forked from migtools/cpma
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
141a243
commit bdd651a
Showing
3 changed files
with
251 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
package transform | ||
|
||
import ( | ||
"encoding/json" | ||
"io/ioutil" | ||
"testing" | ||
|
||
"github.com/fusor/cpma/pkg/transform/oauth" | ||
"github.com/stretchr/testify/assert" | ||
|
||
configv1 "github.com/openshift/api/legacyconfig/v1" | ||
k8sjson "k8s.io/apimachinery/pkg/runtime/serializer/json" | ||
"k8s.io/client-go/kubernetes/scheme" | ||
) | ||
|
||
func loadTestIdentityProviders() []oauth.IdentityProvider { | ||
// TODO: Something is broken here in a way that it's causing the translaters | ||
// to fail. Need some help with creating test identiy providers in a way | ||
// that won't crash the translator | ||
|
||
// Build example identity providers, this is straight copy pasted from | ||
// oauth test, IMO this loading of example identity providers should be | ||
// some shared test helper | ||
file := "testdata/bulk-test-master-config.yaml" // File copied into transform pkg testdata | ||
content, _ := ioutil.ReadFile(file) | ||
serializer := k8sjson.NewYAMLSerializer(k8sjson.DefaultMetaFactory, scheme.Scheme, scheme.Scheme) | ||
var masterV3 configv1.MasterConfig | ||
_, _, _ = serializer.Decode(content, nil, &masterV3) | ||
|
||
var htContent []byte | ||
var identityProviders []oauth.IdentityProvider | ||
for _, identityProvider := range masterV3.OAuthConfig.IdentityProviders { | ||
providerJSON, _ := identityProvider.Provider.MarshalJSON() | ||
provider := oauth.Provider{} | ||
json.Unmarshal(providerJSON, &provider) | ||
|
||
identityProviders = append(identityProviders, | ||
oauth.IdentityProvider{ | ||
provider.Kind, | ||
provider.APIVersion, | ||
identityProvider.MappingMethod, | ||
identityProvider.Name, | ||
identityProvider.Provider, | ||
provider.File, | ||
htContent, | ||
identityProvider.UseAsChallenger, | ||
identityProvider.UseAsLogin, | ||
}) | ||
} | ||
return identityProviders | ||
} | ||
|
||
func TestOAuthExtractionTransform(t *testing.T) { | ||
actualManifestsChan := make(chan []Manifest) | ||
|
||
// Override flush method | ||
manifestTransformOutputFlush = func(manifests []Manifest) error { | ||
t.Log("Running overridden manifestTransformOutputFlush") | ||
actualManifestsChan <- manifests | ||
return nil | ||
} | ||
|
||
// TODO: write expectedManifests | ||
|
||
// TODO: Set up the extraction with dummy extracted values | ||
testExtraction := OAuthExtraction{ | ||
IdentityProviders: loadTestIdentityProviders(), | ||
} | ||
|
||
go func() { | ||
transformOutput, err := testExtraction.Transform() | ||
if err != nil { | ||
t.Error(err) | ||
} | ||
transformOutput.Flush() | ||
}() | ||
|
||
actualManifests := <-actualManifestsChan | ||
t.Logf("Got actualManifests: %v", actualManifests) | ||
|
||
// TODO: checkActualManifestsMatchExpectedManifests(t, actualManifests, expectedManifests) | ||
|
||
assert.Equal(t, 2, 2) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
oauthConfig: | ||
assetPublicURL: https://openshift.gildub2.lab.pnq2.cee.redhat.com/console/ | ||
grantConfig: | ||
method: auto | ||
identityProviders: | ||
- name: my_remote_basic_auth_provider | ||
challenge: true | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: BasicAuthPasswordIdentityProvider | ||
url: https://www.example.com/ | ||
ca: ca.file | ||
certFile: client.crt | ||
keyFile: client.key | ||
- name: github123456789 | ||
challenge: false | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: GitHubIdentityProvider | ||
ca: github.crt | ||
clientID: 2d85ea3f45d6777bffd7 | ||
clientSecret: e16a59ad33d7c29fd4354f46059f0950c609a7ea | ||
hostname: test.example.com | ||
organizations: | ||
- myorganization1 | ||
- myorganization2 | ||
teams: | ||
- myorganization1/team-a | ||
- myorganization2/team-b | ||
- name: gitlab123456789 | ||
challenge: true | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: GitLabIdentityProvider | ||
legacy: true | ||
url: https://gitlab.com/ | ||
clientID: fake-id | ||
clientSecret: fake-secret | ||
- name: google123456789123456789 | ||
challenge: false | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: GoogleIdentityProvider | ||
clientID: 82342890327-tf5lqn4eikdf4cb4edfm85jiqotvurpq.apps.googleusercontent.com | ||
clientSecret: e16a59ad33d7c29fd4354f46059f0950c609a7ea | ||
hostedDomain: test.example.com | ||
- name: htpasswd_auth | ||
login: true | ||
mappingMethod: claim | ||
challenge: true | ||
provider: | ||
apiVersion: v1 | ||
file: /etc/origin/master/htpasswd | ||
kind: HTPasswdPasswordIdentityProvider | ||
- name: my_keystone_provider | ||
challenge: true | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: KeystonePasswordIdentityProvider | ||
domainName: default | ||
url: http://fake.url:5000 | ||
ca: keystone.pem | ||
certFile: clientcert.pem | ||
keyFile: clientkey.pem | ||
useKeystoneIdentity: false | ||
- name: "my_ldap_provider" | ||
challenge: true | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: LDAPPasswordIdentityProvider | ||
attributes: | ||
id: | ||
- dn | ||
email: | ||
name: | ||
- cn | ||
preferredUsername: | ||
- uid | ||
bindDN: "123" | ||
bindPassword: "321" | ||
ca: my-ldap-ca-bundle.crt | ||
insecure: false | ||
url: "ldap://ldap.example.com/ou=users,dc=acme,dc=com?uid" | ||
- name: my_request_header_provider | ||
challenge: true | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: RequestHeaderIdentityProvider | ||
challengeURL: "https://example.com" | ||
loginURL: "https://example.com" | ||
clientCA: "cert.crt" | ||
clientCommonNames: | ||
- my-auth-proxy | ||
headers: | ||
- X-Remote-User | ||
- SSO-User | ||
emailHeaders: | ||
- X-Remote-User-Email | ||
nameHeaders: | ||
- X-Remote-User-Display-Name | ||
preferredUsernameHeaders: | ||
- X-Remote-User-Login | ||
- name: my_openid_connect | ||
challenge: false | ||
login: true | ||
mappingMethod: claim | ||
provider: | ||
apiVersion: v1 | ||
kind: OpenIDIdentityProvider | ||
clientID: testid | ||
clientSecret: testsecret | ||
ca: my-openid-ca-bundle.crt | ||
extraScopes: | ||
- profile | ||
extraAuthorizeParameters: | ||
include_granted_scopes: "true" | ||
claims: | ||
id: | ||
- custom_id_claim | ||
- sub | ||
preferredUsername: | ||
- preferred_username | ||
name: | ||
- nickname | ||
- given_name | ||
- name | ||
email: | ||
- custom_email_claim | ||
urls: | ||
authorize: https://myidp.example.com/oauth2/authorize | ||
token: https://myidp.example.com/oauth2/token | ||
userInfo: https://myidp.example.com/oauth2/userinfo | ||
masterCA: ca-bundle.crt | ||
masterPublicURL: https://openshift.gildub2.lab.pnq2.cee.redhat.com:443 | ||
masterURL: https://openshift.internal.gildub2.lab.pnq2.cee.redhat.com:443 | ||
sessionConfig: | ||
sessionMaxAgeSeconds: 3600 | ||
sessionName: ssn | ||
sessionSecretsFile: /etc/origin/master/session-secrets.yaml | ||
tokenConfig: | ||
accessTokenMaxAgeSeconds: 86400 | ||
authorizeTokenMaxAgeSeconds: 500 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters