Skip to content

Commit

Permalink
wip: done with tests
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Snaps <[email protected]>
  • Loading branch information
alexsnaps committed Sep 4, 2024
1 parent 6ff3e3c commit d8db1ec
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 60 deletions.
90 changes: 41 additions & 49 deletions controllers/auth_config_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"os"
"testing"

old "github.com/kuadrant/authorino/api/v1beta1"
api "github.com/kuadrant/authorino/api/v1beta2"
"github.com/kuadrant/authorino/pkg/evaluators"
"github.com/kuadrant/authorino/pkg/httptest"
Expand Down Expand Up @@ -41,64 +40,66 @@ func TestMain(m *testing.M) {
}

func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig {
spec := old.AuthConfigSpec{
spec := api.AuthConfigSpec{
Hosts: []string{"echo-api"},
Identity: []*old.Identity{
{
Name: "keycloak",
Oidc: &old.Identity_OidcConfig{
Endpoint: "http://127.0.0.1:9001/auth/realms/demo",
Authentication: map[string]api.AuthenticationSpec{
"keycloak": {
AuthenticationMethodSpec: api.AuthenticationMethodSpec{
Jwt: &api.JwtAuthenticationSpec{
IssuerUrl: "http://127.0.0.1:9001/auth/realms/demo",
},
},
ExtendedProperties: []old.ExtendedProperty{
{
JsonProperty: old.JsonProperty{
Name: "source",
Value: runtime.RawExtension{Raw: []byte(`"test"`)},
},
Defaults: map[string]api.ValueOrSelector{
"source": {
Value: runtime.RawExtension{Raw: []byte(`"test"`)},
},
},
},
},
Metadata: []*old.Metadata{
{
Name: "userinfo",
UserInfo: &old.Metadata_UserInfo{
IdentitySource: "keycloak",
Metadata: map[string]api.MetadataSpec{
"userinfo": {
MetadataMethodSpec: api.MetadataMethodSpec{
UserInfo: &api.UserInfoMetadataSpec{
IdentitySource: "keycloak",
},
},
},
{
Name: "resource-data",
UMA: &old.Metadata_UMA{
Endpoint: "http://127.0.0.1:9001/auth/realms/demo",
Credentials: &v1.LocalObjectReference{
Name: "secret",
"resource-data": {
MetadataMethodSpec: api.MetadataMethodSpec{
Uma: &api.UmaMetadataSpec{
Endpoint: "http://127.0.0.1:9001/auth/realms/demo",
Credentials: &v1.LocalObjectReference{
Name: "secret",
},
},
},
},
},
Authorization: []*old.Authorization{
{
Name: "main-policy",
OPA: &old.Authorization_OPA{
InlineRego: `
Authorization: map[string]api.AuthorizationSpec{
"main-policy": {
AuthorizationMethodSpec: api.AuthorizationMethodSpec{
Opa: &api.OpaAuthorizationSpec{
Rego: `
method = object.get(input.context.request.http, "method", "")
path = object.get(input.context.request.http, "path", "")
allow {
method == "GET"
path = "/allow"
}`,
},
},
},
{
Name: "some-extra-rules",
JSON: &old.Authorization_JSONPatternMatching{
Rules: []old.JSONPattern{
{
JSONPatternExpression: old.JSONPatternExpression{
Selector: "context.identity.role",
Operator: "eq",
Value: "admin",
"some-extra-rules": {
AuthorizationMethodSpec: api.AuthorizationMethodSpec{
PatternMatching: &api.PatternMatchingAuthorizationSpec{
Patterns: []api.PatternExpressionOrRef{
{
PatternExpression: api.PatternExpression{
Selector: "context.identity.role",
Operator: "eq",
Value: "admin",
},
},
},
},
Expand All @@ -109,23 +110,14 @@ func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig {
return api.AuthConfig{
TypeMeta: metav1.TypeMeta{
Kind: "AuthConfig",
APIVersion: "authorino.kuadrant.io/v1beta1",
APIVersion: "authorino.kuadrant.io/v1beta2",
},
ObjectMeta: metav1.ObjectMeta{
Name: "auth-config-1",
Namespace: "authorino",
Labels: authConfigLabels,
},
Spec: api.AuthConfigSpec{
Hosts: []string{"echo-api"},
NamedPatterns: nil,
Conditions: nil,
Authentication: nil,
Metadata: nil,
Authorization: nil,
Response: nil,
Callbacks: nil,
},
Spec: spec,
}
}

Expand Down
22 changes: 11 additions & 11 deletions controllers/auth_config_status_updater.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"sort"
"strings"

api "github.com/kuadrant/authorino/api/v1beta1"
api "github.com/kuadrant/authorino/api/v1beta2"
"github.com/kuadrant/authorino/pkg/log"
"github.com/kuadrant/authorino/pkg/utils"

Expand Down Expand Up @@ -105,11 +105,11 @@ func (u *AuthConfigStatusUpdater) SetupWithManager(mgr ctrl.Manager) error {
Complete(u)
}

func updateStatusConditions(currentConditions []api.Condition, newCondition api.Condition) ([]api.Condition, bool) {
func updateStatusConditions(currentConditions []api.AuthConfigStatusCondition, newCondition api.AuthConfigStatusCondition) ([]api.AuthConfigStatusCondition, bool) {
newCondition.LastTransitionTime = metav1.Now()

if currentConditions == nil {
return []api.Condition{newCondition}, true
return []api.AuthConfigStatusCondition{newCondition}, true
}

for i, condition := range currentConditions {
Expand All @@ -122,7 +122,7 @@ func updateStatusConditions(currentConditions []api.Condition, newCondition api.
newCondition.LastTransitionTime = condition.LastTransitionTime
}

res := make([]api.Condition, len(currentConditions))
res := make([]api.AuthConfigStatusCondition, len(currentConditions))
copy(res, currentConditions)
res[i] = newCondition
return res, true
Expand All @@ -143,7 +143,7 @@ func updateStatusAvailable(authConfig *api.AuthConfig, available bool) (changed
message = ""
}

authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.Condition{
authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.AuthConfigStatusCondition{
Type: api.StatusConditionAvailable,
Status: status,
Reason: reason,
Expand All @@ -164,7 +164,7 @@ func updateStatusReady(authConfig *api.AuthConfig, ready bool, reason, message s
reason = api.StatusReasonUnknown
}

authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.Condition{
authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.AuthConfigStatusCondition{
Type: api.StatusConditionReady,
Status: status,
Reason: reason,
Expand All @@ -181,14 +181,14 @@ func updateStatusSummary(authConfig *api.AuthConfig, newLinkedHosts []string) (c
newLinkedHosts = []string{}
}

new := api.Summary{
new := api.AuthConfigStatusSummary{
Ready: authConfig.Status.Ready(),
HostsReady: newLinkedHosts,
NumHostsReady: fmt.Sprintf("%d/%d", len(newLinkedHosts), len(authConfig.Spec.Hosts)),
NumIdentitySources: int64(len(authConfig.Spec.Identity)),
NumIdentitySources: int64(len(authConfig.Spec.Authentication)),
NumMetadataSources: int64(len(authConfig.Spec.Metadata)),
NumAuthorizationPolicies: int64(len(authConfig.Spec.Authorization)),
NumResponseItems: int64(len(authConfig.Spec.Response)),
NumResponseItems: int64(len(authConfig.Spec.Response.Success.DynamicMetadata) + len(authConfig.Spec.Response.Success.Headers)),
FestivalWristbandEnabled: issuingWristbands(authConfig),
}

Expand All @@ -213,8 +213,8 @@ func updateStatusSummary(authConfig *api.AuthConfig, newLinkedHosts []string) (c
}

func issuingWristbands(authConfig *api.AuthConfig) bool {
for _, responseConfig := range authConfig.Spec.Response {
if responseConfig.GetType() == api.ResponseWristband {
for _, responseConfig := range authConfig.Spec.Response.Success.DynamicMetadata {
if responseConfig.GetMethod() == api.WristbandAuthResponse {
return true
}
}
Expand Down

0 comments on commit d8db1ec

Please sign in to comment.