move directory providers (#3633)

* remove directory providers and support for groups * idp: remove directory providers * better error messages * fix errors * restore postgres * fix test
2025-06-27 23:18:13 +02:00 · 2022-11-03 11:33:56 -06:00 · 2022-11-03 11:33:56 -06:00 · c178819875
commit c178819875
parent bb5c80bae9
78 changed files with 723 additions and 8703 deletions
--- a/internal/identity/manager/manager_test.go
+++ b/internal/identity/manager/manager_test.go
@ -3,7 +3,6 @@ package manager
 import (
 	"context"
 	"errors"
-	"fmt"
 	"testing"
 	"time"

@ -13,7 +12,6 @@ import (
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	"github.com/pomerium/pomerium/internal/directory"
 	"github.com/pomerium/pomerium/internal/events"
 	"github.com/pomerium/pomerium/internal/identity/identity"
 	"github.com/pomerium/pomerium/pkg/grpc/databroker"
@ -24,19 +22,6 @@ import (
 	"github.com/pomerium/pomerium/pkg/protoutil"
 )

-type mockProvider struct {
-	user       func(ctx context.Context, userID, accessToken string) (*directory.User, error)
-	userGroups func(ctx context.Context) ([]*directory.Group, []*directory.User, error)
-}
-
-func (mock mockProvider) User(ctx context.Context, userID, accessToken string) (*directory.User, error) {
-	return mock.user(ctx, userID, accessToken)
-}
-
-func (mock mockProvider) UserGroups(ctx context.Context) ([]*directory.Group, []*directory.User, error) {
-	return mock.userGroups(ctx)
-}
-
 type mockAuthenticator struct{}

 func (mock mockAuthenticator) Refresh(_ context.Context, _ *oauth2.Token, _ identity.State) (*oauth2.Token, error) {
@ -61,72 +46,25 @@ func TestManager_onUpdateRecords(t *testing.T) {

 	mgr := New(
 		WithDataBrokerClient(mock_databroker.NewMockDataBrokerServiceClient(ctrl)),
-		WithDirectoryProvider(mockProvider{}),
-		WithGroupRefreshInterval(time.Hour),
 		WithNow(func() time.Time {
 			return now
 		}),
 	)
-	mgr.directoryBackoff.RandomizationFactor = 0 // disable randomization for deterministic testing

 	mgr.onUpdateRecords(ctx, updateRecordsMessage{
 		records: []*databroker.Record{
-			mkRecord(&directory.Group{Id: "group1", Name: "group 1", Email: "group1@example.com"}),
-			mkRecord(&directory.User{Id: "user1", DisplayName: "user 1", Email: "user1@example.com", GroupIds: []string{"group1s"}}),
 			mkRecord(&session.Session{Id: "session1", UserId: "user1"}),
 			mkRecord(&user.User{Id: "user1", Name: "user 1", Email: "user1@example.com"}),
 		},
 	})

-	assert.NotNil(t, mgr.directoryGroups["group1"])
-	assert.NotNil(t, mgr.directoryUsers["user1"])
 	if _, ok := mgr.sessions.Get("user1", "session1"); assert.True(t, ok) {
-
 	}
 	if _, ok := mgr.users.Get("user1"); assert.True(t, ok) {
 		tm, id := mgr.userScheduler.Next()
-		assert.Equal(t, now.Add(time.Hour), tm)
+		assert.Equal(t, now.Add(userRefreshInterval), tm)
 		assert.Equal(t, "user1", id)
 	}
-
-}
-
-func TestManager_refreshDirectoryUserGroups(t *testing.T) {
-	ctrl := gomock.NewController(t)
-
-	ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10)
-	defer clearTimeout()
-
-	t.Run("backoff", func(t *testing.T) {
-		cnt := 0
-		client := mock_databroker.NewMockDataBrokerServiceClient(ctrl)
-		client.EXPECT().Put(gomock.Any(), gomock.Any()).AnyTimes()
-		mgr := New(
-			WithDataBrokerClient(client),
-			WithDirectoryProvider(mockProvider{
-				userGroups: func(ctx context.Context) ([]*directory.Group, []*directory.User, error) {
-					cnt++
-					switch cnt {
-					case 1:
-						return nil, nil, fmt.Errorf("error 1")
-					case 2:
-						return nil, nil, fmt.Errorf("error 2")
-					}
-					return nil, nil, nil
-				},
-			}),
-			WithGroupRefreshInterval(time.Hour),
-		)
-		mgr.directoryBackoff.RandomizationFactor = 0 // disable randomization for deterministic testing
-
-		dur1 := mgr.refreshDirectoryUserGroups(ctx)
-		dur2 := mgr.refreshDirectoryUserGroups(ctx)
-		dur3 := mgr.refreshDirectoryUserGroups(ctx)
-
-		assert.Greater(t, dur2, dur1)
-		assert.Greater(t, dur3, dur2)
-		assert.Equal(t, time.Hour, dur3)
-	})
 }

 func TestManager_reportErrors(t *testing.T) {
@ -161,22 +99,10 @@ func TestManager_reportErrors(t *testing.T) {
 		WithEventManager(evtMgr),
 		WithDataBrokerClient(client),
 		WithAuthenticator(mockAuthenticator{}),
-		WithDirectoryProvider(mockProvider{
-			user: func(ctx context.Context, userID, accessToken string) (*directory.User, error) {
-				return nil, fmt.Errorf("user")
-			},
-			userGroups: func(ctx context.Context) ([]*directory.Group, []*directory.User, error) {
-				return nil, nil, fmt.Errorf("user groups")
-			},
-		}),
-		WithGroupRefreshInterval(time.Second),
 	)
-	mgr.directoryBackoff.RandomizationFactor = 0 // disable randomization for deterministic testing

 	mgr.onUpdateRecords(ctx, updateRecordsMessage{
 		records: []*databroker.Record{
-			mkRecord(&directory.Group{Id: "group1", Name: "group 1", Email: "group1@example.com"}),
-			mkRecord(&directory.User{Id: "user1", DisplayName: "user 1", Email: "user1@example.com", GroupIds: []string{"group1s"}}),
 			mkRecord(&session.Session{Id: "session1", UserId: "user1", OauthToken: &session.OAuthToken{
 				ExpiresAt: timestamppb.New(time.Now().Add(time.Hour)),
 			}, ExpiresAt: timestamppb.New(time.Now().Add(time.Hour))}),
@ -184,9 +110,6 @@ func TestManager_reportErrors(t *testing.T) {
 		},
 	})

-	_ = mgr.refreshDirectoryUserGroups(ctx)
-	expectMsg(metrics_ids.IdentityManagerLastUserGroupRefreshError, "user groups")
-
 	mgr.refreshUser(ctx, "user1")
 	expectMsg(metrics_ids.IdentityManagerLastUserRefreshError, "update user info")