13390/ Acked-by: Tigran Mkrtchyan
dCache · Jan 25, 2022 · 1746a22 · 1746a22
1 parent 7582bf9
commit 1746a22
Show file tree

Hide file tree

Showing 3 changed files with 175 additions and 939 deletions.
diff --git a/modules/gplazma2-oidc/src/test/java/org/dcache/gplazma/oidc/MockIdentityProviderBuilder.java b/modules/gplazma2-oidc/src/test/java/org/dcache/gplazma/oidc/MockIdentityProviderBuilder.java
@@ -18,7 +18,6 @@
 package org.dcache.gplazma.oidc;
 
 import java.net.URI;
-import org.dcache.gplazma.oidc.profiles.OidcProfile;
 import org.mockito.BDDMockito;
 
 import static org.mockito.Mockito.mock;
@@ -28,8 +27,6 @@
  */
 public class MockIdentityProviderBuilder {
     private final IdentityProvider provider = mock(IdentityProvider.class);
-    private boolean acceptUsername;
-    private boolean acceptGroups;
 
     static public MockIdentityProviderBuilder anIp(String name) {
         return new MockIdentityProviderBuilder(name);
@@ -50,19 +47,17 @@ public MockIdentityProviderBuilder withEndpoint(String endpoint) {
         return this;
     }
 
-    public MockIdentityProviderBuilder withAcceptedGroups() {
-        acceptGroups = true;
-        return this;
+    public MockIdentityProviderBuilder withProfile(MockProfileBuilder builder) {
+        Profile profile = builder.build();
+        return withProfile(profile);
     }
 
-    public MockIdentityProviderBuilder withAcceptedUsername() {
-        acceptUsername = true;
+    public MockIdentityProviderBuilder withProfile(Profile profile) {
+        BDDMockito.given(provider.getProfile()).willReturn(profile);
         return this;
     }
 
     public IdentityProvider build() {
-        // REVISIT this relies on OidcProfile working correctly.
-        BDDMockito.given(provider.getProfile()).willReturn(new OidcProfile(acceptUsername, acceptGroups));
         return provider;
     }
 }
diff --git a/modules/gplazma2-oidc/src/test/java/org/dcache/gplazma/oidc/MockProfileBuilder.java b/modules/gplazma2-oidc/src/test/java/org/dcache/gplazma/oidc/MockProfileBuilder.java
@@ -0,0 +1,64 @@
+/*
+ * dCache - http://www.dcache.org/
+ *
+ * Copyright (C) 2022 Deutsches Elektronen-Synchrotron
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.dcache.gplazma.oidc;
+
+import java.security.Principal;
+import java.util.Set;
+import org.dcache.gplazma.AuthenticationException;
+import org.mockito.ArgumentMatchers;
+import org.mockito.BDDMockito;
+
+import static org.mockito.Mockito.mock;
+
+/** A fluent class for building a mock Profile. */
+public class MockProfileBuilder {
+    private final Profile profile = mock(Profile.class);
+
+    public static MockProfileBuilder aProfile() {
+        return new MockProfileBuilder();
+    }
+
+    public MockProfileBuilder thatReturns(Set<Principal> principals) {
+        try {
+            BDDMockito.given(profile.processClaims(ArgumentMatchers.any(), ArgumentMatchers.any())).willReturn(principals);
+        } catch (AuthenticationException e) {
+            throw new RuntimeException(e);
+        }
+        return this;
+    }
+
+    public MockProfileBuilder thatThrows(AuthenticationException e) throws AuthenticationException {
+        BDDMockito.given(profile.processClaims(ArgumentMatchers.any(), ArgumentMatchers.any())).willThrow(e);
+        return this;
+    }
+
+    public MockProfileBuilder thatFailsTestIfCalled() {
+        try {
+            BDDMockito.given(profile.processClaims(ArgumentMatchers.any(), ArgumentMatchers.any()))
+                    .willThrow(new AssertionError("Profile#processClaims called"));
+        } catch (AuthenticationException e) {
+            throw new RuntimeException("Impossible exception caught", e);
+        }
+        return this;
+    }
+
+    public Profile build() {
+        return profile;
+    }
+}