Skip to content

Commit

Permalink
[bug-767]: karavictl generate token outputs yaml (#230)
Browse files Browse the repository at this point in the history 
* generate token output yaml

* fix superfluous response.WriteHeader call

* refactor output

* fix coverage

* fix linting
  • Loading branch information
@atye
atye authored Apr 24, 2023
1 parent 2a3dbd5 commit 2cbc4e3
Show file tree
Hide file tree
Showing 8 changed files with 108 additions and 19 deletions.
2 changes: 1 addition & 1 deletion cmd/karavictl/cmd/generate_token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ func NewGenerateTokenCmd() *cobra.Command {
}
}

err = JSONOutput(cmd.OutOrStdout(), &resp)
err = Output(cmd.OutOrStdout(), resp.Token)
if err != nil {
reportErrorAndExit(JSONOutput, cmd.ErrOrStderr(), err)
return nil
Expand Down
8 changes: 8 additions & 0 deletions cmd/karavictl/cmd/tenant.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,14 @@ func jsonOutput(w io.Writer, v interface{}) error {
return nil
}

func output(w io.Writer, v interface{}) error {
_, err := fmt.Fprint(w, v)
if err != nil {
return err
}
return nil
}

// jsonOutput() omits boolean flag on false value while encoding
func jsonOutputEmitEmpty(w io.Writer, m protoreflect.ProtoMessage) error {
enc := protojson.MarshalOptions{Multiline: true, EmitUnpopulated: true, Indent: ""}
Expand Down
1 change: 1 addition & 0 deletions cmd/karavictl/cmd/test_utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ var (
CreateRoleServiceClient = createRoleServiceClient
CreateStorageServiceClient = createStorageServiceClient
JSONOutput = jsonOutput
Output = output
osExit = os.Exit
termReadPassword = term.ReadPassword
ReadAccessAdminToken = readAccessAdminToken
Expand Down
2 changes: 1 addition & 1 deletion internal/proxy/role_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ func (th *RoleHandler) getHandler(w http.ResponseWriter, r *http.Request) error
handleJSONErrorResponse(th.log, w, http.StatusInternalServerError, err)
return err
}
w.WriteHeader(http.StatusOK)

return nil
}

Expand Down
1 change: 0 additions & 1 deletion internal/proxy/storage_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,6 @@ func (sh *StorageHandler) getHandler(w http.ResponseWriter, r *http.Request) err
return err
}

w.WriteHeader(http.StatusOK)
return nil
}

Expand Down
1 change: 0 additions & 1 deletion internal/proxy/tenant_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,6 @@ func (th *TenantHandler) getHandler(w http.ResponseWriter, r *http.Request) erro
return err
}

w.WriteHeader(http.StatusOK)
return nil
}

Expand Down
48 changes: 33 additions & 15 deletions internal/token/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,12 @@
package token

import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"strings"

corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/yaml"
)

Expand All @@ -28,6 +29,12 @@ var (
ErrBlankSecretNotAllowed = errors.New("blank JWT signing secret not allowed")
)

// Allows for overriding as part of testing.
var (
JSONMarshal = json.Marshal
JSONToYaml = yaml.JSONToYAML
)

// CreateAsK8sSecret returns a pair of created tokens in the form
// of a Kubernetes Secret.
func CreateAsK8sSecret(tm Manager, cfg Config) (string, error) {
Expand All @@ -36,21 +43,32 @@ func CreateAsK8sSecret(tm Manager, cfg Config) (string, error) {
return "", err
}

accessTokenEnc := base64.StdEncoding.EncodeToString([]byte(tp.Access))
refreshTokenEnc := base64.StdEncoding.EncodeToString([]byte(tp.Refresh))
secret := corev1.Secret{
TypeMeta: metav1.TypeMeta{
APIVersion: "v1",
Kind: "Secret",
},
ObjectMeta: metav1.ObjectMeta{
Name: "proxy-authz-tokens",
},
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{
"access": []byte(tp.Access),
"refresh": []byte(tp.Refresh),
},
}

jsonBytes, err := JSONMarshal(&secret)
if err != nil {
return "", err
}

ret := fmt.Sprintf(`
apiVersion: v1
kind: Secret
metadata:
name: proxy-authz-tokens
type: Opaque
data:
access: %s
refresh: %s
`, accessTokenEnc, refreshTokenEnc)
yamlBytes, err := JSONToYaml(jsonBytes)
if err != nil {
return "", err
}

return ret, nil
return string(yamlBytes), nil
}

// Create creates a pair of tokens based on the provided Config.
Expand Down
64 changes: 64 additions & 0 deletions internal/token/generate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,29 @@ package token_test

import (
"bytes"
"encoding/json"
"fmt"
"karavi-authorization/internal/token"
"karavi-authorization/internal/token/jwx"
"testing"
"time"

"github.com/lestrrat-go/jwx/jwa"
"github.com/lestrrat-go/jwx/jwt"
"sigs.k8s.io/yaml"
)

const secret = "secret"

func TestCreateAsK8sSecret(t *testing.T) {
afterFn := func() {
token.JSONMarshal = json.Marshal
token.JSONToYaml = yaml.JSONToYAML
}

t.Run("it creates a secret as a k8s secret", func(t *testing.T) {
defer afterFn()

cfg := testBuildTokenConfig()

tests := []struct {
Expand Down Expand Up @@ -78,6 +88,60 @@ func TestCreateAsK8sSecret(t *testing.T) {
}
}
})

t.Run("it errors on json marshal", func(t *testing.T) {
defer afterFn()
token.JSONMarshal = func(v any) ([]byte, error) {
return nil, fmt.Errorf("error")
}

cfg := testBuildTokenConfig()

tests := []struct {
tmName string
tm token.Manager
}{
{
"jwx",
jwx.NewTokenManager(jwx.HS256),
},
}

for _, test := range tests {
t.Logf("Using Manager: %s", test.tmName)
_, err := token.CreateAsK8sSecret(test.tm, cfg)
if err == nil {
t.Error("expected err, got nil")
}
}
})

t.Run("it errors on yaml marshal", func(t *testing.T) {
defer afterFn()
token.JSONToYaml = func(j []byte) ([]byte, error) {
return nil, fmt.Errorf("error")
}

cfg := testBuildTokenConfig()

tests := []struct {
tmName string
tm token.Manager
}{
{
"jwx",
jwx.NewTokenManager(jwx.HS256),
},
}

for _, test := range tests {
t.Logf("Using Manager: %s", test.tmName)
_, err := token.CreateAsK8sSecret(test.tm, cfg)
if err == nil {
t.Error("expected err, got nil")
}
}
})
}

func TestCreate(t *testing.T) {
Expand Down

0 comments on commit 2cbc4e3

Please sign in to comment.