Add DEX IdP Support (#4949)

2026-04-05 00:53:58 -04:00 · 2025-12-30 07:42:34 -05:00
parent a8604ef51c
commit 9ed1437442
6 changed files with 1182 additions and 41 deletions
--- a/management/server/idp/dex_test.go
+++ b/management/server/idp/dex_test.go
@@ -0,0 +1,137 @@
+package idp
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/netbirdio/netbird/management/server/telemetry"
+)
+
+func TestNewDexManager(t *testing.T) {
+	type test struct {
+		name                 string
+		inputConfig          DexClientConfig
+		assertErrFunc        require.ErrorAssertionFunc
+		assertErrFuncMessage string
+	}
+
+	defaultTestConfig := DexClientConfig{
+		GRPCAddr: "localhost:5557",
+		Issuer:   "https://dex.example.com/dex",
+	}
+
+	testCase1 := test{
+		name:                 "Good Configuration",
+		inputConfig:          defaultTestConfig,
+		assertErrFunc:        require.NoError,
+		assertErrFuncMessage: "shouldn't return error",
+	}
+
+	testCase2Config := defaultTestConfig
+	testCase2Config.GRPCAddr = ""
+
+	testCase2 := test{
+		name:                 "Missing GRPCAddr Configuration",
+		inputConfig:          testCase2Config,
+		assertErrFunc:        require.Error,
+		assertErrFuncMessage: "should return error when GRPCAddr is empty",
+	}
+
+	// Test with empty issuer - should still work since issuer is optional for the manager
+	testCase3Config := defaultTestConfig
+	testCase3Config.Issuer = ""
+
+	testCase3 := test{
+		name:                 "Missing Issuer Configuration - OK",
+		inputConfig:          testCase3Config,
+		assertErrFunc:        require.NoError,
+		assertErrFuncMessage: "shouldn't return error when issuer is empty",
+	}
+
+	for _, testCase := range []test{testCase1, testCase2, testCase3} {
+		t.Run(testCase.name, func(t *testing.T) {
+			manager, err := NewDexManager(testCase.inputConfig, &telemetry.MockAppMetrics{})
+			testCase.assertErrFunc(t, err, testCase.assertErrFuncMessage)
+
+			if err == nil {
+				require.NotNil(t, manager, "manager should not be nil")
+				require.Equal(t, testCase.inputConfig.GRPCAddr, manager.grpcAddr, "grpcAddr should match")
+			}
+		})
+	}
+}
+
+func TestDexManagerUpdateUserAppMetadata(t *testing.T) {
+	config := DexClientConfig{
+		GRPCAddr: "localhost:5557",
+		Issuer:   "https://dex.example.com/dex",
+	}
+
+	manager, err := NewDexManager(config, &telemetry.MockAppMetrics{})
+	require.NoError(t, err, "should create manager without error")
+
+	// UpdateUserAppMetadata should be a no-op for Dex
+	err = manager.UpdateUserAppMetadata(context.Background(), "test-user-id", AppMetadata{
+		WTAccountID: "test-account",
+	})
+	require.NoError(t, err, "UpdateUserAppMetadata should not return error")
+}
+
+func TestDexManagerInviteUserByID(t *testing.T) {
+	config := DexClientConfig{
+		GRPCAddr: "localhost:5557",
+		Issuer:   "https://dex.example.com/dex",
+	}
+
+	manager, err := NewDexManager(config, &telemetry.MockAppMetrics{})
+	require.NoError(t, err, "should create manager without error")
+
+	// InviteUserByID should return an error for Dex
+	err = manager.InviteUserByID(context.Background(), "test-user-id")
+	require.Error(t, err, "InviteUserByID should return error")
+	require.Contains(t, err.Error(), "not implemented", "error should mention not implemented")
+}
+
+func TestParseDexUserID(t *testing.T) {
+	tests := []struct {
+		name        string
+		compositeID string
+		expectedID  string
+	}{
+		{
+			name: "Parse base64-encoded protobuf composite ID",
+			// This is a real Dex composite ID: contains user ID "cf5db180-d360-484d-9b78-c5db92146420" and connector "local"
+			compositeID: "CiRjZjVkYjE4MC1kMzYwLTQ4NGQtOWI3OC1jNWRiOTIxNDY0MjASBWxvY2Fs",
+			expectedID:  "cf5db180-d360-484d-9b78-c5db92146420",
+		},
+		{
+			name:        "Return plain ID unchanged",
+			compositeID: "simple-user-id",
+			expectedID:  "simple-user-id",
+		},
+		{
+			name:        "Return UUID unchanged",
+			compositeID: "cf5db180-d360-484d-9b78-c5db92146420",
+			expectedID:  "cf5db180-d360-484d-9b78-c5db92146420",
+		},
+		{
+			name:        "Handle empty string",
+			compositeID: "",
+			expectedID:  "",
+		},
+		{
+			name:        "Handle invalid base64",
+			compositeID: "not-valid-base64!!!",
+			expectedID:  "not-valid-base64!!!",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := parseDexUserID(tt.compositeID)
+			require.Equal(t, tt.expectedID, result, "parsed user ID should match expected")
+		})
+	}
+}