mirrors/omni
1
0
Fork 0
mirror of https://github.com/siderolabs/omni.git synced 2025-08-08 10:37:00 +02:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
dfcbaae7d0
omni/internal/backend/k8sproxy/jwt_test.go
Andrey Smirnov dfcbaae7d0
chore: initial commit 
Omni is source-available under BUSL.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Co-Authored-By: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Co-Authored-By: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Co-Authored-By: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Co-Authored-By: Philipp Sauter <philipp.sauter@siderolabs.com>
Co-Authored-By: Noel Georgi <git@frezbo.dev>
Co-Authored-By: evgeniybryzh <evgeniybryzh@gmail.com>
Co-Authored-By: Tim Jones <tim.jones@siderolabs.com>
Co-Authored-By: Andrew Rynhard <andrew@rynhard.io>
Co-Authored-By: Spencer Smith <spencer.smith@talos-systems.com>
Co-Authored-By: Christian Rolland <christian.rolland@siderolabs.com>
Co-Authored-By: Gerard de Leeuw <gdeleeuw@leeuwit.nl>
Co-Authored-By: Steve Francis <67986293+steverfrancis@users.noreply.github.com>
Co-Authored-By: Volodymyr Mazurets <volodymyrmazureets@gmail.com>
2024-02-29 17:19:57 +04:00

133 lines
3.3 KiB
Go
Raw Blame History

// Copyright (c) 2024 Sidero Labs, Inc.
//
// Use of this software is governed by the Business Source License
// included in the LICENSE file.
package k8sproxy_test
import (
"testing"
"time"
"github.com/golang-jwt/jwt/v4"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/siderolabs/omni/internal/backend/k8sproxy"
)
func TestJWTValidation(t *testing.T) {
for _, tt := range []struct { //nolint:govet
name string
claims k8sproxy.Claims
expectedErrorContains string
}{
{
name: "missing-subject",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "",
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
},
Cluster: "cluster-a",
Groups: []string{"group-a"},
},
expectedErrorContains: "subject is empty",
},
{
name: "missing-cluster",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "subject-a",
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
},
Cluster: "",
Groups: []string{"group-a"},
},
expectedErrorContains: "cluster is empty",
},
{
name: "missing-expiration",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "subject-a",
ExpiresAt: nil,
},
Cluster: "cluster-a",
Groups: []string{"group-a"},
},
expectedErrorContains: "expiration is empty",
},
{
name: "no-groups",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "subject-a",
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
},
Cluster: "cluster-a",
Groups: []string{},
},
expectedErrorContains: "groups is empty",
},
{
name: "expired",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "subject-a",
ExpiresAt: jwt.NewNumericDate(time.Now().Add(-time.Hour)),
},
Cluster: "cluster-a",
Groups: []string{"group-a"},
},
expectedErrorContains: "token is expired by",
},
{
name: "not-yet-valid",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "subject-a",
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
NotBefore: jwt.NewNumericDate(time.Now().Add(time.Hour)),
},
Cluster: "cluster-a",
Groups: []string{"group-a"},
},
expectedErrorContains: "token is not valid yet",
},
{
name: "valid",
claims: k8sproxy.Claims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "issuer",
Subject: "subject-a",
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
NotBefore: jwt.NewNumericDate(time.Now().Add(-time.Hour)),
},
Cluster: "cluster-a",
Groups: []string{"group-a"},
},
expectedErrorContains: "",
},
} {
t.Run(tt.name, func(t *testing.T) {
err := tt.claims.Valid()
if tt.expectedErrorContains != "" {
var validationError *jwt.ValidationError
require.ErrorAs(t, err, &validationError)
assert.ErrorContains(t, validationError, tt.expectedErrorContains)
} else {
require.NoError(t, err)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink