add readiness and partial key rotation

2020-02-11 17:17:09 +01:00 · 2020-02-11 17:17:09 +01:00 · 93709a18b6
commit 93709a18b6
parent f0d17fd839
15 changed files with 254 additions and 132 deletions
--- a/pkg/op/mock/authorizer.mock.impl.go
+++ b/pkg/op/mock/authorizer.mock.impl.go
@ -1,6 +1,7 @@
 package mock

 import (
+	"context"
 	"testing"

 	"github.com/golang/mock/gomock"
@ -67,6 +68,10 @@ func ExpectSigner(a op.Authorizer, t *testing.T) {

 type Sig struct{}

+func (s *Sig) Health(ctx context.Context) error {
+	return nil
+}
+
 func (s *Sig) SignIDToken(*oidc.IDTokenClaims) (string, error) {
 	return "", nil
 }
--- a/pkg/op/mock/signer.mock.go
+++ b/pkg/op/mock/signer.mock.go
@ -5,6 +5,7 @@
 package mock

 import (
+	context "context"
 	oidc "github.com/caos/oidc/pkg/oidc"
 	gomock "github.com/golang/mock/gomock"
 	go_jose_v2 "gopkg.in/square/go-jose.v2"
@ -34,6 +35,20 @@ func (m *MockSigner) EXPECT() *MockSignerMockRecorder {
 	return m.recorder
 }

+// Health mocks base method
+func (m *MockSigner) Health(arg0 context.Context) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Health", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// Health indicates an expected call of Health
+func (mr *MockSignerMockRecorder) Health(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockSigner)(nil).Health), arg0)
+}
+
 // SignAccessToken mocks base method
 func (m *MockSigner) SignAccessToken(arg0 *oidc.AccessTokenClaims) (string, error) {
 	m.ctrl.T.Helper()
--- a/pkg/op/mock/storage.mock.go
+++ b/pkg/op/mock/storage.mock.go
@ -125,18 +125,15 @@ func (mr *MockStorageMockRecorder) GetKeySet(arg0 interface{}) *gomock.Call {
 }

 // GetSigningKey mocks base method
-func (m *MockStorage) GetSigningKey(arg0 context.Context) (*go_jose_v2.SigningKey, error) {
+func (m *MockStorage) GetSigningKey(arg0 context.Context, arg1 chan<- go_jose_v2.SigningKey, arg2 chan<- error, arg3 <-chan bool) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetSigningKey", arg0)
-	ret0, _ := ret[0].(*go_jose_v2.SigningKey)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
+	m.ctrl.Call(m, "GetSigningKey", arg0, arg1, arg2, arg3)
 }

 // GetSigningKey indicates an expected call of GetSigningKey
-func (mr *MockStorageMockRecorder) GetSigningKey(arg0 interface{}) *gomock.Call {
+func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1, arg2, arg3 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSigningKey", reflect.TypeOf((*MockStorage)(nil).GetSigningKey), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSigningKey", reflect.TypeOf((*MockStorage)(nil).GetSigningKey), arg0, arg1, arg2, arg3)
 }

 // GetUserinfoFromScopes mocks base method
@ -154,17 +151,30 @@ func (mr *MockStorageMockRecorder) GetUserinfoFromScopes(arg0, arg1 interface{})
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetUserinfoFromScopes", reflect.TypeOf((*MockStorage)(nil).GetUserinfoFromScopes), arg0, arg1)
 }

-// SaveKeyPair mocks base method
-func (m *MockStorage) SaveKeyPair(arg0 context.Context) (*go_jose_v2.SigningKey, error) {
+// Health mocks base method
+func (m *MockStorage) Health(arg0 context.Context) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SaveKeyPair", arg0)
-	ret0, _ := ret[0].(*go_jose_v2.SigningKey)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
+	ret := m.ctrl.Call(m, "Health", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
 }

-// SaveKeyPair indicates an expected call of SaveKeyPair
-func (mr *MockStorageMockRecorder) SaveKeyPair(arg0 interface{}) *gomock.Call {
+// Health indicates an expected call of Health
+func (mr *MockStorageMockRecorder) Health(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveKeyPair", reflect.TypeOf((*MockStorage)(nil).SaveKeyPair), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockStorage)(nil).Health), arg0)
+}
+
+// SaveNewKeyPair mocks base method
+func (m *MockStorage) SaveNewKeyPair(arg0 context.Context) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SaveNewKeyPair", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// SaveNewKeyPair indicates an expected call of SaveNewKeyPair
+func (mr *MockStorageMockRecorder) SaveNewKeyPair(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveNewKeyPair", reflect.TypeOf((*MockStorage)(nil).SaveNewKeyPair), arg0)
 }
--- a/pkg/op/mock/storage.mock.impl.go
+++ b/pkg/op/mock/storage.mock.impl.go
@ -86,17 +86,29 @@ func ExpectValidClientID(s op.Storage) {

 func ExpectSigningKeyError(s op.Storage) {
 	mockS := s.(*MockStorage)
-	mockS.EXPECT().GetSigningKey(gomock.Any()).Return(nil, errors.New("error"))
+	mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(
+		func(_ context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, _ <-chan bool) {
+			errCh <- errors.New("error")
+		},
+	)
 }

 func ExpectSigningKeyInvalid(s op.Storage) {
 	mockS := s.(*MockStorage)
-	mockS.EXPECT().GetSigningKey(gomock.Any()).Return(&jose.SigningKey{}, nil)
+	mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(
+		func(_ context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, _ <-chan bool) {
+			keyCh <- jose.SigningKey{}
+		},
+	)
 }

 func ExpectSigningKey(s op.Storage) {
 	mockS := s.(*MockStorage)
-	mockS.EXPECT().GetSigningKey(gomock.Any()).Return(&jose.SigningKey{Algorithm: jose.HS256, Key: []byte("key")}, nil)
+	mockS.EXPECT().GetSigningKey(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(
+		func(_ context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, _ <-chan bool) {
+			keyCh <- jose.SigningKey{Algorithm: jose.HS256, Key: []byte("key")}
+		},
+	)
 }

 type ConfClient struct {