Skip to content

Commit

Permalink
test: check for error messages from CI env (#9953)
Browse files Browse the repository at this point in the history 
test: check for error messages from CI env (#9953)

Signed-off-by: CI <michael@crenshaw.dev>
  • Loading branch information
@crenshaw-dev
crenshaw-dev committed Jul 12, 2022
1 parent 0badce7 commit efdec28
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 11 deletions.
21 changes: 17 additions & 4 deletions util/oidc/oidc_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"

gooidc "github.com/coreos/go-oidc"
Expand Down Expand Up @@ -133,7 +134,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.Contains(t, w.Body.String(), "certificate is not trusted")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -145,6 +148,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
app.HandleLogin(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})

t.Run("dex certificate checking during login should toggle on config", func(t *testing.T) {
Expand All @@ -170,7 +174,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.Contains(t, w.Body.String(), "certificate signed by unknown authority")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -181,6 +187,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})
}
Expand Down Expand Up @@ -211,7 +218,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.Contains(t, w.Body.String(), "certificate is not trusted")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -223,6 +232,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
app.HandleCallback(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})

t.Run("dex certificate checking during oidc callback should toggle on config", func(t *testing.T) {
Expand All @@ -248,7 +258,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.Contains(t, w.Body.String(), "certificate signed by unknown authority")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -259,6 +271,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})
}
Expand Down
24 changes: 17 additions & 7 deletions util/session/sessionmanager_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,10 @@ rootCA: |
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
// If the root CA is being respected, we won't get this error.
// If the root CA is being respected, we won't get this error. The error message is environment-dependent, so
// we check for either of the error messages associated with a failed cert check.
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})

t.Run("OIDC provider is Dex, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -556,8 +558,10 @@ rootCA: |
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
assert.Contains(t, err.Error(), "certificate signed by unknown authority")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is external, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -591,8 +595,10 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
assert.Contains(t, err.Error(), "certificate is not trusted")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is Dex, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -626,8 +632,10 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
assert.Contains(t, err.Error(), "certificate signed by unknown authority")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is external, TLS is configured, OIDCTLSInsecureSkipVerify is true", func(t *testing.T) {
Expand Down Expand Up @@ -662,6 +670,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})

Expand Down Expand Up @@ -692,5 +701,6 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
_, _, err = mgr.VerifyToken(tokenString)
// This is the error thrown when the test server's certificate _is_ being verified.
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})
}

0 comments on commit efdec28

Please sign in to comment.