File: client_test.go

package info (click to toggle)
golang-github-canonical-candid 1.12.3-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 3,016 kB
  • sloc: python: 1,903; sh: 235; makefile: 81
file content (96 lines) | stat: -rw-r--r-- 3,025 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
package candidclient_test

import (
	"context"
	"sort"
	"testing"

	qt "github.com/frankban/quicktest"
	"github.com/go-macaroon-bakery/macaroon-bakery/v3/bakery"
	"github.com/go-macaroon-bakery/macaroon-bakery/v3/bakery/identchecker"
	"github.com/go-macaroon-bakery/macaroon-bakery/v3/httpbakery"
	"gopkg.in/errgo.v1"

	"github.com/canonical/candid/candidclient"
	"github.com/canonical/candid/candidtest"
)

func TestIdentityClient(t *testing.T) {
	c := qt.New(t)
	defer c.Done()
	srv := candidtest.NewServer()
	srv.AddUser("bob", "alice", "charlie")
	testIdentityClient(c,
		srv.CandidClient("bob"),
		srv.Client("bob"),
		"bob", "bob", []string{"alice", "charlie"},
	)
}

func TestIdentityClientWithDomainStrip(t *testing.T) {
	c := qt.New(t)
	defer c.Done()
	srv := candidtest.NewServer()
	srv.AddUser("bob@usso", "alice@usso", "charlie@elsewhere")
	testIdentityClient(c,
		candidclient.StripDomain(srv.CandidClient("bob@usso"), "usso"),
		srv.Client("bob@usso"),
		"bob@usso", "bob", []string{"alice", "charlie@elsewhere"},
	)
}

func TestIdentityClientWithDomainStripNoDomains(t *testing.T) {
	c := qt.New(t)
	defer c.Done()
	srv := candidtest.NewServer()
	srv.AddUser("bob", "alice", "charlie")
	testIdentityClient(c,
		candidclient.StripDomain(srv.CandidClient("bob"), "usso"),
		srv.Client("bob"),
		"bob", "bob", []string{"alice", "charlie"},
	)
}

// testIdentityClient tests that the given identity client can be used to
// create a third party caveat that when discharged provides
// an Identity with the given id, user name and groups.
func testIdentityClient(c *qt.C, candidClient identchecker.IdentityClient, bclient *httpbakery.Client, expectId, expectUser string, expectGroups []string) {
	kr := httpbakery.NewThirdPartyLocator(nil, nil)
	kr.AllowInsecure()
	b := identchecker.NewBakery(identchecker.BakeryParams{
		Locator:        kr,
		Key:            bakery.MustGenerateKey(),
		IdentityClient: candidClient,
	})
	_, authErr := b.Checker.Auth().Allow(context.TODO(), identchecker.LoginOp)
	derr := errgo.Cause(authErr).(*bakery.DischargeRequiredError)

	m, err := b.Oven.NewMacaroon(context.TODO(), bakery.LatestVersion, derr.Caveats, derr.Ops...)
	c.Assert(err, qt.IsNil)

	ms, err := bclient.DischargeAll(context.TODO(), m)
	c.Assert(err, qt.IsNil)

	// Make sure that the macaroon discharged correctly and that it
	// has the right declared caveats.
	authInfo, err := b.Checker.Auth(ms).Allow(context.TODO(), identchecker.LoginOp)
	c.Assert(err, qt.IsNil)

	c.Assert(authInfo.Identity, qt.Not(qt.IsNil))
	c.Assert(authInfo.Identity.Id(), qt.Equals, expectId)
	c.Assert(authInfo.Identity.Domain(), qt.Equals, "")

	user := authInfo.Identity.(candidclient.Identity)

	u, err := user.Username()
	c.Assert(err, qt.IsNil)
	c.Assert(u, qt.Equals, expectUser)
	ok, err := user.Allow(context.TODO(), []string{expectGroups[0]})
	c.Assert(err, qt.IsNil)
	c.Assert(ok, qt.Equals, true)

	groups, err := user.Groups()
	c.Assert(err, qt.IsNil)
	sort.Strings(groups)
	c.Assert(groups, qt.DeepEquals, expectGroups)
}