more tests

hashicorp · Jun 29, 2023 · 833cfa1 · 833cfa1
1 parent b76c6db
commit 833cfa1
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 9 deletions.
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
@@ -255,7 +255,7 @@ func makeJWTProviderCluster(p *structs.JWTProviderConfigEntry) (*envoy_cluster_v
 // it will default to port 80 for http and 443 for https for any
 // URI that does not specify a port
 func parseJWTRemoteURL(uri string) (string, string, int, error) {
-	u, err := url.Parse(uri)
+	u, err := url.ParseRequestURI(uri)
 	if err != nil {
 		return "", "", 0, err
 	}

diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
@@ -962,8 +962,29 @@ func TestEnvoyLBConfig_InjectToCluster(t *testing.T) {
 func TestMakeJWTProviderCluster(t *testing.T) {
 	// All tests here depend on golden files located under: agent/xds/testdata/jwt_authn_cluster/*
 	tests := map[string]struct {
-		provider *structs.JWTProviderConfigEntry
+		provider      *structs.JWTProviderConfigEntry
+		expectedError string
 	}{
+		"remote-jwks-not-configured": {
+			provider: &structs.JWTProviderConfigEntry{
+				Kind:          "jwt-provider",
+				Name:          "okta",
+				JSONWebKeySet: &structs.JSONWebKeySet{},
+			},
+			expectedError: "cannot create JWKS cluster for non remote JWKS. Provider Name: okta",
+		},
+		"local-jwks-configured": {
+			provider: &structs.JWTProviderConfigEntry{
+				Kind: "jwt-provider",
+				Name: "okta",
+				JSONWebKeySet: &structs.JSONWebKeySet{
+					Local: &structs.LocalJWKS{
+						Filename: "filename",
+					},
+				},
+			},
+			expectedError: "cannot create JWKS cluster for non remote JWKS. Provider Name: okta",
+		},
 		"https-provider-with-hostname-no-port": {
 			provider: makeTestProviderWithJWKS("https://example-okta.com/.well-known/jwks.json"),
 		},
@@ -994,9 +1015,14 @@ func TestMakeJWTProviderCluster(t *testing.T) {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
 			cluster, err := makeJWTProviderCluster(tt.provider)
-			require.NoError(t, err)
-			gotJSON := protoToJSON(t, cluster)
-			require.JSONEq(t, goldenSimple(t, filepath.Join("jwt_authn_clusters", name), gotJSON), gotJSON)
+			if tt.expectedError != "" {
+				require.Error(t, err, tt.expectedError)
+			} else {
+				require.NoError(t, err)
+				gotJSON := protoToJSON(t, cluster)
+				require.JSONEq(t, goldenSimple(t, filepath.Join("jwt_authn_clusters", name), gotJSON), gotJSON)
+			}
+
 		})
 	}
 }
@@ -1022,7 +1048,12 @@ func TestParseJWTRemoteURL(t *testing.T) {
 		expectedHost   string
 		expectedPort   int
 		expectedScheme string
+		expectError    bool
 	}{
+		"invalid-url": {
+			uri:         ".com",
+			expectError: true,
+		},
 		"https-hostname-no-port": {
 			uri:            "https://test.test.com",
 			expectedHost:   "test.test.com",
@@ -1095,10 +1126,14 @@ func TestParseJWTRemoteURL(t *testing.T) {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
 			host, scheme, port, err := parseJWTRemoteURL(tt.uri)
-			require.NoError(t, err)
-			require.Equal(t, host, tt.expectedHost)
-			require.Equal(t, scheme, tt.expectedScheme)
-			require.Equal(t, port, tt.expectedPort)
+			if tt.expectError {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, host, tt.expectedHost)
+				require.Equal(t, scheme, tt.expectedScheme)
+				require.Equal(t, port, tt.expectedPort)
+			}
 		})
 	}
 }