(t *testing.T)
| 26 | ) |
| 27 | |
| 28 | func TestParseGroupClaims(t *testing.T) { |
| 29 | t.Parallel() |
| 30 | |
| 31 | t.Run("EmptyConfig", func(t *testing.T) { |
| 32 | t.Parallel() |
| 33 | |
| 34 | s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), |
| 35 | runtimeconfig.NewManager(), |
| 36 | idpsync.DeploymentSyncSettings{}) |
| 37 | |
| 38 | ctx := testutil.Context(t, testutil.WaitMedium) |
| 39 | |
| 40 | params, err := s.ParseGroupClaims(ctx, jwt.MapClaims{}) |
| 41 | require.Nil(t, err) |
| 42 | |
| 43 | require.False(t, params.SyncEntitled) |
| 44 | }) |
| 45 | |
| 46 | t.Run("NotInAllowList", func(t *testing.T) { |
| 47 | t.Parallel() |
| 48 | |
| 49 | s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), |
| 50 | runtimeconfig.NewManager(), |
| 51 | idpsync.DeploymentSyncSettings{ |
| 52 | GroupField: "groups", |
| 53 | GroupAllowList: map[string]struct{}{ |
| 54 | "foo": {}, |
| 55 | }, |
| 56 | }) |
| 57 | |
| 58 | ctx := testutil.Context(t, testutil.WaitMedium) |
| 59 | |
| 60 | // Invalid group |
| 61 | _, err := s.ParseGroupClaims(ctx, jwt.MapClaims{ |
| 62 | "groups": []string{"bar"}, |
| 63 | }) |
| 64 | require.NotNil(t, err) |
| 65 | require.Equal(t, 403, err.Code) |
| 66 | |
| 67 | // No groups |
| 68 | _, err = s.ParseGroupClaims(ctx, jwt.MapClaims{}) |
| 69 | require.NotNil(t, err) |
| 70 | require.Equal(t, 403, err.Code) |
| 71 | }) |
| 72 | |
| 73 | t.Run("InAllowList", func(t *testing.T) { |
| 74 | t.Parallel() |
| 75 | |
| 76 | s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), |
| 77 | runtimeconfig.NewManager(), |
| 78 | idpsync.DeploymentSyncSettings{ |
| 79 | GroupField: "groups", |
| 80 | GroupAllowList: map[string]struct{}{ |
| 81 | "foo": {}, |
| 82 | }, |
| 83 | }) |
| 84 | |
| 85 | ctx := testutil.Context(t, testutil.WaitMedium) |
nothing calls this directly
no test coverage detected