@confluentinc/schemaregistry/dist/test/oauth-client-azure-imds.spec.js

Node.js client for Confluent Schema Registry

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
})();
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const oauth_client_azure_imds_1 = require("../oauth/oauth-client-azure-imds");
const globals_1 = require("@jest/globals");
const wreck_1 = __importDefault(require("@hapi/wreck"));
const retryHelper = __importStar(require("@confluentinc/schemaregistry/retry-helper"));
const test_constants_1 = require("./test-constants");
const boom_1 = require("@hapi/boom");
const mockError = (0, boom_1.boomify)(new Error('Error Message'), { statusCode: 429 });
const mockErrorNonRetry = (0, boom_1.boomify)(new Error('Error Message'), { statusCode: 401 });
(0, globals_1.describe)('AzureIMDSOAuthClient', () => {
    const tokenEndpoint = 'https://example.com/token';
    const tokenEndpointQuery = 'resource=&api-version=&client_id=';
    let oauthClient;
    const res = {};
    const WreckGetSpy = globals_1.jest.spyOn(wreck_1.default, 'get');
    const mockToken = {
        access_token: 'mockAccessToken',
        expires_in: '3600',
        expires_on: (Math.floor(Date.now() / 1000) + 3600).toString(), // 1 hour from now
    };
    const mockTokenExpired = {
        access_token: 'mockAccessToken',
        expires_in: '3600',
        expires_on: (Math.floor(Date.now() / 1000) - 7200).toString(), // 2 hours ago
    };
    const basicConfig = {
        credentialsSource: 'OAUTHBEARER_AZURE_IMDS',
        logicalCluster: 'clusterId',
        identityPoolId: 'identityPoolId',
    };
    (0, globals_1.beforeEach)(() => {
        const bearerAuthCredentials = {
            ...basicConfig,
            issuerEndpointQuery: tokenEndpointQuery
        };
        oauthClient = new oauth_client_azure_imds_1._AzureIMDSOAuthClientBuilder(bearerAuthCredentials).build(test_constants_1.maxRetries, test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs);
        globals_1.jest.spyOn(retryHelper, 'isRetriable');
        globals_1.jest.spyOn(retryHelper, 'fullJitter');
        globals_1.jest.spyOn(retryHelper, 'sleep');
        globals_1.jest.spyOn(oauthClient, 'generateAccessToken');
    });
    (0, globals_1.afterEach)(() => {
        globals_1.jest.clearAllMocks();
    });
    (0, globals_1.it)('should fail when no endpoint or query parameters are provided', async () => {
        const bearerAuthCredentialsException = {
            ...basicConfig
        };
        (0, globals_1.expect)(() => new oauth_client_azure_imds_1._AzureIMDSOAuthClientBuilder(bearerAuthCredentialsException).build(test_constants_1.maxRetries, test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs)).toThrow(new Error('Missing required configuration property: issuerEndpointQuery'));
    });
    (0, globals_1.it)('should retrieve an access token successfully', async () => {
        WreckGetSpy.mockResolvedValueOnce({ payload: mockToken, res });
        const token = await oauthClient.getAccessToken();
        (0, globals_1.expect)(token).toBe('mockAccessToken');
        (0, globals_1.expect)(WreckGetSpy).toHaveBeenCalledWith(globals_1.expect.stringContaining(`http://169.254.169.254/metadata/identity/oauth2/token?${tokenEndpointQuery}`), globals_1.expect.any(Object));
    });
    (0, globals_1.it)('should succeed when an endpoint is provided', async () => {
        WreckGetSpy.mockResolvedValueOnce({ payload: mockToken, res });
        const bearerAuthCredentialsEndpoint = {
            ...basicConfig,
            issuerEndpointUrl: tokenEndpoint
        };
        await (0, globals_1.expect)(async () => {
            const oauthClientEndpoint = new oauth_client_azure_imds_1._AzureIMDSOAuthClientBuilder(bearerAuthCredentialsEndpoint).build(test_constants_1.maxRetries, test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs);
            const token = await oauthClientEndpoint.getAccessToken();
            (0, globals_1.expect)(token).toBe('mockAccessToken');
            (0, globals_1.expect)(WreckGetSpy).toHaveBeenCalledWith(globals_1.expect.stringContaining(`${tokenEndpoint}`), globals_1.expect.any(Object));
        }).not.toThrow();
    });
    (0, globals_1.it)('should succeed when both an endpoint and a query are provided', async () => {
        WreckGetSpy.mockResolvedValueOnce({ payload: mockToken, res });
        const bearerAuthCredentialsEndpointQuery = {
            ...basicConfig,
            issuerEndpointUrl: tokenEndpoint,
            issuerEndpointQuery: tokenEndpointQuery,
        };
        await (0, globals_1.expect)(async () => {
            const oauthClientEndpoint = new oauth_client_azure_imds_1._AzureIMDSOAuthClientBuilder(bearerAuthCredentialsEndpointQuery).build(test_constants_1.maxRetries, test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs);
            const token = await oauthClientEndpoint.getAccessToken();
            (0, globals_1.expect)(token).toBe('mockAccessToken');
            (0, globals_1.expect)(WreckGetSpy).toHaveBeenCalledWith(globals_1.expect.stringContaining(`${tokenEndpoint}?${tokenEndpointQuery}`), globals_1.expect.any(Object));
        }).not.toThrow();
    });
    (0, globals_1.it)('should retry on retriable errors and succeed', async () => {
        // Fail twice with retriable errors, then succeed
        WreckGetSpy
            .mockRejectedValueOnce(mockError)
            .mockRejectedValueOnce(mockError)
            .mockResolvedValue({ payload: mockToken, res });
        const token = await oauthClient.getAccessToken();
        (0, globals_1.expect)(token).toBe('mockAccessToken');
        (0, globals_1.expect)(retryHelper.fullJitter).toHaveBeenCalledTimes(test_constants_1.maxRetries);
        (0, globals_1.expect)(retryHelper.fullJitter).toHaveBeenCalledWith(test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs, 0);
        (0, globals_1.expect)(retryHelper.fullJitter).toHaveBeenCalledWith(test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs, 1);
        (0, globals_1.expect)(retryHelper.isRetriable).toHaveBeenCalledTimes(test_constants_1.maxRetries);
        (0, globals_1.expect)(retryHelper.sleep).toHaveBeenCalledTimes(test_constants_1.maxRetries);
    });
    (0, globals_1.it)('should fail immediately on non-retriable errors', async () => {
        WreckGetSpy.mockRejectedValueOnce(mockErrorNonRetry);
        await (0, globals_1.expect)(oauthClient.getAccessToken()).rejects.toThrowError();
        (0, globals_1.expect)(retryHelper.isRetriable).toHaveBeenCalledTimes(1);
        (0, globals_1.expect)(retryHelper.fullJitter).not.toHaveBeenCalled();
        (0, globals_1.expect)(retryHelper.sleep).not.toHaveBeenCalled();
    });
    (0, globals_1.it)('should fail after exhausting all retries', async () => {
        WreckGetSpy.mockRejectedValue(mockError);
        await (0, globals_1.expect)(oauthClient.getAccessToken()).rejects.toThrowError();
        (0, globals_1.expect)(retryHelper.isRetriable).toHaveBeenCalledTimes(test_constants_1.maxRetries);
        (0, globals_1.expect)(retryHelper.fullJitter).toHaveBeenCalledTimes(test_constants_1.maxRetries);
        (0, globals_1.expect)(retryHelper.fullJitter).toHaveBeenCalledWith(test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs, 0);
        (0, globals_1.expect)(retryHelper.fullJitter).toHaveBeenCalledWith(test_constants_1.retriesWaitMs, test_constants_1.retriesMaxWaitMs, 1);
        (0, globals_1.expect)(retryHelper.sleep).toHaveBeenCalledTimes(test_constants_1.maxRetries);
    });
    (0, globals_1.it)('should not refresh token when not expired', async () => {
        WreckGetSpy.mockResolvedValueOnce({ payload: mockToken, res });
        await oauthClient.getAccessToken();
        await oauthClient.getAccessToken();
        (0, globals_1.expect)(oauthClient.generateAccessToken).toHaveBeenCalledTimes(1);
    });
    (0, globals_1.it)('should refresh token when expired', async () => {
        WreckGetSpy.mockResolvedValueOnce({ payload: mockTokenExpired, res });
        WreckGetSpy.mockResolvedValueOnce({ payload: mockToken, res });
        await oauthClient.getAccessToken();
        await oauthClient.getAccessToken();
        (0, globals_1.expect)(oauthClient.generateAccessToken).toHaveBeenCalledTimes(2);
    });
});