From 0f0c481b500cdb425fc0b923d21245bff61dd6ac Mon Sep 17 00:00:00 2001 From: Priya Wadhwa Date: Mon, 6 Mar 2023 12:07:23 -0500 Subject: [PATCH] Update unit tests for issuer pool Signed-off-by: Priya Wadhwa --- cmd/app/grpc.go | 45 +++++++++++-------------------- cmd/app/grpc_test.go | 14 +++------- pkg/identity/base/issuer.go | 6 +++++ pkg/identity/email/issuer.go | 6 ----- pkg/identity/github/issuer.go | 6 ----- pkg/identity/kubernetes/issuer.go | 6 ----- pkg/identity/spiffe/issuer.go | 6 ----- pkg/identity/uri/issuer.go | 6 ----- pkg/identity/username/issuer.go | 7 ----- 9 files changed, 26 insertions(+), 76 deletions(-) diff --git a/cmd/app/grpc.go b/cmd/app/grpc.go index a55b6dd40..282dd6b34 100644 --- a/cmd/app/grpc.go +++ b/cmd/app/grpc.go @@ -34,6 +34,7 @@ import ( gw "github.com/sigstore/fulcio/pkg/generated/protobuf" gw_legacy "github.com/sigstore/fulcio/pkg/generated/protobuf/legacy" "github.com/sigstore/fulcio/pkg/identity" + "github.com/sigstore/fulcio/pkg/identity/buildkite" "github.com/sigstore/fulcio/pkg/identity/email" "github.com/sigstore/fulcio/pkg/identity/github" "github.com/sigstore/fulcio/pkg/identity/kubernetes" @@ -95,48 +96,34 @@ func createGRPCServer(cfg *config.FulcioConfig, ctClient *ctclient.LogClient, ba func NewIssuerPool(cfg *config.FulcioConfig) identity.IssuerPool { var ip identity.IssuerPool for _, i := range cfg.OIDCIssuers { - ip = append(ip, getIssuer(i)) + ip = append(ip, getIssuer("", i)) } - for meta, iss := range cfg.MetaIssuers { - re, err := config.MetaRegex(meta) - if err != nil { - continue // Shouldn't happen, we check parsing the config - } - if re.MatchString(iss.IssuerURL) { - // If it matches, then return a concrete OIDCIssuer - // configuration for this issuer URL. - oidcIssuer := config.OIDCIssuer{ - IssuerURL: iss.IssuerURL, - ClientID: iss.ClientID, - Type: iss.Type, - IssuerClaim: iss.IssuerClaim, - SubjectDomain: iss.SubjectDomain, - } - ip = append(ip, getIssuer(oidcIssuer)) - } else { - fmt.Println("it didn't match") - fmt.Println(meta) - } + for meta, i := range cfg.MetaIssuers { + ip = append(ip, getIssuer(meta, i)) } return ip } -func getIssuer(i config.OIDCIssuer) identity.Issuer { +func getIssuer(meta string, i config.OIDCIssuer) identity.Issuer { + issuerURL := i.IssuerURL + if issuerURL == "" { + issuerURL = meta + } switch i.Type { case config.IssuerTypeEmail: - return email.Issuer(i.IssuerURL) + return email.Issuer(issuerURL) case config.IssuerTypeGithubWorkflow: - return github.Issuer(i.IssuerURL) + return github.Issuer(issuerURL) case config.IssuerTypeBuildkiteJob: - // TODO: priyawadhwa@ + return buildkite.Issuer(issuerURL) case config.IssuerTypeKubernetes: - return kubernetes.Issuer(i.IssuerURL) + return kubernetes.Issuer(issuerURL) case config.IssuerTypeSpiffe: - return spiffe.Issuer(i.IssuerURL) + return spiffe.Issuer(issuerURL) case config.IssuerTypeURI: - return uri.Issuer(i.IssuerURL) + return uri.Issuer(issuerURL) case config.IssuerTypeUsername: - return username.Issuer(i.IssuerURL) + return username.Issuer(issuerURL) } return nil } diff --git a/cmd/app/grpc_test.go b/cmd/app/grpc_test.go index 43efb6822..4f2deea95 100644 --- a/cmd/app/grpc_test.go +++ b/cmd/app/grpc_test.go @@ -20,6 +20,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/sigstore/fulcio/pkg/config" "github.com/sigstore/fulcio/pkg/identity" + "github.com/sigstore/fulcio/pkg/identity/base" "github.com/sigstore/fulcio/pkg/identity/email" "github.com/sigstore/fulcio/pkg/identity/github" "github.com/sigstore/fulcio/pkg/identity/kubernetes" @@ -44,7 +45,7 @@ func TestIssuerPool(t *testing.T) { expected := identity.IssuerPool{ email.Issuer("https://oauth2.sigstore.dev/auth"), } - ignoreOpts := []cmp.Option{email.CmpOptions, spiffe.CmpOptions, github.CmpOptions} + ignoreOpts := []cmp.Option{base.CmpOptions} got := NewIssuerPool(cfg) if d := cmp.Diff(expected, got, ignoreOpts...); d != "" { t.Fatal(d) @@ -119,18 +120,11 @@ func TestGetIssuer(t *testing.T) { }, } - ignoreOpts := []cmp.Option{ - email.CmpOptions, - github.CmpOptions, - spiffe.CmpOptions, - kubernetes.CmpOptions, - uri.CmpOptions, - username.CmpOptions, - } + ignoreOpts := []cmp.Option{base.CmpOptions} for _, test := range tests { t.Run(test.description, func(t *testing.T) { - got := getIssuer(test.issuer) + got := getIssuer("", test.issuer) if d := cmp.Diff(got, test.expected, ignoreOpts...); d != "" { t.Fatal(d) } diff --git a/pkg/identity/base/issuer.go b/pkg/identity/base/issuer.go index d4085a676..49f313550 100644 --- a/pkg/identity/base/issuer.go +++ b/pkg/identity/base/issuer.go @@ -20,9 +20,15 @@ import ( "regexp" "strings" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" ) +var ( + // For testing + CmpOptions = cmpopts.IgnoreUnexported(baseIssuer{}) +) + type baseIssuer struct { issuerURL string } diff --git a/pkg/identity/email/issuer.go b/pkg/identity/email/issuer.go index fba532a93..38c44d721 100644 --- a/pkg/identity/email/issuer.go +++ b/pkg/identity/email/issuer.go @@ -17,16 +17,10 @@ package email import ( "context" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" "github.com/sigstore/fulcio/pkg/identity/base" ) -var ( - // For testing - CmpOptions = cmpopts.IgnoreUnexported(emailIssuer{}) -) - type emailIssuer struct { identity.Issuer } diff --git a/pkg/identity/github/issuer.go b/pkg/identity/github/issuer.go index 5b9929287..bfa3fc6e0 100644 --- a/pkg/identity/github/issuer.go +++ b/pkg/identity/github/issuer.go @@ -17,16 +17,10 @@ package github import ( "context" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" "github.com/sigstore/fulcio/pkg/identity/base" ) -var ( - // For testing - CmpOptions = cmpopts.IgnoreUnexported(githubIssuer{}) -) - type githubIssuer struct { identity.Issuer } diff --git a/pkg/identity/kubernetes/issuer.go b/pkg/identity/kubernetes/issuer.go index f5bfff3d7..968a1f4fc 100644 --- a/pkg/identity/kubernetes/issuer.go +++ b/pkg/identity/kubernetes/issuer.go @@ -17,16 +17,10 @@ package kubernetes import ( "context" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" "github.com/sigstore/fulcio/pkg/identity/base" ) -var ( - // For testing - CmpOptions = cmpopts.IgnoreUnexported(kubernetesIssuer{}) -) - type kubernetesIssuer struct { identity.Issuer } diff --git a/pkg/identity/spiffe/issuer.go b/pkg/identity/spiffe/issuer.go index 0b592bb2f..e824759a4 100644 --- a/pkg/identity/spiffe/issuer.go +++ b/pkg/identity/spiffe/issuer.go @@ -17,16 +17,10 @@ package spiffe import ( "context" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" "github.com/sigstore/fulcio/pkg/identity/base" ) -var ( - // For testing - CmpOptions = cmpopts.IgnoreUnexported(spiffeIssuer{}) -) - type spiffeIssuer struct { identity.Issuer } diff --git a/pkg/identity/uri/issuer.go b/pkg/identity/uri/issuer.go index 13f42e424..bccd08f14 100644 --- a/pkg/identity/uri/issuer.go +++ b/pkg/identity/uri/issuer.go @@ -17,16 +17,10 @@ package uri import ( "context" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" "github.com/sigstore/fulcio/pkg/identity/base" ) -var ( - // For testing - CmpOptions = cmpopts.IgnoreUnexported(uriIssuer{}) -) - type uriIssuer struct { identity.Issuer } diff --git a/pkg/identity/username/issuer.go b/pkg/identity/username/issuer.go index e8342fb46..58f292691 100644 --- a/pkg/identity/username/issuer.go +++ b/pkg/identity/username/issuer.go @@ -17,17 +17,10 @@ package username import ( "context" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/sigstore/fulcio/pkg/identity" "github.com/sigstore/fulcio/pkg/identity/base" ) -var ( - // For testing - CmpOptions = cmpopts.IgnoreUnexported(usernameIssuer{}) -) - - type usernameIssuer struct { identity.Issuer }