Documentation ¶
Index ¶
- func RequireAuthCodeRegexpMatch(t *testing.T, actualContent string, wantRegexp string, ...)
- func VerifyECDSAIDToken(t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, ...) *coreosoidc.IDToken
- type ExchangeAuthcodeAndValidateTokenArgs
- type ExpectedUpstreamStateParamFormat
- type TestUpstreamLDAPIdentityProvider
- type TestUpstreamOIDCIdentityProvider
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, ...) (*oidctypes.Token, error)
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int
- func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL
- func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string
- func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string
- func (u *TestUpstreamOIDCIdentityProvider) GetName() string
- func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string
- func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string
- func (u *TestUpstreamOIDCIdentityProvider) ValidateToken(_ context.Context, _ *oauth2.Token, _ nonce.Nonce) (*oidctypes.Token, error)
- type UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) Build() provider.DynamicUpstreamIDPProvider
- func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RequireAuthCodeRegexpMatch ¶
func RequireAuthCodeRegexpMatch( t *testing.T, actualContent string, wantRegexp string, kubeClient *fake.Clientset, secretsClient v1.SecretInterface, oauthStore fositestoragei.AllFositeStorage, wantDownstreamGrantedScopes []string, wantDownstreamIDTokenSubject string, wantDownstreamIDTokenUsername string, wantDownstreamIDTokenGroups []string, wantDownstreamRequestedScopes []string, wantDownstreamPKCEChallenge string, wantDownstreamPKCEChallengeMethod string, wantDownstreamNonce string, wantDownstreamClientID string, wantDownstreamRedirectURI string, )
func VerifyECDSAIDToken ¶
func VerifyECDSAIDToken( t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, idToken string, ) *coreosoidc.IDToken
VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.
Further validation can be done via callers via the returned coreosoidc.IDToken.
Types ¶
type ExchangeAuthcodeAndValidateTokenArgs ¶
type ExchangeAuthcodeAndValidateTokenArgs struct { Ctx context.Context Authcode string PKCECodeVerifier pkce.Code ExpectedIDTokenNonce nonce.Nonce RedirectURI string }
ExchangeAuthcodeAndValidateTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().
type ExpectedUpstreamStateParamFormat ¶
type ExpectedUpstreamStateParamFormat struct { P string `json:"p"` U string `json:"u"` N string `json:"n"` C string `json:"c"` K string `json:"k"` V string `json:"v"` }
Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.
type TestUpstreamLDAPIdentityProvider ¶
type TestUpstreamLDAPIdentityProvider struct { Name string URL *url.URL AuthenticateFunc func(ctx context.Context, username, password string) (*authenticator.Response, bool, error) }
func (*TestUpstreamLDAPIdentityProvider) AuthenticateUser ¶
func (u *TestUpstreamLDAPIdentityProvider) AuthenticateUser(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
func (*TestUpstreamLDAPIdentityProvider) GetName ¶
func (u *TestUpstreamLDAPIdentityProvider) GetName() string
func (*TestUpstreamLDAPIdentityProvider) GetURL ¶
func (u *TestUpstreamLDAPIdentityProvider) GetURL() *url.URL
type TestUpstreamOIDCIdentityProvider ¶
type TestUpstreamOIDCIdentityProvider struct { Name string ClientID string AuthorizationURL url.URL UsernameClaim string GroupsClaim string Scopes []string ExchangeAuthcodeAndValidateTokensFunc func( ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, expectedIDTokenNonce nonce.Nonce, ) (*oidctypes.Token, error) // contains filtered or unexported fields }
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens ¶
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs ¶
func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount ¶
func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int
func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL ¶
func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL
func (*TestUpstreamOIDCIdentityProvider) GetClientID ¶
func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string
func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim ¶
func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string
func (*TestUpstreamOIDCIdentityProvider) GetName ¶
func (u *TestUpstreamOIDCIdentityProvider) GetName() string
func (*TestUpstreamOIDCIdentityProvider) GetScopes ¶
func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string
func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim ¶
func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string
type UpstreamIDPListerBuilder ¶
type UpstreamIDPListerBuilder struct {
// contains filtered or unexported fields
}
func NewUpstreamIDPListerBuilder ¶
func NewUpstreamIDPListerBuilder() *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) Build ¶
func (b *UpstreamIDPListerBuilder) Build() provider.DynamicUpstreamIDPProvider
func (*UpstreamIDPListerBuilder) WithLDAP ¶
func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) WithOIDC ¶
func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder