internal: start adding tests to outpost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-24 20:12:25 +01:00
parent c7ba183dc0
commit e70e031a1f
5 changed files with 179 additions and 0 deletions

View File

@ -30,9 +30,34 @@ jobs:
-w /app \ -w /app \
golangci/golangci-lint:v1.43 \ golangci/golangci-lint:v1.43 \
golangci-lint run -v --timeout 200s golangci-lint run -v --timeout 200s
test-unittest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "^1.17"
- name: Get dependencies
run: |
go get github.com/axw/gocov/gocov
go get github.com/AlekSi/gocov-xml
go get github.com/jstemmer/go-junit-report
- name: Go unittests
run: |
go test -timeout 0 -v -race -coverprofile=coverage.out -covermode=atomic -cover ./... | go-junit-report > junit.xml
- uses: testspace-com/setup-testspace@v1
with:
domain: ${{github.repository_owner}}
- name: run testspace
if: ${{ always() }}
run: |
gocov convert coverage.out | gocov-xml > coverage.xml
testspace [outpost]junit.xml --link=codecov
testspace [outpost]coverage.xml --link=codecov
ci-outpost-mark: ci-outpost-mark:
needs: needs:
- lint-golint - lint-golint
- test-unittest
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- run: echo mark - run: echo mark

1
go.mod
View File

@ -26,6 +26,7 @@ require (
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac // indirect github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac // indirect
github.com/prometheus/client_golang v1.12.0 github.com/prometheus/client_golang v1.12.0
github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b // indirect
github.com/sirupsen/logrus v1.8.1 github.com/sirupsen/logrus v1.8.1
goauthentik.io/api v0.2021125.1 goauthentik.io/api v0.2021125.1
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c

2
go.sum
View File

@ -489,6 +489,8 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b h1:aUNXCGgukb4gtY99imuIeoh8Vr0GSwAlYxPAhqZrpFc=
github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b/go.mod h1:wTPjTepVu7uJBYgZ0SdWHQlIas582j6cn2jgk4DDdlg=
github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=

View File

@ -0,0 +1,66 @@
package ak
import (
"encoding/base64"
"fmt"
"math/rand"
"net/http"
"time"
"github.com/google/uuid"
"github.com/gorilla/securecookie"
log "github.com/sirupsen/logrus"
"goauthentik.io/api"
)
func TestSecret() string {
return base64.RawURLEncoding.EncodeToString(securecookie.GenerateRandomKey(32))
}
func MockConfig() api.Config {
return *api.NewConfig(
*api.NewErrorReportingConfig(false, "test", false, 0.0),
[]api.CapabilitiesEnum{},
100,
100,
100,
100,
)
}
func MockAK(outpost api.Outpost, globalConfig api.Config) *APIController {
config := api.NewConfiguration()
config.HTTPClient = &http.Client{
Transport: GetTLSTransport(),
}
token := TestSecret()
config.AddDefaultHeader("Authorization", fmt.Sprintf("Bearer %s", token))
// create the API client, with the transport
apiClient := api.NewAPIClient(config)
log := log.WithField("logger", "authentik.outpost.ak-api-controller")
log.WithField("name", outpost.Name).Debug("Fetched outpost configuration")
log.Debug("Fetched global configuration")
// doGlobalSetup is called by the OnRefresh handler, which ticks on start
// doGlobalSetup(outpost, akConfig)
ac := &APIController{
Client: apiClient,
GlobalConfig: globalConfig,
token: token,
logger: log,
reloadOffset: time.Duration(rand.Intn(10)) * time.Second,
instanceUUID: uuid.New(),
Outpost: outpost,
wsBackoffMultiplier: 1,
refreshHandlers: make([]func(), 0),
}
ac.logger.WithField("offset", ac.reloadOffset.String()).Debug("HA Reload offset")
return ac
}

View File

@ -0,0 +1,85 @@
package application
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/quasoft/memstore"
"github.com/stretchr/testify/assert"
"goauthentik.io/api"
"goauthentik.io/internal/outpost/ak"
"goauthentik.io/internal/outpost/proxyv2/constants"
)
func newTestApplication() *Application {
a, _ := NewApplication(
api.ProxyOutpostConfig{
Name: *api.PtrString(ak.TestSecret()),
ClientId: api.PtrString(ak.TestSecret()),
ClientSecret: api.PtrString(ak.TestSecret()),
CookieSecret: api.PtrString(ak.TestSecret()),
CookieDomain: api.PtrString(""),
Mode: api.PROXYMODE_FORWARD_SINGLE.Ptr(),
SkipPathRegex: api.PtrString(""),
},
http.DefaultClient,
nil,
ak.MockAK(
api.Outpost{
Config: map[string]interface{}{
"authentik_host": ak.TestSecret(),
},
},
ak.MockConfig(),
),
)
a.sessions = memstore.NewMemStore(
[]byte(ak.TestSecret()),
)
return a
}
func TestForwardHandleTraefik_Blank(t *testing.T) {
a := newTestApplication()
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
rr := httptest.NewRecorder()
a.forwardHandleTraefik(rr, req)
assert.Equal(t, rr.Code, http.StatusTemporaryRedirect)
loc, _ := rr.Result().Location()
assert.Equal(t, loc.String(), "/akprox/start")
s, _ := a.sessions.Get(req, constants.SeesionName)
// Since we're not setting the traefik specific headers, expect it to redirect to the auth URL
assert.Equal(t, s.Values[constants.SessionRedirect], "/akprox/auth/traefik")
}
func TestForwardHandleTraefik_Headers(t *testing.T) {
a := newTestApplication()
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
req.Header.Set("X-Forwarded-Proto", "http")
req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
req.Header.Set("X-Forwarded-Uri", "/")
rr := httptest.NewRecorder()
a.forwardHandleTraefik(rr, req)
assert.Equal(t, rr.Code, http.StatusTemporaryRedirect)
loc, _ := rr.Result().Location()
assert.Equal(t, loc.String(), "http://test.goauthentik.io/akprox/start")
s, _ := a.sessions.Get(req, constants.SeesionName)
assert.Equal(t, s.Values[constants.SessionRedirect], "http://test.goauthentik.io/")
}
func TestForwardHandleNginx_Blank(t *testing.T) {
a := newTestApplication()
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
rr := httptest.NewRecorder()
a.forwardHandleNginx(rr, req)
assert.Equal(t, rr.Code, http.StatusUnauthorized)
}