Commit e1c070d8 authored by Bobby Rullo's avatar Bobby Rullo

admin: add trustedPeers bootstrap api

parent 5e9dd9f4
...@@ -141,7 +141,10 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem ...@@ -141,7 +141,10 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem
} }
// metadata is guaranteed to have at least one redirect_uri by earlier validation. // metadata is guaranteed to have at least one redirect_uri by earlier validation.
creds, err := a.clientManager.New(cli, nil) creds, err := a.clientManager.New(cli, &clientmanager.ClientOptions{
TrustedPeers: req.Client.TrustedPeers,
})
if err != nil { if err != nil {
return adminschema.ClientCreateResponse{}, mapError(err) return adminschema.ClientCreateResponse{}, mapError(err)
} }
......
...@@ -86,7 +86,9 @@ func makeAdminAPITestFixtures() *adminAPITestFixtures { ...@@ -86,7 +86,9 @@ func makeAdminAPITestFixtures() *adminAPITestFixtures {
var cliCount int var cliCount int
secGen := func() ([]byte, error) { secGen := func() ([]byte, error) {
return []byte(fmt.Sprintf("client_%v", cliCount)), nil id := []byte(fmt.Sprintf("client_%v", cliCount))
cliCount++
return id, nil
} }
cr := db.NewClientRepo(dbMap) cr := db.NewClientRepo(dbMap)
clientIDGenerator := func(hostport string) (string, error) { clientIDGenerator := func(hostport string) (string, error) {
...@@ -379,9 +381,11 @@ func TestCreateClient(t *testing.T) { ...@@ -379,9 +381,11 @@ func TestCreateClient(t *testing.T) {
} }
return u return u
} }
addIDAndSecret := func(cli adminschema.Client) *adminschema.Client {
cli.Id = "client_auth.example.com" addIDAndSecret := func(cliNum int, hostport string, cli adminschema.Client) *adminschema.Client {
cli.Secret = base64.URLEncoding.EncodeToString([]byte("client_0")) cli.Id = fmt.Sprintf("client_%v.example.com", hostport)
cli.Secret = base64.URLEncoding.EncodeToString([]byte(
fmt.Sprintf("client_%d", cliNum)))
return &cli return &cli
} }
...@@ -404,16 +408,20 @@ func TestCreateClient(t *testing.T) { ...@@ -404,16 +408,20 @@ func TestCreateClient(t *testing.T) {
adminMultiRedirect := adminClientGood adminMultiRedirect := adminClientGood
adminMultiRedirect.RedirectURIs = []string{"https://auth.example.com/", "https://auth2.example.com/"} adminMultiRedirect.RedirectURIs = []string{"https://auth.example.com/", "https://auth2.example.com/"}
clientMultiRedirect := clientGoodAdmin clientMultiRedirect := clientGood
clientMultiRedirect.Metadata.RedirectURIs = append( clientMultiRedirect.Metadata.RedirectURIs = append(
clientMultiRedirect.Metadata.RedirectURIs, clientMultiRedirect.Metadata.RedirectURIs,
*mustParseURL("https://auth2.example.com/")) *mustParseURL("https://auth2.example.com/"))
adminClientWithPeers := adminClientGood
adminClientWithPeers.TrustedPeers = []string{"test_client_0"}
tests := []struct { tests := []struct {
req adminschema.ClientCreateRequest req adminschema.ClientCreateRequest
want adminschema.ClientCreateResponse want adminschema.ClientCreateResponse
wantClient client.Client wantClient client.Client
wantError int wantError int
wantTrustedPeers []string
}{ }{
{ {
req: adminschema.ClientCreateRequest{}, req: adminschema.ClientCreateRequest{},
...@@ -440,7 +448,7 @@ func TestCreateClient(t *testing.T) { ...@@ -440,7 +448,7 @@ func TestCreateClient(t *testing.T) {
Client: &adminClientGood, Client: &adminClientGood,
}, },
want: adminschema.ClientCreateResponse{ want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(adminClientGood), Client: addIDAndSecret(2, "auth", adminClientGood),
}, },
wantClient: clientGood, wantClient: clientGood,
}, },
...@@ -449,7 +457,7 @@ func TestCreateClient(t *testing.T) { ...@@ -449,7 +457,7 @@ func TestCreateClient(t *testing.T) {
Client: &adminAdminClient, Client: &adminAdminClient,
}, },
want: adminschema.ClientCreateResponse{ want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(adminAdminClient), Client: addIDAndSecret(2, "auth", adminAdminClient),
}, },
wantClient: clientGoodAdmin, wantClient: clientGoodAdmin,
}, },
...@@ -458,17 +466,39 @@ func TestCreateClient(t *testing.T) { ...@@ -458,17 +466,39 @@ func TestCreateClient(t *testing.T) {
Client: &adminMultiRedirect, Client: &adminMultiRedirect,
}, },
want: adminschema.ClientCreateResponse{ want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(adminMultiRedirect), Client: addIDAndSecret(2, "auth", adminMultiRedirect),
}, },
wantClient: clientMultiRedirect, wantClient: clientMultiRedirect,
}, },
{
req: adminschema.ClientCreateRequest{
Client: &adminClientWithPeers,
},
want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(2, "auth", adminClientWithPeers),
},
wantClient: clientGood,
wantTrustedPeers: []string{"test_client_0"},
},
} }
for i, tt := range tests { for i, tt := range tests {
if i != 3 { f := makeAdminAPITestFixtures()
for j, r := range []string{"https://client0.example.com",
"https://client1.example.com"} {
_, err := f.cr.New(nil, client.Client{
Credentials: oidc.ClientCredentials{
ID: fmt.Sprintf("test_client_%d", j),
},
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{*mustParseURL(r)},
},
})
if err != nil {
t.Errorf("case %d, client %d: unexpected error creating client: %v", i, j, err)
continue continue
} }
f := makeAdminAPITestFixtures() }
resp, err := f.adClient.Client.Create(&tt.req).Do() resp, err := f.adClient.Client.Create(&tt.req).Do()
if tt.wantError != 0 { if tt.wantError != 0 {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment