19907: Don't cache network/5xx errors when checking UserInfo.

[arvados.git] / sdk / go / arvadostest / oidc_provider.go

diff --git a/sdk/go/arvadostest/oidc_provider.go b/sdk/go/arvadostest/oidc_provider.go
index fa5e55c42e10af410d86d0e16fc23a637dbaeff2..529c1dca12b15a9550dbffcbb9c37e145fa39cb7 100644 (file)
--- a/sdk/go/arvadostest/oidc_provider.go
+++ b/sdk/go/arvadostest/oidc_provider.go
@@ -9,6 +9,7 @@ import (
        "crypto/rsa"
        "encoding/base64"
        "encoding/json"
+       "fmt"
        "net/http"
        "net/http/httptest"
        "net/url"
@@ -35,6 +36,13 @@ type OIDCProvider struct {
 
        PeopleAPIResponse map[string]interface{}
 
+       // send incoming /userinfo requests to HoldUserInfo (if not
+       // nil), then receive from ReleaseUserInfo (if not nil),
+       // before responding (these are used to set up races)
+       HoldUserInfo        chan *http.Request
+       ReleaseUserInfo     chan struct{}
+       UserInfoErrorStatus int // if non-zero, return this http status (probably 5xx)
+
        key       *rsa.PrivateKey
        Issuer    *httptest.Server
        PeopleAPI *httptest.Server
@@ -126,6 +134,17 @@ func (p *OIDCProvider) serveOIDC(w http.ResponseWriter, req *http.Request) {
        case "/auth":
                w.WriteHeader(http.StatusInternalServerError)
        case "/userinfo":
+               if p.HoldUserInfo != nil {
+                       p.HoldUserInfo <- req
+               }
+               if p.ReleaseUserInfo != nil {
+                       <-p.ReleaseUserInfo
+               }
+               if p.UserInfoErrorStatus > 0 {
+                       w.WriteHeader(p.UserInfoErrorStatus)
+                       fmt.Fprintf(w, "%T error body", p)
+                       return
+               }
                authhdr := req.Header.Get("Authorization")
                if _, err := jwt.ParseSigned(strings.TrimPrefix(authhdr, "Bearer ")); err != nil {
                        p.c.Logf("OIDCProvider: bad auth %q", authhdr)