91c759f455
Single-package agentidp SDK in sdk-go/: - AgentIdPClient composing AgentRegistryClient, CredentialClient, TokenServiceClient, AuditClient — all 14 endpoints covered - Goroutine-safe TokenManager (sync.Mutex) with 60s refresh buffer - AgentIdPError implementing error interface with Code/HTTPStatus/Details - Context-aware: all service methods take context.Context as first arg - doRequest shared helper; token endpoints use form-encoded POST directly - go vet: 0 warnings | staticcheck: 0 warnings - go test ./...: 37/37 passed | coverage: 81.0% (>80% gate) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
170 lines
4.5 KiB
Go
170 lines
4.5 KiB
Go
package agentidp
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"sync"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func newTokenServer(t *testing.T, statusCode int, body interface{}) *httptest.Server {
|
|
t.Helper()
|
|
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost || r.URL.Path != "/api/v1/token" {
|
|
t.Errorf("unexpected request: %s %s", r.Method, r.URL.Path)
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(statusCode)
|
|
_ = json.NewEncoder(w).Encode(body)
|
|
}))
|
|
}
|
|
|
|
var tokenResp = map[string]interface{}{
|
|
"access_token": "eyJ.abc.def",
|
|
"token_type": "Bearer",
|
|
"expires_in": 3600,
|
|
"scope": "agents:read",
|
|
}
|
|
|
|
func TestTokenManager_GetToken_Issues(t *testing.T) {
|
|
srv := newTokenServer(t, 200, tokenResp)
|
|
defer srv.Close()
|
|
|
|
tm := NewTokenManager(srv.URL, "client-id", "secret", "agents:read")
|
|
tok, err := tm.GetToken(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if tok != "eyJ.abc.def" {
|
|
t.Errorf("expected token eyJ.abc.def, got %q", tok)
|
|
}
|
|
}
|
|
|
|
func TestTokenManager_GetToken_Caches(t *testing.T) {
|
|
callCount := 0
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
callCount++
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_ = json.NewEncoder(w).Encode(tokenResp)
|
|
}))
|
|
defer srv.Close()
|
|
|
|
tm := NewTokenManager(srv.URL, "client-id", "secret", "agents:read")
|
|
_, _ = tm.GetToken(context.Background())
|
|
_, _ = tm.GetToken(context.Background())
|
|
|
|
if callCount != 1 {
|
|
t.Errorf("expected 1 HTTP call (cached), got %d", callCount)
|
|
}
|
|
}
|
|
|
|
func TestTokenManager_GetToken_RefreshesNearExpiry(t *testing.T) {
|
|
callCount := 0
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
callCount++
|
|
resp := map[string]interface{}{
|
|
"access_token": "eyJ.abc.def",
|
|
"token_type": "Bearer",
|
|
"expires_in": 3600,
|
|
"scope": "agents:read",
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_ = json.NewEncoder(w).Encode(resp)
|
|
}))
|
|
defer srv.Close()
|
|
|
|
tm := NewTokenManager(srv.URL, "client-id", "secret", "agents:read")
|
|
_, _ = tm.GetToken(context.Background())
|
|
|
|
// Force the cached token to appear nearly expired
|
|
tm.mu.Lock()
|
|
tm.cached = &cachedToken{
|
|
accessToken: "old-token",
|
|
expiresAt: time.Now().Add(30 * time.Second), // < refreshBufferSeconds
|
|
}
|
|
tm.mu.Unlock()
|
|
|
|
tok, err := tm.GetToken(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if tok != "eyJ.abc.def" {
|
|
t.Errorf("expected refreshed token, got %q", tok)
|
|
}
|
|
if callCount != 2 {
|
|
t.Errorf("expected 2 HTTP calls (initial + refresh), got %d", callCount)
|
|
}
|
|
}
|
|
|
|
func TestTokenManager_GetToken_AuthFailure(t *testing.T) {
|
|
srv := newTokenServer(t, 401, map[string]interface{}{
|
|
"error": "invalid_client",
|
|
"error_description": "Bad credentials.",
|
|
})
|
|
defer srv.Close()
|
|
|
|
tm := NewTokenManager(srv.URL, "client-id", "bad-secret", "agents:read")
|
|
_, err := tm.GetToken(context.Background())
|
|
if err == nil {
|
|
t.Fatal("expected error, got nil")
|
|
}
|
|
apiErr, ok := err.(*AgentIdPError)
|
|
if !ok {
|
|
t.Fatalf("expected *AgentIdPError, got %T", err)
|
|
}
|
|
if apiErr.Code != "invalid_client" {
|
|
t.Errorf("expected code invalid_client, got %q", apiErr.Code)
|
|
}
|
|
if apiErr.HTTPStatus != 401 {
|
|
t.Errorf("expected HTTPStatus 401, got %d", apiErr.HTTPStatus)
|
|
}
|
|
}
|
|
|
|
func TestTokenManager_ClearCache(t *testing.T) {
|
|
callCount := 0
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
callCount++
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_ = json.NewEncoder(w).Encode(tokenResp)
|
|
}))
|
|
defer srv.Close()
|
|
|
|
tm := NewTokenManager(srv.URL, "client-id", "secret", "agents:read")
|
|
_, _ = tm.GetToken(context.Background())
|
|
tm.ClearCache()
|
|
_, _ = tm.GetToken(context.Background())
|
|
|
|
if callCount != 2 {
|
|
t.Errorf("expected 2 HTTP calls (cache cleared), got %d", callCount)
|
|
}
|
|
}
|
|
|
|
func TestTokenManager_GoroutineSafe(t *testing.T) {
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_ = json.NewEncoder(w).Encode(tokenResp)
|
|
}))
|
|
defer srv.Close()
|
|
|
|
tm := NewTokenManager(srv.URL, "client-id", "secret", "agents:read")
|
|
|
|
var wg sync.WaitGroup
|
|
for i := 0; i < 20; i++ {
|
|
wg.Add(1)
|
|
go func() {
|
|
defer wg.Done()
|
|
tok, err := tm.GetToken(context.Background())
|
|
if err != nil {
|
|
t.Errorf("goroutine error: %v", err)
|
|
}
|
|
if tok != "eyJ.abc.def" {
|
|
t.Errorf("unexpected token: %q", tok)
|
|
}
|
|
}()
|
|
}
|
|
wg.Wait()
|
|
}
|