open-nomad/lib/auth/identity_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package auth

import (
	"testing"

	"github.com/shoenig/test/must"

	"github.com/hashicorp/nomad/ci"
	"github.com/hashicorp/nomad/nomad/structs"
)

func Test_NewIdentity(t *testing.T) {
	ci.Parallel(t)

	testCases := []struct {
		name                   string
		inputAuthMethodConfig  *structs.ACLAuthMethodConfig
		inputAuthClaims        *structs.ACLAuthClaims
		expectedOutputIdentity *Identity
	}{
		{
			name: "identity with claims",
			inputAuthMethodConfig: &structs.ACLAuthMethodConfig{
				ClaimMappings:     map[string]string{"http://nomad.internal/username": "username"},
				ListClaimMappings: map[string]string{"http://nomad.internal/roles": "roles"},
			},
			inputAuthClaims: &structs.ACLAuthClaims{
				Value: map[string]string{"username": "jrasell"},
				List:  map[string][]string{"roles": {"engineering"}},
			},
			expectedOutputIdentity: &Identity{
				Claims: &structs.ACLAuthClaims{
					Value: map[string]string{"username": "jrasell"},
					List:  map[string][]string{"roles": {"engineering"}},
				},
				ClaimMappings: map[string]string{"value.username": "jrasell"},
			},
		},
		{
			name: "identity without claims",
			inputAuthMethodConfig: &structs.ACLAuthMethodConfig{
				ClaimMappings:     map[string]string{"http://nomad.internal/username": "username"},
				ListClaimMappings: map[string]string{"http://nomad.internal/roles": "roles"},
			},
			inputAuthClaims: &structs.ACLAuthClaims{
				Value: map[string]string{"username": ""},
				List:  map[string][]string{"roles": {""}},
			},
			expectedOutputIdentity: &Identity{
				Claims: &structs.ACLAuthClaims{
					Value: map[string]string{"username": ""},
					List:  map[string][]string{"roles": {""}},
				},
				ClaimMappings: map[string]string{"value.username": ""},
			},
		},
	}

	for _, tc := range testCases {
		t.Run(tc.name, func(t *testing.T) {
			actualOutput := NewIdentity(tc.inputAuthMethodConfig, tc.inputAuthClaims)
			must.Eq(t, tc.expectedOutputIdentity, actualOutput)
		})
	}
}
[COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

acl: RPC endpoints for JWT auth (#15918) 2023-03-16 13:50:20 +00:00			`package auth`
lib: add OIDC provider cache and callback server. The OIDC provider cache is used by the RPC handler as the OIDC implementation keeps long lived processes running. These process include connections to the remote OIDC provider. The Callback server is used by the CLI and starts when the login command is triggered. This callback server includes success HTML which is displayed when the user successfully logs into the remote OIDC provider. 2023-01-13 13:14:50 +00:00
			`import (`
			`"testing"`

acl: RPC endpoints for JWT auth (#15918) 2023-03-16 13:50:20 +00:00			`"github.com/shoenig/test/must"`

lib: add OIDC provider cache and callback server. The OIDC provider cache is used by the RPC handler as the OIDC implementation keeps long lived processes running. These process include connections to the remote OIDC provider. The Callback server is used by the CLI and starts when the login command is triggered. This callback server includes success HTML which is displayed when the user successfully logs into the remote OIDC provider. 2023-01-13 13:14:50 +00:00			`"github.com/hashicorp/nomad/ci"`
			`"github.com/hashicorp/nomad/nomad/structs"`
			`)`

			`func Test_NewIdentity(t *testing.T) {`
			`ci.Parallel(t)`

			`testCases := []struct {`
			`name string`
			`inputAuthMethodConfig *structs.ACLAuthMethodConfig`
			`inputAuthClaims *structs.ACLAuthClaims`
			`expectedOutputIdentity *Identity`
			`}{`
			`{`
			`name: "identity with claims",`
			`inputAuthMethodConfig: &structs.ACLAuthMethodConfig{`
			`ClaimMappings: map[string]string{"http://nomad.internal/username": "username"},`
			`ListClaimMappings: map[string]string{"http://nomad.internal/roles": "roles"},`
			`},`
			`inputAuthClaims: &structs.ACLAuthClaims{`
			`Value: map[string]string{"username": "jrasell"},`
			`List: map[string][]string{"roles": {"engineering"}},`
			`},`
			`expectedOutputIdentity: &Identity{`
			`Claims: &structs.ACLAuthClaims{`
			`Value: map[string]string{"username": "jrasell"},`
			`List: map[string][]string{"roles": {"engineering"}},`
			`},`
			`ClaimMappings: map[string]string{"value.username": "jrasell"},`
			`},`
			`},`
			`{`
			`name: "identity without claims",`
			`inputAuthMethodConfig: &structs.ACLAuthMethodConfig{`
			`ClaimMappings: map[string]string{"http://nomad.internal/username": "username"},`
			`ListClaimMappings: map[string]string{"http://nomad.internal/roles": "roles"},`
			`},`
			`inputAuthClaims: &structs.ACLAuthClaims{`
			`Value: map[string]string{"username": ""},`
			`List: map[string][]string{"roles": {""}},`
			`},`
			`expectedOutputIdentity: &Identity{`
			`Claims: &structs.ACLAuthClaims{`
			`Value: map[string]string{"username": ""},`
			`List: map[string][]string{"roles": {""}},`
			`},`
			`ClaimMappings: map[string]string{"value.username": ""},`
			`},`
			`},`
			`}`

			`for _, tc := range testCases {`
			`t.Run(tc.name, func(t *testing.T) {`
			`actualOutput := NewIdentity(tc.inputAuthMethodConfig, tc.inputAuthClaims)`
			`must.Eq(t, tc.expectedOutputIdentity, actualOutput)`
			`})`
			`}`
			`}`