Documentation
¶
Overview ¶
Package admin0 exposes the mock's control-plane endpoints under /admin0/*.
These endpoints are NEVER authenticated — they're meant for test setup and teardown from outside the bearer-protected Mgmt API surface.
Index ¶
- Variables
- func Mount(r chi.Router, d Deps)
- type AdvanceClockHandler
- type DeleteAllPermissionsHandler
- type DeleteClaimsHandler
- type DeleteClockHandler
- type DeleteExpectationByIDHandler
- type DeleteExpectationsHandler
- type DeletePermissionsHandler
- type Deps
- type EventsPublisher
- type GetAllPermissionsHandler
- type GetClaimsHandler
- type GetClockHandler
- type GetEventSubscribersHandler
- type GetExpectationByIDHandler
- type GetMFARequiredHandler
- type GetPermissionsHandler
- type ListExpectationsHandler
- type PostEventsHandler
- type PostExpectationHandler
- type PutClaimsHandler
- type PutClockHandler
- type PutMFARequiredHandler
- type PutPermissionsHandler
- type ResetHandler
Constants ¶
This section is empty.
Variables ¶
var Fragment []byte
Fragment is the per-package OpenAPI 3.1 partial document describing every /admin0/* route registered in this package's Mount function. The genopenapi bundler merges it with the base Mgmt API spec to produce api/auth0-mock.openapi.json.
Functions ¶
Types ¶
type AdvanceClockHandler ¶ added in v0.227.0
type AdvanceClockHandler struct {
Clock *clock.Controlled
}
AdvanceClockHandler mutates the held value by `by`. Returns 400 invalid_clock_state when the clock is in real mode.
func (*AdvanceClockHandler) ServeHTTP ¶ added in v0.227.0
func (h *AdvanceClockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type DeleteAllPermissionsHandler ¶
type DeleteAllPermissionsHandler struct {
Store *permissions.Store
}
DeleteAllPermissionsHandler removes every audience's permissions.
func (*DeleteAllPermissionsHandler) ServeHTTP ¶
func (h *DeleteAllPermissionsHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request)
type DeleteClaimsHandler ¶
DeleteClaimsHandler clears every custom claim.
func (*DeleteClaimsHandler) ServeHTTP ¶
func (h *DeleteClaimsHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request)
type DeleteClockHandler ¶ added in v0.227.0
type DeleteClockHandler struct {
Clock *clock.Controlled
}
DeleteClockHandler restores the clock to real mode.
func (*DeleteClockHandler) ServeHTTP ¶ added in v0.227.0
func (h *DeleteClockHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request)
type DeleteExpectationByIDHandler ¶ added in v0.226.0
DeleteExpectationByIDHandler removes a single expectation by its store-assigned ID. The route is /admin0/expectations/{id}; chi extracts the id parameter. Idempotent — deleting an unknown id is a 204 no-op, same as the bulk DELETE on an unregistered operation.
func (*DeleteExpectationByIDHandler) ServeHTTP ¶ added in v0.226.0
func (h *DeleteExpectationByIDHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type DeleteExpectationsHandler ¶
DeleteExpectationsHandler clears expectations. An empty body clears all; a {method, path} body clears every expectation registered for that operation (the catch-all and every request-matched one).
Two intentional behaviours worth noting:
- An empty/whitespace-only body means "clear all". The read error from io.ReadAll is deliberately ignored: a failed or empty read falls through to ResetAll, which is a benign outcome for a teardown DELETE.
- Clearing an operation that was never registered is an idempotent no-op (returns 204). ResetEndpoint is documented as a no-op for unregistered keys, and DELETE intentionally does NOT validate {method, path} against the spec (unlike POST) because teardown should be forgiving.
func (*DeleteExpectationsHandler) ServeHTTP ¶
func (h *DeleteExpectationsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type DeletePermissionsHandler ¶
type DeletePermissionsHandler struct {
Store *permissions.Store
}
DeletePermissionsHandler clears the permissions for one audience.
func (*DeletePermissionsHandler) ServeHTTP ¶
func (h *DeletePermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Deps ¶
type Deps struct {
Matches *matches.Store
Claims *claims.Store
Permissions *permissions.Store
MFA *mfa.Store
Validator *spec.Validator
Clock *clock.Controlled
// Events is the SSE hub for POST /admin0/events. Nil is fine for
// admin0 tests that don't exercise the events surface — the route
// only registers when both Events and Validator are non-nil, and
// reset's shutdown call is skipped.
Events EventsPublisher
}
Deps groups the in-memory stores admin0 controls.
type EventsPublisher ¶ added in v0.228.0
type EventsPublisher interface {
Publish(events.Event) error
Reset(context.Context) error
// ActiveSubscribers / TotalSubscribers back GET
// /admin0/events/subscribers so tests can observe the SSE
// connection lifecycle (e.g. assert a stream closed cleanly).
ActiveSubscribers() int
TotalSubscribers() int
}
EventsPublisher is the seam between the /admin0/events handler and the SSE hub. The concrete implementation is *events.Hub; tests use fakes that record calls. Reset is on the interface because the ResetHandler drains the SSE state between tests via this hook (without permanently destroying the hub).
type GetAllPermissionsHandler ¶
type GetAllPermissionsHandler struct {
Store *permissions.Store
}
GetAllPermissionsHandler returns the full per-audience permission map.
func (*GetAllPermissionsHandler) ServeHTTP ¶
func (h *GetAllPermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetClaimsHandler ¶
GetClaimsHandler returns the per-process custom-claim map.
func (*GetClaimsHandler) ServeHTTP ¶
func (h *GetClaimsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetClockHandler ¶ added in v0.227.0
type GetClockHandler struct {
Clock *clock.Controlled
}
GetClockHandler reports the current clock mode and resolved Now.
func (*GetClockHandler) ServeHTTP ¶ added in v0.227.0
func (h *GetClockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetEventSubscribersHandler ¶ added in v0.229.0
type GetEventSubscribersHandler struct {
Events EventsPublisher
}
GetEventSubscribersHandler reports the SSE hub's live and lifetime-within-window subscriber counts. Intended for tests that assert on connection lifecycle — e.g. "after closing my stream, active drops back to 0". Active is eventually-consistent: the hub removes a subscriber when the server observes its connection close, so poll until it settles rather than asserting immediately.
func (*GetEventSubscribersHandler) ServeHTTP ¶ added in v0.229.0
func (h *GetEventSubscribersHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetExpectationByIDHandler ¶ added in v0.226.0
GetExpectationByIDHandler returns a single expectation by its store-assigned ID with its current Hits counter populated. Used by the SDK's RegisteredExpectation.Hits(ctx). 404 (unknown_id) when no such expectation exists — distinguishes "cleared" from "never hit" for the caller.
func (*GetExpectationByIDHandler) ServeHTTP ¶ added in v0.226.0
func (h *GetExpectationByIDHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetMFARequiredHandler ¶
GetMFARequiredHandler reports whether the password and password-realm grants currently demand MFA step-up.
func (*GetMFARequiredHandler) ServeHTTP ¶
func (h *GetMFARequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetPermissionsHandler ¶
type GetPermissionsHandler struct {
Store *permissions.Store
}
GetPermissionsHandler returns the permissions registered for one audience.
func (*GetPermissionsHandler) ServeHTTP ¶
func (h *GetPermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ListExpectationsHandler ¶
ListExpectationsHandler returns every registered expectation.
func (*ListExpectationsHandler) ServeHTTP ¶
func (h *ListExpectationsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PostEventsHandler ¶ added in v0.228.0
type PostEventsHandler struct {
Events EventsPublisher
Validator *spec.Validator
}
PostEventsHandler validates an incoming Auth0 event-stream envelope against the OpenAPI text/event-stream schema for GET /events and pushes it into the SSE hub. Responds 202 Accepted with {"id": "<inner-cloudevent-id>"} on success. Validation failures use the standard mgmt error envelope.
func (*PostEventsHandler) ServeHTTP ¶ added in v0.228.0
func (h *PostEventsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PostExpectationHandler ¶
PostExpectationHandler registers (upserts) an expectation for the Management API operation identified by {method, path}.
func (*PostExpectationHandler) ServeHTTP ¶
func (h *PostExpectationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutClaimsHandler ¶
PutClaimsHandler replaces the per-process custom-claim map with the JSON object in the request body.
func (*PutClaimsHandler) ServeHTTP ¶
func (h *PutClaimsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutClockHandler ¶ added in v0.227.0
type PutClockHandler struct {
Clock *clock.Controlled
}
PutClockHandler freezes the clock to a specific instant or switches it into offset mode. Body must contain exactly one of `now` / `offset`.
func (*PutClockHandler) ServeHTTP ¶ added in v0.227.0
func (h *PutClockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutMFARequiredHandler ¶
PutMFARequiredHandler toggles MFA enforcement at runtime. Body: {"required":true|false}.
func (*PutMFARequiredHandler) ServeHTTP ¶
func (h *PutMFARequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutPermissionsHandler ¶
type PutPermissionsHandler struct {
Store *permissions.Store
}
PutPermissionsHandler sets the permissions for one audience to the JSON array in the request body.
func (*PutPermissionsHandler) ServeHTTP ¶
func (h *PutPermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ResetHandler ¶
type ResetHandler struct {
Deps Deps
}
ResetHandler wipes every store admin0 governs: registered matches, custom claims, and per-audience permissions.
func (*ResetHandler) ServeHTTP ¶
func (h *ResetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
Source Files