Documentation

Overview

    Package authtest implements some interfaces used by auth package to simplify unit testing.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var ErrAuthenticationError = errors.New("authtest: fake Authenticate error")

      ErrAuthenticationError is returned by FakeAuth.Authenticate.

      Functions

      func MockAuthConfig

      func MockAuthConfig(ctx context.Context) context.Context

        MockAuthConfig configures the auth library for unit tests environment.

        You need this *only* if your tests call auth.Authenticate(...) or auth.GetRPCTransport(...). If your tests only check groups or permissions (for example when testing bodies of request handlers), use FakeState instead. See its docs for some examples.

        Types

        type FakeAuth

        type FakeAuth struct {
        	User    *auth.User   // the user to return in Authenticate or nil for error
        	Session auth.Session // the session to return
        }

          FakeAuth implements auth.Method's Authenticate by returning predefined user and session.

          func (FakeAuth) Authenticate

          func (m FakeAuth) Authenticate(context.Context, *http.Request) (*auth.User, auth.Session, error)

            Authenticate returns predefined User object (if it is not nil) or error.

            func (FakeAuth) LoginURL

            func (m FakeAuth) LoginURL(ctx context.Context, dest string) (string, error)

              LoginURL returns fake login URL.

              func (FakeAuth) LogoutURL

              func (m FakeAuth) LogoutURL(ctx context.Context, dest string) (string, error)

                LogoutURL returns fake logout URL.

                type FakeDB

                type FakeDB struct {
                	// contains filtered or unexported fields
                }

                  FakeDB implements authdb.DB by mocking membership and permission checks.

                  Initialize it with a bunch of mocks like:

                  db := authtest.NewFakeDB(

                  authtest.MockMembership("user:a@example.com", "group"),
                  authtest.MockPermission("user:a@example.com", "proj:realm", perm),
                  ...
                  

                  )

                  The list of mocks can also be extended later via db.AddMocks(...).

                  func NewFakeDB

                  func NewFakeDB(mocks ...MockedDatum) *FakeDB

                    NewFakeDB creates a FakeDB populated with the given mocks.

                    Construct mocks using MockMembership, MockPermission, MockIPWhitelist and MockError functions.

                    func (*FakeDB) AddMocks

                    func (db *FakeDB) AddMocks(mocks ...MockedDatum)

                      AddMocks applies a bunch of mocks to the state in the db.

                      func (*FakeDB) CheckMembership

                      func (db *FakeDB) CheckMembership(ctx context.Context, id identity.Identity, groups []string) (out []string, err error)

                        CheckMembership is part of authdb.DB interface.

                        func (*FakeDB) GetAuthServiceURL

                        func (db *FakeDB) GetAuthServiceURL(ctx context.Context) (string, error)

                          GetAuthServiceURL is part of authdb.DB interface.

                          func (*FakeDB) GetCertificates

                          func (db *FakeDB) GetCertificates(ctx context.Context, id identity.Identity) (*signing.PublicCertificates, error)

                            GetCertificates is part of authdb.DB interface.

                            func (*FakeDB) GetRealmData

                            func (db *FakeDB) GetRealmData(ctx context.Context, realm string) (*protocol.RealmData, error)

                              GetRealmData is part of authdb.DB interface.

                              func (*FakeDB) GetTokenServiceURL

                              func (db *FakeDB) GetTokenServiceURL(ctx context.Context) (string, error)

                                GetTokenServiceURL is part of authdb.DB interface.

                                func (*FakeDB) GetWhitelistForIdentity

                                func (db *FakeDB) GetWhitelistForIdentity(ctx context.Context, ident identity.Identity) (string, error)

                                  GetWhitelistForIdentity is part of authdb.DB interface.

                                  func (*FakeDB) HasPermission

                                  func (db *FakeDB) HasPermission(ctx context.Context, id identity.Identity, perm realms.Permission, realm string) (bool, error)

                                    HasPermission is part of authdb.DB interface.

                                    func (*FakeDB) IsAllowedOAuthClientID

                                    func (db *FakeDB) IsAllowedOAuthClientID(ctx context.Context, email, clientID string) (bool, error)

                                      IsAllowedOAuthClientID is part of authdb.DB interface.

                                      func (*FakeDB) IsInWhitelist

                                      func (db *FakeDB) IsInWhitelist(ctx context.Context, ip net.IP, whitelist string) (bool, error)

                                        IsInWhitelist is part of authdb.DB interface.

                                        func (*FakeDB) IsInternalService

                                        func (db *FakeDB) IsInternalService(ctx context.Context, hostname string) (bool, error)

                                          IsInternalService is part of authdb.DB interface.

                                          func (*FakeDB) IsMember

                                          func (db *FakeDB) IsMember(ctx context.Context, id identity.Identity, groups []string) (bool, error)

                                            IsMember is part of authdb.DB interface.

                                            func (*FakeDB) Use

                                            func (db *FakeDB) Use(ctx context.Context) context.Context

                                              Use installs the fake db into the context.

                                              Note that if you use auth.WithState(ctx, &authtest.FakeState{...}), you don't need this method. Modify FakeDB in the FakeState instead. See its doc for some examples.

                                              type FakeState

                                              type FakeState struct {
                                              	// Identity is main identity associated with the request.
                                              	//
                                              	// identity.AnonymousIdentity if not set.
                                              	Identity identity.Identity
                                              
                                              	// IdentityGroups is list of groups the calling identity belongs to.
                                              	IdentityGroups []string
                                              
                                              	// IdentityPermissions is a list of (realm, permission) tuples that define
                                              	// caller's permissions.
                                              	IdentityPermissions []RealmPermission
                                              
                                              	// PeerIPWhitelists is a list of IP whitelists the caller IP belongs to.
                                              	PeerIPWhitelists []string
                                              
                                              	// Error, if not nil, is returned by auth DB checks.
                                              	Error error
                                              
                                              	// FakeDB is an authdb.DB implementation to use.
                                              	//
                                              	// If not nil, takes precedence over IdentityGroups, IdentityPermissions,
                                              	// PeerIPWhitelists and Error.
                                              	FakeDB authdb.DB
                                              
                                              	// SessionOverride may be set for Session() to return custom value.
                                              	//
                                              	// By default Session() returns nil.
                                              	SessionOverride auth.Session
                                              
                                              	// PeerIdentityOverride may be set for PeerIdentity() to return custom value.
                                              	//
                                              	// By default PeerIdentity() returns Identity (i.e. no delegation is
                                              	// happening).
                                              	PeerIdentityOverride identity.Identity
                                              
                                              	// PeerIPOverride may be set for PeerIP() to return custom value.
                                              	//
                                              	// By default PeerIP() returns "127.0.0.1".
                                              	PeerIPOverride net.IP
                                              
                                              	// UserCredentialsOverride may be set to override UserCredentials().
                                              	//
                                              	// By default UserCredentials() returns ErrNoForwardableCreds error.
                                              	UserCredentialsOverride *oauth2.Token
                                              }

                                              func (*FakeState) Authenticator

                                              func (s *FakeState) Authenticator() *auth.Authenticator

                                                Authenticator is part of State interface.

                                                func (*FakeState) DB

                                                func (s *FakeState) DB() authdb.DB

                                                  DB is part of State interface.

                                                  func (*FakeState) Method

                                                  func (s *FakeState) Method() auth.Method

                                                    Method is part of State interface.

                                                    func (*FakeState) PeerIP

                                                    func (s *FakeState) PeerIP() net.IP

                                                      PeerIP is part of State interface.

                                                      func (*FakeState) PeerIdentity

                                                      func (s *FakeState) PeerIdentity() identity.Identity

                                                        PeerIdentity is part of State interface.

                                                        func (*FakeState) Session

                                                        func (s *FakeState) Session() auth.Session

                                                          Session is part of State interface.

                                                          func (*FakeState) User

                                                          func (s *FakeState) User() *auth.User

                                                            User is part of State interface.

                                                            func (*FakeState) UserCredentials

                                                            func (s *FakeState) UserCredentials() (*oauth2.Token, map[string]string, error)

                                                              UserCredentials is part of State interface.

                                                              type MockedDatum

                                                              type MockedDatum struct {
                                                              	// contains filtered or unexported fields
                                                              }

                                                                MockedDatum is a return value of various Mock* constructors.

                                                                func MockError

                                                                func MockError(err error) MockedDatum

                                                                  MockError modifies db to make its methods return this error.

                                                                  `err` may be nil, in which case the previously mocked error is removed.

                                                                  func MockIPWhitelist

                                                                  func MockIPWhitelist(ip, whitelist string) MockedDatum

                                                                    MockIPWhitelist modifies db to make IsInWhitelist(ip, whitelist) == true.

                                                                    Panics if `ip` is not a valid IP address.

                                                                    func MockMembership

                                                                    func MockMembership(id identity.Identity, group string) MockedDatum

                                                                      MockMembership modifies db to make IsMember(id, group) == true.

                                                                      func MockPermission

                                                                      func MockPermission(id identity.Identity, realm string, perm realms.Permission) MockedDatum

                                                                        MockPermission modifies db to make HasPermission(id, realm, perm) == true.

                                                                        Panics if `realm` is not a valid globally scoped realm, i.e. it doesn't look like "<project>:<realm>".

                                                                        func MockRealmData

                                                                        func MockRealmData(realm string, data *protocol.RealmData) MockedDatum

                                                                          MockRealmData modifies what db's GetRealmData returns.

                                                                          Panics if `realm` is not a valid globally scoped realm, i.e. it doesn't look like "<project>:<realm>".

                                                                          type RealmPermission

                                                                          type RealmPermission struct {
                                                                          	Realm      string
                                                                          	Permission realms.Permission
                                                                          }

                                                                            RealmPermission is used to populate IdentityPermissions in FakeState.