|
14 | 14 |
|
15 | 15 | import base64 |
16 | 16 | import datetime |
| 17 | +import json |
17 | 18 | import os |
18 | 19 | import shutil |
19 | 20 | import tempfile |
20 | 21 | import unittest |
21 | 22 |
|
| 23 | +import mock |
22 | 24 | import yaml |
23 | 25 | from six import PY3 |
24 | 26 |
|
@@ -74,6 +76,47 @@ def _raise_exception(st): |
74 | 76 |
|
75 | 77 | TEST_OIDC_TOKEN = "Bearer %s" % TEST_OIDC_LOGIN |
76 | 78 |
|
| 79 | +TEST_OIDC_EXPIRED_LOGIN = ( |
| 80 | + "eyJhbGciOiJSUzI1NiIsImtpZCI6ImVmM2Y0NjIxODhiNjhhMzY2YjQ1MWE0YjkwY2UxYjYyY" |
| 81 | + "mEyYzliNDkifQ.eyJpc3MiOiJodHRwczovL2V4YW1wbGUudXMtd2VzdC0xLmF3cy5uZXQvaWR" |
| 82 | + "lbnRpdHkiLCJzdWIiOiJBQUFBQUFBQUFBQUEiLCJhdWQiOiJ0ZWN0b25pYy1rdWJlY3RsIiwi" |
| 83 | + "ZXhwIjo1MzY0NTc2MDAsImlhdCI6NTM2NDU3NjAwLCJhdF9oYXNoIjoiWFhYWFhYX1hYWFhYW" |
| 84 | + "FgiLCJlbWFpbCI6ImRhbWlhbi5teWVyc2NvdWdoQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaW" |
| 85 | + "VkIjp0cnVlLCJncm91cHMiOlsidGVhbS1pbmZyYSJdLCJuYW1lIjoiRGFtaWFuIE15ZXJzY29" |
| 86 | + "1Z2gifQ==.BZwpd0_hKYMIaYRj88QjPTrg8JFtaiyVXOqLgKkJHBVzivdzs9JjM9jvV3qzj2D" |
| 87 | + "UwaeGeAZqxlbmwEXXePU-jFg70HGo7FDq4G29x516XNZWW2BaelcevFPspcIJTQ92VhYZvCiW" |
| 88 | + "p8r7SmhZ1TSss3nmuDHn3FTdasqUm22LJOqCfCDaOOf_Uq3uP0zHj4UHJAqvgMfw1j5tZXTYJ" |
| 89 | + "613vGGPkCz_K1Jnv6YIxVVnuZM3PyNNdSXQl5_GM01Zf5wJCgqMdRZ01ZrWhOda6wzlKrh7TC" |
| 90 | + "lbW12_vMo56aOj9HOAjhKyjcbLHjIWAWqmt3nmhwkzf8sYc9-WpscPTNalsQ" |
| 91 | +) |
| 92 | + |
| 93 | +TEST_OIDC_CA = ( |
| 94 | + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoVENDQW0yZ0F3SUJBZ0lSQUt0elJOd" |
| 95 | + "2J0M3dyVWlobVROYklheU13RFFZSktvWklodmNOQVFFTEJRQXcKWERFSk1BY0dBMVVFQmhNQU" |
| 96 | + "1Ra3dCd1lEVlFRSUV3QXhDVEFIQmdOVkJBY1RBREVKTUFjR0ExVUVFUk1BTVJFdwpEd1lEVlF" |
| 97 | + "RS0V3aGliMjkwYTNWaVpURUpNQWNHQTFVRUN4TUFNUkF3RGdZRFZRUURFd2RyZFdKbExXTmhN" |
| 98 | + "QjRYCkRURTNNRGN4TWpJeE16TTBNVm9YRFRFNE1EY3hNakl4TXpNME1Wb3dYREVKTUFjR0ExV" |
| 99 | + "UVCaE1BTVFrd0J3WUQKVlFRSUV3QXhDVEFIQmdOVkJBY1RBREVKTUFjR0ExVUVFUk1BTVJFd0" |
| 100 | + "R3WURWUVFLRXdoaWIyOTBhM1ZpWlRFSgpNQWNHQTFVRUN4TUFNUkF3RGdZRFZRUURFd2RyZFd" |
| 101 | + "KbExXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF1KzJn" |
| 102 | + "VEtKc2NNKzgwdDlLNE9PTU1JSDhXeU1aLzZiUFBtbFU2WE0zVUhLa2tLVW0KbStkd3hraXI4e" |
| 103 | + "URRQ1pTNERWam9vUXVodzJTNWY0dk80ZENncGg3Rmt6LzBZcUVNcDRzblFwQmVUVGw3ZEJLSw" |
| 104 | + "pRNitFelVQdGZjaUZtemNBbUtXN292bUV5K2plSW1QQjYyMTY4WVJYcTFNaHFqZCtsVTJGaFB" |
| 105 | + "SVzNXZEtHRnp0Ck1Pa2o5amRqaGd4cTNDZmRTSGk3ejdidVVYbm5WQnNuaEFCamlvOGFuK3M1" |
| 106 | + "ZVBJOUVBNExJZk8zQldMZHdWejQKdThGQU91eExxSXBja2VKejNXSW5MUURXcWpFZkhUWVA2U" |
| 107 | + "TlaMzA3MGxhMnVGWkNuY3pkbFh6V0haQmNuSUlscwp0VXZnVmhxbUNQRzlGLzBrWFhpYWQwUG" |
| 108 | + "kvYUYzSXFOYUphOEViUUlEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFCkJBTUNBcVF3RHdZRFZ" |
| 109 | + "SMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVL1hCYlNUMWJ3VXczT1VpVHlmN2MKMzJR" |
| 110 | + "Q3B4c3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSGdqelpINkx3cGF3eXlMWmVKTUZOcFdMY" |
| 111 | + "Ws4RThHMApPcmlka3dESWhoWjVCQ0ZLSEdIZE82T1ZQTk1ZcWt6TzJpUzhyOFhNWjN3OExqMW" |
| 112 | + "M2UVF4VzhJNG8wdDhJWDNnCkNnRTNhOXR1bjNRNC96cnVlNU5EUWp2MVMrR1V5QW12c2p5Z1N" |
| 113 | + "FS3VFVXRHVkxwTlhYemlDN0lSMG41MHBpZnQKZ1JJVzFQOThUcTROYzVMaVluNTJXTnJwUnFo" |
| 114 | + "WllNays5SWJiSGZZN3Y3VkY3eEJVSDJlWGFiMGViM2lCR09OUgorVTc2ZG5NRDNrbUs2dGpnU" |
| 115 | + "UVCWnUwRTVVTnJZRlUvclZEYjVYb1dXYjEyMFhSYUZSWGRZV1ZreWFYQW0vc3EwCkRaUEZKTT" |
| 116 | + "dvU1JZcGNKSWlYZExPamYyT1VQNzI1LzVtRDJpd3FGbTJ0V3BjMkdTbjlvWGZseGs9Ci0tLS0" |
| 117 | + "tRU5EIENFUlRJRklDQVRFLS0tLS0K" |
| 118 | +) |
| 119 | + |
77 | 120 | TEST_SSL_HOST = "https://test-host" |
78 | 121 | TEST_CERTIFICATE_AUTH = "cert-auth" |
79 | 122 | TEST_CERTIFICATE_AUTH_BASE64 = _base64(TEST_CERTIFICATE_AUTH) |
@@ -340,6 +383,13 @@ class TestKubeConfigLoader(BaseTestCase): |
340 | 383 | "user": "oidc" |
341 | 384 | } |
342 | 385 | }, |
| 386 | + { |
| 387 | + "name": "expired_oidc", |
| 388 | + "context": { |
| 389 | + "cluster": "default", |
| 390 | + "user": "expired_oidc" |
| 391 | + } |
| 392 | + }, |
343 | 393 | { |
344 | 394 | "name": "user_pass", |
345 | 395 | "context": { |
@@ -468,6 +518,22 @@ class TestKubeConfigLoader(BaseTestCase): |
468 | 518 | } |
469 | 519 | } |
470 | 520 | }, |
| 521 | + { |
| 522 | + "name": "expired_oidc", |
| 523 | + "user": { |
| 524 | + "auth-provider": { |
| 525 | + "name": "oidc", |
| 526 | + "config": { |
| 527 | + "client-id": "tectonic-kubectl", |
| 528 | + "client-secret": "FAKE_SECRET", |
| 529 | + "id-token": TEST_OIDC_EXPIRED_LOGIN, |
| 530 | + "idp-certificate-authority-data": TEST_OIDC_CA, |
| 531 | + "idp-issuer-url": "https://example.org/identity", |
| 532 | + "refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" |
| 533 | + } |
| 534 | + } |
| 535 | + } |
| 536 | + }, |
471 | 537 | { |
472 | 538 | "name": "user_pass", |
473 | 539 | "user": { |
@@ -573,6 +639,30 @@ def test_oidc_no_refresh(self): |
573 | 639 | self.assertTrue(loader._load_oid_token()) |
574 | 640 | self.assertEqual(TEST_OIDC_TOKEN, loader.token) |
575 | 641 |
|
| 642 | + @mock.patch('config.kube_config.OAuth2Session.refresh_token') |
| 643 | + @mock.patch('config.kube_config.ApiClient.request') |
| 644 | + def test_oidc_with_refresh(self, mock_ApiClient, mock_OAuth2Session): |
| 645 | + mock_response = mock.MagicMock() |
| 646 | + type(mock_response).status = mock.PropertyMock( |
| 647 | + return_value=200 |
| 648 | + ) |
| 649 | + type(mock_response).data = mock.PropertyMock( |
| 650 | + return_value=json.dumps({ |
| 651 | + "token_endpoint": "https://example.org/identity/token" |
| 652 | + }) |
| 653 | + ) |
| 654 | + |
| 655 | + mock_ApiClient.return_value = mock_response |
| 656 | + |
| 657 | + mock_OAuth2Session.return_value = {"id_token": "abc123"} |
| 658 | + |
| 659 | + loader = KubeConfigLoader( |
| 660 | + config_dict=self.TEST_KUBE_CONFIG, |
| 661 | + active_context="expired_oidc", |
| 662 | + ) |
| 663 | + self.assertTrue(loader._load_oid_token()) |
| 664 | + self.assertEqual("Bearer abc123", loader.token) |
| 665 | + |
576 | 666 | def test_user_pass(self): |
577 | 667 | expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN) |
578 | 668 | actual = FakeConfig() |
|
0 commit comments