config data desensitization

Signed-off-by: hongming <talonwan@yunify.com>
2020-12-01 12:37:55 +08:00
parent c5de21af4a
commit 13ede7dacc
4 changed files with 94 additions and 18 deletions
--- a/pkg/apiserver/authentication/oauth/oauth_options_test.go
+++ b/pkg/apiserver/authentication/oauth/oauth_options_test.go
@@ -17,7 +17,9 @@ limitations under the License.
 package oauth

 import (
+	"encoding/json"
 	"github.com/google/go-cmp/cmp"
+	"gopkg.in/yaml.v3"
 	"testing"
 	"time"
 )
@@ -101,3 +103,42 @@ func TestClientResolveRedirectURL(t *testing.T) {
 		}
 	}
 }
+
+func TestDynamicOptions_MarshalJSON(t *testing.T) {
+	config := `
+accessTokenMaxAge: 1h
+accessTokenInactivityTimeout: 30m
+identityProviders:
+  - name: ldap
+    type: LDAPIdentityProvider
+    mappingMethod: auto
+    provider:
+      host: xxxx.sn.mynetname.net:389
+      managerDN: uid=root,cn=users,dc=xxxx,dc=sn,dc=mynetname,dc=net
+      managerPassword: xxxx
+      userSearchBase: dc=xxxx,dc=sn,dc=mynetname,dc=net
+      loginAttribute: uid
+      mailAttribute: mail
+  - name: github
+    type: GitHubIdentityProvider
+    mappingMethod: mixed
+    provider:
+      clientID: 'xxxxxx'
+      clientSecret: 'xxxxxx'
+      endpoint:
+        authURL: 'https://github.com/login/oauth/authorize'
+        tokenURL: 'https://github.com/login/oauth/access_token'
+      redirectURL: 'https://ks-console/oauth/redirect'
+      scopes:
+      - user
+`
+	var options Options
+	if err := yaml.Unmarshal([]byte(config), &options); err != nil {
+		t.Error(err)
+	}
+	expected := `{"identityProviders":[{"name":"ldap","mappingMethod":"auto","type":"LDAPIdentityProvider","provider":{"host":"xxxx.sn.mynetname.net:389","loginAttribute":"uid","mailAttribute":"mail","managerDN":"uid=root,cn=users,dc=xxxx,dc=sn,dc=mynetname,dc=net","userSearchBase":"dc=xxxx,dc=sn,dc=mynetname,dc=net"}},{"name":"github","mappingMethod":"mixed","type":"GitHubIdentityProvider","provider":{"clientID":"xxxxxx","endpoint":{"authURL":"https://github.com/login/oauth/authorize","tokenURL":"https://github.com/login/oauth/access_token"},"redirectURL":"https://ks-console/oauth/redirect","scopes":["user"]}}],"accessTokenMaxAge":3600000000000,"accessTokenInactivityTimeout":1800000000000}`
+	output, _ := json.Marshal(options)
+	if expected != string(output) {
+		t.Errorf("expected: %s, but got: %s", expected, output)
+	}
+}