alihan/kubernetes-mcp-server
1
0
Fork 0
mirror of https://github.com/containers/kubernetes-mcp-server.git synced 2025-10-23 01:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

test(auth): complete test cases for token validation (#253)

Browse Source 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
This commit is contained in:
Marc Nuri
2025-08-08 10:31:50 +03:00
committed by GitHub
parent dfcecd5089
commit fde4b1dc0f
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/http/http_test.go
View File

@@ -619,10 +619,12 @@ func TestAuthorizationRawToken(t *testing.T) {
}
for _, c := range cases {
testCaseWithContext(t, &httpContext{StaticConfig: &config.StaticConfig{RequireOAuth: true, OAuthAudience: c.audience, ValidateToken: c.validateToken}}, func(ctx *httpContext) {
tokenReviewed := false
ctx.mockServer.Handle(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if req.URL.EscapedPath() == "/apis/authentication.k8s.io/v1/tokenreviews" {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(tokenReviewSuccessful))
tokenReviewed = true
return
}
}))
@@ -641,6 +643,14 @@ func TestAuthorizationRawToken(t *testing.T) {
t.Errorf("Expected HTTP 200 OK, got %d", resp.StatusCode)
}
})
t.Run(fmt.Sprintf("Protected resource with audience = '%s' and validate-token = '%t', with VALID Authorization header performs token validation accordingly", c.audience, c.validateToken), func(t *testing.T) {
if tokenReviewed == true && !c.validateToken {
t.Errorf("Expected token review to be skipped when validate-token is false, but it was performed")
}
if tokenReviewed == false && c.validateToken {
t.Errorf("Expected token review to be performed when validate-token is true, but it was skipped")
}
})
})
}
@@ -658,10 +668,12 @@ func TestAuthorizationOidcToken(t *testing.T) {
cases := []bool{false, true}
for _, validateToken := range cases {
testCaseWithContext(t, &httpContext{StaticConfig: &config.StaticConfig{RequireOAuth: true, OAuthAudience: "mcp-server", ValidateToken: validateToken}, OidcProvider: oidcProvider}, func(ctx *httpContext) {
tokenReviewed := false
ctx.mockServer.Handle(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if req.URL.EscapedPath() == "/apis/authentication.k8s.io/v1/tokenreviews" {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(tokenReviewSuccessful))
tokenReviewed = true
return
}
}))
@@ -680,6 +692,14 @@ func TestAuthorizationOidcToken(t *testing.T) {
t.Errorf("Expected HTTP 200 OK, got %d", resp.StatusCode)
}
})
t.Run(fmt.Sprintf("Protected resource with validate-token='%t' with VALID OIDC Authorization header performs token validation accordingly", validateToken), func(t *testing.T) {
if tokenReviewed == true && !validateToken {
t.Errorf("Expected token review to be skipped when validate-token is false, but it was performed")
}
if tokenReviewed == false && validateToken {
t.Errorf("Expected token review to be performed when validate-token is true, but it was skipped")
}
})
})
}