Skip to content

Commit

Permalink
test: xds coverage for jwt listeners
Browse files Browse the repository at this point in the history
  • Loading branch information
@DanStough
DanStough committed Jul 19, 2023
1 parent 613db16 commit d48c7a5
Show file tree
Hide file tree
Showing 3 changed files with 383 additions and 3 deletions.
7 changes: 4 additions & 3 deletions agent/xds/clusters_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,16 @@ import (
envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
testinf "github.com/mitchellh/go-testing-interface"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/wrapperspb"

"github.com/hashicorp/consul/agent/proxycfg"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/agent/xds/testcommon"
"github.com/hashicorp/consul/envoyextensions/xdscommon"
"github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/types"
testinf "github.com/mitchellh/go-testing-interface"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/wrapperspb"
)

type clusterTestCase struct {
Expand Down
106 changes: 106 additions & 0 deletions agent/xds/listeners_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,112 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
},
},
{
name: "connect-proxy-with-jwt-config-entry-with-local",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) {
ns.Proxy.Config["protocol"] = "http"
},
[]proxycfg.UpdateEvent{
{
CorrelationID: "jwt-provider",
Result: &structs.IndexedConfigEntries{
Kind: "jwt-provider",
Entries: []structs.ConfigEntry{
&structs.JWTProviderConfigEntry{
Name: "okta",
JSONWebKeySet: &structs.JSONWebKeySet{
Local: &structs.LocalJWKS{
JWKS: "aGVsbG8gd29ybGQK",
},
},
},
},
},
},
{
CorrelationID: "intentions",
Result: structs.SimplifiedIntentions{
{
SourceName: "*",
DestinationName: "db",
Permissions: []*structs.IntentionPermission{
{
JWT: &structs.IntentionJWTRequirement{
Providers: []*structs.IntentionJWTProvider{
{
Name: "okta",
},
},
},
},
},
},
},
},
},
)
},
},
{
name: "connect-proxy-with-jwt-config-entry-with-local",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) {
ns.Proxy.Config["protocol"] = "http"
},
[]proxycfg.UpdateEvent{
{
CorrelationID: "jwt-provider",
Result: &structs.IndexedConfigEntries{
Kind: "jwt-provider",
Entries: []structs.ConfigEntry{
&structs.JWTProviderConfigEntry{
Name: "okta",
JSONWebKeySet: &structs.JSONWebKeySet{
Local: &structs.LocalJWKS{
JWKS: "aGVsbG8gd29ybGQK",
},
},
Locations: []*structs.JWTLocation{
{
QueryParam: &structs.JWTLocationQueryParam{
Name: "token",
},
},
{
Cookie: &structs.JWTLocationCookie{
Name: "token",
},
},
},
},
},
},
},
{
CorrelationID: "intentions",
Result: structs.SimplifiedIntentions{
{
SourceName: "*",
DestinationName: "db",
Permissions: []*structs.IntentionPermission{
{
JWT: &structs.IntentionJWTRequirement{
Providers: []*structs.IntentionJWTProvider{
{
Name: "okta",
},
},
},
},
},
},
},
},
},
)
},
},
}
}

Expand Down
Loading

0 comments on commit d48c7a5

Please sign in to comment.