Documentation
¶
Index ¶
- func FormatPrivateKeyPEM(privateKey *rsa.PrivateKey) []byte
- func FormatPublicKeyPEM(publicKey *rsa.PublicKey) []byte
- func GenerateRootToken(t *testing.T, privateKey *rsa.PrivateKey) string
- func GenerateServiceAccountToken(t *testing.T, privateKey *rsa.PrivateKey, role string, expiry time.Duration) (saID string, token string)
- func GenerateTestSigningKeys(t *testing.T) *rsa.PrivateKey
- func GenerateUserToken(t *testing.T, privateKey *rsa.PrivateKey, email string, role string, ...) string
- func SetupMockOIDC(t *testing.T, userEmail string, userRole string) (m *mockoidc.MockOIDC, issuer string, clientID string)
- func SetupTestNATS(t *testing.T) (*server.Server, *nats.Conn, jetstream.JetStream)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FormatPrivateKeyPEM ¶
func FormatPrivateKeyPEM(privateKey *rsa.PrivateKey) []byte
FormatPrivateKeyPEM encodes an RSA private key in PEM format
func FormatPublicKeyPEM ¶
FormatPublicKeyPEM encodes an RSA public key in PEM format
func GenerateRootToken ¶
func GenerateRootToken(t *testing.T, privateKey *rsa.PrivateKey) string
GenerateRootToken creates a JWT with root token claims (following Phase 24-03 pattern). Root tokens provide unrestricted admin access and never expire.
Claims:
- sub: "root"
- role: "admin"
- type: "root"
- iat: current timestamp
- NO exp claim (root tokens never expire)
Returns the signed JWT token string ready for Authorization headers.
func GenerateServiceAccountToken ¶
func GenerateServiceAccountToken(t *testing.T, privateKey *rsa.PrivateKey, role string, expiry time.Duration) (saID string, token string)
GenerateServiceAccountToken creates a JWT with service account claims. Generates a unique service account ID and signs the token with the provided role and expiry.
Claims:
- sub: generated service account ID
- role: admin or readonly
- type: "service-account"
- jti: service account ID (for revocation lookup)
- iat: current timestamp
- exp: current timestamp + expiry
Returns (saID, token) where saID is the service account ID and token is the signed JWT string.
func GenerateTestSigningKeys ¶
func GenerateTestSigningKeys(t *testing.T) *rsa.PrivateKey
GenerateTestSigningKeys generates RSA 4096 signing keys for tests. Uses auth.GenerateSigningKeys() to ensure consistency with production code. Returns the private key (public key accessible via privateKey.Public()).
func GenerateUserToken ¶
func GenerateUserToken(t *testing.T, privateKey *rsa.PrivateKey, email string, role string, expiry time.Duration) string
GenerateUserToken creates a JWT with user session claims. Used for simulating OIDC-authenticated user sessions.
Claims:
- sub: user email
- role: admin or readonly
- type: "session"
- iat: current timestamp
- exp: current timestamp + expiry
Returns the signed JWT token string.
func SetupMockOIDC ¶
func SetupMockOIDC(t *testing.T, userEmail string, userRole string) (m *mockoidc.MockOIDC, issuer string, clientID string)
SetupMockOIDC creates and starts a mock OIDC provider for testing. Following RESEARCH.md Pattern 2 (Mock OIDC Provider).
The mock OIDC server provides:
- Full OIDC discovery support
- Authorization code + PKCE flow
- Token exchange endpoint
- User queueing for controlled test scenarios
Returns (mockOIDC, issuerURL, clientID) for configuring auth.Config.
func SetupTestNATS ¶
SetupTestNATS creates an isolated embedded NATS server with JetStream for testing. Following RESEARCH.md Pattern 1 (Fresh NATS Server Per Test).
Each test gets:
- Random port for isolation
- Temporary directory for storage
- Automatic cleanup on test completion
Returns (natsServer, natsConnection, jetStreamContext).
Types ¶
This section is empty.
Source Files