Merge branch 'main' into feat/user-management

go-vela · Sep 6, 2024 · 6747584 · 6747584
2 parents adb05dd + 5c3dd6d
commit 6747584
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 0 deletions.
diff --git a/vela/admin.go b/vela/admin.go
@@ -21,6 +21,7 @@ type (
 		Clean      *AdminCleanService
 		Deployment *AdminDeploymentService
 		Hook       *AdminHookService
+		OIDC       *AdminOIDCService
 		Repo       *AdminRepoService
 		Secret     *AdminSecretService
 		Service    *AdminSvcService
@@ -46,6 +47,9 @@ type (
 	// the server methods of the Vela API.
 	AdminHookService service
 
+	// AdminOIDCService handles key rotation for OpenID Connect.
+	AdminOIDCService service
+
 	// AdminRepoService handles retrieving admin repos from
 	// the server methods of the Vela API.
 	AdminRepoService service
@@ -302,3 +306,16 @@ func (svc *AdminWorkerService) RegisterToken(hostname string) (*library.Token, *
 
 	return t, resp, err
 }
+
+// RotateOIDCKeys sends a request to rotate the private keys used for creating ID tokens.
+func (svc *AdminOIDCService) RotateOIDCKeys() (*string, *Response, error) {
+	// set the API endpoint path we send the request to
+	url := "/api/v1/admin/rotate_oidc_keys"
+
+	v := new(string)
+
+	// send request using client
+	resp, err := svc.client.Call("POST", url, nil, v)
+
+	return v, resp, err
+}
diff --git a/vela/admin_test.go b/vela/admin_test.go
@@ -552,3 +552,47 @@ func TestAdmin_Settings_Restore_200(t *testing.T) {
 		t.Errorf("Settings.Restore returned %v, want %v", got, want)
 	}
 }
+
+func TestAdmin_OIDC_RotateKeys_200(t *testing.T) {
+	// setup context
+	gin.SetMode(gin.TestMode)
+
+	s := httptest.NewServer(server.FakeHandler())
+	c, _ := NewClient(s.URL, "", nil)
+
+	want := "keys rotated successfully"
+
+	// run test
+	got, resp, err := c.Admin.OIDC.RotateOIDCKeys()
+	if err != nil {
+		t.Errorf("RotateOIDCKeys returned err: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("RotateOIDCKeys returned %v, want %v", resp.StatusCode, http.StatusOK)
+	}
+
+	if diff := cmp.Diff(&want, got); diff != "" {
+		t.Errorf("RotateOIDCKeys() mismatch (-want +got):\n%s", diff)
+	}
+}
+
+func TestAdmin_OIDC_RotateKeys_Unauthorized(t *testing.T) {
+	// setup context
+	gin.SetMode(gin.TestMode)
+
+	s := httptest.NewServer(server.FakeHandler())
+	c, _ := NewClient(s.URL, "", nil)
+
+	c.Authentication.SetTokenAuth("invalid")
+
+	// run test
+	_, resp, err := c.Admin.OIDC.RotateOIDCKeys()
+	if err == nil {
+		t.Error("RotateOIDCKeys should have returned err")
+	}
+
+	if resp.StatusCode != http.StatusUnauthorized {
+		t.Errorf("RotateOIDCKeys returned %v, want %v", resp.StatusCode, http.StatusUnauthorized)
+	}
+}
diff --git a/vela/client.go b/vela/client.go
@@ -132,6 +132,7 @@ func NewClient(baseURL, id string, httpClient *http.Client) (*Client, error) {
 		&AdminCleanService{client: c},
 		&AdminDeploymentService{client: c},
 		&AdminHookService{client: c},
+		&AdminOIDCService{client: c},
 		&AdminRepoService{client: c},
 		&AdminSecretService{client: c},
 		&AdminSvcService{client: c},

diff --git a/vela/client_test.go b/vela/client_test.go
@@ -39,6 +39,7 @@ func TestVela_NewClient(t *testing.T) {
 		&AdminCleanService{client: want},
 		&AdminDeploymentService{client: want},
 		&AdminHookService{client: want},
+		&AdminOIDCService{client: want},
 		&AdminRepoService{client: want},
 		&AdminSecretService{client: want},
 		&AdminSvcService{client: want},