/
persister_test.go
180 lines (152 loc) · 7.4 KB
/
persister_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
package sql_test
import (
"context"
"testing"
"github.com/gofrs/uuid"
"github.com/instana/testify/assert"
"github.com/instana/testify/require"
"github.com/pkg/errors"
"github.com/ory/hydra/client"
"github.com/ory/hydra/consent"
"github.com/ory/hydra/internal/testhelpers"
"github.com/ory/hydra/oauth2/trust"
"github.com/ory/hydra/x/contextx"
"github.com/ory/x/dbal"
"github.com/ory/x/networkx"
"github.com/ory/hydra/jwk"
"github.com/ory/hydra/driver"
"github.com/ory/hydra/internal"
)
func testRegistry(t *testing.T, ctx context.Context, k string, t1 driver.Registry, t2 driver.Registry) {
t.Run("package=client/manager="+k, func(t *testing.T) {
t.Run("case=create-get-update-delete", client.TestHelperCreateGetUpdateDeleteClient(k, t1.Persister().Connection(context.Background()), t1.ClientManager(), t2.ClientManager()))
t.Run("case=autogenerate-key", client.TestHelperClientAutoGenerateKey(k, t1.ClientManager()))
t.Run("case=auth-client", client.TestHelperClientAuthenticate(k, t1.ClientManager()))
t.Run("case=update-two-clients", client.TestHelperUpdateTwoClients(k, t1.ClientManager()))
})
parallel := true
if k == "memory" || k == "mysql" || k == "cockroach" { // TODO enable parallel tests for cockroach once we swap the transaction wrapper for one that supports retry
parallel = false
}
t.Run("package=consent/manager="+k, consent.ManagerTests(t1.ConsentManager(), t1.ClientManager(), t1.OAuth2Storage(), "t1", parallel))
t.Run("package=consent/manager="+k, consent.ManagerTests(t2.ConsentManager(), t2.ClientManager(), t2.OAuth2Storage(), "t2", parallel))
t.Run("parallel-boundary", func(t *testing.T) {
t.Run("package=consent/janitor="+k, testhelpers.JanitorTests(t1.Config(ctx), t1.ConsentManager(), t1.ClientManager(), t1.OAuth2Storage(), "t1", parallel))
t.Run("package=consent/janitor="+k, testhelpers.JanitorTests(t2.Config(ctx), t2.ConsentManager(), t2.ClientManager(), t2.OAuth2Storage(), "t2", parallel))
})
t.Run("package=jwk/manager="+k, func(t *testing.T) {
keyGenerators := new(driver.RegistryBase).KeyGenerators()
assert.Equalf(t, 6, len(keyGenerators), "Test for key generator is not implemented")
for _, tc := range []struct {
keyGenerator jwk.KeyGenerator
alg string
skip bool
}{
{keyGenerator: keyGenerators["RS256"], alg: "RS256", skip: false},
{keyGenerator: keyGenerators["ES256"], alg: "ES256", skip: false},
{keyGenerator: keyGenerators["ES512"], alg: "ES512", skip: false},
{keyGenerator: keyGenerators["HS256"], alg: "HS256", skip: true},
{keyGenerator: keyGenerators["HS512"], alg: "HS512", skip: true},
{keyGenerator: keyGenerators["EdDSA"], alg: "EdDSA", skip: t1.Config(ctx).HsmEnabled()},
} {
t.Run("key_generator="+tc.alg, func(t *testing.T) {
if tc.skip {
t.Skipf("Skipping test. Not applicable for alg: %s", tc.alg)
}
if t1.Config(ctx).HsmEnabled() {
t.Run("TestManagerGenerateAndPersistKeySet", jwk.TestHelperManagerGenerateAndPersistKeySet(t1.KeyManager(), tc.alg, false))
t.Run("TestManagerGenerateAndPersistKeySet", jwk.TestHelperManagerNIDIsolationKeySet(t1.KeyManager(), t2.KeyManager(), tc.alg))
} else {
kid, err := uuid.NewV4()
require.NoError(t, err)
ks, err := tc.keyGenerator.Generate(kid.String(), "sig")
require.NoError(t, err)
t.Run("TestManagerKey", jwk.TestHelperManagerKey(t1.KeyManager(), tc.alg, ks, kid.String()))
t.Run("Parallel", func(t *testing.T) {
t.Run("TestManagerKeySet", jwk.TestHelperManagerKeySet(t1.KeyManager(), tc.alg, ks, kid.String(), parallel))
t.Run("TestManagerKeySet", jwk.TestHelperManagerKeySet(t2.KeyManager(), tc.alg, ks, kid.String(), parallel))
})
t.Run("Parallel", func(t *testing.T) {
t.Run("TestManagerGenerateAndPersistKeySet", jwk.TestHelperManagerGenerateAndPersistKeySet(t1.KeyManager(), tc.alg, parallel))
t.Run("TestManagerGenerateAndPersistKeySet", jwk.TestHelperManagerGenerateAndPersistKeySet(t2.KeyManager(), tc.alg, parallel))
})
}
})
}
t.Run("TestManagerGenerateAndPersistKeySetWithUnsupportedKeyGenerator", func(t *testing.T) {
_, err := t1.KeyManager().GenerateAndPersistKeySet(context.TODO(), "foo", "bar", "UNKNOWN", "sig")
require.Error(t, err)
assert.IsType(t, errors.WithStack(jwk.ErrUnsupportedKeyAlgorithm), err)
})
})
t.Run("package=grant/trust/manager="+k, func(t *testing.T) {
t.Run("parallel-boundary", func(t *testing.T) {
t.Run("case=create-get-delete/tenant=t1", trust.TestHelperGrantManagerCreateGetDeleteGrant(t1.GrantManager(), parallel))
t.Run("case=create-get-delete/tenant=t2", trust.TestHelperGrantManagerCreateGetDeleteGrant(t2.GrantManager(), parallel))
})
t.Run("parallel-boundary", func(t *testing.T) {
t.Run("case=errors", trust.TestHelperGrantManagerErrors(t1.GrantManager(), parallel))
t.Run("case=errors", trust.TestHelperGrantManagerErrors(t2.GrantManager(), parallel))
})
})
}
func TestManagersNextGen(t *testing.T) {
regs := map[string]driver.Registry{
"memory": internal.NewRegistrySQLFromURL(t, dbal.SQLiteSharedInMemory, true, &contextx.DefaultContextualizer{}),
}
if !testing.Short() {
regs["postgres"], regs["mysql"], regs["cockroach"], _ = internal.ConnectDatabases(t, true, &contextx.DefaultContextualizer{})
}
ctx := context.Background()
networks := make([]uuid.UUID, 5)
for k := range networks {
nid := uuid.Must(uuid.NewV4())
for k := range regs {
require.NoError(t, regs[k].Persister().Connection(ctx).Create(&networkx.Network{ID: nid}))
}
networks[k] = nid
}
for k := range regs {
regs[k].WithContextualizer(new(contextx.TestContextualizer))
}
for k := range regs {
k := k
t.Run("database="+k, func(t *testing.T) {
t.Parallel()
client.TestHelperCreateGetUpdateDeleteClientNext(t, regs[k].Persister(), networks)
})
}
}
func TestManagers(t *testing.T) {
ctx := context.TODO()
t1registries := map[string]driver.Registry{
"memory": internal.NewRegistrySQLFromURL(t, dbal.SQLiteSharedInMemory, true, &contextx.DefaultContextualizer{}),
}
t2registries := map[string]driver.Registry{
"memory": internal.NewRegistrySQLFromURL(t, dbal.SQLiteSharedInMemory, false, &contextx.DefaultContextualizer{}),
}
if !testing.Short() {
t2registries["postgres"], t2registries["mysql"], t2registries["cockroach"], _ = internal.ConnectDatabases(t, false, &contextx.DefaultContextualizer{})
t1registries["postgres"], t1registries["mysql"], t1registries["cockroach"], _ = internal.ConnectDatabases(t, true, &contextx.DefaultContextualizer{})
}
tenant1NID, _ := uuid.NewV4()
tenant2NID, _ := uuid.NewV4()
for k, t1 := range t1registries {
t2 := t2registries[k]
require.NoError(t, t1.Persister().Connection(ctx).Create(&networkx.Network{ID: tenant1NID}))
require.NoError(t, t2.Persister().Connection(ctx).Create(&networkx.Network{ID: tenant2NID}))
t1.WithContextualizer(&contextx.StaticContextualizer{NID: tenant1NID, C: t1.Config(ctx)})
t2.WithContextualizer(&contextx.StaticContextualizer{NID: tenant2NID, C: t2.Config(ctx)})
t.Run("parallel-boundary", func(t *testing.T) { testRegistry(t, ctx, k, t1, t2) })
}
for k, t1 := range t1registries {
t2 := t2registries[k]
t2.WithContextualizer(&contextx.StaticContextualizer{NID: uuid.Nil, C: t2.Config(ctx)})
t.Run("package=jwk/manager="+k+"/case=nid",
jwk.TestHelperNID(t1.KeyManager(), t2.KeyManager()),
)
t.Run("package=consent/manager="+k+"/case=nid",
consent.TestHelperNID(t1.ClientManager(), t1.ConsentManager(), t2.ConsentManager()),
)
}
}