Documentation ¶
Index ¶
- func RequireAuthCodeRegexpMatch(t *testing.T, actualContent string, wantRegexp string, ...)
- func VerifyECDSAIDToken(t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, ...) *coreosoidc.IDToken
- type ExchangeAuthcodeAndValidateTokenArgs
- type ExpectedUpstreamStateParamFormat
- type PasswordCredentialsGrantAndValidateTokensArgs
- type TestUpstreamLDAPIdentityProvider
- type TestUpstreamOIDCIdentityProvider
- func (u *TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant() bool
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, ...) (*oidctypes.Token, error)
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int
- func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL
- func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string
- func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string
- func (u *TestUpstreamOIDCIdentityProvider) GetName() string
- func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string
- func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string
- func (u *TestUpstreamOIDCIdentityProvider) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error)
- func (u *TestUpstreamOIDCIdentityProvider) ValidateToken(_ context.Context, _ *oauth2.Token, _ nonce.Nonce) (*oidctypes.Token, error)
- type TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) Build() *TestUpstreamOIDCIdentityProvider
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithAllowPasswordGrant(value bool) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithAuthorizationURL(value url.URL) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithClientID(value string) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithGroupsClaim(value string) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim(name string, value interface{}) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithName(value string) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithPasswordGrantError(err error) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithScopes(values []string) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithUpstreamAuthcodeExchangeError(err error) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithUsernameClaim(value string) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithoutGroupsClaim() *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithoutIDTokenClaim(claim string) *TestUpstreamOIDCIdentityProviderBuilder
- func (u *TestUpstreamOIDCIdentityProviderBuilder) WithoutUsernameClaim() *TestUpstreamOIDCIdentityProviderBuilder
- type UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) Build() provider.DynamicUpstreamIDPProvider
- func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens(t *testing.T, expectedPerformedByUpstreamName string, ...)
- func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens(t *testing.T, expectedPerformedByUpstreamName string, ...)
- func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens(t *testing.T)
- func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens(t *testing.T)
- func (b *UpstreamIDPListerBuilder) WithActiveDirectory(upstreamActiveDirectoryIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RequireAuthCodeRegexpMatch ¶ added in v0.10.0
func RequireAuthCodeRegexpMatch( t *testing.T, actualContent string, wantRegexp string, kubeClient *fake.Clientset, secretsClient v1.SecretInterface, oauthStore fositestoragei.AllFositeStorage, wantDownstreamGrantedScopes []string, wantDownstreamIDTokenSubject string, wantDownstreamIDTokenUsername string, wantDownstreamIDTokenGroups []string, wantDownstreamRequestedScopes []string, wantDownstreamPKCEChallenge string, wantDownstreamPKCEChallengeMethod string, wantDownstreamNonce string, wantDownstreamClientID string, wantDownstreamRedirectURI string, )
func VerifyECDSAIDToken ¶
func VerifyECDSAIDToken( t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, idToken string, ) *coreosoidc.IDToken
VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.
Further validation can be done via callers via the returned coreosoidc.IDToken.
Types ¶
type ExchangeAuthcodeAndValidateTokenArgs ¶
type ExchangeAuthcodeAndValidateTokenArgs struct { Ctx context.Context Authcode string PKCECodeVerifier pkce.Code ExpectedIDTokenNonce nonce.Nonce RedirectURI string }
ExchangeAuthcodeAndValidateTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().
type ExpectedUpstreamStateParamFormat ¶
type ExpectedUpstreamStateParamFormat struct { P string `json:"p"` U string `json:"u"` N string `json:"n"` C string `json:"c"` K string `json:"k"` V string `json:"v"` }
Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.
type PasswordCredentialsGrantAndValidateTokensArgs ¶ added in v0.11.0
type PasswordCredentialsGrantAndValidateTokensArgs struct { Ctx context.Context Username string Password string }
PasswordCredentialsGrantAndValidateTokensArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.PasswordCredentialsGrantAndValidateTokensFunc().
type TestUpstreamLDAPIdentityProvider ¶
type TestUpstreamLDAPIdentityProvider struct { Name string URL *url.URL AuthenticateFunc func(ctx context.Context, username, password string) (*authenticator.Response, bool, error) }
func (*TestUpstreamLDAPIdentityProvider) AuthenticateUser ¶
func (u *TestUpstreamLDAPIdentityProvider) AuthenticateUser(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
func (*TestUpstreamLDAPIdentityProvider) GetName ¶
func (u *TestUpstreamLDAPIdentityProvider) GetName() string
func (*TestUpstreamLDAPIdentityProvider) GetURL ¶
func (u *TestUpstreamLDAPIdentityProvider) GetURL() *url.URL
type TestUpstreamOIDCIdentityProvider ¶
type TestUpstreamOIDCIdentityProvider struct { Name string ClientID string AuthorizationURL url.URL UsernameClaim string GroupsClaim string Scopes []string AllowPasswordGrant bool ExchangeAuthcodeAndValidateTokensFunc func( ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, expectedIDTokenNonce nonce.Nonce, ) (*oidctypes.Token, error) PasswordCredentialsGrantAndValidateTokensFunc func( ctx context.Context, username string, password string, ) (*oidctypes.Token, error) // contains filtered or unexported fields }
func (*TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant() bool
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens ¶
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs ¶
func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount ¶
func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int
func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL ¶
func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL
func (*TestUpstreamOIDCIdentityProvider) GetClientID ¶
func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string
func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim ¶
func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string
func (*TestUpstreamOIDCIdentityProvider) GetName ¶
func (u *TestUpstreamOIDCIdentityProvider) GetName() string
func (*TestUpstreamOIDCIdentityProvider) GetScopes ¶
func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string
func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim ¶
func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string
func (*TestUpstreamOIDCIdentityProvider) PasswordCredentialsGrantAndValidateTokens ¶ added in v0.11.0
type TestUpstreamOIDCIdentityProviderBuilder ¶ added in v0.11.0
type TestUpstreamOIDCIdentityProviderBuilder struct {
// contains filtered or unexported fields
}
func NewTestUpstreamOIDCIdentityProviderBuilder ¶ added in v0.11.0
func NewTestUpstreamOIDCIdentityProviderBuilder() *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) Build ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) Build() *TestUpstreamOIDCIdentityProvider
func (*TestUpstreamOIDCIdentityProviderBuilder) WithAllowPasswordGrant ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithAllowPasswordGrant(value bool) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithAuthorizationURL ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithAuthorizationURL(value url.URL) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithClientID ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithClientID(value string) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithGroupsClaim ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithGroupsClaim(value string) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim(name string, value interface{}) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithName ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithName(value string) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithPasswordGrantError ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithPasswordGrantError(err error) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithScopes ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithScopes(values []string) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithUpstreamAuthcodeExchangeError ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithUpstreamAuthcodeExchangeError(err error) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithUsernameClaim ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithUsernameClaim(value string) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutGroupsClaim ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithoutGroupsClaim() *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutIDTokenClaim ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithoutIDTokenClaim(claim string) *TestUpstreamOIDCIdentityProviderBuilder
func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutUsernameClaim ¶ added in v0.11.0
func (u *TestUpstreamOIDCIdentityProviderBuilder) WithoutUsernameClaim() *TestUpstreamOIDCIdentityProviderBuilder
type UpstreamIDPListerBuilder ¶
type UpstreamIDPListerBuilder struct {
// contains filtered or unexported fields
}
func NewUpstreamIDPListerBuilder ¶
func NewUpstreamIDPListerBuilder() *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) Build ¶
func (b *UpstreamIDPListerBuilder) Build() provider.DynamicUpstreamIDPProvider
func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens ¶ added in v0.11.0
func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens( t *testing.T, expectedPerformedByUpstreamName string, expectedArgs *ExchangeAuthcodeAndValidateTokenArgs, )
func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens ¶ added in v0.11.0
func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens( t *testing.T, expectedPerformedByUpstreamName string, expectedArgs *PasswordCredentialsGrantAndValidateTokensArgs, )
func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens ¶ added in v0.11.0
func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens(t *testing.T)
func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens ¶ added in v0.11.0
func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens(t *testing.T)
func (*UpstreamIDPListerBuilder) WithActiveDirectory ¶ added in v0.11.0
func (b *UpstreamIDPListerBuilder) WithActiveDirectory(upstreamActiveDirectoryIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) WithLDAP ¶
func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) WithOIDC ¶
func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder