Created fetch_signing_key_settings_from_variables and UTs

cyberark · Jan 12, 2022 · c8db022 · c8db022
1 parent 28c998b
commit c8db022
Show file tree

Hide file tree

Showing 2 changed files with 177 additions and 64 deletions.
diff --git a/app/domain/authentication/authn_jwt/signing_key/fetch_signing_key_settings_from_variables.rb b/app/domain/authentication/authn_jwt/signing_key/fetch_signing_key_settings_from_variables.rb
@@ -4,14 +4,18 @@ module SigningKey
       # This class is responsible for variables permutation validation
       FetchSigningKeySettingsFromVariables ||= CommandClass.new(
         dependencies: {
+          check_authenticator_secret_exists: Authentication::Util::CheckAuthenticatorSecretExists.new,
           fetch_authenticator_secrets: Authentication::Util::FetchAuthenticatorSecrets.new,
-          check_authenticator_secret_exists: Authentication::Util::CheckAuthenticatorSecretExists.new
+          logger: Rails.logger
         },
         inputs: %i[authenticator_input]
       ) do
         def call
+          fetch_signing_key_settings
         end
 
+        private
+
         def fetch_signing_key_settings
           if provider_uri_resource_exists? and !jwks_uri_has_resource_exists?
             SigningKeySettings.new(uri: fetch_provider_uri_signing_key,
@@ -27,26 +31,6 @@ def fetch_signing_key_settings
           end
         end
 
-        def fetch_provider_uri_signing_key
-          @logger.info(
-            LogMessages::Authentication::AuthnJwt::SelectedSigningKeyInterface.new(PROVIDER_URI_INTERFACE_NAME)
-          )
-          @fetch_provider_uri_signing_key ||= @fetch_provider_uri_signing_key_class.new(
-            authenticator_input: @authenticator_input,
-            fetch_signing_key: @fetch_signing_key
-          )
-        end
-
-        def fetch_jwks_uri_signing_key
-          @logger.info(
-            LogMessages::Authentication::AuthnJwt::SelectedSigningKeyInterface.new(JWKS_URI_INTERFACE_NAME)
-          )
-          @fetch_jwks_uri_signing_key ||= @fetch_jwks_uri_signing_key_class.new(
-            authenticator_input: @authenticator_input,
-            fetch_signing_key: @fetch_signing_key
-          )
-        end
-
         def provider_uri_resource_exists?
           # defined? is needed for memoization of boolean value
           return @provider_uri_resource_exists if defined?(@provider_uri_resource_exists)
@@ -70,6 +54,30 @@ def jwks_uri_has_resource_exists?
             var_name: JWKS_URI_RESOURCE_NAME
           )
         end
+
+        def fetch_provider_uri_signing_key
+          @logger.info(
+            LogMessages::Authentication::AuthnJwt::SelectedSigningKeyInterface.new(PROVIDER_URI_INTERFACE_NAME)
+          )
+          @provider_uri_secret ||= @fetch_authenticator_secrets.call(
+            conjur_account: @authenticator_input.account,
+            authenticator_name: @authenticator_input.authenticator_name,
+            service_id: @authenticator_input.service_id,
+            required_variable_names: [PROVIDER_URI_RESOURCE_NAME]
+          )[PROVIDER_URI_RESOURCE_NAME]
+        end
+
+        def fetch_jwks_uri_signing_key
+          @logger.info(
+            LogMessages::Authentication::AuthnJwt::SelectedSigningKeyInterface.new(JWKS_URI_INTERFACE_NAME)
+          )
+          @jwks_uri_secret ||= @fetch_authenticator_secrets.call(
+            conjur_account: @authenticator_input.account,
+            authenticator_name: @authenticator_input.authenticator_name,
+            service_id: @authenticator_input.service_id,
+            required_variable_names: [JWKS_URI_RESOURCE_NAME]
+          )[JWKS_URI_RESOURCE_NAME]
+        end
       end
     end
   end

diff --git a/...in/authentication/authn-jwt/signing_key/fetch_signing_key_settings_from_variables_spec.rb b/...in/authentication/authn-jwt/signing_key/fetch_signing_key_settings_from_variables_spec.rb
@@ -16,30 +16,95 @@
       request: "dummy"
     )
   }
-  let(:mocked_check_authenticator_secret_exists_nothing_exists) { double("mocked_check_authenticator_secret_exists_nothing_exists") }
-  let(:mocked_fetch_authenticator_secrets_exist_values)  {  double("MockedFetchAuthenticatorSecrets") }
-  let(:mocked_fetch_exists_signing_key_from_variable) { double("Mocked fetch with existing signing key")  }
-  let(:required_secret_missing_error) { "required secret missing error" }
-
+  let(:mocked_provider_type) { Authentication::AuthnJwt::PROVIDER_URI_INTERFACE_NAME }
+  let(:mocked_provider_uri) { 'https://provider-uri.com/provider' }
+  let(:mocked_jwks_type) { Authentication::AuthnJwt::JWKS_URI_INTERFACE_NAME }
+  let(:mocked_jwks_uri) { 'http://jwks-uri.com/jwks' }
+
+  let(:mocked_check_authenticator_secret_exists_nothing_exists) { double("mockedCheckAuthenticatorSecretExistsNothingExists") }
+  let(:mocked_check_authenticator_secret_exists_everything_exists) { double("mockedCheckAuthenticatorSecretExistsEverythingExists") }
+  let(:mocked_check_authenticator_secret_exists_jwks)  {  double("mockedCheckAuthenticatorSecretExistsJwks") }
+  let(:mocked_check_authenticator_secret_exists_provider)  {  double("mockedCheckAuthenticatorSecretExistsProvider") }
+  let(:mocked_fetch_authenticator_secrets_exist_jwks) { double("mockedFetchAuthenticatorSecretsExistJwks") }
+  let(:mocked_fetch_authenticator_secrets_not_exist_jwks) { double("mockedFetchAuthenticatorSecretsExistJwks")}
+  let(:mocked_fetch_authenticator_secrets_empty_provider) { double("mockedFetchAuthenticatorSecretsEmptyProvider")}
+  let(:mocked_fetch_authenticator_secrets_exist_provider)  {  double("MockedFetchAuthenticatorSecretsExistProvider") }
+  let(:mocked_logger) { double("mockedLogger")  }
+  let(:mocked_required_secret_missing_error) { "mockedRequiredSecretMissingError" }
 
   before(:each) do
     allow(mocked_check_authenticator_secret_exists_nothing_exists).to(
       receive(:call).and_return(false)
     )
 
-    allow(mocked_fetch_authenticator_secrets_exist_values).to(
-      receive(:call).and_return('provider-uri' => 'https://provider-uri.com/provider')
+    allow(mocked_check_authenticator_secret_exists_everything_exists).to(
+      receive(:call).and_return(true)
     )
 
-    allow(mocked_fetch_authenticator_secrets_exist_https).to(
-      receive(:call).and_return('jwks-uri' => 'https://jwks-uri.com/jwks')
+    allow(mocked_check_authenticator_secret_exists_jwks).to(
+      receive(:call).with(
+        conjur_account: anything,
+        authenticator_name: anything,
+        service_id: anything,
+        var_name: "jwks-uri"
+      ).and_return(true)
     )
 
-    allow(mocked_fetch_authenticator_secrets_empty_values).to(
-      receive(:call).and_raise(required_secret_missing_error)
+    allow(mocked_check_authenticator_secret_exists_jwks).to(
+      receive(:call).with(
+        conjur_account: anything,
+        authenticator_name: anything,
+        service_id: anything,
+        var_name: "provider-uri"
+      ).and_return(false)
+    )
+
+    allow(mocked_check_authenticator_secret_exists_provider).to(
+      receive(:call).with(
+        conjur_account: anything,
+        authenticator_name: anything,
+        service_id: anything,
+        var_name: "jwks-uri"
+      ).and_return(false)
+    )
+
+    allow(mocked_check_authenticator_secret_exists_provider).to(
+      receive(:call).with(
+        conjur_account: anything,
+        authenticator_name: anything,
+        service_id: anything,
+        var_name: "provider-uri"
+      ).and_return(true)
+    )
+
+    allow(mocked_fetch_authenticator_secrets_exist_jwks).to(
+      receive(:call).and_return('jwks-uri' => mocked_jwks_uri)
+    )
+
+    allow(mocked_fetch_authenticator_secrets_not_exist_jwks).to(
+      receive(:call).and_raise(mocked_required_secret_missing_error)
     )
-  end
 
+    allow(mocked_fetch_authenticator_secrets_exist_provider).to(
+      receive(:call).and_return('provider-uri' => mocked_provider_uri)
+    )
+
+    allow(mocked_fetch_authenticator_secrets_empty_provider).to(
+      receive(:call).and_raise(mocked_required_secret_missing_error)
+    )
+
+    allow(mocked_logger).to(
+      receive(:call).and_return(true)
+    )
+
+    allow(mocked_logger).to(
+      receive(:debug).and_return(true)
+    )
+
+    allow(mocked_logger).to(
+      receive(:info).and_return(true)
+    )
+  end
 
   #  ____  _   _  ____    ____  ____  ___  ____  ___
   # (_  _)( )_( )( ___)  (_  _)( ___)/ __)(_  _)/ __)
@@ -50,23 +115,23 @@
     context "'jwks-uri' and 'provider-uri' exist" do
       subject do
         ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
-          authenticator_input: mocked_authenticator_input
+          check_authenticator_secret_exists: mocked_check_authenticator_secret_exists_everything_exists
         ).call(
-          authenticator_input: authenticator_input
+          authenticator_input: mocked_authenticator_input
         )
       end
 
       it "raises an error" do
-        expect { subject }.to raise_error(Errors::Authentication::AuthnJwt::InvalidUriConfiguration)
+        expect { subject }.to raise_error(
+                                Errors::Authentication::AuthnJwt::InvalidUriConfiguration,
+                                "CONJ00086E Signing key URI configuration is invalid")
       end
     end
 
-    context "'jwks-uri' and 'provider-uri' does not exist" do
-
+    context "'jwks-uri' and 'provider-uri' do not exists" do
       subject do
         ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
-          check_authenticator_secret_exists: mocked_check_authenticator_secret_exists_nothing_exists,
-          fetch_authenticator_secrets: {}
+          check_authenticator_secret_exists: mocked_check_authenticator_secret_exists_nothing_exists
         ).call(
           authenticator_input: mocked_authenticator_input
         )
@@ -75,40 +140,80 @@
       it "raises an error" do
         expect { subject }.to raise_error(
                                 Errors::Authentication::AuthnJwt::InvalidUriConfiguration,
-                                "mashu")
+                                "CONJ00086E Signing key URI configuration is invalid")
       end
     end
 
-    context "'jwks-uri' exits and 'provider-uri' does not exists" do
-
-      subject do
-        ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
-          authenticator_input: mocked_authenticator_input
-        ).call(
-          authenticator_input: authenticator_input
-        )
+    context "'jwks-uri' exits and 'provider-uri' do not exists" do
+      context "fetching 'jwks-uri' successfully" do
+        subject do
+          ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
+            check_authenticator_secret_exists:  mocked_check_authenticator_secret_exists_jwks,
+            fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_jwks,
+            logger: mocked_logger
+          ).call(
+            authenticator_input: mocked_authenticator_input
+          )
+        end
+
+        it "equals to expected signing key settings" do
+          expect(subject.uri).to eql(mocked_jwks_uri)
+          expect(subject.type).to eql(mocked_jwks_type)
+        end
       end
 
-      it "does not raise an error" do
-        expect { subject }.to_not raise_error
+      context "fetching 'jwks-uri' not successfully" do
+        subject do
+          ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
+            check_authenticator_secret_exists:  mocked_check_authenticator_secret_exists_jwks,
+            fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_not_exist_jwks,
+            logger: mocked_logger
+          ).call(
+            authenticator_input: mocked_authenticator_input
+          )
+        end
+
+        it "raise an error" do
+          expect { subject }.to raise_error(
+                                  "mockedRequiredSecretMissingError")
+        end
       end
     end
 
-    context "'jwks-uri' does not exists and 'provider-uri' exist" do
-
-      subject do
-        ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
-          authenticator_input: mocked_authenticator_input
-        ).call(
-          authenticator_input: authenticator_input
-        )
+    context "'jwks-uri' does not exist and 'provider-uri' exists" do
+      context "fetching 'provider-uri' successfully" do
+        subject do
+          ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
+            check_authenticator_secret_exists:  mocked_check_authenticator_secret_exists_provider,
+            fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_provider,
+            logger: mocked_logger,
+            ).call(
+            authenticator_input: mocked_authenticator_input
+          )
+        end
+
+        it "equals to expected signing key settings" do
+          expect(subject.uri).to eql(mocked_provider_uri)
+          expect(subject.type).to eql(mocked_provider_type)
+        end
       end
 
-      it "does not raise an error" do
-        expect { subject }.to_not raise_error
+      context "fetching 'provider-uri' not successfully" do
+        subject do
+          ::Authentication::AuthnJwt::SigningKey::FetchSigningKeySettingsFromVariables.new(
+            check_authenticator_secret_exists:  mocked_check_authenticator_secret_exists_provider,
+            fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_empty_provider,
+            logger: mocked_logger
+          ).call(
+            authenticator_input: mocked_authenticator_input
+          )
+        end
+
+        it "raise an error" do
+          expect { subject }.to raise_error(
+                                  "mockedRequiredSecretMissingError")
+        end
       end
     end
-
   end
-
-end
+end