feat: Add Authenticator Checks unit tests (#45)

* feat: Add Authenticator Checks unit tests * debug upstream auth unauthorized reason * add upstream auth unauthorize test * debug TestCheck_SuccessfulAuthentication * add TestCheck_UpstreamAuthTimeout * debug checkServiceUpstreamAuth span * Fix lint in test file & fix asserts in upstream test * Add new metric for upstreamAuthFailedRequests and removed some unused ifs * Fix upstream timeout test * fix TestCheck_UpstreamAuthFailed func name * add UpstreamAuthTimeout test function --------- Co-authored-by: Pedram Sadeghian <[email protected]>
snapp-incubator · Mar 18, 2024 · 3b000c4 · 3b000c4
1 parent abebb6a
commit 3b000c4
Show file tree

Hide file tree

Showing 3 changed files with 380 additions and 4 deletions.
diff --git a/pkg/auth/authenticator.go b/pkg/auth/authenticator.go
@@ -187,7 +187,7 @@ func (a *Authenticator) Check(ctx context.Context, request *Request) (finalRespo
 		reason, cerberusExtraHeaders = a.TestAccess(request, wsvcCacheEntry)
 
 		extraHeaders = toExtraHeaders(cerberusExtraHeaders)
-		if reason == CerberusReasonOK && hasUpstreamAuth(wsvcCacheEntry) {
+		if reason == "" && hasUpstreamAuth(wsvcCacheEntry) {
 			request.Context[HasUpstreamAuth] = "true"
 			reason = a.checkServiceUpstreamAuth(wsvcCacheEntry, request, &extraHeaders, ctx)
 		}
@@ -336,10 +336,16 @@ func (a *Authenticator) checkServiceUpstreamAuth(service WebservicesCacheEntry,
 		attribute.String("upstream-http-request-start", reqStart.Format(tracing.TimeFormat)),
 		attribute.String("upstream-http-request-end", time.Now().Format(tracing.TimeFormat)),
 		attribute.Float64("upstream-http-request-rtt-seconds", time.Since(reqStart).Seconds()),
-		attribute.Int("upstream-auth-status-code", resp.StatusCode),
 	)
-	labels := AddWithDownstreamDeadlineLabel(AddStatusLabel(nil, resp.StatusCode), hasDownstreamDeadline)
-	upstreamAuthRequestDuration.With(labels).Observe(reqDuration.Seconds())
+
+	if resp != nil {
+		span.SetAttributes(attribute.Int("upstream-auth-status-code", resp.StatusCode))
+		labels := AddWithDownstreamDeadlineLabel(AddStatusLabel(nil, resp.StatusCode), hasDownstreamDeadline)
+		upstreamAuthRequestDuration.With(labels).Observe(reqDuration.Seconds())
+	} else {
+		labels := AddWithDownstreamDeadlineLabel(nil, hasDownstreamDeadline)
+		upstreamAuthFailedRequests.With(labels).Inc()
+	}
 
 	if reason := processResponseError(err); reason != "" {
 		span.RecordError(err)