-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Copy pathclientsv1_test.go
129 lines (114 loc) · 3.7 KB
/
clientsv1_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/*
* Teleport
* Copyright (C) 2023 Gravitational, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package awsoidc
import (
"context"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/google/uuid"
"github.com/gravitational/trace"
"github.com/stretchr/testify/require"
"github.com/gravitational/teleport/api/types"
)
type mockIntegrationsTokenGenerator struct {
proxies []types.Server
integrations map[string]types.Integration
tokenCallsCount int
}
// GetIntegration returns the specified integration resources.
func (m *mockIntegrationsTokenGenerator) GetIntegration(ctx context.Context, name string) (types.Integration, error) {
if ig, found := m.integrations[name]; found {
return ig, nil
}
return nil, trace.NotFound("integration not found")
}
// GetProxies returns a list of registered proxies.
func (m *mockIntegrationsTokenGenerator) GetProxies() ([]types.Server, error) {
return m.proxies, nil
}
// GenerateAWSOIDCToken generates a token to be used to execute an AWS OIDC Integration action.
func (m *mockIntegrationsTokenGenerator) GenerateAWSOIDCToken(ctx context.Context, integration string) (string, error) {
m.tokenCallsCount++
return uuid.NewString(), nil
}
func TestNewSessionV1(t *testing.T) {
ctx := context.Background()
dummyIntegration, err := types.NewIntegrationAWSOIDC(
types.Metadata{Name: "myawsintegration"},
&types.AWSOIDCIntegrationSpecV1{
RoleARN: "arn:aws:sts::123456789012:role/TestRole",
},
)
require.NoError(t, err)
dummyProxy, err := types.NewServer(
"proxy-123", types.KindProxy,
types.ServerSpecV2{
PublicAddrs: []string{"https://localhost:3080/"},
},
)
require.NoError(t, err)
for _, tt := range []struct {
name string
region string
integration string
tokenFetchCount int
expectedErr require.ErrorAssertionFunc
sessionValidator func(*testing.T, *session.Session)
}{
{
name: "valid",
region: "us-dummy-1",
integration: "myawsintegration",
expectedErr: require.NoError,
sessionValidator: func(t *testing.T, s *session.Session) {
require.Equal(t, aws.String("us-dummy-1"), s.Config.Region)
},
},
{
name: "valid with empty region",
region: "",
integration: "myawsintegration",
expectedErr: require.NoError,
sessionValidator: func(t *testing.T, s *session.Session) {
require.Equal(t, "", aws.StringValue(s.Config.Region))
},
},
{
name: "not found error when integration is missing",
region: "us-dummy-1",
integration: "not-found",
expectedErr: notFoundCheck,
},
} {
t.Run(tt.name, func(t *testing.T) {
mockTokenGenertor := &mockIntegrationsTokenGenerator{
proxies: []types.Server{dummyProxy},
integrations: map[string]types.Integration{
dummyIntegration.GetName(): dummyIntegration,
},
}
awsSessionOut, err := NewSessionV1(ctx, mockTokenGenertor, tt.region, tt.integration)
tt.expectedErr(t, err)
if tt.sessionValidator != nil {
tt.sessionValidator(t, awsSessionOut)
}
require.Zero(t, tt.tokenFetchCount)
})
}
}