Skip to content

Commit

Permalink
chore: add tests for sshserver authhandler
Browse files Browse the repository at this point in the history
  • Loading branch information
smlx committed Dec 13, 2024
1 parent 8c24567 commit bc178ce
Show file tree
Hide file tree
Showing 3 changed files with 126 additions and 15 deletions.
77 changes: 77 additions & 0 deletions internal/sshserver/authhandler_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
package sshserver_test

import (
"crypto/ed25519"
"log/slog"
"os"
"testing"

"github.com/alecthomas/assert/v2"
"github.com/gliderlabs/ssh"
"github.com/uselagoon/ssh-portal/internal/sshserver"
gomock "go.uber.org/mock/gomock"
gossh "golang.org/x/crypto/ssh"
)

func TestPubKeyHandler(t *testing.T) {
log := slog.New(slog.NewJSONHandler(os.Stderr, nil))
var testCases = map[string]struct {
keyCanAccessEnv bool
}{
"access granted": {
keyCanAccessEnv: true,
},
"access denied": {
keyCanAccessEnv: false,
},
}
for name, tc := range testCases {
t.Run(name, func(tt *testing.T) {
ctrl := gomock.NewController(tt)
k8sService := NewMockK8SAPIService(ctrl)
natsService := NewMockNATSService(ctrl)
sshContext := NewMockContext(ctrl)
// configure callback
callback := sshserver.PubKeyHandler(
log,
natsService,
k8sService,
)
// configure mocks
namespaceName := "my-project-master"
sessionID := "abc123"
projectID := 1
environmentID := 2
sshContext.EXPECT().User().Return(namespaceName).AnyTimes()
sshContext.EXPECT().SessionID().Return(sessionID).AnyTimes()
k8sService.EXPECT().NamespaceDetails(sshContext, namespaceName).
Return(environmentID, projectID, "master", "my-project", nil)
// set up public key mock
publicKey, _, err := ed25519.GenerateKey(nil)
if err != nil {
tt.Fatal(err)
}
sshPublicKey, err := gossh.NewPublicKey(publicKey)
if err != nil {
tt.Fatal(err)
}
fingerprint := gossh.FingerprintSHA256(sshPublicKey)
natsService.EXPECT().KeyCanAccessEnvironment(
sessionID,
fingerprint,
namespaceName,
projectID,
environmentID,
).Return(tc.keyCanAccessEnv, nil)
// set up permissions mock
sshPermissions := ssh.Permissions{Permissions: &gossh.Permissions{}}
// permissions are not touched if access is denied
if tc.keyCanAccessEnv {
sshContext.EXPECT().Permissions().Return(&sshPermissions)
}
// execute callback
assert.Equal(
tt, tc.keyCanAccessEnv, callback(sshContext, sshPublicKey), name)
})
}
}
20 changes: 8 additions & 12 deletions internal/sshserver/helper_test.go
Original file line number Diff line number Diff line change
@@ -1,17 +1,13 @@
package sshserver

// ParseConnectionParams exposes the private parseConnectionParams for testing
// only.
var ParseConnectionParams = parseConnectionParams

// ParseLogsArg exposes the private parseLogsArg for testing only.
var ParseLogsArg = parseLogsArg

// SessionHandler exposes the private sessionHandler for testing only.
var SessionHandler = sessionHandler

// PermissionsMarshal exposes the private permissionsMarshal for testing only.
var PermissionsMarshal = permissionsMarshal
// These variables are exposed for testing only.
var (
ParseConnectionParams = parseConnectionParams
ParseLogsArg = parseLogsArg
PermissionsMarshal = permissionsMarshal
SessionHandler = sessionHandler
PubKeyHandler = pubKeyHandler
)

// Exposes the private ctxKey constants for testing only.
const (
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit bc178ce

Please sign in to comment.