migrate jwt provider tests to resources_test.go

hashicorp · Nov 8, 2023 · 094bd03 · 094bd03
1 parent 2fafdda
commit 094bd03
Show file tree

Hide file tree

Showing 10 changed files with 364 additions and 236 deletions.
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
@@ -145,67 +145,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 			},
 			alsoRunTestForV2: true,
 		},
-		{
-			name: "connect-proxy-with-jwt-config-entry-with-local",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{
-					{
-						CorrelationID: "jwt-provider",
-						Result: &structs.IndexedConfigEntries{
-							Kind: "jwt-provider",
-							Entries: []structs.ConfigEntry{
-								&structs.JWTProviderConfigEntry{
-									Name: "okta",
-									JSONWebKeySet: &structs.JSONWebKeySet{
-										Local: &structs.LocalJWKS{
-											JWKS: "xxx",
-										},
-									},
-								},
-							},
-						},
-					},
-				})
-			},
-			// TODO(proxystate): jwt work will come at a later time
-			alsoRunTestForV2: false,
-		},
-		{
-			name: "connect-proxy-with-jwt-config-entry-with-remote-jwks",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{
-					{
-						CorrelationID: "jwt-provider",
-						Result: &structs.IndexedConfigEntries{
-							Kind: "jwt-provider",
-							Entries: []structs.ConfigEntry{
-								&structs.JWTProviderConfigEntry{
-									Name: "okta",
-									JSONWebKeySet: &structs.JSONWebKeySet{
-										Remote: &structs.RemoteJWKS{
-											RequestTimeoutMs:    1000,
-											FetchAsynchronously: true,
-											URI:                 "https://test.test.com",
-											JWKSCluster: &structs.JWKSCluster{
-												DiscoveryType:  structs.DiscoveryTypeStatic,
-												ConnectTimeout: time.Duration(5) * time.Second,
-												TLSCertificates: &structs.JWKSTLSCertificate{
-													TrustedCA: &structs.JWKSTLSCertTrustedCA{
-														Filename: "mycert.crt",
-													},
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				})
-			},
-			// TODO(proxystate): jwt work will come at a later time
-			alsoRunTestForV2: false,
-		},
 		{
 			name: "custom-local-app",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {

diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
@@ -278,6 +278,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 	tests = append(tests, getEnterpriseGoldenTestCases(t)...)
 	tests = append(tests, getAPIGatewayGoldenTestCases(t)...)
 	tests = append(tests, getExposePathGoldenTestCases()...)
+	tests = append(tests, getConnectProxyJWTProviderGoldenTestCases()...)
 
 	latestEnvoyVersion := xdscommon.EnvoyVersions[0]
 	for _, envoyVersion := range xdscommon.EnvoyVersions {
@@ -1141,3 +1142,69 @@ func getExposePathGoldenTestCases() []goldenTestCase {
 		},
 	}
 }
+
+func getConnectProxyJWTProviderGoldenTestCases() []goldenTestCase {
+	return []goldenTestCase{
+		{
+			name: "connect-proxy-with-jwt-config-entry-with-local",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{
+					{
+						CorrelationID: "jwt-provider",
+						Result: &structs.IndexedConfigEntries{
+							Kind: "jwt-provider",
+							Entries: []structs.ConfigEntry{
+								&structs.JWTProviderConfigEntry{
+									Name: "okta",
+									JSONWebKeySet: &structs.JSONWebKeySet{
+										Local: &structs.LocalJWKS{
+											JWKS: "xxx",
+										},
+									},
+								},
+							},
+						},
+					},
+				})
+			},
+			// TODO(proxystate): jwt work will come at a later time
+			alsoRunTestForV2: false,
+		},
+		{
+			name: "connect-proxy-with-jwt-config-entry-with-remote-jwks",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{
+					{
+						CorrelationID: "jwt-provider",
+						Result: &structs.IndexedConfigEntries{
+							Kind: "jwt-provider",
+							Entries: []structs.ConfigEntry{
+								&structs.JWTProviderConfigEntry{
+									Name: "okta",
+									JSONWebKeySet: &structs.JSONWebKeySet{
+										Remote: &structs.RemoteJWKS{
+											RequestTimeoutMs:    1000,
+											FetchAsynchronously: true,
+											URI:                 "https://test.test.com",
+											JWKSCluster: &structs.JWKSCluster{
+												DiscoveryType:  structs.DiscoveryTypeStatic,
+												ConnectTimeout: time.Duration(5) * time.Second,
+												TLSCertificates: &structs.JWKSTLSCertificate{
+													TrustedCA: &structs.JWKSTLSCertTrustedCA{
+														Filename: "mycert.crt",
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				})
+			},
+			// TODO(proxystate): jwt work will come at a later time
+			alsoRunTestForV2: false,
+		},
+	}
+}
diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden
@@ -0,0 +1,75 @@
+{
+  "nonce": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.1",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            },
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.2",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.1",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            },
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.20.1.2",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "versionInfo": "00000001"
+}
diff --git a/...xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/...xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden
@@ -0,0 +1,75 @@
+{
+  "nonce": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.1",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            },
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.2",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.1",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            },
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.20.1.2",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "versionInfo": "00000001"
+}