authtest

package

v0.0.0-...-51f9457 Latest Latest Go to latest Published: Jul 9, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/luci/luci-go

Documentation ¶

Overview ¶

Package authtest implements some interfaces used by auth package to simplify unit testing.

Index ¶

Variables
func MockAuthConfig(ctx context.Context) context.Context
type FakeAuth
type FakeDB
- func NewFakeDB(mocks ...MockedDatum) *FakeDB
type FakeState
type MockedDatum
type RealmPermission

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAuthenticationError = errors.New("authtest: fake Authenticate error")

ErrAuthenticationError is returned by FakeAuth.Authenticate.

Functions ¶

func MockAuthConfig ¶

func MockAuthConfig(ctx context.Context) context.Context

MockAuthConfig configures the auth library for unit tests environment.

You need this *only* if your tests call auth.Authenticate(...) or auth.GetRPCTransport(...). If your tests only check groups or permissions (for example when testing bodies of request handlers), use FakeState instead. See its docs for some examples.

Types ¶

type FakeAuth ¶

type FakeAuth struct {
	User    *auth.User   // the user to return in Authenticate or nil for error
	Session auth.Session // the session to return
}

FakeAuth implements auth.Method's Authenticate by returning predefined user and session.

func (FakeAuth) Authenticate ¶

func (m FakeAuth) Authenticate(context.Context, *http.Request) (*auth.User, auth.Session, error)

Authenticate returns predefined User object (if it is not nil) or error.

func (FakeAuth) LoginURL ¶

func (m FakeAuth) LoginURL(ctx context.Context, dest string) (string, error)

LoginURL returns fake login URL.

func (FakeAuth) LogoutURL ¶

func (m FakeAuth) LogoutURL(ctx context.Context, dest string) (string, error)

LogoutURL returns fake logout URL.

type FakeDB ¶

type FakeDB struct {
	// contains filtered or unexported fields
}

FakeDB implements authdb.DB by mocking membership and permission checks.

Initialize it with a bunch of mocks like:

db := authtest.NewFakeDB(

authtest.MockMembership("user:a@example.com", "group"),
authtest.MockPermission("user:a@example.com", "proj:realm", perm),
...

)

The list of mocks can also be extended later via db.AddMocks(...).

func NewFakeDB ¶

func NewFakeDB(mocks ...MockedDatum) *FakeDB

NewFakeDB creates a FakeDB populated with the given mocks.

Construct mocks using MockMembership, MockPermission, MockIPWhitelist and MockError functions.

func (*FakeDB) AddMocks ¶

func (db *FakeDB) AddMocks(mocks ...MockedDatum)

AddMocks applies a bunch of mocks to the state in the db.

func (*FakeDB) CheckMembership ¶

func (db *FakeDB) CheckMembership(ctx context.Context, id identity.Identity, groups []string) (out []string, err error)

CheckMembership is part of authdb.DB interface.

func (*FakeDB) GetAuthServiceURL ¶

func (db *FakeDB) GetAuthServiceURL(ctx context.Context) (string, error)

GetAuthServiceURL is part of authdb.DB interface.

func (*FakeDB) GetCertificates ¶

func (db *FakeDB) GetCertificates(ctx context.Context, id identity.Identity) (*signing.PublicCertificates, error)

GetCertificates is part of authdb.DB interface.

func (*FakeDB) GetRealmData ¶

func (db *FakeDB) GetRealmData(ctx context.Context, realm string) (*protocol.RealmData, error)

GetRealmData is part of authdb.DB interface.

func (*FakeDB) GetTokenServiceURL ¶

func (db *FakeDB) GetTokenServiceURL(ctx context.Context) (string, error)

GetTokenServiceURL is part of authdb.DB interface.

func (*FakeDB) GetWhitelistForIdentity ¶

func (db *FakeDB) GetWhitelistForIdentity(ctx context.Context, ident identity.Identity) (string, error)

GetWhitelistForIdentity is part of authdb.DB interface.

func (*FakeDB) HasPermission ¶

func (db *FakeDB) HasPermission(ctx context.Context, id identity.Identity, perm realms.Permission, realm string) (bool, error)

HasPermission is part of authdb.DB interface.

func (*FakeDB) IsAllowedOAuthClientID ¶

func (db *FakeDB) IsAllowedOAuthClientID(ctx context.Context, email, clientID string) (bool, error)

IsAllowedOAuthClientID is part of authdb.DB interface.

func (*FakeDB) IsInWhitelist ¶

func (db *FakeDB) IsInWhitelist(ctx context.Context, ip net.IP, whitelist string) (bool, error)

IsInWhitelist is part of authdb.DB interface.

func (*FakeDB) IsInternalService ¶

func (db *FakeDB) IsInternalService(ctx context.Context, hostname string) (bool, error)

IsInternalService is part of authdb.DB interface.

func (*FakeDB) IsMember ¶

func (db *FakeDB) IsMember(ctx context.Context, id identity.Identity, groups []string) (bool, error)

IsMember is part of authdb.DB interface.

func (*FakeDB) Use ¶

func (db *FakeDB) Use(ctx context.Context) context.Context

Use installs the fake db into the context.

Note that if you use auth.WithState(ctx, &authtest.FakeState{...}), you don't need this method. Modify FakeDB in the FakeState instead. See its doc for some examples.

type FakeState ¶

type FakeState struct {
	// Identity is main identity associated with the request.
	//
	// identity.AnonymousIdentity if not set.
	Identity identity.Identity

	// IdentityGroups is list of groups the calling identity belongs to.
	IdentityGroups []string

	// IdentityPermissions is a list of (realm, permission) tuples that define
	// caller's permissions.
	IdentityPermissions []RealmPermission

	// PeerIPWhitelists is a list of IP whitelists the caller IP belongs to.
	PeerIPWhitelists []string

	// Error, if not nil, is returned by auth DB checks.
	Error error

	// FakeDB is an authdb.DB implementation to use.
	//
	// If not nil, takes precedence over IdentityGroups, IdentityPermissions,
	// PeerIPWhitelists and Error.
	FakeDB authdb.DB

	// SessionOverride may be set for Session() to return custom value.
	//
	// By default Session() returns nil.
	SessionOverride auth.Session

	// PeerIdentityOverride may be set for PeerIdentity() to return custom value.
	//
	// By default PeerIdentity() returns Identity (i.e. no delegation is
	// happening).
	PeerIdentityOverride identity.Identity

	// PeerIPOverride may be set for PeerIP() to return custom value.
	//
	// By default PeerIP() returns "127.0.0.1".
	PeerIPOverride net.IP

	// UserCredentialsOverride may be set to override UserCredentials().
	//
	// By default UserCredentials() returns ErrNoForwardableCreds error.
	UserCredentialsOverride *oauth2.Token
}

func (*FakeState) Authenticator ¶

func (s *FakeState) Authenticator() *auth.Authenticator

Authenticator is part of State interface.

func (*FakeState) DB ¶

func (s *FakeState) DB() authdb.DB

DB is part of State interface.

func (*FakeState) Method ¶

func (s *FakeState) Method() auth.Method

Method is part of State interface.

func (*FakeState) PeerIP ¶

func (s *FakeState) PeerIP() net.IP

PeerIP is part of State interface.

func (*FakeState) PeerIdentity ¶

func (s *FakeState) PeerIdentity() identity.Identity

PeerIdentity is part of State interface.

func (*FakeState) Session ¶

func (s *FakeState) Session() auth.Session

Session is part of State interface.

func (*FakeState) User ¶

func (s *FakeState) User() *auth.User

User is part of State interface.

func (*FakeState) UserCredentials ¶

func (s *FakeState) UserCredentials() (*oauth2.Token, map[string]string, error)

UserCredentials is part of State interface.

type MockedDatum ¶

type MockedDatum struct {
	// contains filtered or unexported fields
}

MockedDatum is a return value of various Mock* constructors.

func MockError ¶

func MockError(err error) MockedDatum

MockError modifies db to make its methods return this error.

`err` may be nil, in which case the previously mocked error is removed.

func MockIPWhitelist ¶

func MockIPWhitelist(ip, whitelist string) MockedDatum

MockIPWhitelist modifies db to make IsInWhitelist(ip, whitelist) == true.

Panics if `ip` is not a valid IP address.

func MockMembership ¶

func MockMembership(id identity.Identity, group string) MockedDatum

MockMembership modifies db to make IsMember(id, group) == true.

func MockPermission ¶

func MockPermission(id identity.Identity, realm string, perm realms.Permission) MockedDatum

MockPermission modifies db to make HasPermission(id, realm, perm) == true.

Panics if `realm` is not a valid globally scoped realm, i.e. it doesn't look like "<project>:<realm>".

func MockRealmData ¶

func MockRealmData(realm string, data *protocol.RealmData) MockedDatum

MockRealmData modifies what db's GetRealmData returns.

Panics if `realm` is not a valid globally scoped realm, i.e. it doesn't look like "<project>:<realm>".

type RealmPermission ¶

type RealmPermission struct {
	Realm      string
	Permission realms.Permission
}

RealmPermission is used to populate IdentityPermissions in FakeState.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL