Documentation
¶
Overview ¶
Package harness provides a test harness for integration testing the STS token exchange: mock GitHub and OIDC servers, HTTP client, and helpers to build contexts and run exchanges.
Index ¶
- Constants
- type Client
- type Context
- func (c *Context) ClaimsWith(overrides map[string]any) map[string]any
- func (c *Context) DefaultClaims() map[string]any
- func (c *Context) DefaultToken() string
- func (c *Context) ExchangeDefault() (*Result, error)
- func (c *Context) FixturePath(parts ...string) string
- func (c *Context) GitHubAPIURL() string
- func (c *Context) IssuerURL() string
- func (c *Context) LoadTemplate(parts ...string) string
- func (c *Context) SetupDefaultPolicy()
- func (c *Context) SetupPolicy(repo, template string)
- func (c *Context) SignTokenWithClaims(claims map[string]any) string
- func (c *Context) TokenWith(overrides map[string]any) string
- type ExchangeRequest
- type ExchangeResponse
- type GitHub
- func (g *GitHub) APIURL() string
- func (g *GitHub) Close()
- func (g *GitHub) RequestCount() int
- func (g *GitHub) SetError(pattern string, status int, message string)
- func (g *GitHub) SetInstallation(repo string, id int64)
- func (g *GitHub) SetLatency(d time.Duration)
- func (g *GitHub) SetPolicy(repo, content string)
- func (g *GitHub) SetPolicyFromFile(repo, path string)
- func (g *GitHub) SetRateLimit(pattern string, retryAfter int)
- func (g *GitHub) SetToken(id int64, value string, permissions map[string]string, expiresAt time.Time)
- func (g *GitHub) WasRequested(path string) bool
- type Request
- type ResponseError
- type Result
- type Server
- type ServerOption
- func WithConfiguration(cfg *config.Config) ServerOption
- func WithDefaultTTL(ttl int) ServerOption
- func WithGitHubApps(apps []*TestApp) ServerOption
- func WithMaxPermissions(permissions map[string]string) ServerOption
- func WithMaxTTL(ttl int) ServerOption
- func WithRequireExplicitPolicy(require bool) ServerOption
- type TestApp
Constants ¶
const ( // DefaultRepo is the default target repository for harness tests. DefaultRepo = "example-org/example-repo" // DefaultInstallationID is the default GitHub App installation ID used in mock responses. DefaultInstallationID = int64(123456) // DefaultPolicyTemplate is the default trust policy fixture name under fixtures/policies. DefaultPolicyTemplate = "contents_read_metadata_read.tpl.yaml" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an HTTP client for the STS token exchange API. It wraps HTTP communication and provides typed request/response handling.
type Context ¶
type Context struct {
GitHub *GitHub
OIDC *testutil.OIDCServer
Client *Client
// contains filtered or unexported fields
}
Context holds test state and provides methods for test execution. Cleanup is registered automatically via t.Cleanup — callers never need to call Close or Cleanup manually.
func New ¶
New creates a new test Context with mock servers initialized. Cleanup is automatic via t.Cleanup.
func (*Context) ClaimsWith ¶
ClaimsWith returns DefaultClaims with the given overrides merged in.
func (*Context) DefaultClaims ¶
DefaultClaims returns standard OIDC claims for the context (iss, sub, aud, exp, repository, ref, etc.).
func (*Context) DefaultToken ¶
DefaultToken returns a signed OIDC token with DefaultClaims.
func (*Context) ExchangeDefault ¶
ExchangeDefault performs an exchange request with DefaultToken and DefaultRepo.
func (*Context) FixturePath ¶
FixturePath returns the path to a fixture file under the test fixtures directory (relative to cwd).
func (*Context) GitHubAPIURL ¶
GitHubAPIURL returns the mock GitHub API base URL.
func (*Context) LoadTemplate ¶
LoadTemplate reads a fixture file under fixtures/ and substitutes {{ISSUER_URL}} with the context issuer URL.
func (*Context) SetupDefaultPolicy ¶
func (c *Context) SetupDefaultPolicy()
SetupDefaultPolicy calls SetupPolicy with DefaultRepo and DefaultPolicyTemplate.
func (*Context) SetupPolicy ¶
SetupPolicy sets the trust policy and installation ID for the given repo using the named template fixture.
func (*Context) SignTokenWithClaims ¶
SignTokenWithClaims returns a signed OIDC token with the given claims.
type ExchangeRequest ¶
type ExchangeRequest struct {
OIDCToken string `json:"oidc_token"`
TargetRepository string `json:"target_repository"`
PolicyName string `json:"policy_name,omitempty"`
RequestedPermissions map[string]string `json:"requested_permissions,omitempty"`
RequestedTTL int `json:"requested_ttl,omitempty"`
}
ExchangeRequest represents a token exchange request.
type ExchangeResponse ¶
type ExchangeResponse struct {
Token string `json:"token"`
ExpiresAt time.Time `json:"expires_at"`
MatchedPolicy string `json:"matched_policy"`
Permissions map[string]string `json:"permissions"`
RequestID string `json:"request_id"`
}
ExchangeResponse represents a successful token exchange response.
type GitHub ¶
type GitHub struct {
// contains filtered or unexported fields
}
GitHub is a mock GitHub API server for testing. It supports policy file serving, installation lookup, and token creation.
func (*GitHub) APIURL ¶
APIURL returns the base URL of the mock GitHub API server. Use this URL to configure the STS service to use the mock GitHub.
func (*GitHub) Close ¶
func (g *GitHub) Close()
Close shuts down the mock server and releases all resources. This method is safe to call multiple times.
func (*GitHub) RequestCount ¶
RequestCount returns the total number of requests received by the mock server.
func (*GitHub) SetError ¶
SetError configures an error response for a path pattern. The pattern matches if the request path contains the pattern string.
func (*GitHub) SetInstallation ¶
SetInstallation configures the installation ID for a repository.
func (*GitHub) SetLatency ¶
SetLatency configures simulated network latency for all requests. This is useful for testing timeout behavior and slow network conditions.
func (*GitHub) SetPolicyFromFile ¶
SetPolicyFromFile loads a policy from a fixture file.
func (*GitHub) SetRateLimit ¶
SetRateLimit configures a rate limit error for a path pattern. The rate limit response includes a Retry-After header with the specified value.
func (*GitHub) SetToken ¶
func (g *GitHub) SetToken(id int64, value string, permissions map[string]string, expiresAt time.Time)
SetToken configures the token response for an installation.
func (*GitHub) WasRequested ¶
WasRequested checks if any request path contains the specified substring. Use this to verify that expected API endpoints were called.
type ResponseError ¶
type ResponseError struct {
Code string `json:"error_code"`
Message string `json:"error"`
Details string `json:"details,omitempty"`
RequestID string `json:"request_id,omitempty"`
RetryAfterSeconds int `json:"retry_after_seconds,omitempty"`
}
ResponseError represents an error response from the STS API.
func (*ResponseError) Error ¶
func (e *ResponseError) Error() string
Error implements the error interface for ResponseError.
type Result ¶
type Result struct {
Response *ExchangeResponse
Error *ResponseError
StatusCode int
}
Result wraps the outcome of an exchange request. Either Response or Error is set, never both.
type Server ¶
Server wraps the STS service and HTTP test server for integration testing.
func StartServer ¶
func StartServer(t *testing.T, ctx *Context, options ...ServerOption) *Server
StartServer creates and starts a new STS test server. Cleanup is registered via t.Cleanup — callers never need to call Close.
type ServerOption ¶
type ServerOption func(*serverConfig)
ServerOption configures the Server during creation.
func WithConfiguration ¶
func WithConfiguration(cfg *config.Config) ServerOption
WithConfiguration sets the full config for the test server; policy and OIDC are still overridden from Context.
func WithDefaultTTL ¶
func WithDefaultTTL(ttl int) ServerOption
WithDefaultTTL sets the default token TTL in seconds for the test server policy.
func WithGitHubApps ¶
func WithGitHubApps(apps []*TestApp) ServerOption
WithGitHubApps sets the GitHub Apps (client ID and org) used by the test server.
func WithMaxPermissions ¶
func WithMaxPermissions(permissions map[string]string) ServerOption
WithMaxPermissions sets the maximum allowed permissions for the test server policy.
func WithMaxTTL ¶
func WithMaxTTL(ttl int) ServerOption
WithMaxTTL sets the maximum token TTL in seconds for the test server policy.
func WithRequireExplicitPolicy ¶
func WithRequireExplicitPolicy(require bool) ServerOption
WithRequireExplicitPolicy sets whether the server requires an explicit repository policy to grant tokens.