Skip to content

Commit edfb69f

Browse files
4gust4gust
committed
Update managedidentity_test.go
Updated test to have more readable
1 parent b8bcc3a commit edfb69f

File tree

1 file changed

+141
-126
lines changed

1 file changed

+141
-126
lines changed

apps/managedidentity/managedidentity_test.go

Lines changed: 141 additions & 126 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ import (
1010
"net/url"
1111
"os"
1212
"path/filepath"
13-
"runtime"
1413
"strings"
1514
"testing"
1615
"time"
@@ -331,124 +330,35 @@ func TestIMDSAcquireTokenReturnsTokenSuccess(t *testing.T) {
331330
}
332331
}
333332

334-
func TestAzureArcAcquireTokenReturnsToken(t *testing.T) {
333+
func TestAzureArc(t *testing.T) {
335334
testCaseFilePath := getMockFilePath(t)
336-
type ArcRequest struct {
337-
name string
338-
headers map[string]string
339-
expectedError string
340-
platform string
341-
createMockFile bool
342-
shouldFail bool
343-
}
344335
testCases := []struct {
345-
resource string
346-
miType ID
347-
request ArcRequest
336+
name string
337+
headers map[string]string
348338
}{
349-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
350-
name: "No www-authenticate header",
351-
headers: map[string]string{},
352-
expectedError: "response has no www-authenticate header",
353-
platform: runtime.GOOS,
354-
shouldFail: true,
355-
}},
356-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
357-
name: "Basic realm= not found",
358-
headers: map[string]string{wwwAuthenticateHeaderName: "Basic "},
359-
expectedError: "basic realm= not found in the string, instead found: Basic ",
360-
platform: runtime.GOOS,
361-
shouldFail: true,
362-
}},
363-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
364-
name: "Platform not supported",
365-
headers: map[string]string{wwwAuthenticateHeaderName: "Basic realm=/path/to/secret.key"},
366-
expectedError: "platform not supported, expected linux or windows",
367-
platform: "freebsd",
368-
shouldFail: true,
369-
}},
370-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
371-
name: "Invalid file extension",
372-
headers: map[string]string{wwwAuthenticateHeaderName: "Basic realm=/path/to/secret.txt"},
373-
expectedError: "invalid file extension, expected .key, got .txt",
374-
platform: runtime.GOOS,
375-
createMockFile: true,
376-
shouldFail: true,
377-
}},
378-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
379-
name: "Invalid file path",
380-
headers: map[string]string{wwwAuthenticateHeaderName: "Basic realm=" + filepath.Join("path", "to", "secret.key")},
381-
expectedError: "invalid file path, expected " + testCaseFilePath + ", got " + filepath.Join("path", "to"),
382-
platform: runtime.GOOS,
383-
createMockFile: true,
384-
shouldFail: true,
385-
}},
386-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
387-
name: "Unable to get file info",
388-
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, wrongSecretKey)},
389-
expectedError: func() string {
390-
if runtime.GOOS == "windows" {
391-
return "failed to get metadata for " + filepath.Join(testCaseFilePath, wrongSecretKey) + " due to error: CreateFile " + filepath.Join(testCaseFilePath, wrongSecretKey) + ": The system cannot find the file specified."
392-
}
393-
return "failed to get metadata for " + filepath.Join(testCaseFilePath, wrongSecretKey) + " due to error: stat " + filepath.Join(testCaseFilePath, wrongSecretKey) + ": no such file or directory"
394-
}(),
395-
platform: runtime.GOOS,
396-
createMockFile: true,
397-
shouldFail: true,
398-
}},
399-
{resource: resource, miType: SystemAssigned(), request: ArcRequest{
400-
name: "Invalid secret file size",
401-
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, secretKey)},
402-
expectedError: "invalid secret file size, expected 4096, file size was 5000",
403-
platform: runtime.GOOS,
404-
createMockFile: true,
405-
shouldFail: true,
406-
}},
407-
{resource: resourceDefaultSuffix, miType: SystemAssigned(),
408-
request: ArcRequest{
409-
name: "success",
410-
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, secretKey)},
411-
expectedError: "",
412-
platform: runtime.GOOS,
413-
createMockFile: true,
414-
shouldFail: false,
415-
}},
416-
{resource: resourceDefaultSuffix, miType: UserAssignedClientID("Clientid"),
417-
request: ArcRequest{
418-
name: "Platform not supported",
419-
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, secretKey)},
420-
expectedError: "azure Arc doesn't support user assigned managed identities",
421-
platform: runtime.GOOS,
422-
createMockFile: true,
423-
shouldFail: true,
424-
}},
339+
{
340+
name: "Arc success",
341+
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, secretKey)},
342+
},
425343
}
426344

427345
for _, testCase := range testCases {
428-
t.Run(string(testCase.request.name)+"-"+testCase.miType.value(), func(t *testing.T) {
429-
source := AzureArc
346+
t.Run(testCase.name, func(t *testing.T) {
430347
endpoint := azureArcEndpoint
431348
unsetEnvVars(t)
432-
setEnvVars(t, source)
349+
setEnvVars(t, AzureArc)
433350
setCustomAzureArcFilePath(t, fakeAzureArcFilePath)
434351

435352
var localUrl *url.URL
436353
mockClient := mock.Client{}
437354

438355
mockFilePath := filepath.Join(testCaseFilePath, secretKey)
439-
if testCase.request.platform == "freebsd" {
440-
setCustomAzureArcPlatformPath(t, "")
441-
} else {
442-
setCustomAzureArcPlatformPath(t, testCaseFilePath)
443-
}
444-
if testCase.request.name == "Invalid secret file size" {
445-
createMockFile(t, mockFilePath, 5000)
446-
} else {
447-
createMockFile(t, mockFilePath, 0)
448-
}
356+
setCustomAzureArcPlatformPath(t, testCaseFilePath)
357+
358+
createMockFile(t, mockFilePath, 0)
449359

450360
headers := http.Header{}
451-
for k, v := range testCase.request.headers {
361+
for k, v := range testCase.headers {
452362
headers.Set(k, v)
453363
}
454364
mockClient.AppendResponse(mock.WithHTTPStatusCode(http.StatusUnauthorized),
@@ -461,7 +371,7 @@ func TestAzureArcAcquireTokenReturnsToken(t *testing.T) {
461371
if err != nil {
462372
t.Fatalf(errorFormingJsonResponse, err.Error())
463373
}
464-
374+
// adding success response.
465375
mockClient.AppendResponse(mock.WithHTTPStatusCode(http.StatusOK), mock.WithHTTPHeader(headers),
466376
mock.WithBody(responseBody), mock.WithCallback(func(r *http.Request) {
467377
localUrl = r.URL
@@ -472,27 +382,13 @@ func TestAzureArcAcquireTokenReturnsToken(t *testing.T) {
472382
defer func() { cacheManager = before }()
473383
cacheManager = storage.New(nil)
474384

475-
client, err := New(testCase.miType, WithHTTPClient(&mockClient))
385+
client, err := New(SystemAssigned(), WithHTTPClient(&mockClient))
476386
if err != nil {
477-
if testCase.request.shouldFail {
478-
if err.Error() != testCase.request.expectedError {
479-
t.Fatalf(`expected error: "%v" got error: "%v"`, testCase.request.expectedError, err)
480-
}
481-
return
482-
} else {
483-
t.Fatal(err)
484-
}
485-
}
486-
result, err := client.AcquireToken(context.Background(), testCase.resource)
487-
488-
if testCase.request.shouldFail {
489-
if err == nil || err.Error() != testCase.request.expectedError {
490-
t.Fatalf(`expected error: "%v" got error: "%v"`, testCase.request.expectedError, err)
491-
}
492-
return
387+
t.Fatalf(`error not expected, got error: "%s"`, err)
493388
}
389+
result, err := client.AcquireToken(context.Background(), resource)
494390
if err != nil {
495-
t.Fatal(err)
391+
t.Fatalf(`error not expected, got error: "%s"`, err)
496392
}
497393

498394
if localUrl == nil || !strings.HasPrefix(localUrl.String(), endpoint) {
@@ -504,7 +400,7 @@ func TestAzureArcAcquireTokenReturnsToken(t *testing.T) {
504400
if query.Get(apiVersionQueryParameterName) != azureArcAPIVersion {
505401
t.Fatalf("api-version not on %s got %s", azureArcAPIVersion, query.Get(apiVersionQueryParameterName))
506402
}
507-
if query.Get(resourceQueryParameterName) != strings.TrimSuffix(testCase.resource, "/.default") {
403+
if query.Get(resourceQueryParameterName) != strings.TrimSuffix(resource, "/.default") {
508404
t.Fatal("suffix /.default was not removed.")
509405
}
510406
if result.Metadata.TokenSource != base.IdentityProvider {
@@ -513,18 +409,18 @@ func TestAzureArcAcquireTokenReturnsToken(t *testing.T) {
513409
if result.AccessToken != token {
514410
t.Fatalf("wanted %q, got %q", token, result.AccessToken)
515411
}
516-
result, err = client.AcquireToken(context.Background(), testCase.resource)
412+
result, err = client.AcquireToken(context.Background(), resource)
517413
if err != nil {
518414
t.Fatal(err)
519415
}
520416
if result.Metadata.TokenSource != base.Cache {
521417
t.Fatalf("wanted cache token source, got %d", result.Metadata.TokenSource)
522418
}
523-
secondFakeClient, err := New(testCase.miType, WithHTTPClient(&mockClient))
419+
secondFakeClient, err := New(SystemAssigned(), WithHTTPClient(&mockClient))
524420
if err != nil {
525421
t.Fatal(err)
526422
}
527-
result, err = secondFakeClient.AcquireToken(context.Background(), testCase.resource)
423+
result, err = secondFakeClient.AcquireToken(context.Background(), resource)
528424
if err != nil {
529425
t.Fatal(err)
530426
}
@@ -533,6 +429,125 @@ func TestAzureArcAcquireTokenReturnsToken(t *testing.T) {
533429
}
534430
})
535431
}
432+
433+
}
434+
435+
func TestAzureArcErrors(t *testing.T) {
436+
testCaseFilePath := getMockFilePath(t)
437+
testCases := []struct {
438+
name string
439+
headers map[string]string
440+
expectedError string
441+
}{
442+
{
443+
name: "No www-authenticate header",
444+
headers: map[string]string{},
445+
expectedError: "response has no www-authenticate header",
446+
},
447+
{
448+
name: "Basic realm= not found",
449+
headers: map[string]string{wwwAuthenticateHeaderName: "Basic "},
450+
expectedError: "basic realm= not found in the string, instead found: Basic ",
451+
},
452+
{
453+
name: "Platform not supported",
454+
headers: map[string]string{wwwAuthenticateHeaderName: "Basic realm=/path/to/secret.key"},
455+
expectedError: "platform not supported, expected linux or windows",
456+
},
457+
{
458+
name: "Invalid file extension",
459+
headers: map[string]string{wwwAuthenticateHeaderName: "Basic realm=/path/to/secret.txt"},
460+
expectedError: "invalid file extension, expected .key, got .txt",
461+
},
462+
{
463+
name: "Invalid file path",
464+
headers: map[string]string{wwwAuthenticateHeaderName: "Basic realm=" + filepath.Join("path", "to", "secret.key")},
465+
expectedError: "invalid file path, expected " + testCaseFilePath + ", got " + filepath.Join("path", "to"),
466+
},
467+
{
468+
name: "Unable to get file info",
469+
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, wrongSecretKey)},
470+
expectedError: "failed to get metadata",
471+
},
472+
{
473+
name: "Invalid secret file size",
474+
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, secretKey)},
475+
expectedError: "invalid secret file size, expected 4096, file size was 5000",
476+
},
477+
{
478+
name: "Only System Assigned is supported",
479+
headers: map[string]string{wwwAuthenticateHeaderName: basicRealm + filepath.Join(testCaseFilePath, secretKey)},
480+
expectedError: "azure Arc doesn't support user assigned managed identities",
481+
},
482+
}
483+
484+
for _, testCase := range testCases {
485+
t.Run(string(testCase.name), func(t *testing.T) {
486+
unsetEnvVars(t)
487+
setEnvVars(t, AzureArc)
488+
setCustomAzureArcFilePath(t, fakeAzureArcFilePath)
489+
mockClient := mock.Client{}
490+
491+
mockFilePath := filepath.Join(testCaseFilePath, secretKey)
492+
if testCase.name == "Platform not supported" {
493+
setCustomAzureArcPlatformPath(t, "")
494+
} else {
495+
setCustomAzureArcPlatformPath(t, testCaseFilePath)
496+
}
497+
if testCase.name == "Invalid secret file size" {
498+
createMockFile(t, mockFilePath, 5000)
499+
} else {
500+
createMockFile(t, mockFilePath, 0)
501+
}
502+
503+
headers := http.Header{}
504+
for k, v := range testCase.headers {
505+
headers.Set(k, v)
506+
}
507+
mockClient.AppendResponse(mock.WithHTTPStatusCode(http.StatusUnauthorized),
508+
mock.WithHTTPHeader(headers),
509+
)
510+
511+
responseBody, err := getSuccessfulResponse(resource)
512+
if err != nil {
513+
t.Fatalf(errorFormingJsonResponse, err.Error())
514+
}
515+
516+
mockClient.AppendResponse(mock.WithHTTPStatusCode(http.StatusOK), mock.WithHTTPHeader(headers),
517+
mock.WithBody(responseBody))
518+
519+
// resetting cache
520+
before := cacheManager
521+
defer func() { cacheManager = before }()
522+
cacheManager = storage.New(nil)
523+
if testCase.name == "Only System Assigned is supported" {
524+
_, err := New(UserAssignedClientID("SampleClientID"), WithHTTPClient(&mockClient))
525+
if err != nil {
526+
if err.Error() != testCase.expectedError {
527+
t.Fatalf(`expected error: "%v" got error: "%v"`, testCase.expectedError, err)
528+
}
529+
return
530+
} else {
531+
t.Fatalf(`expected error: "%v" "`, testCase.expectedError)
532+
}
533+
} else {
534+
client, err := New(SystemAssigned(), WithHTTPClient(&mockClient))
535+
if err != nil {
536+
t.Fatalf(`expected error: "%v" "`, testCase.expectedError)
537+
return
538+
}
539+
result, err := client.AcquireToken(context.Background(), resource)
540+
if err == nil || !strings.Contains(err.Error(), testCase.expectedError) {
541+
t.Fatalf(`expected error: "%v" got error: "%v"`, testCase.expectedError, err)
542+
543+
}
544+
if result.AccessToken != "" {
545+
t.Fatalf("access token should be empty")
546+
}
547+
}
548+
549+
})
550+
}
536551
}
537552

538553
func TestSystemAssignedReturnsAcquireTokenFailure(t *testing.T) {

0 commit comments

Comments
 (0)