Skip to content

Integration test

Integration test #31

Workflow file for this run

name: Pull request
on:
pull_request:
branches:
- main
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
version: v1.55.2
test:
name: Unit Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Install dependencies
run: go mod download
- name: Run Tests
run: go test -cover `go list ./... | grep -v 'pkg/client'`
lint-helm:
name: Lint Helm
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0
- name: Helm Lint
run: helm lint charts/radix-oauth-guard
integration-test:
name: Integration test
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Install dependencies
run: go mod download
- name: Install oauth guard
run: go install .
- uses: actions/github-script@v7
id: get-id-token
with:
script: |
return await core.getIDToken()
result-encoding: string
- uses: actions/github-script@v7
id: get-invalid-aud-id-token
with:
script: |
return await core.getIDToken("invalid-audience")
result-encoding: string
- name: Test Auth
env:
LOG_PRETTY: True
LOG_LEVEL: Trace
ISSUER: "https://token.actions.githubusercontent.com"
AUDIENCE: "https://github.com/equinor"
SUBJECTS: repo:equinor/radix-oauth-guard:pull_request,testmultiplesubjects
GH_TOKEN: ${{ steps.get-id-token.outputs.result }}
INVALID_GH_TOKEN: ${{ steps.get-invalid-aud-id-token.outputs.result }}
run: |
function assert() {
local token="${1}"
local expected="${2}"
local msg="${3}"
CURL_RESPONSE=$(curl --write-out '%{http_code}' --output /dev/null --silent --header "Authorization: Bearer ${token}" http://localhost:8000/auth)
printf "Test: %15s: Result %s == %s: " "${msg}" "${expected}" "${CURL_RESPONSE}"
if [ "${2}" != "${CURL_RESPONSE}" ]; then
printf "Failed\n"
exit 255
fi
printf "OK\n"
}
radix-oauth-guard &
GO_PID=$!
sleep 2s
assert "${GH_TOKEN}" "200" "Valid token is OK"
assert "" "401" "No token is unauthorized"
assert "ABCD${GH_TOKEN}" "401" "Invalid token is unauthorized"
assert "${INVALID_GH_TOKEN}" "401" "Wrong Audience is unauthorized"
kill -9 $GO_PID
:
- name: Test Wrong subject Auth
env:
LOG_PRETTY: True
LOG_LEVEL: Trace
ISSUER: "https://token.actions.githubusercontent.com"
AUDIENCE: "https://github.com/equinor"
SUBJECTS: repo:equinor/radix-oauth-guard:WRONG_SUBJECT
GH_TOKEN: ${{ steps.get-id-token.outputs.result }}
run: |
function assert() {
local token="${1}"
local expected="${2}"
local msg="${3}"
CURL_RESPONSE=$(curl --write-out '%{http_code}' --output /dev/null --silent --header "Authorization: Bearer ${token}" http://localhost:8000/auth)
printf "Test: %15s: Result %s == %s: " "${msg}" "${expected}" "${CURL_RESPONSE}"
if [ "${2}" != "${CURL_RESPONSE}" ]; then
printf "Failed\n"
exit 255
fi
printf "OK\n"
}
radix-oauth-guard &
GO_PID=$!
sleep 2s
assert "${GH_TOKEN}" "403" "Wrong Subject is Forbidden"
kill -9 $GO_PID
: