feat(admin): add support for IssuerURL in OAuth2 flow #377
Conversation
|
@freeznet:Thanks for your contribution. For this PR, do we need to update docs? |
github-actions
bot
added
the
doc-info-missing
There was a problem hiding this comment.
Pull request overview
This PR adds support for the IssuerURL field in the OAuth2 ClientCredentialsFlow configuration for Pulsar Admin clients. The change ensures that the issuer endpoint is properly passed to both the Issuer struct and the ClientCredentialsFlowOptions struct when creating OAuth2 authentication providers.
Changes:
- Added
IssuerURLfield toClientCredentialsFlowOptionsinitialization, setting it to the same value asIssuerEndpoint - Introduced a package-level variable
newAuthenticationOAuth2WithFlowfor better testability - Added comprehensive unit tests to verify the OAuth2 configuration is correctly passed through
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pkg/admin/interface.go | Added package variable for testability and set IssuerURL field in OAuth2 flow options |
| pkg/admin/interface_test.go | Added new test file with unit tests verifying OAuth2 IssuerURL configuration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, oauth2.ClientCredentialsFlowOptions{ | ||
| IssuerURL: conf.IssuerEndpoint, | ||
| KeyFile: keyFilePath, | ||
| AdditionalScopes: strings.Split(conf.Scope, " "), |
There was a problem hiding this comment.
When conf.Scope is an empty string, strings.Split will return a slice containing one empty string instead of an empty slice. This may not be the intended behavior. Consider handling the empty scope case explicitly, for example by checking if conf.Scope is empty and passing nil or an empty slice instead.
| func TestNewPulsarAdminOAuth2IssuerURL(t *testing.T) { | ||
| original := newAuthenticationOAuth2WithFlow | ||
| t.Cleanup(func() { | ||
| newAuthenticationOAuth2WithFlow = original | ||
| }) | ||
|
|
||
| var gotIssuer oauth2.Issuer | ||
| var gotFlow oauth2.ClientCredentialsFlowOptions | ||
| called := false | ||
|
|
||
| newAuthenticationOAuth2WithFlow = func(issuer oauth2.Issuer, flowOptions oauth2.ClientCredentialsFlowOptions) (auth.Provider, error) { | ||
| called = true | ||
| gotIssuer = issuer | ||
| gotFlow = flowOptions | ||
| return &fakeAuthProvider{}, nil | ||
| } | ||
|
|
||
| conf := PulsarAdminConfig{ | ||
| IssuerEndpoint: "https://issuer.example.com", | ||
| ClientID: "client-id", | ||
| Audience: "audience", | ||
| Scope: "scope-a scope-b", | ||
| KeyFilePath: "test-key-file.json", | ||
| } | ||
|
|
||
| _, err := NewPulsarAdmin(conf) | ||
| if err != nil { | ||
| t.Fatalf("NewPulsarAdmin() error = %v", err) | ||
| } | ||
|
|
||
| if !called { | ||
| t.Fatalf("expected NewAuthenticationOAuth2WithFlow to be called") | ||
| } | ||
|
|
||
| if gotIssuer.IssuerEndpoint != conf.IssuerEndpoint { | ||
| t.Fatalf("issuer endpoint = %q, want %q", gotIssuer.IssuerEndpoint, conf.IssuerEndpoint) | ||
| } | ||
|
|
||
| if gotFlow.IssuerURL != conf.IssuerEndpoint { | ||
| t.Fatalf("flow issuer url = %q, want %q", gotFlow.IssuerURL, conf.IssuerEndpoint) | ||
| } | ||
|
|
||
| if gotFlow.KeyFile == "" { | ||
| t.Fatalf("expected flow key file to be set") | ||
| } | ||
|
|
||
| expectedScopes := []string{"scope-a", "scope-b"} | ||
| if !reflect.DeepEqual(gotFlow.AdditionalScopes, expectedScopes) { | ||
| t.Fatalf("additional scopes = %v, want %v", gotFlow.AdditionalScopes, expectedScopes) | ||
| } | ||
| } |
There was a problem hiding this comment.
The test only covers the happy path with a non-empty scope. Consider adding test cases for edge cases such as: empty scope string, scope with multiple spaces, and scope with leading/trailing spaces. These edge cases could expose issues with the strings.Split implementation in the production code.
(If this PR fixes a github issue, please add
Fixes #<xyz>.)Fixes #
(or if this PR is one task of a github issue, please add
Master Issue: #<xyz>to link to the master issue.)Master Issue: #
Motivation
Explain here the context, and why you're making that change. What is the problem you're trying to solve.
Modifications
Describe the modifications you've done.
Verifying this change
(Please pick either of the following options)
This change is a trivial rework / code cleanup without any test coverage.
(or)
This change is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(example:)
Documentation
Check the box below.
Need to update docs?
doc-required(If you need help on updating docs, create a doc issue)
no-need-doc(Please explain why)
doc(If this PR contains doc changes)