1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
//go:build integration
// +build integration
package test
import (
"context"
"net/http"
"testing"
"time"
playwright "github.com/playwright-community/playwright-go"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go"
"github.com/xlgmokha/x/pkg/env"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
)
func environmentVariables(srv *oidc.TestServer) map[string]string {
return map[string]string{
"APP_ENV": "test",
"BIND_ADDR": ":8080",
"DEBUG": env.Fetch("DEBUG", ""),
"HMAC_SESSION_SECRET": "secret",
"OAUTH_CLIENT_ID": srv.MockOIDC.ClientID,
"OAUTH_CLIENT_SECRET": srv.MockOIDC.ClientSecret,
"OAUTH_REDIRECT_URL": "",
"OIDC_ISSUER": srv.Issuer(),
}
}
func TestContainer(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
defer cancel()
srv := oidc.NewTestServer(t)
defer srv.Close()
container := NewContainer(t, ctx, environmentVariables(srv))
defer testcontainers.TerminateContainer(container)
require.True(t, container.IsRunning())
sparkleEndpoint, err := container.PortEndpoint(ctx, "8080", "http")
require.NoError(t, err)
envoyEndpoint, err := container.PortEndpoint(ctx, "10000", "http")
require.NoError(t, err)
envoyAdminEndpoint, err := container.PortEndpoint(ctx, "9901", "http")
require.NoError(t, err)
for _, publicPath := range []string{
envoyAdminEndpoint + "/",
envoyEndpoint + "/",
envoyEndpoint + "/application.js",
envoyEndpoint + "/favicon.ico",
envoyEndpoint + "/favicon.png",
envoyEndpoint + "/health",
envoyEndpoint + "/index.html",
envoyEndpoint + "/logo.png",
sparkleEndpoint + "/",
sparkleEndpoint + "/favicon.ico",
sparkleEndpoint + "/health",
srv.DiscoveryEndpoint(),
} {
t.Run(publicPath, func(t *testing.T) {
assert.Equal(t, http.StatusOK, HttpGet(t, ctx, publicPath).StatusCode)
})
}
t.Run("envoy.yaml", func(t *testing.T) {
response := HttpGet(t, ctx, envoyAdminEndpoint+"/config_dump")
require.Equal(t, http.StatusOK, response.StatusCode)
body := JSONBody[map[string]interface{}](t, response)
assert.NotEmpty(t, "listener_0", body["configs"])
})
WithUI(t, func(browser playwright.Browser) {
page, err := browser.NewPage()
require.NoError(t, err)
t.Run("initiates an OIDC login", func(t *testing.T) {
require.NoError(t, page.Context().ClearCookies())
response, err := page.Goto(envoyEndpoint + "/")
require.NoError(t, err)
assert.True(t, response.Ok())
t.Run("redirects to the OpenID Connect Provider", func(t *testing.T) {
t.Skip()
require.NoError(t, page.GetByText("Login").Click())
// The envoy.yaml configuration has a hardcoded path that doesn't match the one provided by mockoidc
// because the oauth2 envoy filter doesn't support the OIDC discovery endpoint.
assert.Contains(t, page.URL(), srv.AuthorizationEndpoint()+"?client_id="+srv.MockOIDC.ClientID)
})
})
})
}
|
