Moritz
8edbbac95f
- Add oidc_* attributes to Setting, migration and Config helpers - Secrets and OidcRoleSyncConfig read from Config (ENV overrides DB) - GlobalSettingsLive: OIDC section with disabled fields when ENV set - OIDC role sync tests use DataCase for DB access
59 lines
1.6 KiB
Elixir
59 lines
1.6 KiB
Elixir
defmodule Mv.OidcRoleSyncConfigTest do
|
|
@moduledoc """
|
|
Tests for OIDC role sync configuration (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM).
|
|
Reads via Mv.Config (ENV first, then Settings).
|
|
"""
|
|
use Mv.DataCase, async: false
|
|
|
|
alias Mv.OidcRoleSyncConfig
|
|
|
|
describe "oidc_admin_group_name/0" do
|
|
test "returns nil when OIDC_ADMIN_GROUP_NAME is not configured" do
|
|
restore = clear_env("OIDC_ADMIN_GROUP_NAME")
|
|
on_exit(restore)
|
|
|
|
assert OidcRoleSyncConfig.oidc_admin_group_name() == nil
|
|
end
|
|
|
|
test "returns configured admin group name when set via ENV" do
|
|
restore = set_env("OIDC_ADMIN_GROUP_NAME", "mila-admin")
|
|
on_exit(restore)
|
|
|
|
assert OidcRoleSyncConfig.oidc_admin_group_name() == "mila-admin"
|
|
end
|
|
end
|
|
|
|
describe "oidc_groups_claim/0" do
|
|
test "returns default \"groups\" when OIDC_GROUPS_CLAIM is not configured" do
|
|
restore = clear_env("OIDC_GROUPS_CLAIM")
|
|
on_exit(restore)
|
|
|
|
assert OidcRoleSyncConfig.oidc_groups_claim() == "groups"
|
|
end
|
|
|
|
test "returns configured claim name when OIDC_GROUPS_CLAIM is set via ENV" do
|
|
restore = set_env("OIDC_GROUPS_CLAIM", "ak_groups")
|
|
on_exit(restore)
|
|
|
|
assert OidcRoleSyncConfig.oidc_groups_claim() == "ak_groups"
|
|
end
|
|
end
|
|
|
|
defp set_env(key, value) do
|
|
previous = System.get_env(key)
|
|
System.put_env(key, value)
|
|
|
|
fn ->
|
|
if previous, do: System.put_env(key, previous), else: System.delete_env(key)
|
|
end
|
|
end
|
|
|
|
defp clear_env(key) do
|
|
previous = System.get_env(key)
|
|
System.delete_env(key)
|
|
|
|
fn ->
|
|
if previous, do: System.put_env(key, previous)
|
|
end
|
|
end
|
|
end
|