actions/runner
1
0
Fork 0
mirror of https://github.com/actions/runner.git synced 2025-12-20 06:29:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add option in OAuthCred to load authUrlV2. (#3777)

Browse Source
This commit is contained in:
Tingluo Huang
2025-03-31 17:05:41 -04:00
committed by GitHub
parent cdeec012aa
commit d47013928b
12 changed files with 187 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Test/L0/Listener/BrokerMessageListenerL0.cs
View File

@@ -50,7 +50,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));

91
src/Test/L0/Listener/Configuration/RunnerCredentialL0.cs
View File

@@ -1,14 +1,18 @@
using GitHub.Runner.Listener;
using System.Collections.Generic;
using System.Security.Cryptography;
using GitHub.Runner.Listener;
using GitHub.Runner.Listener.Configuration;
using GitHub.Services.Common;
using GitHub.Services.OAuth;
using Moq;
using Xunit;
namespace GitHub.Runner.Common.Tests.Listener.Configuration
{
public class TestRunnerCredential : CredentialProvider
{
public TestRunnerCredential() : base("TEST") { }
public override VssCredentials GetVssCredentials(IHostContext context)
public override VssCredentials GetVssCredentials(IHostContext context, bool allowAuthUrlV2)
{
Tracing trace = context.GetTrace("OuthAccessToken");
trace.Info("GetVssCredentials()");
@@ -23,4 +27,85 @@ namespace GitHub.Runner.Common.Tests.Listener.Configuration
{
}
}
}
public class OAuthCredentialTestsL0
{
private Mock<IRSAKeyManager> _rsaKeyManager = new Mock<IRSAKeyManager>();
[Fact]
[Trait("Level", "L0")]
[Trait("Category", "OAuthCredential")]
public void NotUseAuthV2Url()
{
using (TestHostContext hc = new(this))
{
// Arrange.
var oauth = new OAuthCredential();
oauth.CredentialData = new CredentialData()
{
Scheme = Constants.Configuration.OAuth
};
oauth.CredentialData.Data.Add("clientId", "someClientId");
oauth.CredentialData.Data.Add("authorizationUrl", "http://myserver/");
oauth.CredentialData.Data.Add("authorizationUrlV2", "http://myserverv2/");
_rsaKeyManager.Setup(x => x.GetKey()).Returns(RSA.Create(2048));
hc.SetSingleton<IRSAKeyManager>(_rsaKeyManager.Object);
// Act.
var cred = oauth.GetVssCredentials(hc, false); // not allow auth v2
var cred2 = oauth.GetVssCredentials(hc, true); // use auth v2 but hostcontext doesn't
hc.EnableAuthMigration("L0Test");
var cred3 = oauth.GetVssCredentials(hc, false); // not use auth v2 but hostcontext does
oauth.CredentialData.Data.Remove("authorizationUrlV2");
var cred4 = oauth.GetVssCredentials(hc, true); // v2 url is not there
// Assert.
Assert.Equal("http://myserver/", (cred.Federated as VssOAuthCredential).AuthorizationUrl.AbsoluteUri);
Assert.Equal("someClientId", (cred.Federated as VssOAuthCredential).ClientCredential.ClientId);
Assert.Equal("http://myserver/", (cred2.Federated as VssOAuthCredential).AuthorizationUrl.AbsoluteUri);
Assert.Equal("someClientId", (cred2.Federated as VssOAuthCredential).ClientCredential.ClientId);
Assert.Equal("http://myserver/", (cred3.Federated as VssOAuthCredential).AuthorizationUrl.AbsoluteUri);
Assert.Equal("someClientId", (cred3.Federated as VssOAuthCredential).ClientCredential.ClientId);
Assert.Equal("http://myserver/", (cred4.Federated as VssOAuthCredential).AuthorizationUrl.AbsoluteUri);
Assert.Equal("someClientId", (cred4.Federated as VssOAuthCredential).ClientCredential.ClientId);
}
}
[Fact]
[Trait("Level", "L0")]
[Trait("Category", "OAuthCredential")]
public void UseAuthV2Url()
{
using (TestHostContext hc = new(this))
{
// Arrange.
var oauth = new OAuthCredential();
oauth.CredentialData = new CredentialData()
{
Scheme = Constants.Configuration.OAuth
};
oauth.CredentialData.Data.Add("clientId", "someClientId");
oauth.CredentialData.Data.Add("authorizationUrl", "http://myserver/");
oauth.CredentialData.Data.Add("authorizationUrlV2", "http://myserverv2/");
_rsaKeyManager.Setup(x => x.GetKey()).Returns(RSA.Create(2048));
hc.SetSingleton<IRSAKeyManager>(_rsaKeyManager.Object);
// Act.
hc.EnableAuthMigration("L0Test");
var cred = oauth.GetVssCredentials(hc, true);
// Assert.
Assert.Equal("http://myserverv2/", (cred.Federated as VssOAuthCredential).AuthorizationUrl.AbsoluteUri);
Assert.Equal("someClientId", (cred.Federated as VssOAuthCredential).ClientCredential.ClientId);
}
}
}
}

16
src/Test/L0/Listener/MessageListenerL0.cs
View File

@@ -67,7 +67,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));
@@ -127,7 +127,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedBrokerSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));
@@ -177,7 +177,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));
@@ -237,7 +237,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedBrokerSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));
@@ -301,7 +301,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));
@@ -382,7 +382,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));
@@ -484,7 +484,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
var originalCred = new CredentialData() { Scheme = Constants.Configuration.OAuth };
originalCred.Data["authorizationUrl"] = "https://s.server";
@@ -533,7 +533,7 @@ namespace GitHub.Runner.Common.Tests.Listener
tokenSource.Token))
.Returns(Task.FromResult(expectedSession));
_credMgr.Setup(x => x.LoadCredentials()).Returns(new VssCredentials());
_credMgr.Setup(x => x.LoadCredentials(It.IsAny<bool>())).Returns(new VssCredentials());
_store.Setup(x => x.GetCredentials()).Returns(new CredentialData() { Scheme = Constants.Configuration.OAuthAccessToken });
_store.Setup(x => x.GetMigratedCredentials()).Returns(default(CredentialData));

58
src/Test/L0/Listener/RunnerConfigUpdaterTests.cs
View File

@@ -1,13 +1,13 @@
using System;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using GitHub.Runner.Listener;
using GitHub.Runner.Common;
using GitHub.Runner.Common.Tests;
using GitHub.Runner.Listener;
using GitHub.Runner.Sdk;
using Moq;
using Xunit;
using System.Threading;
using GitHub.Runner.Common.Tests;
using System.Text;
namespace GitHub.Runner.Tests.Listener
{
@@ -510,6 +510,56 @@ namespace GitHub.Runner.Tests.Listener
}
}
[Fact]
[Trait("Level", "L0")]
[Trait("Category", "Runner")]
public async Task UpdateRunnerConfigAsync_RefreshOAuthCredentialsWithDifferentAuthUrl_ShouldReportTelemetry()
{
using (var hc = new TestHostContext(this))
{
hc.SetSingleton<IConfigurationStore>(_configurationStore.Object);
hc.SetSingleton<IRunnerServer>(_runnerServer.Object);
// Arrange
var setting = new RunnerSettings { AgentId = 1, AgentName = "agent1" };
_configurationStore.Setup(x => x.GetSettings()).Returns(setting);
var credData = new CredentialData
{
Scheme = "OAuth"
};
credData.Data.Add("clientId", "12345");
credData.Data.Add("authorizationUrl", "http://example.com/");
_configurationStore.Setup(x => x.GetCredentials()).Returns(credData);
IOUtil.SaveObject(setting, hc.GetConfigFile(WellKnownConfigFile.Runner));
IOUtil.SaveObject(credData, hc.GetConfigFile(WellKnownConfigFile.Credentials));
var differentCredData = new CredentialData
{
Scheme = "OAuth"
};
differentCredData.Data.Add("clientId", "12345");
differentCredData.Data.Add("authorizationUrl", "http://example2.com/");
var encodedConfig = Convert.ToBase64String(Encoding.UTF8.GetBytes(StringUtil.ConvertToJson(differentCredData)));
_runnerServer.Setup(x => x.RefreshRunnerConfigAsync(It.IsAny<int>(), It.Is<string>(s => s == "credentials"), It.IsAny<string>(), It.IsAny<CancellationToken>())).ReturnsAsync(encodedConfig);
var _runnerConfigUpdater = new RunnerConfigUpdater();
_runnerConfigUpdater.Initialize(hc);
var validRunnerQualifiedId = "valid/runner/qualifiedid/1";
var configType = "credentials";
var serviceType = "pipelines";
var configRefreshUrl = "http://example.com";
// Act
await _runnerConfigUpdater.UpdateRunnerConfigAsync(validRunnerQualifiedId, configType, serviceType, configRefreshUrl);
// Assert
_runnerServer.Verify(x => x.UpdateAgentUpdateStateAsync(It.IsAny<int>(), It.IsAny<ulong>(), It.IsAny<string>(), It.Is<string>(s => s.Contains("Credential authorizationUrl in refreshed config")), It.IsAny<CancellationToken>()), Times.Once);
_configurationStore.Verify(x => x.SaveMigratedCredential(It.IsAny<CredentialData>()), Times.Never);
}
}
[Fact]
[Trait("Level", "L0")]
[Trait("Category", "Runner")]