Google Git
Sign in
apache / dubbo-go-pixiu / de9f1befd6a6e38513ea5e704a5488ed608df7d5 / . / security / pkg / nodeagent / plugin / providers / google / stsclient / stsclient_test.go
blob: e7aa9340dec4609c33e7b0a3f21b4065ebb23aab [file] [log] [blame]
// Copyright Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package stsclient
import (
"errors"
"fmt"
"testing"
"time"
)
import (
"github.com/apache/dubbo-go-pixiu/pkg/test/util/retry"
"github.com/apache/dubbo-go-pixiu/security/pkg/monitoring"
"github.com/apache/dubbo-go-pixiu/security/pkg/nodeagent/util"
"github.com/apache/dubbo-go-pixiu/security/pkg/stsservice/tokenmanager/google/mock"
)
func TestGetFederatedToken(t *testing.T) {
GKEClusterURL = mock.FakeGKEClusterURL
r, err := NewSecureTokenServiceExchanger(nil, mock.FakeTrustDomain)
if err != nil {
t.Fatalf("failed to create a SecureTokenServiceExchanger: %v", err)
}
r.backoff = time.Millisecond
ms, err := mock.StartNewServer(t, mock.Config{Port: 0})
if err != nil {
t.Fatalf("failed to start a mock server: %v", err)
}
SecureTokenEndpoint = ms.URL + "/v1/token"
t.Cleanup(func() {
if err := ms.Stop(); err != nil {
t.Logf("failed to stop mock server: %v", err)
}
SecureTokenEndpoint = "https://sts.googleapis.com/v1/token"
})
t.Run("exchange", func(t *testing.T) {
token, err := r.ExchangeToken(mock.FakeSubjectToken)
if err != nil {
t.Fatalf("failed to call exchange token %v", err)
}
if token != mock.FakeFederatedToken {
t.Errorf("Access token got %q, expected %q", token, mock.FakeFederatedToken)
}
})
t.Run("error", func(t *testing.T) {
ms.SetGenFedTokenError(errors.New("fake error"))
t.Cleanup(func() {
ms.SetGenFedTokenError(nil)
})
_, err := r.ExchangeToken(mock.FakeSubjectToken)
if err == nil {
t.Fatalf("expected error %v", err)
}
})
t.Run("retry", func(t *testing.T) {
monitoring.Reset()
ms.SetGenFedTokenError(errors.New("fake error"))
_, err := r.ExchangeToken(mock.FakeSubjectToken)
if err == nil {
t.Fatalf("expected error %v", err)
}
retry.UntilSuccessOrFail(t, func() error {
g, err := util.GetMetricsCounterValueWithTags("num_outgoing_retries", map[string]string{
"request_type": monitoring.TokenExchange,
})
if err != nil {
return err
}
if g <= 0 {
return fmt.Errorf("expected retries, got %v", g)
}
return nil
}, retry.Timeout(time.Second*5))
})
}