Merge pull request #465 from brendandburns/auth_test

k8s-ci-robot · web-flow · commit 52b65f80327e · 2018-12-20T20:20:24.000-08:00
Improve auth tests, fix a bug in credential parsing
diff --git a/.travis.yml b/.travis.yml
@@ -1,3 +1,4 @@
 language: java
+script: mvn -q test -B
 after_success:
   - mvn deploy --settings settings.xml -DskipTests=true -B
diff --git a/util/src/main/java/io/kubernetes/client/util/authenticators/GCPAuthenticator.java b/util/src/main/java/io/kubernetes/client/util/authenticators/GCPAuthenticator.java
@@ -13,8 +13,11 @@
 package io.kubernetes.client.util.authenticators;
 
 import io.kubernetes.client.util.KubeConfig;
+import java.time.Instant;
 import java.util.Date;
 import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * The Authenticator interface represents a plugin that can handle a specific type of authentication
@@ -25,6 +28,8 @@ public class GCPAuthenticator implements Authenticator {
     KubeConfig.registerAuthenticator(new GCPAuthenticator());
   }
 
+  private static final Logger log = LoggerFactory.getLogger(GCPAuthenticator.class);
+
   @Override
   public String getName() {
     return "gcp";
@@ -37,8 +42,18 @@ public String getToken(Map<String, Object> config) {
 
   @Override
   public boolean isExpired(Map<String, Object> config) {
-    Date expiry = (Date) config.get("expiry");
-    return (expiry != null && expiry.compareTo(new Date()) <= 0);
+    Object expiryObj = config.get("expiry");
+    Instant expiry = null;
+    if (expiryObj instanceof Date) {
+      expiry = ((Date) expiryObj).toInstant();
+    } else if (expiryObj instanceof Instant) {
+      expiry = (Instant) expiryObj;
+    } else if (expiryObj instanceof String) {
+      expiry = Instant.parse((String) expiryObj);
+    } else {
+      throw new RuntimeException("Unexpected object type: " + expiryObj.getClass());
+    }
+    return (expiry != null && expiry.compareTo(Instant.now()) <= 0);
   }
 
   @Override
diff --git a/util/src/test/java/io/kubernetes/client/util/KubeConfigTest.java b/util/src/test/java/io/kubernetes/client/util/KubeConfigTest.java
@@ -14,6 +14,7 @@
 
 import static org.junit.Assert.*;
 
+import io.kubernetes.client.util.authenticators.Authenticator;
 import io.kubernetes.client.util.authenticators.AzureActiveDirectoryAuthenticator;
 import io.kubernetes.client.util.authenticators.GCPAuthenticator;
 import java.io.File;
@@ -22,6 +23,7 @@
 import java.io.IOException;
 import java.io.StringReader;
 import java.nio.file.Files;
+import java.util.Map;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
@@ -106,6 +108,45 @@ public void testGCPAuthProvider() {
     }
   }
 
+  private static String GCP_TEST_DATE_STRING =
+      "apiVersion: v1\n"
+          + "contexts:\n"
+          + "- context:\n"
+          + "    user: gke-cluster\n"
+          + "  name: foo-context\n"
+          + "current-context: foo-context\n"
+          + "users:\n"
+          + "- name: gke-cluster\n"
+          + "  user:\n"
+          + "    auth-provider:\n"
+          + "      config:\n"
+          + "        access-token: fake-token\n"
+          + "        cmd-args: config config-helper --format=json\n"
+          + "        cmd-path: /usr/lib/google-cloud-sdk/bin/gcloud\n"
+          + "        expiry: \"2117-06-22T18:27:02Z\"\n"
+          + "        expiry-key: '{.credential.token_expiry}'\n"
+          + "        token-key: '{.credential.access_token}'\n"
+          + "      name: gcp\n";
+
+  @Test
+  public void testGCPAuthProviderStringDate() {
+    KubeConfig.registerAuthenticator(new GCPAuthenticator());
+
+    try {
+      File config = folder.newFile("config");
+      FileWriter writer = new FileWriter(config);
+      writer.write(GCP_TEST_DATE_STRING);
+      writer.flush();
+      writer.close();
+
+      KubeConfig kc = KubeConfig.loadKubeConfig(new FileReader(config));
+      assertEquals("fake-token", kc.getAccessToken());
+    } catch (Exception ex) {
+      ex.printStackTrace();
+      fail("Unexpected exception: " + ex);
+    }
+  }
+
   @Test
   public void testGCPAuthProviderExpiredToken() {
     String gcpConfigExpiredToken =
@@ -178,4 +219,58 @@ public void testNullNamespace() {
     KubeConfig config = KubeConfig.loadKubeConfig(new StringReader(GCP_CONFIG));
     assertNull(config.getNamespace());
   }
+
+  class FakeAuthenticator implements Authenticator {
+    public String token;
+    public String refresh;
+    public boolean expired;
+
+    public String getName() {
+      return "fake";
+    }
+
+    public String getToken(Map<String, Object> config) {
+      return (String) config.get("access-token");
+    }
+
+    public boolean isExpired(Map<String, Object> config) {
+      return expired;
+    }
+
+    public Map<String, Object> refresh(Map<String, Object> config) {
+      config.put("access-token", token);
+      config.put("refresh-token", refresh);
+      return config;
+    }
+  }
+
+  public static String KUBECONFIG_FAKE =
+      "apiVersion: v1\n"
+          + "contexts:\n"
+          + "- context:\n"
+          + "    user: fake-cluster\n"
+          + "  name: foo-context\n"
+          + "current-context: foo-context\n"
+          + "users:\n"
+          + "- name: fake-cluster\n"
+          + "  user:\n"
+          + "    auth-provider:\n"
+          + "      config:\n"
+          + "        access-token: fake-token\n"
+          + "      name: fake\n";
+
+  @Test
+  public void testRefreshToken() {
+    FakeAuthenticator fake = new FakeAuthenticator();
+    KubeConfig.registerAuthenticator(fake);
+
+    KubeConfig config = KubeConfig.loadKubeConfig(new StringReader(KUBECONFIG_FAKE));
+
+    fake.expired = true;
+    fake.token = "someNewToken";
+    fake.refresh = "refreshToken";
+
+    String token = config.getAccessToken();
+    assertEquals(token, fake.token);
+  }
 }
