From bc9299a60342a28446a5f61fa9b331132a374b0d Mon Sep 17 00:00:00 2001 From: John Kemp Date: Fri, 2 Jan 2026 16:45:47 -0500 Subject: [PATCH 1/7] httptest implemented Signed-off-by: John Kemp --- provider/github/sia-actions/authn_test.go | 43 +++++++++++------------ 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/provider/github/sia-actions/authn_test.go b/provider/github/sia-actions/authn_test.go index f08f1eb7040..92fd2585922 100644 --- a/provider/github/sia-actions/authn_test.go +++ b/provider/github/sia-actions/authn_test.go @@ -19,38 +19,35 @@ package sia import ( "crypto/rand" "crypto/rsa" - "github.com/gorilla/mux" "github.com/stretchr/testify/assert" "io" "log" "net/http" + "net/http/httptest" "os" "testing" - "time" ) -func startHttpServer(uri, token string, statusCode int) { - router := mux.NewRouter() - router.HandleFunc("/oidc", func(w http.ResponseWriter, r *http.Request) { +func startHttpServer(token string, statusCode int) *httptest.Server { + router := http.NewServeMux() + router.HandleFunc("GET /oidc", func(w http.ResponseWriter, r *http.Request) { log.Println("/oidc token endpoint is called") w.WriteHeader(statusCode) io.WriteString(w, "{\"value\": \""+token+"\"}") - }).Methods("GET") + }) - err := http.ListenAndServe(uri, router) - if err != nil { - log.Fatal("ListenAndServe: ", err) - } + return httptest.NewServer(router) } func TestGetOIDCToken(t *testing.T) { validToken := "eyJraWQiOiIwIiwiYWxnIjoiRVMyNTYifQ.eyJleHAiOjE3MDgwMjc4MTcsImlzcyI6Imh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20iLCJhdWQiOiJodHRwczovL2F0aGVuei5pbyIsInJ1bl9pZCI6IjAwMDEiLCJlbnRlcnByaXNlIjoiYXRoZW56Iiwic3ViIjoicmVwbzphdGhlbnovc2lhOnJlZjpyZWZzL2hlYWRzL21haW4iLCJldmVudF9uYW1lIjoicHVzaCIsImlhdCI6MTcwODAyNDIxN30.ykt6O1mIjIjalTrmaU9AuSSsQghZ7Mx61gDsjVPHV0-SCqYpZNy7RtEbvgjKVCZ0kJ6BijH3aEf3EGArLHjTOQ" - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8081/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") - go startHttpServer("localhost:8081", validToken, http.StatusOK) - time.Sleep(2 * time.Second) + ts := startHttpServer(validToken, http.StatusOK) + defer ts.Close() + + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, claims, err := GetOIDCToken("https://athenz.io") assert.Nil(t, err) @@ -68,7 +65,7 @@ func TestGetOIDCTokenEnvNotSet(t *testing.T) { assert.Equal(t, "ACTIONS_ID_TOKEN_REQUEST_URL environment variable not set", err.Error()) // now let's set the request url but not the token - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8081/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:0/oidc?type=jwt") _, _, err = GetOIDCToken("https://athenz.io") assert.NotNil(t, err) assert.Equal(t, "ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variable not set", err.Error()) @@ -78,11 +75,11 @@ func TestGetOIDCTokenEnvNotSet(t *testing.T) { func TestGetOIDCTokenInvalidStatusCode(t *testing.T) { - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8082/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") + ts := startHttpServer("test-token", http.StatusBadRequest) + defer ts.Close() - go startHttpServer("localhost:8082", "invalid-token", http.StatusBadRequest) - time.Sleep(2 * time.Second) + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, _, err := GetOIDCToken("https://athenz.io") assert.NotNil(t, err) @@ -93,11 +90,11 @@ func TestGetOIDCTokenInvalidStatusCode(t *testing.T) { func TestGetOIDCTokenInvalidToken(t *testing.T) { - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "http://localhost:8083/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") + ts := startHttpServer("invalid-token", http.StatusOK) + defer ts.Close() - go startHttpServer("localhost:8083", "invalid-token", http.StatusOK) - time.Sleep(2 * time.Second) + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, _, err := GetOIDCToken("https://athenz.io") assert.NotNil(t, err) From cc6c023bcf04fe2cda49e67ac0ffb8a51545beaf Mon Sep 17 00:00:00 2001 From: John Kemp Date: Fri, 2 Jan 2026 16:47:46 -0500 Subject: [PATCH 2/7] httptest implemented Signed-off-by: John Kemp --- provider/harness/sia-harness/authn_test.go | 38 ++++++++++------------ 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/provider/harness/sia-harness/authn_test.go b/provider/harness/sia-harness/authn_test.go index ecdf3e4127d..f7a433d4a12 100644 --- a/provider/harness/sia-harness/authn_test.go +++ b/provider/harness/sia-harness/authn_test.go @@ -19,28 +19,24 @@ package sia import ( "crypto/rand" "crypto/rsa" - "github.com/gorilla/mux" "github.com/stretchr/testify/assert" "io" "log" "net/http" + "net/http/httptest" "os" "testing" - "time" ) -func startHttpServer(uri, token string, statusCode int) { - router := mux.NewRouter() - router.HandleFunc("/oidc", func(w http.ResponseWriter, r *http.Request) { +func startHttpServer(token string, statusCode int) *httptest.Server { + router := http.NewServeMux() + router.HandleFunc("POST /oidc", func(w http.ResponseWriter, r *http.Request) { log.Println("/oidc token endpoint is called") w.WriteHeader(statusCode) - io.WriteString(w, "{\"data\": \""+token+"\"}") - }).Methods("POST") + io.WriteString(w, "{\"value\": \""+token+"\"}") + }) - err := http.ListenAndServe(uri, router) - if err != nil { - log.Fatal("ListenAndServe: ", err) - } + return httptest.NewServer(router) } func TestGetOIDCToken(t *testing.T) { @@ -56,10 +52,10 @@ func TestGetOIDCToken(t *testing.T) { os.Setenv("HARNESS_TRIGGER_TYPE", "manual") os.Setenv("HARNESS_SEQUENCE_ID", "1") - go startHttpServer("localhost:8081", validToken, http.StatusOK) - time.Sleep(2 * time.Second) + ts := startHttpServer(validToken, http.StatusOK) + defer ts.Close() - _, claims, err := GetOIDCToken("https://athenz.io", "http://localhost:8081/oidc") + _, claims, err := GetOIDCToken("https://athenz.io", ts.URL+"/oidc") assert.Nil(t, err) assert.Equal(t, "https://athenz.io", claims["aud"].(string)) assert.Equal(t, "account/1234:org/athenzorg:project/athenz:pipeline/job-uuid", claims["sub"].(string)) @@ -75,7 +71,7 @@ func TestGetOIDCToken(t *testing.T) { func TestGetOIDCTokenEnvNotSet(t *testing.T) { // both env variables missing - first check is for request url - _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:8081/oidc") + _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:0/oidc") assert.NotNil(t, err) assert.Equal(t, "HARNESS_OIDC_API_KEY environment variable not set", err.Error()) @@ -93,10 +89,10 @@ func TestGetOIDCTokenInvalidStatusCode(t *testing.T) { os.Setenv("HARNESS_TRIGGER_TYPE", "MANUAL") os.Setenv("HARNESS_SEQUENCE_ID", "5") - go startHttpServer("localhost:8082", "invalid-token", http.StatusBadRequest) - time.Sleep(2 * time.Second) + ts := startHttpServer("invalid-token", http.StatusBadRequest) + defer ts.Close() - _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:8082/oidc") + _, _, err := GetOIDCToken("https://athenz.io", ts.URL+"/oidc") assert.NotNil(t, err) assert.Equal(t, "oidc token get status error: 400", err.Error()) @@ -114,10 +110,10 @@ func TestGetOIDCTokenInvalidToken(t *testing.T) { os.Setenv("HARNESS_TRIGGER_TYPE", "MANUAL") os.Setenv("HARNESS_SEQUENCE_ID", "5") - go startHttpServer("localhost:8083", "invalid-token", http.StatusOK) - time.Sleep(2 * time.Second) + ts := startHttpServer("invalid-token", http.StatusOK) + defer ts.Close() - _, _, err := GetOIDCToken("https://athenz.io", "http://localhost:8083/oidc") + _, _, err := GetOIDCToken("https://athenz.io", ts.URL+"/oidc") assert.NotNil(t, err) assert.Equal(t, "unable to parse oidc token: go-jose/go-jose: compact JWS format must have three parts", err.Error()) From 73094879e99d00efb985c44a0d346faef8c17a35 Mon Sep 17 00:00:00 2001 From: John Kemp Date: Fri, 2 Jan 2026 16:48:07 -0500 Subject: [PATCH 3/7] JSON variabnle name was incorrect Signed-off-by: John Kemp --- provider/harness/sia-harness/authn.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/provider/harness/sia-harness/authn.go b/provider/harness/sia-harness/authn.go index eb53957f0d7..13a4abb701a 100644 --- a/provider/harness/sia-harness/authn.go +++ b/provider/harness/sia-harness/authn.go @@ -115,7 +115,8 @@ func GetOIDCToken(audience, harnessUrl string) (string, map[string]interface{}, } signatureAlgorithms := []jose.SignatureAlgorithm{jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512, jose.ES256, jose.ES384, jose.ES512, jose.EdDSA} - oidcToken := jsonData["data"].(string) + + oidcToken := jsonData["value"].(string) tok, err := jwt.ParseSigned(oidcToken, signatureAlgorithms) if err != nil { return "", nil, fmt.Errorf("unable to parse oidc token: %v", err) From db3b217ea03029b62680096f17dce0c9d34a5a2b Mon Sep 17 00:00:00 2001 From: John Kemp Date: Sun, 4 Jan 2026 16:18:14 -0500 Subject: [PATCH 4/7] Update provider/github/sia-actions/authn_test.go Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: John Kemp --- provider/github/sia-actions/authn_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider/github/sia-actions/authn_test.go b/provider/github/sia-actions/authn_test.go index 92fd2585922..f91e58dfe75 100644 --- a/provider/github/sia-actions/authn_test.go +++ b/provider/github/sia-actions/authn_test.go @@ -46,8 +46,8 @@ func TestGetOIDCToken(t *testing.T) { ts := startHttpServer(validToken, http.StatusOK) defer ts.Close() - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") - os.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") +t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") +t.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, claims, err := GetOIDCToken("https://athenz.io") assert.Nil(t, err) From 0880118459ba6cd010244b038fc65d573722ef41 Mon Sep 17 00:00:00 2001 From: John Kemp Date: Sun, 4 Jan 2026 16:37:06 -0500 Subject: [PATCH 5/7] Revert variable name Signed-off-by: John Kemp --- provider/harness/sia-harness/authn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider/harness/sia-harness/authn.go b/provider/harness/sia-harness/authn.go index 13a4abb701a..294219d023f 100644 --- a/provider/harness/sia-harness/authn.go +++ b/provider/harness/sia-harness/authn.go @@ -116,7 +116,7 @@ func GetOIDCToken(audience, harnessUrl string) (string, map[string]interface{}, signatureAlgorithms := []jose.SignatureAlgorithm{jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512, jose.ES256, jose.ES384, jose.ES512, jose.EdDSA} - oidcToken := jsonData["value"].(string) + oidcToken := jsonData["data"].(string) tok, err := jwt.ParseSigned(oidcToken, signatureAlgorithms) if err != nil { return "", nil, fmt.Errorf("unable to parse oidc token: %v", err) From d1289dc606e0cdfd8c516bdd1f9ef9520775e795 Mon Sep 17 00:00:00 2001 From: John Kemp Date: Sun, 4 Jan 2026 16:38:01 -0500 Subject: [PATCH 6/7] Use data not value in returned value Signed-off-by: John Kemp --- provider/harness/sia-harness/authn_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider/harness/sia-harness/authn_test.go b/provider/harness/sia-harness/authn_test.go index f7a433d4a12..2055ffdae3d 100644 --- a/provider/harness/sia-harness/authn_test.go +++ b/provider/harness/sia-harness/authn_test.go @@ -33,7 +33,7 @@ func startHttpServer(token string, statusCode int) *httptest.Server { router.HandleFunc("POST /oidc", func(w http.ResponseWriter, r *http.Request) { log.Println("/oidc token endpoint is called") w.WriteHeader(statusCode) - io.WriteString(w, "{\"value\": \""+token+"\"}") + io.WriteString(w, "{\"data\": \""+token+"\"}") }) return httptest.NewServer(router) From 60950a9fb480b7e37db5159db33ce80880089634 Mon Sep 17 00:00:00 2001 From: John K Date: Mon, 5 Jan 2026 15:44:39 -0500 Subject: [PATCH 7/7] format error Signed-off-by: John K --- provider/github/sia-actions/authn_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider/github/sia-actions/authn_test.go b/provider/github/sia-actions/authn_test.go index f91e58dfe75..f240a3ab7c4 100644 --- a/provider/github/sia-actions/authn_test.go +++ b/provider/github/sia-actions/authn_test.go @@ -46,8 +46,8 @@ func TestGetOIDCToken(t *testing.T) { ts := startHttpServer(validToken, http.StatusOK) defer ts.Close() -t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") -t.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") + t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", ts.URL+"/oidc?type=jwt") + t.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "test-token") _, claims, err := GetOIDCToken("https://athenz.io") assert.Nil(t, err)