vendor/k8s.io/apiserver/pkg/authentication/authenticator/audagnostic_test.go - cloudstack-kubernetes-provider - Git at Google

 /*
 Copyright 2018 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */

 package authenticator

 import (
 	"context"
 	"errors"
 	"fmt"
 	"reflect"
 	"testing"

 	"k8s.io/apimachinery/pkg/util/diff"
 	"k8s.io/apiserver/pkg/authentication/user"
 )

 func TestAuthenticate(t *testing.T) {
 	type treq struct {
 		resp          *Response
 		authenticated bool
 		err           error

 		wantResp          *Response
 		wantAuthenticated bool
 		wantErr           bool
 	}
 	type taudcfg struct {
 		auds         Audiences
 		implicitAuds Audiences
 	}
 	cs := []struct {
 		name string

 		taudcfgs []taudcfg
 		treqs    []treq
 	}{
 		{
 			name: "good audience",

 			taudcfgs: []taudcfg{
 				{
 					implicitAuds: Audiences{"api"},
 					auds:         Audiences{"api"},
 				},
 				{
 					implicitAuds: Audiences{"api", "other"},
 					auds:         Audiences{"api"},
 				},
 				{
 					implicitAuds: Audiences{"api"},
 					auds:         Audiences{"api", "other"},
 				},
 				{
 					implicitAuds: Audiences{"api", "other"},
 					auds:         Audiences{"api", "other_other"},
 				},
 			},

 			treqs: []treq{
 				{
 					resp: &Response{
 						User: &user.DefaultInfo{
 							Name: "test_user",
 						},
 					},
 					authenticated: true,

 					wantResp: &Response{
 						User: &user.DefaultInfo{
 							Name: "test_user",
 						},
 						Audiences: Audiences{"api"},
 					},
 					wantAuthenticated: true,
 				},
 				{
 					err:     errors.New("uhoh"),
 					wantErr: true,
 				},
 				{
 					authenticated:     false,
 					wantAuthenticated: false,
 				},
 			},
 		},
 		{
 			name: "multiple good audiences",

 			taudcfgs: []taudcfg{
 				{
 					implicitAuds: Audiences{"api", "other_api"},
 					auds:         Audiences{"api", "other_api"},
 				},
 				{
 					implicitAuds: Audiences{"api", "other_api", "other"},
 					auds:         Audiences{"api", "other_api"},
 				},
 				{
 					implicitAuds: Audiences{"api", "other_api"},
 					auds:         Audiences{"api", "other_api", "other"},
 				},
 				{
 					implicitAuds: Audiences{"api", "other_api", "other"},
 					auds:         Audiences{"api", "other_api", "other_other"},
 				},
 			},

 			treqs: []treq{
 				{
 					resp: &Response{
 						User: &user.DefaultInfo{
 							Name: "test_user",
 						},
 					},
 					authenticated: true,

 					wantResp: &Response{
 						User: &user.DefaultInfo{
 							Name: "test_user",
 						},
 						Audiences: Audiences{"api", "other_api"},
 					},
 					wantAuthenticated: true,
 				},
 				{
 					err: errors.New("uhoh"),

 					wantErr: true,
 				},
 				{
 					authenticated: false,

 					wantAuthenticated: false,
 				},
 			},
 		},
 		{
 			name: "bad audience(s)",

 			taudcfgs: []taudcfg{
 				{
 					implicitAuds: Audiences{"api"},
 					auds:         Audiences{"other_api"},
 				},
 				{
 					implicitAuds: Audiences{},
 					auds:         Audiences{"other_api"},
 				},
 				{
 					implicitAuds: Audiences{"api"},
 					auds:         Audiences{},
 				},
 				{
 					implicitAuds: Audiences{"api", "other"},
 					auds:         Audiences{},
 				},
 				{
 					implicitAuds: Audiences{},
 					auds:         Audiences{"api", "other"},
 				},
 			},

 			treqs: []treq{
 				{
 					resp: &Response{
 						User: &user.DefaultInfo{
 							Name: "test_user",
 						},
 					},
 					authenticated: true,

 					wantAuthenticated: false,
 				},
 				{
 					err: errors.New("uhoh"),

 					wantAuthenticated: false,
 				},
 				{
 					authenticated: false,

 					wantAuthenticated: false,
 				},
 			},
 		},
 	}

 	for _, c := range cs {
 		t.Run(c.name, func(t *testing.T) {
 			for _, taudcfg := range c.taudcfgs {
 				for _, treq := range c.treqs {
 					t.Run(fmt.Sprintf("auds=%q,implicit=%q", taudcfg.auds, taudcfg.implicitAuds), func(t *testing.T) {
 						ctx := context.Background()
 						ctx = WithAudiences(ctx, taudcfg.auds)
 						resp, ok, err := authenticate(ctx, taudcfg.implicitAuds, func() (*Response, bool, error) {
 							if treq.resp != nil {
 								resp := *treq.resp
 								return &resp, treq.authenticated, treq.err
 							}
 							return nil, treq.authenticated, treq.err
 						})
 						if got, want := (err != nil), treq.wantErr; got != want {
 							t.Errorf("Unexpected error. got=%v, want=%v, err=%v", got, want, err)
 						}
 						if got, want := ok, treq.wantAuthenticated; got != want {
 							t.Errorf("Unexpected authentication. got=%v, want=%v", got, want)
 						}
 						if got, want := resp, treq.wantResp; !reflect.DeepEqual(got, want) {
 							t.Errorf("Unexpected response. diff:\n%v", diff.ObjectGoPrintDiff(got, want))
 						}
 					})
 				}
 			}
 		})
 	}
 }
	/*
	Copyright 2018 The Kubernetes Authors.

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	*/

	package authenticator

	import (
	"context"
	"errors"
	"fmt"
	"reflect"
	"testing"

	"k8s.io/apimachinery/pkg/util/diff"
	"k8s.io/apiserver/pkg/authentication/user"
	)

	func TestAuthenticate(t *testing.T) {
	type treq struct {
	resp *Response
	authenticated bool
	err error

	wantResp *Response
	wantAuthenticated bool
	wantErr bool
	}
	type taudcfg struct {
	auds Audiences
	implicitAuds Audiences
	}
	cs := []struct {
	name string

	taudcfgs []taudcfg
	treqs []treq
	}{
	{
	name: "good audience",

	taudcfgs: []taudcfg{
	{
	implicitAuds: Audiences{"api"},
	auds: Audiences{"api"},
	},
	{
	implicitAuds: Audiences{"api", "other"},
	auds: Audiences{"api"},
	},
	{
	implicitAuds: Audiences{"api"},
	auds: Audiences{"api", "other"},
	},
	{
	implicitAuds: Audiences{"api", "other"},
	auds: Audiences{"api", "other_other"},
	},
	},

	treqs: []treq{
	{
	resp: &Response{
	User: &user.DefaultInfo{
	Name: "test_user",
	},
	},
	authenticated: true,

	wantResp: &Response{
	User: &user.DefaultInfo{
	Name: "test_user",
	},
	Audiences: Audiences{"api"},
	},
	wantAuthenticated: true,
	},
	{
	err: errors.New("uhoh"),
	wantErr: true,
	},
	{
	authenticated: false,
	wantAuthenticated: false,
	},
	},
	},
	{
	name: "multiple good audiences",

	taudcfgs: []taudcfg{
	{
	implicitAuds: Audiences{"api", "other_api"},
	auds: Audiences{"api", "other_api"},
	},
	{
	implicitAuds: Audiences{"api", "other_api", "other"},
	auds: Audiences{"api", "other_api"},
	},
	{
	implicitAuds: Audiences{"api", "other_api"},
	auds: Audiences{"api", "other_api", "other"},
	},
	{
	implicitAuds: Audiences{"api", "other_api", "other"},
	auds: Audiences{"api", "other_api", "other_other"},
	},
	},

	treqs: []treq{
	{
	resp: &Response{
	User: &user.DefaultInfo{
	Name: "test_user",
	},
	},
	authenticated: true,

	wantResp: &Response{
	User: &user.DefaultInfo{
	Name: "test_user",
	},
	Audiences: Audiences{"api", "other_api"},
	},
	wantAuthenticated: true,
	},
	{
	err: errors.New("uhoh"),

	wantErr: true,
	},
	{
	authenticated: false,

	wantAuthenticated: false,
	},
	},
	},
	{
	name: "bad audience(s)",

	taudcfgs: []taudcfg{
	{
	implicitAuds: Audiences{"api"},
	auds: Audiences{"other_api"},
	},
	{
	implicitAuds: Audiences{},
	auds: Audiences{"other_api"},
	},
	{
	implicitAuds: Audiences{"api"},
	auds: Audiences{},
	},
	{
	implicitAuds: Audiences{"api", "other"},
	auds: Audiences{},
	},
	{
	implicitAuds: Audiences{},
	auds: Audiences{"api", "other"},
	},
	},

	treqs: []treq{
	{
	resp: &Response{
	User: &user.DefaultInfo{
	Name: "test_user",
	},
	},
	authenticated: true,

	wantAuthenticated: false,
	},
	{
	err: errors.New("uhoh"),

	wantAuthenticated: false,
	},
	{
	authenticated: false,

	wantAuthenticated: false,
	},
	},
	},
	}

	for _, c := range cs {
	t.Run(c.name, func(t *testing.T) {
	for _, taudcfg := range c.taudcfgs {
	for _, treq := range c.treqs {
	t.Run(fmt.Sprintf("auds=%q,implicit=%q", taudcfg.auds, taudcfg.implicitAuds), func(t *testing.T) {
	ctx := context.Background()
	ctx = WithAudiences(ctx, taudcfg.auds)
	resp, ok, err := authenticate(ctx, taudcfg.implicitAuds, func() (*Response, bool, error) {
	if treq.resp != nil {
	resp := *treq.resp
	return &resp, treq.authenticated, treq.err
	}
	return nil, treq.authenticated, treq.err
	})
	if got, want := (err != nil), treq.wantErr; got != want {
	t.Errorf("Unexpected error. got=%v, want=%v, err=%v", got, want, err)
	}
	if got, want := ok, treq.wantAuthenticated; got != want {
	t.Errorf("Unexpected authentication. got=%v, want=%v", got, want)
	}
	if got, want := resp, treq.wantResp; !reflect.DeepEqual(got, want) {
	t.Errorf("Unexpected response. diff:\n%v", diff.ObjectGoPrintDiff(got, want))
	}
	})
	}
	}
	})
	}
	}