diff --git a/provider/github/sia-actions/authn_test.go b/provider/github/sia-actions/authn_test.go index f08f1eb7040..f240a3ab7c4 100644 --- a/provider/github/sia-actions/authn_test.go +++ b/provider/github/sia-actions/authn_test.go @@ -19,38 +19,35 @@ package sia import ( "crypto/rand" "crypto/rsa" - "github.com/gorilla/mux" "github.com/stretchr/testify/assert" "io" "log" "net/http" + "net/http/httptest" "os" "testing" - "time" ) -func startHttpServer(uri, token string, statusCode int) { - router := mux.NewRouter() - router.HandleFunc("/oidc", func(w http.ResponseWriter, r *http.Request) { +func startHttpServer(token string, statusCode int) *httptest.Server { + router := http.NewServeMux() + router.HandleFunc("GET /oidc", func(w http.ResponseWriter, r *http.Request) { log.Println("/oidc token endpoint is called") w.WriteHeader(statusCode) io.WriteString(w, "{\"value\": \""+token+"\"}") - }).Methods("GET") + }) - err := http.ListenAndServe(uri, router) - if err != nil { - log.Fatal("ListenAndServe: ", err) - } + return httptest.NewServer(router) } func TestGetOIDCToken(t *testing.T) { validToken := "eyJraWQiOiIwIiwiYWxnIjoiRVMyNTYifQ.eyJleHAiOjE3MDgwMjc4MTcsImlzcyI6Imh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20iLCJhdWQiOiJodHRwczovL2F0aGVuei5pbyIsInJ1bl9pZCI6IjAwMDEiLCJlbnRlcnByaXNlIjoiYXRoZW56Iiwic3ViIjoicmVwbzphdGhlbnovc2lhOnJlZjpyZWZzL2hlYWRzL21haW4iLCJldmVudF9uYW1lIjoicHVzaCIsImlhdCI6MTcwODAyNDIxN30.ykt6O1mIjIjalTrmaU9AuSSsQghZ7Mx61gDsjVPHV0-SCqYpZNy7RtEbvgjKVCZ0kJ6BijH3aEf3EGArLHjTOQ" - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8081/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") - go startHttpServer("localhost:8081", validToken, http.StatusOK) - time.Sleep(2 * time.Second) + ts := startHttpServer(validToken, http.StatusOK) + defer ts.Close() + + t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + t.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, claims, err := GetOIDCToken("https://athenz.io") assert.Nil(t, err) @@ -68,7 +65,7 @@ func TestGetOIDCTokenEnvNotSet(t *testing.T) { assert.Equal(t, "ACTIONS_ID_TOKEN_REQUEST_URL environment variable not set", err.Error()) // now let's set the request url but not the token - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8081/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:0/oidc?type=jwt") _, _, err = GetOIDCToken("https://athenz.io") assert.NotNil(t, err) assert.Equal(t, "ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variable not set", err.Error()) @@ -78,11 +75,11 @@ func TestGetOIDCTokenEnvNotSet(t *testing.T) { func TestGetOIDCTokenInvalidStatusCode(t *testing.T) { - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8082/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") + ts := startHttpServer("test-token", http.StatusBadRequest) + defer ts.Close() - go startHttpServer("localhost:8082", "invalid-token", http.StatusBadRequest) - time.Sleep(2 * time.Second) + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, _, err := GetOIDCToken("https://athenz.io") assert.NotNil(t, err) @@ -93,11 +90,11 @@ func TestGetOIDCTokenInvalidStatusCode(t *testing.T) { func TestGetOIDCTokenInvalidToken(t *testing.T) { - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8083/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") + ts := startHttpServer("invalid-token", http.StatusOK) + defer ts.Close() - go startHttpServer("localhost:8083", "invalid-token", http.StatusOK) - time.Sleep(2 * time.Second) + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, _, err := GetOIDCToken("https://athenz.io") assert.NotNil(t, err) diff --git a/provider/harness/sia-harness/authn.go b/provider/harness/sia-harness/authn.go index eb53957f0d7..294219d023f 100644 --- a/provider/harness/sia-harness/authn.go +++ b/provider/harness/sia-harness/authn.go @@ -115,6 +115,7 @@ func GetOIDCToken(audience, harnessUrl string) (string, map[string]interface{}, } signatureAlgorithms := []jose.SignatureAlgorithm{jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512, jose.ES256, jose.ES384, jose.ES512, jose.EdDSA} + oidcToken := jsonData["data"].(string) tok, err := jwt.ParseSigned(oidcToken, signatureAlgorithms) if err != nil { diff --git a/provider/harness/sia-harness/authn_test.go b/provider/harness/sia-harness/authn_test.go index ecdf3e4127d..2055ffdae3d 100644 --- a/provider/harness/sia-harness/authn_test.go +++ b/provider/harness/sia-harness/authn_test.go @@ -19,28 +19,24 @@ package sia import ( "crypto/rand" "crypto/rsa" - "github.com/gorilla/mux" "github.com/stretchr/testify/assert" "io" "log" "net/http" + "net/http/httptest" "os" "testing" - "time" ) -func startHttpServer(uri, token string, statusCode int) { - router := mux.NewRouter() - router.HandleFunc("/oidc", func(w http.ResponseWriter, r *http.Request) { +func startHttpServer(token string, statusCode int) *httptest.Server { + router := http.NewServeMux() + router.HandleFunc("POST /oidc", func(w http.ResponseWriter, r *http.Request) { log.Println("/oidc token endpoint is called") w.WriteHeader(statusCode) io.WriteString(w, "{\"data\": \""+token+"\"}") - }).Methods("POST") + }) - err := http.ListenAndServe(uri, router) - if err != nil { - log.Fatal("ListenAndServe: ", err) - } + return httptest.NewServer(router) } func TestGetOIDCToken(t *testing.T) { @@ -56,10 +52,10 @@ func TestGetOIDCToken(t *testing.T) { os.Setenv("HARNESS_TRIGGER_TYPE", "manual") os.Setenv("HARNESS_SEQUENCE_ID", "1") - go startHttpServer("localhost:8081", validToken, http.StatusOK) - time.Sleep(2 * time.Second) + ts := startHttpServer(validToken, http.StatusOK) + defer ts.Close() - _, claims, err := GetOIDCToken("https://athenz.io", "http://localhost:8081/oidc") + _, claims, err := GetOIDCToken("https://athenz.io", ts.URL+"/oidc") assert.Nil(t, err) assert.Equal(t, "https://athenz.io", claims["aud"].(string)) assert.Equal(t, "account/1234:org/athenzorg:project/athenz:pipeline/job-uuid", claims["sub"].(string)) @@ -75,7 +71,7 @@ func TestGetOIDCToken(t *testing.T) { func TestGetOIDCTokenEnvNotSet(t *testing.T) { // both env variables missing - first check is for request url - _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:8081/oidc") + _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:0/oidc") assert.NotNil(t, err) assert.Equal(t, "HARNESS_OIDC_API_KEY environment variable not set", err.Error()) @@ -93,10 +89,10 @@ func TestGetOIDCTokenInvalidStatusCode(t *testing.T) { os.Setenv("HARNESS_TRIGGER_TYPE", "MANUAL") os.Setenv("HARNESS_SEQUENCE_ID", "5") - go startHttpServer("localhost:8082", "invalid-token", http.StatusBadRequest) - time.Sleep(2 * time.Second) + ts := startHttpServer("invalid-token", http.StatusBadRequest) + defer ts.Close() - _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:8082/oidc") + _, _, err := GetOIDCToken("https://athenz.io", ts.URL+"/oidc") assert.NotNil(t, err) assert.Equal(t, "oidc token get status error: 400", err.Error()) @@ -114,10 +110,10 @@ func TestGetOIDCTokenInvalidToken(t *testing.T) { os.Setenv("HARNESS_TRIGGER_TYPE", "MANUAL") os.Setenv("HARNESS_SEQUENCE_ID", "5") - go startHttpServer("localhost:8083", "invalid-token", http.StatusOK) - time.Sleep(2 * time.Second) + ts := startHttpServer("invalid-token", http.StatusOK) + defer ts.Close() - _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:8083/oidc") + _, _, err := GetOIDCToken("https://athenz.io", ts.URL+"/oidc") assert.NotNil(t, err) assert.Equal(t, "unable to parse oidc token: go-jose/go-jose: compact JWS format must have three parts", err.Error())