tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go - Issue 2943403003: token-server: Fix panic when generating machine token for unrecognized machine.

Unified Diff: tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go

Issue 2943403003: token-server: Fix panic when generating machine token for unrecognized machine. (Closed)

Patch Set: flatten Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go ('K') | « tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_mocks_test.go » ('j') | tokenserver/appengine/impl/machinetoken/rpc_mocks_test.go » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go

diff --git a/tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go b/tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go

index fd383c5815b467f28f1315726c45635030cb0519..2d8e68d30307e9ef44edd438e6cbb50fc3142b7d 100644

--- a/tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go

+++ b/tokenserver/appengine/impl/machinetoken/rpc_mint_machine_token_test.go

@@ -18,6 +18,7 @@ import (

"github.com/luci/luci-go/server/auth/authtest"

"github.com/luci/luci-go/tokenserver/api"

+ "github.com/luci/luci-go/tokenserver/api/admin/v1"

"github.com/luci/luci-go/tokenserver/api/minter/v1"

"github.com/luci/luci-go/tokenserver/appengine/impl/certconfig"

@@ -25,8 +26,10 @@ import (

)

func TestMintMachineTokenRPC(t *testing.T) {

- Convey("works", t, func() {

- ctx := auth.WithState(testingContext(), &authtest.FakeState{

+ t.Parallel()

+ Convey("Successful RPC", t, func() {

+ ctx := auth.WithState(testingContext(testingCA), &authtest.FakeState{

PeerIPOverride: net.ParseIP("127.10.10.10"),

})

@@ -73,4 +76,37 @@ func TestMintMachineTokenRPC(t *testing.T) {

RequestID: "gae-request-id",

})

+ Convey("Unsuccessful RPC", t, func() {

+ // Modify testing CA to have no domains whitelisted.

+ testingCA := certconfig.CA{

+ CN: "Fake CA: fake.ca",

+ ParsedConfig: &admin.CertificateAuthorityConfig{

+ UniqueId: 123,

+ },

+ }

+ ctx := auth.WithState(testingContext(testingCA), &authtest.FakeState{

+ PeerIPOverride: net.ParseIP("127.10.10.10"),

+ })

+ impl := MintMachineTokenRPC{

+ Signer: testingSigner(),

+ CheckCertificate: func(_ context.Context, cert *x509.Certificate) (*certconfig.CA, error) {

+ return &testingCA, nil

+ },

+ LogToken: func(c context.Context, info *MintedTokenInfo) error {

+ panic("must not be called") // we log only successfully generated tokens

+ },

+ }

+ // This request is structurally valid, but forbidden by CA config. It

+ // generates MintMachineTokenResponse with non-zero error code.

+ resp, err := impl.MintMachineToken(ctx, testingMachineTokenRequest(ctx))

+ So(err, ShouldBeNil)

+ So(resp, ShouldResemble, &minter.MintMachineTokenResponse{

+ ServiceVersion: "unit-tests/mocked-ver",

+ ErrorCode: minter.ErrorCode_BAD_TOKEN_ARGUMENTS,

+ ErrorMessage: `the domain "fake.domain" is not whitelisted in the config`,

+ })

}