mirror of https://github.com/istio/proxy.git
112 lines
3.6 KiB
C++
112 lines
3.6 KiB
C++
/* Copyright 2018 Istio Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include "source/extensions/common/authn.h"
|
|
|
|
#include "source/common/protobuf/protobuf.h"
|
|
#include "src/istio/authn/context.pb.h"
|
|
#include "src/istio/utils/attribute_names.h"
|
|
#include "test/test_common/utility.h"
|
|
|
|
using istio::authn::Result;
|
|
|
|
namespace Envoy {
|
|
namespace Utils {
|
|
|
|
class AuthenticationTest : public testing::Test {
|
|
protected:
|
|
void SetUp() override {
|
|
test_result_.set_principal("foo");
|
|
test_result_.set_peer_user("bar");
|
|
}
|
|
Result test_result_;
|
|
};
|
|
|
|
TEST_F(AuthenticationTest, SaveAuthAttributesToStruct) {
|
|
istio::authn::Result result;
|
|
::google::protobuf::Struct data;
|
|
|
|
Authentication::SaveAuthAttributesToStruct(result, data);
|
|
EXPECT_TRUE(data.mutable_fields()->empty());
|
|
|
|
result.set_principal("principal");
|
|
result.set_peer_user("cluster.local/sa/peeruser/ns/abc/");
|
|
auto origin = result.mutable_origin();
|
|
origin->add_audiences("audiences0");
|
|
origin->add_audiences("audiences1");
|
|
origin->set_presenter("presenter");
|
|
(*origin->mutable_claims()->mutable_fields())["groups"]
|
|
.mutable_list_value()
|
|
->add_values()
|
|
->set_string_value("group1");
|
|
(*origin->mutable_claims()->mutable_fields())["groups"]
|
|
.mutable_list_value()
|
|
->add_values()
|
|
->set_string_value("group2");
|
|
origin->set_raw_claims("rawclaim");
|
|
|
|
Authentication::SaveAuthAttributesToStruct(result, data);
|
|
EXPECT_FALSE(data.mutable_fields()->empty());
|
|
|
|
EXPECT_EQ(data.fields()
|
|
.at(istio::utils::AttributeName::kRequestAuthPrincipal)
|
|
.string_value(),
|
|
"principal");
|
|
EXPECT_EQ(
|
|
data.fields().at(istio::utils::AttributeName::kSourceUser).string_value(),
|
|
"cluster.local/sa/peeruser/ns/abc/");
|
|
EXPECT_EQ(data.fields()
|
|
.at(istio::utils::AttributeName::kSourcePrincipal)
|
|
.string_value(),
|
|
"cluster.local/sa/peeruser/ns/abc/");
|
|
EXPECT_EQ(data.fields()
|
|
.at(istio::utils::AttributeName::kSourceNamespace)
|
|
.string_value(),
|
|
"abc");
|
|
EXPECT_EQ(data.fields()
|
|
.at(istio::utils::AttributeName::kRequestAuthAudiences)
|
|
.string_value(),
|
|
"audiences0");
|
|
EXPECT_EQ(data.fields()
|
|
.at(istio::utils::AttributeName::kRequestAuthPresenter)
|
|
.string_value(),
|
|
"presenter");
|
|
|
|
auto auth_claims =
|
|
data.fields().at(istio::utils::AttributeName::kRequestAuthClaims);
|
|
EXPECT_EQ(auth_claims.struct_value()
|
|
.fields()
|
|
.at("groups")
|
|
.list_value()
|
|
.values(0)
|
|
.string_value(),
|
|
"group1");
|
|
EXPECT_EQ(auth_claims.struct_value()
|
|
.fields()
|
|
.at("groups")
|
|
.list_value()
|
|
.values(1)
|
|
.string_value(),
|
|
"group2");
|
|
|
|
EXPECT_EQ(data.fields()
|
|
.at(istio::utils::AttributeName::kRequestAuthRawClaims)
|
|
.string_value(),
|
|
"rawclaim");
|
|
}
|
|
|
|
} // namespace Utils
|
|
} // namespace Envoy
|