From 09d8d8cab2c891bb71bc10f69762b76bfbd30ed0 Mon Sep 17 00:00:00 2001 From: Hidetake Iwata Date: Sat, 26 Oct 2024 21:34:57 +0900 Subject: [PATCH] Include essential options to token cache key --- pkg/tokencache/repository/repository_test.go | 31 +++++++----- pkg/tokencache/types.go | 16 +++--- pkg/usecases/credentialplugin/get_token.go | 10 +--- .../credentialplugin/get_token_test.go | 50 ++++++++++++------- 4 files changed, 60 insertions(+), 47 deletions(-) diff --git a/pkg/tokencache/repository/repository_test.go b/pkg/tokencache/repository/repository_test.go index 7777c975..3f0aed94 100644 --- a/pkg/tokencache/repository/repository_test.go +++ b/pkg/tokencache/repository/repository_test.go @@ -7,6 +7,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/int128/kubelogin/pkg/oidc" + "github.com/int128/kubelogin/pkg/tlsclientconfig" "github.com/int128/kubelogin/pkg/tokencache" ) @@ -16,12 +17,15 @@ func TestRepository_FindByKey(t *testing.T) { t.Run("Success", func(t *testing.T) { dir := t.TempDir() key := tokencache.Key{ - IssuerURL: "YOUR_ISSUER", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - ExtraScopes: []string{"openid", "email"}, - CACertFilename: "/path/to/cert", - SkipTLSVerify: false, + Provider: oidc.Provider{ + IssuerURL: "YOUR_ISSUER", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + ExtraScopes: []string{"openid", "email"}, + }, + TLSClientConfig: tlsclientconfig.Config{ + CACertFilename: []string{"/path/to/cert"}, + }, } json := `{"id_token":"YOUR_ID_TOKEN","refresh_token":"YOUR_REFRESH_TOKEN"}` filename, err := computeFilename(key) @@ -50,12 +54,15 @@ func TestRepository_Save(t *testing.T) { t.Run("Success", func(t *testing.T) { dir := t.TempDir() key := tokencache.Key{ - IssuerURL: "YOUR_ISSUER", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - ExtraScopes: []string{"openid", "email"}, - CACertFilename: "/path/to/cert", - SkipTLSVerify: false, + Provider: oidc.Provider{ + IssuerURL: "YOUR_ISSUER", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + ExtraScopes: []string{"openid", "email"}, + }, + TLSClientConfig: tlsclientconfig.Config{ + CACertFilename: []string{"/path/to/cert"}, + }, } tokenSet := oidc.TokenSet{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"} if err := r.Save(dir, key, tokenSet); err != nil { diff --git a/pkg/tokencache/types.go b/pkg/tokencache/types.go index 94a6d249..fe4649f7 100644 --- a/pkg/tokencache/types.go +++ b/pkg/tokencache/types.go @@ -1,13 +1,13 @@ package tokencache +import ( + "github.com/int128/kubelogin/pkg/oidc" + "github.com/int128/kubelogin/pkg/tlsclientconfig" +) + // Key represents a key of a token cache. type Key struct { - IssuerURL string - ClientID string - ClientSecret string - Username string - ExtraScopes []string - CACertFilename string - CACertData string - SkipTLSVerify bool + Provider oidc.Provider + TLSClientConfig tlsclientconfig.Config + Username string } diff --git a/pkg/usecases/credentialplugin/get_token.go b/pkg/usecases/credentialplugin/get_token.go index e228eb35..77fcf657 100644 --- a/pkg/usecases/credentialplugin/get_token.go +++ b/pkg/usecases/credentialplugin/get_token.go @@ -6,7 +6,6 @@ package credentialplugin import ( "context" "fmt" - "strings" "github.com/google/wire" "github.com/int128/kubelogin/pkg/credentialplugin" @@ -51,13 +50,8 @@ func (u *GetToken) Do(ctx context.Context, in Input) error { u.Logger.V(1).Infof("finding a token from cache directory %s", in.TokenCacheDir) tokenCacheKey := tokencache.Key{ - IssuerURL: in.Provider.IssuerURL, - ClientID: in.Provider.ClientID, - ClientSecret: in.Provider.ClientSecret, - ExtraScopes: in.Provider.ExtraScopes, - CACertFilename: strings.Join(in.TLSClientConfig.CACertFilename, ","), - CACertData: strings.Join(in.TLSClientConfig.CACertData, ","), - SkipTLSVerify: in.TLSClientConfig.SkipTLSVerify, + Provider: in.Provider, + TLSClientConfig: in.TLSClientConfig, } if in.GrantOptionSet.ROPCOption != nil { tokenCacheKey.Username = in.GrantOptionSet.ROPCOption.Username diff --git a/pkg/usecases/credentialplugin/get_token_test.go b/pkg/usecases/credentialplugin/get_token_test.go index 9b82fc51..0aa8285b 100644 --- a/pkg/usecases/credentialplugin/get_token_test.go +++ b/pkg/usecases/credentialplugin/get_token_test.go @@ -51,9 +51,11 @@ func TestGetToken_Do(t *testing.T) { t.Run("NoTokenCache", func(t *testing.T) { tokenCacheKey := tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + }, } ctx := context.TODO() in := Input{ @@ -103,10 +105,12 @@ func TestGetToken_Do(t *testing.T) { ROPCOption: &ropc.Option{Username: "YOUR_USERNAME"}, } tokenCacheKey := tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", - Username: "YOUR_USERNAME", + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + }, + Username: "YOUR_USERNAME", } ctx := context.TODO() @@ -154,9 +158,11 @@ func TestGetToken_Do(t *testing.T) { t.Run("HasValidIDToken", func(t *testing.T) { tokenCacheKey := tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + }, } ctx := context.TODO() @@ -175,9 +181,11 @@ func TestGetToken_Do(t *testing.T) { Return(mockCloser, nil) mockRepository.EXPECT(). FindByKey("/path/to/token-cache", tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + }, }). Return(&issuedTokenSet, nil) mockWriter := writer_mock.NewMockInterface(t) @@ -198,9 +206,11 @@ func TestGetToken_Do(t *testing.T) { t.Run("AuthenticationError", func(t *testing.T) { tokenCacheKey := tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + }, } ctx := context.TODO() in := Input{ @@ -225,9 +235,11 @@ func TestGetToken_Do(t *testing.T) { Return(mockCloser, nil) mockRepository.EXPECT(). FindByKey("/path/to/token-cache", tokencache.Key{ - IssuerURL: "https://accounts.google.com", - ClientID: "YOUR_CLIENT_ID", - ClientSecret: "YOUR_CLIENT_SECRET", + Provider: oidc.Provider{ + IssuerURL: "https://accounts.google.com", + ClientID: "YOUR_CLIENT_ID", + ClientSecret: "YOUR_CLIENT_SECRET", + }, }). Return(nil, errors.New("file not found")) u := GetToken{