Skip to content

Add tests to #1618 #1621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 17, 2025
Merged

Add tests to #1618 #1621

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fe7863f
Refactor OidcTokenProvider to remove dependency on IdentityModel and …
tg123 Feb 21, 2025
dffc59e
Improve OidcTokenProvider error handling and expiry setting
tg123 Feb 21, 2025
c253b82
Refactor parts initialization inside try block
tg123 Feb 21, 2025
389b0bd
Add tests.
brendandburns Apr 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 54 additions & 53 deletions Directory.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,54 +1,55 @@
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="AutoMapper" Version="13.0.1" />
<PackageVersion Include="BouncyCastle.Cryptography" Version="2.5.0" />
<PackageVersion Include="FluentAssertions" Version="7.0.0" />
<PackageVersion Include="Fractions" Version="7.3.0" />
<PackageVersion Include="IdentityModel.OidcClient" Version="6.0.0" />
<PackageVersion Include="JsonPatch.Net" Version="2.1.0" />
<PackageVersion Include="MartinCostello.Logging.XUnit" Version="0.5.1" />
<PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="9.0.0" />
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="9.0.0" />
<PackageVersion Include="Microsoft.Extensions.Logging" Version="9.0.0" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
<PackageVersion Include="Microsoft.TestPlatform.ObjectModel" Version="17.12.0" />
<PackageVersion Include="Moq" Version="4.20.72" />
<PackageVersion Include="Nito.AsyncEx" Version="5.1.2" />
<PackageVersion Include="Nito.AsyncEx.Coordination" Version="5.1.2" />
<PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.7.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
<PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
<PackageVersion Include="SharpZipLib" Version="1.4.2" />
<PackageVersion Include="Swashbuckle.AspNetCore" Version="6.5.0" />
<PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="9.0.0" />
<PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.3.0" />
<PackageVersion Include="System.IO.Abstractions.TestingHelpers" Version="21.2.1" />
<PackageVersion Include="System.Reactive" Version="6.0.1" />
<PackageVersion Include="System.Text.Json" Version="9.0.0" />
<PackageVersion Include="Vecc.YamlDotNet.Analyzers.StaticGenerator" Version="16.3.0" />
<PackageVersion Include="xunit" Version="2.9.2" />
<PackageVersion Include="xunit.runner.visualstudio" Version="3.0.0" />
<PackageVersion Include="Xunit.StaFact" Version="1.1.11" />
<PackageVersion Include="YamlDotNet" Version="16.3.0" />
</ItemGroup>
<ItemGroup>
<PackageVersion Include="Autofac" Version="8.2.0" />
<PackageVersion Include="CaseExtensions" Version="1.1.0" />
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="4.4.0" />
<PackageVersion Include="Namotion.Reflection" Version="3.0.1" />
<PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
<PackageVersion Include="NJsonSchema" Version="10.9.0" />
<PackageVersion Include="NSwag.Core" Version="13.20.0" />
<PackageVersion Include="Scriban" Version="5.9.1" />
</ItemGroup>
<ItemGroup>
<GlobalPackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="9.0.0" />
<GlobalPackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
<GlobalPackageReference Include="Microsoft.VisualStudio.SlnGen" Version="12.0.3" />
<GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.7.112" />
<GlobalPackageReference Include="StyleCop.Analyzers" Version="1.1.118" />
</ItemGroup>
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="AutoMapper" Version="13.0.1" />
<PackageVersion Include="BouncyCastle.Cryptography" Version="2.5.0" />
<PackageVersion Include="FluentAssertions" Version="7.0.0" />
<PackageVersion Include="Fractions" Version="7.3.0" />
<PackageVersion Include="IdentityModel.OidcClient" Version="6.0.0" />
<PackageVersion Include="JsonPatch.Net" Version="2.1.0" />
<PackageVersion Include="MartinCostello.Logging.XUnit" Version="0.5.1" />
<PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="9.0.0" />
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="9.0.0" />
<PackageVersion Include="Microsoft.Extensions.Logging" Version="9.0.0" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
<PackageVersion Include="Microsoft.TestPlatform.ObjectModel" Version="17.12.0" />
<PackageVersion Include="Moq" Version="4.20.72" />
<PackageVersion Include="Nito.AsyncEx" Version="5.1.2" />
<PackageVersion Include="Nito.AsyncEx.Coordination" Version="5.1.2" />
<PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.7.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
<PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
<PackageVersion Include="SharpZipLib" Version="1.4.2" />
<PackageVersion Include="Swashbuckle.AspNetCore" Version="6.5.0" />
<PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="9.0.0" />
<PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.3.0" />
<PackageVersion Include="System.IO.Abstractions.TestingHelpers" Version="21.2.1" />
<PackageVersion Include="System.Reactive" Version="6.0.1" />
<PackageVersion Include="System.Text.Json" Version="9.0.0" />
<PackageVersion Include="Vecc.YamlDotNet.Analyzers.StaticGenerator" Version="16.3.0" />
<PackageVersion Include="Wiremock.Net" Version="1.7.4" />
<PackageVersion Include="xunit" Version="2.9.2" />
<PackageVersion Include="xunit.runner.visualstudio" Version="3.0.0" />
<PackageVersion Include="Xunit.StaFact" Version="1.1.11" />
<PackageVersion Include="YamlDotNet" Version="16.3.0" />
</ItemGroup>
<ItemGroup>
<PackageVersion Include="Autofac" Version="8.2.0" />
<PackageVersion Include="CaseExtensions" Version="1.1.0" />
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="4.4.0" />
<PackageVersion Include="Namotion.Reflection" Version="3.0.1" />
<PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
<PackageVersion Include="NJsonSchema" Version="10.9.0" />
<PackageVersion Include="NSwag.Core" Version="13.20.0" />
<PackageVersion Include="Scriban" Version="5.9.1" />
</ItemGroup>
<ItemGroup>
<GlobalPackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="9.0.0" />
<GlobalPackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
<GlobalPackageReference Include="Microsoft.VisualStudio.SlnGen" Version="12.0.3" />
<GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.7.112" />
<GlobalPackageReference Include="StyleCop.Analyzers" Version="1.1.118" />
</ItemGroup>
</Project>
83 changes: 58 additions & 25 deletions src/KubernetesClient/Authentication/OidcTokenProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,28 @@
using IdentityModel.OidcClient;
using k8s.Exceptions;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;

namespace k8s.Authentication
{
public class OidcTokenProvider : ITokenProvider
{
private readonly OidcClient _oidcClient;
private readonly string _clientId;
private readonly string _clientSecret;
private readonly string _idpIssuerUrl;

private string _idToken;
private string _refreshToken;
private DateTimeOffset _expiry;

public OidcTokenProvider(string clientId, string clientSecret, string idpIssuerUrl, string idToken, string refreshToken)
{
_clientId = clientId;
_clientSecret = clientSecret;
_idpIssuerUrl = idpIssuerUrl;
_idToken = idToken;
_refreshToken = refreshToken;
_oidcClient = getClient(clientId, clientSecret, idpIssuerUrl);
_expiry = getExpiryFromToken();
_expiry = GetExpiryFromToken();
}

public async Task<AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken)
Expand All @@ -30,49 +35,77 @@ public async Task<AuthenticationHeaderValue> GetAuthenticationHeaderAsync(Cancel
return new AuthenticationHeaderValue("Bearer", _idToken);
}

private DateTime getExpiryFromToken()
private DateTimeOffset GetExpiryFromToken()
{
long expiry;
var handler = new JwtSecurityTokenHandler();
try
{
var token = handler.ReadJwtToken(_idToken);
expiry = token.Payload.Expiration ?? 0;
var parts = _idToken.Split('.');
var payload = parts[1];
var jsonBytes = Base64UrlDecode(payload);
var json = Encoding.UTF8.GetString(jsonBytes);

using var document = JsonDocument.Parse(json);
if (document.RootElement.TryGetProperty("exp", out var expElement))
{
var exp = expElement.GetInt64();
return DateTimeOffset.FromUnixTimeSeconds(exp);
}
}
catch
{
expiry = 0;
// ignore to default
}

return DateTimeOffset.FromUnixTimeSeconds(expiry).UtcDateTime;
return default;
}

private OidcClient getClient(string clientId, string clientSecret, string idpIssuerUrl)
private static byte[] Base64UrlDecode(string input)
{
OidcClientOptions options = new OidcClientOptions
var output = input.Replace('-', '+').Replace('_', '/');
switch (output.Length % 4)
{
ClientId = clientId,
ClientSecret = clientSecret ?? "",
Authority = idpIssuerUrl,
};
case 2: output += "=="; break;
case 3: output += "="; break;
}

return new OidcClient(options);
return Convert.FromBase64String(output);
}

private async Task RefreshToken()
{
try
{
var result = await _oidcClient.RefreshTokenAsync(_refreshToken).ConfigureAwait(false);
using var httpClient = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, _idpIssuerUrl);
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "grant_type", "refresh_token" },
{ "client_id", _clientId },
{ "client_secret", _clientSecret },
{ "refresh_token", _refreshToken },
});

var response = await httpClient.SendAsync(request).ConfigureAwait(false);
response.EnsureSuccessStatusCode();

if (result.IsError)
var responseContent = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
var jsonDocument = JsonDocument.Parse(responseContent);

if (jsonDocument.RootElement.TryGetProperty("id_token", out var idTokenElement))
{
_idToken = idTokenElement.GetString();
}

if (jsonDocument.RootElement.TryGetProperty("refresh_token", out var refreshTokenElement))
{
throw new Exception(result.Error);
_refreshToken = refreshTokenElement.GetString();
}

_idToken = result.IdentityToken;
_refreshToken = result.RefreshToken;
_expiry = result.AccessTokenExpiration;
if (jsonDocument.RootElement.TryGetProperty("expires_in", out var expiresInElement))
{
var expiresIn = expiresInElement.GetInt32();
_expiry = DateTimeOffset.UtcNow.AddSeconds(expiresIn);
}
}
catch (Exception e)
{
Expand Down
2 changes: 0 additions & 2 deletions src/KubernetesClient/KubernetesClient.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="System.IdentityModel.Tokens.Jwt" />
<PackageReference Include="IdentityModel.OidcClient" />
<PackageReference Include="Fractions" />
<PackageReference Include="YamlDotNet" />
</ItemGroup>
Expand Down
1 change: 1 addition & 0 deletions tests/KubernetesClient.Tests/KubernetesClient.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
<PackageReference Include="System.Reactive" />
<PackageReference Include="Nito.AsyncEx" />
<PackageReference Include="Portable.BouncyCastle" />
<PackageReference Include="Wiremock.Net" />
</ItemGroup>

<ItemGroup>
Expand Down
87 changes: 87 additions & 0 deletions tests/KubernetesClient.Tests/OidcAuthTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
using FluentAssertions;
using k8s.Authentication;
using k8s.Exceptions;
using System;
using System.Net;
using System.Threading;
using System.Threading.Tasks;
using WireMock.Server;
using WireMock.RequestBuilders;
using WireMock.ResponseBuilders;
using Xunit;

namespace k8s.Tests
Expand Down Expand Up @@ -53,5 +58,87 @@ public async Task TestOidcAuth()
Assert.StartsWith("Unable to refresh OIDC token.", e.Message);
}
}

[Fact]
public async Task TestOidcAuthWithWireMock()
{
// Arrange
var server = WireMockServer.Start();
var idpIssuerUrl = server.Url + "/token";
var clientId = "CLIENT_ID";
var clientSecret = "CLIENT_SECRET";
var expiredIdToken = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjB9.f37LFpIw_XIS5TZt3wdtEjjyCNshYy03lOWpyDViRM0";
var refreshToken = "REFRESH_TOKEN";
var newIdToken = "NEW_ID_TOKEN";
var expiresIn = 3600;

// Simulate a successful token refresh response
server
.Given(Request.Create().WithPath("/token").UsingPost())
.RespondWith(Response.Create()
.WithStatusCode(HttpStatusCode.OK)
.WithBody($@"{{
""id_token"": ""{newIdToken}"",
""refresh_token"": ""{refreshToken}"",
""expires_in"": {expiresIn}
}}"));

var auth = new OidcTokenProvider(clientId, clientSecret, idpIssuerUrl, expiredIdToken, refreshToken);

// Act
var result = await auth.GetAuthenticationHeaderAsync(CancellationToken.None);

// Assert
result.Scheme.Should().Be("Bearer");
result.Parameter.Should().Be(newIdToken);

// Verify that the expiry is set correctly
var expectedExpiry = DateTimeOffset.UtcNow.AddSeconds(expiresIn);
var actualExpiry = typeof(OidcTokenProvider)
.GetField("_expiry", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)
?.GetValue(auth) as DateTimeOffset?;
actualExpiry.Should().NotBeNull();
actualExpiry.Value.Should().BeCloseTo(expectedExpiry, precision: TimeSpan.FromSeconds(5));

// Verify that the refresh token is set correctly
var actualRefreshToken = typeof(OidcTokenProvider)
.GetField("_refreshToken", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)
?.GetValue(auth) as string;
actualRefreshToken.Should().NotBeNull();
actualRefreshToken.Should().Be(refreshToken);

// Stop the server
server.Stop();
}

[Fact]
public async Task TestOidcAuthWithServerError()
{
// Arrange
var server = WireMockServer.Start();
var idpIssuerUrl = server.Url + "/token";
var clientId = "CLIENT_ID";
var clientSecret = "CLIENT_SECRET";
var expiredIdToken = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjB9.f37LFpIw_XIS5TZt3wdtEjjyCNshYy03lOWpyDViRM0";
var refreshToken = "REFRESH_TOKEN";

// Simulate a server error response
server
.Given(Request.Create().WithPath("/token").UsingPost())
.RespondWith(Response.Create()
.WithStatusCode(HttpStatusCode.InternalServerError)
.WithBody(@"{ ""error"": ""server_error"" }"));

var auth = new OidcTokenProvider(clientId, clientSecret, idpIssuerUrl, expiredIdToken, refreshToken);

// Act & Assert
var exception = await Assert.ThrowsAsync<KubernetesClientException>(
() => auth.GetAuthenticationHeaderAsync(CancellationToken.None));
exception.Message.Should().StartWith("Unable to refresh OIDC token.");
exception.InnerException.Message.Should().Contain("500");

// Stop the server
server.Stop();
}
}
}
Loading