Skip to content

Commit

Permalink
test: check for error messages from CI env (#9953)
Browse files Browse the repository at this point in the history
Signed-off-by: CI <[email protected]>
  • Loading branch information
crenshaw-dev committed Jul 12, 2022
1 parent aa3f374 commit 5fe9514
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 11 deletions.
21 changes: 17 additions & 4 deletions util/oidc/oidc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"io/ioutil"
"net/http/httptest"
"net/url"
"strings"
"testing"

gooidc "github.com/coreos/go-oidc"
Expand Down Expand Up @@ -142,7 +143,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.Contains(t, w.Body.String(), "certificate is not trusted")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -154,6 +157,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
app.HandleLogin(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})

t.Run("dex certificate checking during login should toggle on config", func(t *testing.T) {
Expand All @@ -179,7 +183,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.Contains(t, w.Body.String(), "certificate signed by unknown authority")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -190,6 +196,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})
}
Expand Down Expand Up @@ -220,7 +227,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.Contains(t, w.Body.String(), "certificate is not trusted")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -232,6 +241,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
app.HandleCallback(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})

t.Run("dex certificate checking during oidc callback should toggle on config", func(t *testing.T) {
Expand All @@ -257,7 +267,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.Contains(t, w.Body.String(), "certificate signed by unknown authority")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -268,6 +280,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})
}
Expand Down
24 changes: 17 additions & 7 deletions util/session/sessionmanager_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,10 @@ rootCA: |
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
// If the root CA is being respected, we won't get this error.
// If the root CA is being respected, we won't get this error. The error message is environment-dependent, so
// we check for either of the error messages associated with a failed cert check.
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})

t.Run("OIDC provider is Dex, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -556,8 +558,10 @@ rootCA: |
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
assert.Contains(t, err.Error(), "certificate signed by unknown authority")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is external, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -591,8 +595,10 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
assert.Contains(t, err.Error(), "certificate is not trusted")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is Dex, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -626,8 +632,10 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
assert.Contains(t, err.Error(), "certificate signed by unknown authority")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is external, TLS is configured, OIDCTLSInsecureSkipVerify is true", func(t *testing.T) {
Expand Down Expand Up @@ -662,6 +670,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})

Expand Down Expand Up @@ -692,5 +701,6 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
_, _, err = mgr.VerifyToken(tokenString)
// This is the error thrown when the test server's certificate _is_ being verified.
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})
}

0 comments on commit 5fe9514

Please sign in to comment.