constellation/internal/gcpshared/serviceaccountkey_test.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package gcpshared

import (
	"net/url"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestServiceAccountKeyFromURI(t *testing.T) {
	serviceAccountKey := ServiceAccountKey{
		Type:                    "type",
		ProjectID:               "project-id",
		PrivateKeyID:            "private-key-id",
		PrivateKey:              "private-key",
		ClientEmail:             "client-email",
		ClientID:                "client-id",
		AuthURI:                 "auth-uri",
		TokenURI:                "token-uri",
		AuthProviderX509CertURL: "auth-provider-x509-cert-url",
		ClientX509CertURL:       "client-x509-cert-url",
	}
	testCases := map[string]struct {
		cloudServiceAccountURI string
		wantKey                ServiceAccountKey
		wantErr                bool
	}{
		"successful": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantKey:                serviceAccountKey,
		},
		"missing type": {
			cloudServiceAccountURI: "serviceaccount://gcp?project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing project_id": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing private_key_id": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing private_key": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing client_email": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing client_id": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing token_uri": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing auth_provider_x509_cert_url": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&client_x509_cert_url=client-x509-cert-url",
			wantErr:                true,
		},
		"missing client_x509_cert_url": {
			cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url",
			wantErr:                true,
		},
		"invalid URI fails": {
			cloudServiceAccountURI: "\x00",
			wantErr:                true,
		},
		"incorrect URI scheme fails": {
			cloudServiceAccountURI: "invalid",
			wantErr:                true,
		},
		"incorrect URI host fails": {
			cloudServiceAccountURI: "serviceaccount://incorrect",
			wantErr:                true,
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)
			require := require.New(t)

			key, err := ServiceAccountKeyFromURI(tc.cloudServiceAccountURI)
			if tc.wantErr {
				assert.Error(err)
				return
			}
			require.NoError(err)
			assert.Equal(tc.wantKey, key)
		})
	}
}

func TestConvertToCloudServiceAccountURI(t *testing.T) {
	assert := assert.New(t)
	require := require.New(t)
	key := ServiceAccountKey{
		Type:                    "type",
		ProjectID:               "project-id",
		PrivateKeyID:            "private-key-id",
		PrivateKey:              "private-key",
		ClientEmail:             "client-email",
		ClientID:                "client-id",
		AuthURI:                 "auth-uri",
		TokenURI:                "token-uri",
		AuthProviderX509CertURL: "auth-provider-x509-cert-url",
		ClientX509CertURL:       "client-x509-cert-url",
	}
	cloudServiceAccountURI := key.ToCloudServiceAccountURI()
	uri, err := url.Parse(cloudServiceAccountURI)
	require.NoError(err)
	query := uri.Query()
	assert.Equal("serviceaccount", uri.Scheme)
	assert.Equal("gcp", uri.Host)
	assert.Equal(url.Values{
		"type":                        []string{"type"},
		"project_id":                  []string{"project-id"},
		"private_key_id":              []string{"private-key-id"},
		"private_key":                 []string{"private-key"},
		"client_email":                []string{"client-email"},
		"client_id":                   []string{"client-id"},
		"auth_uri":                    []string{"auth-uri"},
		"token_uri":                   []string{"token-uri"},
		"auth_provider_x509_cert_url": []string{"auth-provider-x509-cert-url"},
		"client_x509_cert_url":        []string{"client-x509-cert-url"},
	}, query)
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 07:06:08 +00:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

Separate shared gcp code 2022-06-07 12:52:06 +00:00			`package gcpshared`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00
			`import (`
Separate shared gcp code 2022-06-07 12:52:06 +00:00			`"net/url"`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`)`

Separate shared gcp code 2022-06-07 12:52:06 +00:00			`func TestServiceAccountKeyFromURI(t *testing.T) {`
			`serviceAccountKey := ServiceAccountKey{`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`Type: "type",`
			`ProjectID: "project-id",`
			`PrivateKeyID: "private-key-id",`
			`PrivateKey: "private-key",`
			`ClientEmail: "client-email",`
			`ClientID: "client-id",`
			`AuthURI: "auth-uri",`
			`TokenURI: "token-uri",`
			`AuthProviderX509CertURL: "auth-provider-x509-cert-url",`
			`ClientX509CertURL: "client-x509-cert-url",`
			`}`
			`testCases := map[string]struct {`
			`cloudServiceAccountURI string`
Separate shared gcp code 2022-06-07 12:52:06 +00:00			`wantKey ServiceAccountKey`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr bool`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`}{`
Separate shared gcp code 2022-06-07 12:52:06 +00:00			`"successful": {`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantKey: serviceAccountKey,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing type": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing project_id": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing private_key_id": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing private_key": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing client_email": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing client_id": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing token_uri": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing auth_provider_x509_cert_url": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&client_x509_cert_url=client-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"missing client_x509_cert_url": {`
			`cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"invalid URI fails": {`
			`cloudServiceAccountURI: "\x00",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"incorrect URI scheme fails": {`
			`cloudServiceAccountURI: "invalid",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`"incorrect URI host fails": {`
			`cloudServiceAccountURI: "serviceaccount://incorrect",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`wantErr: true,`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`
			`require := require.New(t)`

Separate shared gcp code 2022-06-07 12:52:06 +00:00			`key, err := ServiceAccountKeyFromURI(tc.cloudServiceAccountURI)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`if tc.wantErr {`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`assert.Error(err)`
			`return`
			`}`
			`require.NoError(err)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 14:54:05 +00:00			`assert.Equal(tc.wantKey, key)`
Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-25 09:55:37 +00:00			`})`
			`}`
			`}`
Separate shared gcp code 2022-06-07 12:52:06 +00:00
			`func TestConvertToCloudServiceAccountURI(t *testing.T) {`
			`assert := assert.New(t)`
			`require := require.New(t)`
			`key := ServiceAccountKey{`
			`Type: "type",`
			`ProjectID: "project-id",`
			`PrivateKeyID: "private-key-id",`
			`PrivateKey: "private-key",`
			`ClientEmail: "client-email",`
			`ClientID: "client-id",`
			`AuthURI: "auth-uri",`
			`TokenURI: "token-uri",`
			`AuthProviderX509CertURL: "auth-provider-x509-cert-url",`
			`ClientX509CertURL: "client-x509-cert-url",`
			`}`
			`cloudServiceAccountURI := key.ToCloudServiceAccountURI()`
			`uri, err := url.Parse(cloudServiceAccountURI)`
			`require.NoError(err)`
			`query := uri.Query()`
			`assert.Equal("serviceaccount", uri.Scheme)`
			`assert.Equal("gcp", uri.Host)`
			`assert.Equal(url.Values{`
			`"type": []string{"type"},`
			`"project_id": []string{"project-id"},`
			`"private_key_id": []string{"private-key-id"},`
			`"private_key": []string{"private-key"},`
			`"client_email": []string{"client-email"},`
			`"client_id": []string{"client-id"},`
			`"auth_uri": []string{"auth-uri"},`
			`"token_uri": []string{"token-uri"},`
			`"auth_provider_x509_cert_url": []string{"auth-provider-x509-cert-url"},`
			`"client_x509_cert_url": []string{"client-x509-cert-url"},`
			`}, query)`
			`}`