(t *testing.T)
| 2941 | } |
| 2942 | |
| 2943 | func TestResolveAuthKey(t *testing.T) { |
| 2944 | tests := []struct { |
| 2945 | name string |
| 2946 | authKey string |
| 2947 | clientSecret string |
| 2948 | clientID string |
| 2949 | idToken string |
| 2950 | audience string |
| 2951 | oauthAvailable bool |
| 2952 | wifAvailable bool |
| 2953 | resolveViaOAuth func(ctx context.Context, clientSecret string, tags []string) (string, error) |
| 2954 | resolveViaWIF func(ctx context.Context, baseURL, clientID, idToken, audience string, tags []string) (string, error) |
| 2955 | wantAuthKey string |
| 2956 | wantErr bool |
| 2957 | wantErrContains string |
| 2958 | }{ |
| 2959 | { |
| 2960 | name: "success-oauth-client-secret", |
| 2961 | clientSecret: "tskey-client-secret-123", |
| 2962 | oauthAvailable: true, |
| 2963 | resolveViaOAuth: func(ctx context.Context, clientSecret string, tags []string) (string, error) { |
| 2964 | if clientSecret != "tskey-client-secret-123" { |
| 2965 | return "", fmt.Errorf("unexpected client secret: %s", clientSecret) |
| 2966 | } |
| 2967 | return "tskey-auth-via-oauth", nil |
| 2968 | }, |
| 2969 | wantAuthKey: "tskey-auth-via-oauth", |
| 2970 | wantErrContains: "", |
| 2971 | }, |
| 2972 | { |
| 2973 | name: "fail-oauth-client-secret", |
| 2974 | clientSecret: "tskey-client-secret-123", |
| 2975 | oauthAvailable: true, |
| 2976 | resolveViaOAuth: func(ctx context.Context, clientSecret string, tags []string) (string, error) { |
| 2977 | return "", fmt.Errorf("resolution failed") |
| 2978 | }, |
| 2979 | wantErrContains: "resolution failed", |
| 2980 | }, |
| 2981 | { |
| 2982 | name: "success-federated-id-token", |
| 2983 | clientID: "client-id-123", |
| 2984 | idToken: "id-token-456", |
| 2985 | wifAvailable: true, |
| 2986 | resolveViaWIF: func(ctx context.Context, baseURL, clientID, idToken, audience string, tags []string) (string, error) { |
| 2987 | if clientID != "client-id-123" { |
| 2988 | return "", fmt.Errorf("unexpected client ID: %s", clientID) |
| 2989 | } |
| 2990 | if idToken != "id-token-456" { |
| 2991 | return "", fmt.Errorf("unexpected ID token: %s", idToken) |
| 2992 | } |
| 2993 | return "tskey-auth-via-wif", nil |
| 2994 | }, |
| 2995 | wantAuthKey: "tskey-auth-via-wif", |
| 2996 | wantErrContains: "", |
| 2997 | }, |
| 2998 | { |
| 2999 | name: "success-federated-audience", |
| 3000 | clientID: "client-id-123", |
nothing calls this directly
no test coverage detected
searching dependent graphs…