@@ -2203,6 +2203,7 @@ func TestGeneratePoliciesFails(t *testing.T) {
22032203 policyOpts policyOptions
22042204 trustedCAFileName string
22052205 context string
2206+ oidcPolCfg * oidcPolicyCfg
22062207 expected policiesCfg
22072208 expectedWarnings Warnings
22082209 expectedOidc * oidcPolicyCfg
@@ -3063,6 +3064,94 @@ func TestGeneratePoliciesFails(t *testing.T) {
30633064 expectedOidc : & oidcPolicyCfg {},
30643065 msg : "oidc secret referencing wrong secret type" ,
30653066 },
3067+ {
3068+ policyRefs : []conf_v1.PolicyReference {
3069+ {
3070+ Name : "oidc-policy-2" ,
3071+ Namespace : "default" ,
3072+ },
3073+ },
3074+ policies : map [string ]* conf_v1.Policy {
3075+ "default/oidc-policy-1" : {
3076+ ObjectMeta : meta_v1.ObjectMeta {
3077+ Name : "oidc-policy-1" ,
3078+ Namespace : "default" ,
3079+ },
3080+ Spec : conf_v1.PolicySpec {
3081+ OIDC : & conf_v1.OIDC {
3082+ ClientID : "foo" ,
3083+ ClientSecret : "oidc-secret" ,
3084+ AuthEndpoint : "https://foo.com/auth" ,
3085+ TokenEndpoint : "https://foo.com/token" ,
3086+ JWKSURI : "https://foo.com/certs" ,
3087+ },
3088+ },
3089+ },
3090+ "default/oidc-policy-2" : {
3091+ ObjectMeta : meta_v1.ObjectMeta {
3092+ Name : "oidc-policy-2" ,
3093+ Namespace : "default" ,
3094+ },
3095+ Spec : conf_v1.PolicySpec {
3096+ OIDC : & conf_v1.OIDC {
3097+ ClientID : "foo" ,
3098+ ClientSecret : "oidc-secret" ,
3099+ AuthEndpoint : "https://bar.com/auth" ,
3100+ TokenEndpoint : "https://bar.com/token" ,
3101+ JWKSURI : "https://bar.com/certs" ,
3102+ },
3103+ },
3104+ },
3105+ },
3106+ policyOpts : policyOptions {
3107+ secretRefs : map [string ]* secrets.SecretReference {
3108+ "default/oidc-secret" : {
3109+ Secret : & api_v1.Secret {
3110+ Type : secrets .SecretTypeOIDC ,
3111+ Data : map [string ][]byte {
3112+ "client-secret" : []byte ("super_secret_123" ),
3113+ },
3114+ },
3115+ },
3116+ },
3117+ },
3118+ context : "route" ,
3119+ oidcPolCfg : & oidcPolicyCfg {
3120+ oidc : & version2.OIDC {
3121+ AuthEndpoint : "https://foo.com/auth" ,
3122+ TokenEndpoint : "https://foo.com/token" ,
3123+ JwksURI : "https://foo.com/certs" ,
3124+ ClientID : "foo" ,
3125+ ClientSecret : "super_secret_123" ,
3126+ RedirectURI : "/_codexch" ,
3127+ Scope : "openid" ,
3128+ },
3129+ key : "default/oidc-policy-1" ,
3130+ },
3131+ expected : policiesCfg {
3132+ ErrorReturn : & version2.Return {
3133+ Code : 500 ,
3134+ },
3135+ },
3136+ expectedWarnings : Warnings {
3137+ nil : {
3138+ `Only one oidc policy is allowed in a VirtualServer and its VirtualServerRoutes. Can't use default/oidc-policy-2. Use default/oidc-policy-1` ,
3139+ },
3140+ },
3141+ expectedOidc : & oidcPolicyCfg {
3142+ oidc : & version2.OIDC {
3143+ AuthEndpoint : "https://foo.com/auth" ,
3144+ TokenEndpoint : "https://foo.com/token" ,
3145+ JwksURI : "https://foo.com/certs" ,
3146+ ClientID : "foo" ,
3147+ ClientSecret : "super_secret_123" ,
3148+ RedirectURI : "/_codexch" ,
3149+ Scope : "openid" ,
3150+ },
3151+ key : "default/oidc-policy-1" ,
3152+ },
3153+ msg : "multiple oidc policies" ,
3154+ },
30663155 {
30673156 policyRefs : []conf_v1.PolicyReference {
30683157 {
@@ -3097,7 +3186,7 @@ func TestGeneratePoliciesFails(t *testing.T) {
30973186 },
30983187 Spec : conf_v1.PolicySpec {
30993188 OIDC : & conf_v1.OIDC {
3100- ClientSecret : "oidc-secret2 " ,
3189+ ClientSecret : "oidc-secret " ,
31013190 AuthEndpoint : "https://bar.com/auth" ,
31023191 TokenEndpoint : "https://bar.com/token" ,
31033192 JWKSURI : "https://bar.com/certs" ,
@@ -3146,6 +3235,10 @@ func TestGeneratePoliciesFails(t *testing.T) {
31463235 for _ , test := range tests {
31473236 vsc := newVirtualServerConfigurator (& ConfigParams {}, false , false , & StaticConfigParams {})
31483237
3238+ if test .oidcPolCfg != nil {
3239+ vsc .oidcPolCfg = test .oidcPolCfg
3240+ }
3241+
31493242 result := vsc .generatePolicies (ownerDetails , test .policyRefs , test .policies , test .context , test .policyOpts )
31503243 if diff := cmp .Diff (test .expected , result ); diff != "" {
31513244 t .Errorf ("generatePolicies() '%v' mismatch (-want +got):\n %s" , test .msg , diff )
0 commit comments