mirror of
https://github.com/grafana/grafana.git
synced 2026-02-20 00:11:35 -05:00
fa9d6be255
* Bump grafana-azure-sdk-go * Set override values * Add Azure settings helper covering SSO cases * Ensure Azure settings are correctly created - Add mock for sso settings service - Add tests - Update wire * Minor improvements * Test updates * Move fake implementation * add interface to limit leakage * rename * work sync * Fix wire * Add fake provider * Update tests * Actually fix the workspace * More go dependency fixes * Update tests * Update workspace, again * Add missing tests * Fix dependencies * These dependencies.. * More dependency things * Okay now dependencies really are fixed * Lint * Update pkg/services/pluginsintegration/pluginconfig/request.go Co-authored-by: Misi <mgyongyosi@users.noreply.github.com> --------- Co-authored-by: Will Browne <wbrowne@tcd.ie> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
197 lines
7.2 KiB
Go
197 lines
7.2 KiB
Go
package pluginconfig
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"
|
|
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsso"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestGetAzureSettings(t *testing.T) {
|
|
t.Run("no Azure settings input", func(t *testing.T) {
|
|
result := mergeAzureSettings(nil, nil)
|
|
|
|
assert.Nil(t, result)
|
|
})
|
|
|
|
t.Run("no SSO settings or override settings", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: &azsettings.TokenEndpointSettings{
|
|
TokenUrl: "original-token-url",
|
|
ClientAuthentication: "original-auth",
|
|
ClientId: "original-client-id",
|
|
ClientSecret: "original-client-secret",
|
|
},
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{},
|
|
}
|
|
|
|
result := mergeAzureSettings(currSettings, azureAdSettings)
|
|
|
|
assert.Equal(t, "original-token-url", result.UserIdentityTokenEndpoint.TokenUrl)
|
|
assert.Equal(t, "original-auth", result.UserIdentityTokenEndpoint.ClientAuthentication)
|
|
assert.Equal(t, "original-client-id", result.UserIdentityTokenEndpoint.ClientId)
|
|
assert.Equal(t, "original-client-secret", result.UserIdentityTokenEndpoint.ClientSecret)
|
|
})
|
|
|
|
t.Run("with SSO settings but no overrides", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: &azsettings.TokenEndpointSettings{
|
|
TokenUrl: "original-token-url",
|
|
ClientAuthentication: "original-auth",
|
|
ClientId: "original-client-id",
|
|
ClientSecret: "original-client-secret",
|
|
ManagedIdentityClientId: "original-managed-id",
|
|
FederatedCredentialAudience: "original-audience",
|
|
TokenUrlOverride: false,
|
|
ClientAuthenticationOverride: false,
|
|
ClientIdOverride: false,
|
|
ClientSecretOverride: false,
|
|
ManagedIdentityClientIdOverride: false,
|
|
FederatedCredentialAudienceOverride: false,
|
|
},
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{
|
|
"token_url": "sso-token-url",
|
|
"client_authentication": "sso-auth",
|
|
"client_id": "sso-client-id",
|
|
"client_secret": "sso-client-secret",
|
|
"managed_identity_client_id": "sso-managed-id",
|
|
"federated_credential_audience": "sso-audience",
|
|
},
|
|
}
|
|
|
|
result := mergeAzureSettings(currSettings, azureAdSettings)
|
|
|
|
assert.Equal(t, "sso-token-url", result.UserIdentityTokenEndpoint.TokenUrl)
|
|
assert.Equal(t, "sso-auth", result.UserIdentityTokenEndpoint.ClientAuthentication)
|
|
assert.Equal(t, "sso-client-id", result.UserIdentityTokenEndpoint.ClientId)
|
|
assert.Equal(t, "sso-client-secret", result.UserIdentityTokenEndpoint.ClientSecret)
|
|
assert.Equal(t, "sso-managed-id", result.UserIdentityTokenEndpoint.ManagedIdentityClientId)
|
|
assert.Equal(t, "sso-audience", result.UserIdentityTokenEndpoint.FederatedCredentialAudience)
|
|
})
|
|
|
|
t.Run("with both overrides and SSO settings", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: &azsettings.TokenEndpointSettings{
|
|
TokenUrl: "override-token-url",
|
|
ClientAuthentication: "override-auth",
|
|
ClientId: "override-client-id",
|
|
ClientSecret: "override-client-secret",
|
|
ManagedIdentityClientId: "override-managed-id",
|
|
FederatedCredentialAudience: "override-audience",
|
|
TokenUrlOverride: true,
|
|
ClientAuthenticationOverride: true,
|
|
ClientIdOverride: true,
|
|
ClientSecretOverride: true,
|
|
ManagedIdentityClientIdOverride: true,
|
|
FederatedCredentialAudienceOverride: true,
|
|
},
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{
|
|
"token_url": "sso-token-url",
|
|
"client_authentication": "sso-auth",
|
|
"client_id": "sso-client-id",
|
|
"client_secret": "sso-client-secret",
|
|
"managed_identity_client_id": "sso-managed-id",
|
|
"federated_credential_audience": "sso-audience",
|
|
},
|
|
}
|
|
|
|
result := mergeAzureSettings(currSettings, azureAdSettings)
|
|
|
|
// Should keep override values, not SSO values
|
|
assert.Equal(t, "override-token-url", result.UserIdentityTokenEndpoint.TokenUrl)
|
|
assert.Equal(t, "override-auth", result.UserIdentityTokenEndpoint.ClientAuthentication)
|
|
assert.Equal(t, "override-client-id", result.UserIdentityTokenEndpoint.ClientId)
|
|
assert.Equal(t, "override-client-secret", result.UserIdentityTokenEndpoint.ClientSecret)
|
|
assert.Equal(t, "override-managed-id", result.UserIdentityTokenEndpoint.ManagedIdentityClientId)
|
|
assert.Equal(t, "override-audience", result.UserIdentityTokenEndpoint.FederatedCredentialAudience)
|
|
})
|
|
|
|
t.Run("client authentication 'none' should be ignored", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: &azsettings.TokenEndpointSettings{
|
|
ClientAuthentication: "original-auth",
|
|
ClientAuthenticationOverride: false,
|
|
},
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{
|
|
"client_authentication": "none",
|
|
},
|
|
}
|
|
|
|
result := mergeAzureSettings(currSettings, azureAdSettings)
|
|
|
|
assert.Equal(t, "original-auth", result.UserIdentityTokenEndpoint.ClientAuthentication)
|
|
})
|
|
|
|
t.Run("non-string values should be ignored", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: &azsettings.TokenEndpointSettings{
|
|
TokenUrl: "original-token-url",
|
|
ClientId: "original-client-id",
|
|
TokenUrlOverride: false,
|
|
ClientIdOverride: false,
|
|
},
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{
|
|
"token_url": 12345,
|
|
"client_id": []string{"array", "value"},
|
|
},
|
|
}
|
|
|
|
result := mergeAzureSettings(currSettings, azureAdSettings)
|
|
|
|
assert.Equal(t, "original-token-url", result.UserIdentityTokenEndpoint.TokenUrl)
|
|
assert.Equal(t, "original-client-id", result.UserIdentityTokenEndpoint.ClientId)
|
|
})
|
|
|
|
t.Run("Nil UserIdentityTokenEndpoint should not panic", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: nil,
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{
|
|
"token_url": "sso-token-url",
|
|
},
|
|
}
|
|
|
|
require.NotPanics(t, func() {
|
|
mergeAzureSettings(currSettings, azureAdSettings)
|
|
})
|
|
})
|
|
|
|
t.Run("Empty SSO settings map", func(t *testing.T) {
|
|
currSettings := &azsettings.AzureSettings{
|
|
UserIdentityTokenEndpoint: &azsettings.TokenEndpointSettings{
|
|
TokenUrl: "original-token-url",
|
|
ClientAuthentication: "original-auth",
|
|
ClientId: "original-client-id",
|
|
},
|
|
}
|
|
|
|
azureAdSettings := &pluginsso.Settings{
|
|
Values: map[string]any{},
|
|
}
|
|
|
|
result := mergeAzureSettings(currSettings, azureAdSettings)
|
|
|
|
assert.Equal(t, "original-token-url", result.UserIdentityTokenEndpoint.TokenUrl)
|
|
assert.Equal(t, "original-auth", result.UserIdentityTokenEndpoint.ClientAuthentication)
|
|
assert.Equal(t, "original-client-id", result.UserIdentityTokenEndpoint.ClientId)
|
|
})
|
|
}
|