sentryagent-idp/sdk-go/client_test.go

package agentidp

import (
	"context"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
)

// integrationServer returns a minimal mock server that handles the token endpoint
// plus a provided handler for all other routes.
func integrationServer(t *testing.T, handler http.HandlerFunc) *httptest.Server {
	t.Helper()
	mux := http.NewServeMux()
	mux.HandleFunc("/api/v1/token", func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Content-Type", "application/json")
		_ = json.NewEncoder(w).Encode(map[string]interface{}{
			"access_token": "integration-token",
			"token_type":   "Bearer",
			"expires_in":   3600,
			"scope":        "agents:read agents:write tokens:read audit:read",
		})
	})
	mux.HandleFunc("/", handler)
	return httptest.NewServer(mux)
}

func TestNewAgentIdPClient_GetAgent(t *testing.T) {
	srv := integrationServer(t, func(w http.ResponseWriter, r *http.Request) {
		if !strings.HasPrefix(r.URL.Path, "/api/v1/agents/") {
			t.Errorf("unexpected path: %s", r.URL.Path)
		}
		if r.Header.Get("Authorization") != "Bearer integration-token" {
			t.Errorf("unexpected Authorization: %q", r.Header.Get("Authorization"))
		}
		w.Header().Set("Content-Type", "application/json")
		_ = json.NewEncoder(w).Encode(mockAgent)
	})
	defer srv.Close()

	client := NewAgentIdPClient(AgentIdPClientConfig{
		BaseURL:      srv.URL,
		ClientID:     "cid",
		ClientSecret: "secret",
	})

	agent, err := client.Agents.GetAgent(context.Background(), "uuid-1")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if agent.AgentID != "uuid-1" {
		t.Errorf("expected uuid-1, got %q", agent.AgentID)
	}
}

func TestNewAgentIdPClient_ClearTokenCache(t *testing.T) {
	callCount := 0
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.URL.Path == "/api/v1/token" {
			callCount++
			w.Header().Set("Content-Type", "application/json")
			_ = json.NewEncoder(w).Encode(map[string]interface{}{
				"access_token": "tok",
				"token_type":   "Bearer",
				"expires_in":   3600,
				"scope":        "agents:read",
			})
			return
		}
		w.Header().Set("Content-Type", "application/json")
		_ = json.NewEncoder(w).Encode(mockAgent)
	}))
	defer srv.Close()

	client := NewAgentIdPClient(AgentIdPClientConfig{
		BaseURL:      srv.URL,
		ClientID:     "cid",
		ClientSecret: "secret",
	})

	_, _ = client.Agents.GetAgent(context.Background(), "uuid-1")
	client.ClearTokenCache()
	_, _ = client.Agents.GetAgent(context.Background(), "uuid-1")

	if callCount != 2 {
		t.Errorf("expected 2 token fetches after ClearTokenCache, got %d", callCount)
	}
}

func TestNewAgentIdPClient_DefaultScope(t *testing.T) {
	var capturedScope string
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.URL.Path == "/api/v1/token" {
			_ = r.ParseForm()
			capturedScope = r.FormValue("scope")
			w.Header().Set("Content-Type", "application/json")
			_ = json.NewEncoder(w).Encode(map[string]interface{}{
				"access_token": "tok",
				"token_type":   "Bearer",
				"expires_in":   3600,
				"scope":        capturedScope,
			})
			return
		}
		w.Header().Set("Content-Type", "application/json")
		_ = json.NewEncoder(w).Encode(mockAgent)
	}))
	defer srv.Close()

	client := NewAgentIdPClient(AgentIdPClientConfig{
		BaseURL:      srv.URL,
		ClientID:     "cid",
		ClientSecret: "secret",
		// Scope intentionally omitted → defaults applied
	})
	_, _ = client.Agents.GetAgent(context.Background(), "uuid-1")

	expected := "agents:read agents:write tokens:read audit:read"
	if capturedScope != expected {
		t.Errorf("expected scope %q, got %q", expected, capturedScope)
	}
}