Skip to content

add tests for "sub" value #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DrDaveD merged 1 commit into from
May 14, 2025
Merged

add tests for "sub" value #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions tests/.regress-config.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
VAULTSERVER=
ISSUER=
GROUPROLE=
GROUPSUBPAT=
HASKERBEROS=true
#HASSSH=true
ROBOTKEYTAB=
Expand Down
5 changes: 5 additions & 0 deletions tests/001-oidcauth/main
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
htdestroytoken
set -ex
htgettoken --nokerberos --nossh -a $VAULTSERVER -i $ISSUER
if [ -n "$GROUPSUBPAT" ]; then
# also check the sub from oidc flow (others in test 014)
htdecodetoken | jq -r .sub | grep -v $GROUPSUBPAT
fi
24 changes: 24 additions & 0 deletions tests/014-checkdefaultsub/main
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
if [ -z "$GROUPSUBPAT" ]; then
exit $SKIPCODE
fi
set -ex
htgettoken --nokerberos --nooidc --nossh -a $VAULTSERVER -i $ISSUER --scopes="$TESTSCOPES"
EXPTIME="$(htdecodetoken|jq -r .exp)"

# check sub for token exchange
htgettoken --nossh -a $VAULTSERVER -i $ISSUER --scopes="$TESTSCOPES"
htdecodetoken | jq -r .sub | grep -v $GROUPSUBPAT

# check sub for refresh
# make sure that we don't request minsecs longer than the access token lifetime
# by waiting a couple of seconds
sleep 2
NOW="$(date +%s)"
let MINSECS=$EXPTIME-$NOW+1
htgettoken --nooidc --nokerberos --nossh -a $VAULTSERVER -i $ISSUER --minsecs=$MINSECS
EXPTIME2="$(htdecodetoken|jq -r .exp)"
if [ "$EXPTIME" = "$EXPTIME2" ]; then
echo "The access token was not renewed!"
exit 1
fi
htdecodetoken | jq -r .sub | grep -v $GROUPSUBPAT
26 changes: 26 additions & 0 deletions tests/015-checkgroupsub/main
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
if [ -z "$GROUPSUBPAT" ]; then
exit $SKIPCODE
fi
set -ex
# check sub for oidc flow with role
htgettoken --nossh -a $VAULTSERVER -i $ISSUER -r $GROUPROLE
htdecodetoken | jq -r .sub | grep $GROUPSUBPAT
EXPTIME="$(htdecodetoken|jq -r .exp)"

# check sub for token exchange
htgettoken --nossh -a $VAULTSERVER -i $ISSUER -r $GROUPROLE --scopes="$TESTSCOPES"
htdecodetoken | jq -r .sub | grep $GROUPSUBPAT

# check sub for refresh
# make sure that we don't request minsecs longer than the access token lifetime
# by waiting a couple of seconds
sleep 2
NOW="$(date +%s)"
let MINSECS=$EXPTIME-$NOW+1
htgettoken --nooidc --nokerberos --nossh -a $VAULTSERVER -i $ISSUER -r $GROUPROLE --minsecs=$MINSECS
EXPTIME2="$(htdecodetoken|jq -r .exp)"
if [ "$EXPTIME" = "$EXPTIME2" ]; then
echo "The access token was not renewed!"
exit 1
fi
htdecodetoken | jq -r .sub | grep $GROUPSUBPAT
Loading