fix(kiali): fix sessionTime configuration and tests (#1099)

* fix(kiali): fix sessionTime configuration and tests

* Remove config.d.ts fix issue #1100

* Be sure Url set ends in '/'

Author: aljesusg

plugins/kiali-backend/__fixtures__/ca_example.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix
+EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD
+VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y
+aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy
+MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU
+MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy
+aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg
+THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu
+vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM
+ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb
+8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl
+kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb
+rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P
+OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB
+tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG
+A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg
+THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX
+xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr
+XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g
+BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y
+It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/
+7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX
+-----END CERTIFICATE-----

plugins/kiali-backend/__fixtures__/data/config/authenticated.json

@@ -0,0 +1,4 @@
+{
+  "expiresOn": "2024-01-23T09:23:58.36945795Z",
+  "username": "istio-system:kiali-service-account"
+}

plugins/kiali-backend/__fixtures__/data/namespaces.json

@@ -0,0 +1,95 @@
+[
+  {
+    "name": "bookinfo",
+    "cluster": "Kubernetes",
+    "isAmbient": false,
+    "labels": {
+      "istio-injection": "enabled",
+      "kubernetes.io/metadata.name": "bookinfo",
+      "pod-security.kubernetes.io/audit": "privileged",
+      "pod-security.kubernetes.io/audit-version": "v1.24",
+      "pod-security.kubernetes.io/warn": "privileged",
+      "pod-security.kubernetes.io/warn-version": "v1.24"
+    },
+    "annotations": {
+      "openshift.io/description": "",
+      "openshift.io/display-name": "",
+      "openshift.io/requester": "kubeadmin",
+      "openshift.io/sa.scc.mcs": "s0:c26,c15",
+      "openshift.io/sa.scc.supplemental-groups": "1000680000/10000",
+      "openshift.io/sa.scc.uid-range": "1000680000/10000"
+    }
+  },
+  {
+    "name": "default",
+    "cluster": "Kubernetes",
+    "isAmbient": false,
+    "labels": {
+      "kubernetes.io/metadata.name": "default",
+      "pod-security.kubernetes.io/audit": "privileged",
+      "pod-security.kubernetes.io/enforce": "privileged",
+      "pod-security.kubernetes.io/warn": "privileged"
+    },
+    "annotations": {
+      "openshift.io/sa.scc.mcs": "s0:c1,c0",
+      "openshift.io/sa.scc.supplemental-groups": "1000000000/10000",
+      "openshift.io/sa.scc.uid-range": "1000000000/10000"
+    }
+  },
+  {
+    "name": "hostpath-provisioner",
+    "cluster": "Kubernetes",
+    "isAmbient": false,
+    "labels": {
+      "kubernetes.io/metadata.name": "hostpath-provisioner",
+      "pod-security.kubernetes.io/audit": "privileged",
+      "pod-security.kubernetes.io/audit-version": "v1.24",
+      "pod-security.kubernetes.io/warn": "privileged",
+      "pod-security.kubernetes.io/warn-version": "v1.24"
+    },
+    "annotations": {
+      "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"name\":\"hostpath-provisioner\"}}\n",
+      "openshift.io/sa.scc.mcs": "s0:c26,c0",
+      "openshift.io/sa.scc.supplemental-groups": "1000650000/10000",
+      "openshift.io/sa.scc.uid-range": "1000650000/10000"
+    }
+  },
+  {
+    "name": "istio-system",
+    "cluster": "Kubernetes",
+    "isAmbient": false,
+    "labels": {
+      "kubernetes.io/metadata.name": "istio-system",
+      "pod-security.kubernetes.io/audit": "privileged",
+      "pod-security.kubernetes.io/audit-version": "v1.24",
+      "pod-security.kubernetes.io/warn": "privileged",
+      "pod-security.kubernetes.io/warn-version": "v1.24",
+      "topology.istio.io/network": ""
+    },
+    "annotations": {
+      "openshift.io/description": "",
+      "openshift.io/display-name": "",
+      "openshift.io/requester": "kubeadmin",
+      "openshift.io/sa.scc.mcs": "s0:c26,c5",
+      "openshift.io/sa.scc.supplemental-groups": "1000660000/10000",
+      "openshift.io/sa.scc.uid-range": "1000660000/10000"
+    }
+  },
+  {
+    "name": "kiali",
+    "cluster": "Kubernetes",
+    "isAmbient": false,
+    "labels": {
+      "kubernetes.io/metadata.name": "kiali",
+      "pod-security.kubernetes.io/audit": "restricted",
+      "pod-security.kubernetes.io/audit-version": "v1.24",
+      "pod-security.kubernetes.io/warn": "restricted",
+      "pod-security.kubernetes.io/warn-version": "v1.24"
+    },
+    "annotations": {
+      "openshift.io/sa.scc.mcs": "s0:c26,c20",
+      "openshift.io/sa.scc.supplemental-groups": "1000690000/10000",
+      "openshift.io/sa.scc.uid-range": "1000690000/10000"
+    }
+  }
+]

plugins/kiali-backend/__fixtures__/handlers.ts

@@ -3,10 +3,28 @@ import { rest } from 'msw';
 const LOCAL_ADDR = 'https://localhost:4000';
 
 export const handlers = [
-  rest.post(`${LOCAL_ADDR}/api/auth/info`, (_, res, ctx) => {
+  rest.get(`${LOCAL_ADDR}/api/status`, (_, res, ctx) => {
+    return res(
+      ctx.status(200),
+      ctx.json(require(`${__dirname}/data/config/status.json`)),
+    );
+  }),
+  rest.get(`${LOCAL_ADDR}/api/auth/info`, (_, res, ctx) => {
     return res(
       ctx.status(200),
       ctx.json(require(`${__dirname}/data/config/auth_info.json`)),
     );
   }),
+  rest.post(`${LOCAL_ADDR}/api/authenticate`, (_, res, ctx) => {
+    return res(
+      ctx.status(200),
+      ctx.json(require(`${__dirname}/data/config/authenticated.json`)),
+    );
+  }),
+  rest.get(`${LOCAL_ADDR}/api/namespaces`, (_, res, ctx) => {
+    return res(
+      ctx.status(200),
+      ctx.json(require(`${__dirname}/data/namespaces.json`)),
+    );
+  }),
 ];

plugins/kiali-backend/src/clients/Auth.test.ts

@@ -0,0 +1,150 @@
+import { ConfigReader } from '@backstage/config';
+
+import { readKialiConfigs } from '../service/config';
+import {
+  AuthStrategy,
+  KialiAuthentication,
+  MILLISECONDS,
+  timeOutforWarningUser,
+} from './Auth';
+
+const sessionSeconds = 5000;
+const configuration = new ConfigReader({
+  catalog: {
+    providers: {
+      kiali: {
+        url: 'https://localhost:4000',
+        sessionTime: sessionSeconds,
+      },
+    },
+  },
+});
+const rawCookie =
+  'kiali-token-aes=/Wh8L+RdEocdRxrNH8TKOShJHD3daCA6KKVUk+jKvoinR28yXMI7/33DHMPqcoVL/bOYZ5ylmiyg95Cmmwr/LDuICgfUgnp763IHoOyMEmUI4yzvpKZfqDDtksjqWCRbkxoVT94JxBFsidtAg3pCgX8gDcXt22c65AX43hAa9auxpvF3tP22SP9aZjaJ4UOqvQ70TwhE2LT+/RLQszccnV7E9kUE7zTGaY1uAKz0bNWwXY7KQ6f/uOQob3kNZMqDtyURlEHPBNA1L/QbFIGqHcM8JbglQZWII+2iPmPMHAjNKcy2xrFNUOU5CjDex9i51KUuJ1GU6xnesChShpo+tuhchFFzklslr/2egXRaPFBBCg0F6f2E3wdIt7hdc3CfAfCQWVWka9Jp30FoOWlI+pNqa5vRFKqpuGQ+vDyzb/CdTVnotsoIraUmb3rYe7gOrHUh/DQQ+smVKYGtoq2FlJMx0k0Z29dZwyM7QKdIKoWtrgfa71y1ZpQ+9CXh/9Iu71cU+5cNq7CC+joGs2eWouBKHjgGNTeP3ZNOE63GOQ36uHcxbugbCzWheJLi5fvLfu2/VVf6a/KlV4NYRI6/uEERJwRwtwWlI4dFRQP+T9DNUuomS6uxLCm0w/5zSoNXwbyJ10iqDOQ3URDk8okgwHD/kG2c0RWvslmDztz9V6AqUWMUg95hz8BDagycir1w0th98irAFjwVd9q/jA3c6DzqB8fITqv2h0f51MMs4oe0H7b2yrpCGhHSVDC5OYEe1FgFPfRbxdG8Oa//IBlUdnoLJXh4Mz9q4gA/87kp/QukyepeV7JbaoNSvBtHplvjUl1Hs/2siKTvKySiSvW5fS0TF9PE3RNtInE/hwxkMBQj5rG8zlmR3AaMLSx5q5sjA1oBz4WLLaxprO1+J22G2+W7eiblqfb01yB3ItZfBBm78ZGFAkxZiPaLuZl0B0eEbLZS8xXKkQuIeR5gTnkqoB2haskIZsI4+rEpC6GYpYukfPBzeyR+NlJd8TFbPwjuu3yjS75rrbHL7WQtMm4C6vx7Qfj7LPWQXw60RdBV3Y0CuOOS1e2lLhNF+G2lh0jYOmUeZif8IeuvQyWtMkeTBZq2etiCoicupYrVf/urNEfGIqUld1GSgoRZonaFBhRj6//7KElU9dMVfPeKAcOZmBThnsVFkqDFF04sqPkMYkJA/o+ykxO0c4EDm/EBdmV+6LY/kdDsjEY/7XV+xx16eS5e635XWebRe2Qa0cukjY7vYZtJb7c0A0nKytzL+ptvq8ovEtrEMhNck1zOliba/epgLff4RPEqdHi+CVZvvtY01SVLVjycJVAaHLvZy7waRptRpcsAOWLu/RZ4LxBMrLW1lOk83tzFo+Sya2RGH2N6sKw0YbRQmB3qLEtRGWvIYGWMnImR+H9R7rgf/86pa6k4XvdSK0NpFOnsN5/m/jNYH8p6zQ0ZAr9eG8A3bJCEnRp+yyIzOa0L4rLEt6y74sFRK6ROHAZU8UeTz3DRC5tg+JBxlKY8MmF1jTMshcZMSYeFN5VrvJJe1VJdMuCIh68BwQsPrdaEDNTHgjQkNaKAahJrtGtY1koVZhgjsRMZjTpuDL8bBzS1APM3zsun/qvo5XrU2uQvZtFbHQBBIYNZn9h/Oyp6YPvaMRP/5xkEm8nuNGcAD5sFHzDbMVaJcdoqUuwAjvlt0BvGrzfoB+K7r1U+o6O/FS4HfcjuH1FEdPJGIXkIrc4vJ8vm18zlZWdoE/bvNhCGzBR2c9OB5FcXHXa/ie0vu4gCst1Ch+81q+2j/yy6+J7uTQbODP8kGsitGSlE8zmVahjpoUoSpI48A+8PsTFg/MkElM9wENRPHD/yPDnNMxpl7z0rAqKZpXJ8zB2ij+8SgawaydDHJCtOYaJASvM8ag==; Path=/; Expires=Tue, 23 Jan 2024 09:55:59 GMT; HttpOnly; Secure; SameSite=Strict';
+const verifyCookie =
+  'kiali-token-aes=/Wh8L+RdEocdRxrNH8TKOShJHD3daCA6KKVUk+jKvoinR28yXMI7/33DHMPqcoVL/bOYZ5ylmiyg95Cmmwr/LDuICgfUgnp763IHoOyMEmUI4yzvpKZfqDDtksjqWCRbkxoVT94JxBFsidtAg3pCgX8gDcXt22c65AX43hAa9auxpvF3tP22SP9aZjaJ4UOqvQ70TwhE2LT+/RLQszccnV7E9kUE7zTGaY1uAKz0bNWwXY7KQ6f/uOQob3kNZMqDtyURlEHPBNA1L/QbFIGqHcM8JbglQZWII+2iPmPMHAjNKcy2xrFNUOU5CjDex9i51KUuJ1GU6xnesChShpo+tuhchFFzklslr/2egXRaPFBBCg0F6f2E3wdIt7hdc3CfAfCQWVWka9Jp30FoOWlI+pNqa5vRFKqpuGQ+vDyzb/CdTVnotsoIraUmb3rYe7gOrHUh/DQQ+smVKYGtoq2FlJMx0k0Z29dZwyM7QKdIKoWtrgfa71y1ZpQ+9CXh/9Iu71cU+5cNq7CC+joGs2eWouBKHjgGNTeP3ZNOE63GOQ36uHcxbugbCzWheJLi5fvLfu2/VVf6a/KlV4NYRI6/uEERJwRwtwWlI4dFRQP+T9DNUuomS6uxLCm0w/5zSoNXwbyJ10iqDOQ3URDk8okgwHD/kG2c0RWvslmDztz9V6AqUWMUg95hz8BDagycir1w0th98irAFjwVd9q/jA3c6DzqB8fITqv2h0f51MMs4oe0H7b2yrpCGhHSVDC5OYEe1FgFPfRbxdG8Oa//IBlUdnoLJXh4Mz9q4gA/87kp/QukyepeV7JbaoNSvBtHplvjUl1Hs/2siKTvKySiSvW5fS0TF9PE3RNtInE/hwxkMBQj5rG8zlmR3AaMLSx5q5sjA1oBz4WLLaxprO1+J22G2+W7eiblqfb01yB3ItZfBBm78ZGFAkxZiPaLuZl0B0eEbLZS8xXKkQuIeR5gTnkqoB2haskIZsI4+rEpC6GYpYukfPBzeyR+NlJd8TFbPwjuu3yjS75rrbHL7WQtMm4C6vx7Qfj7LPWQXw60RdBV3Y0CuOOS1e2lLhNF+G2lh0jYOmUeZif8IeuvQyWtMkeTBZq2etiCoicupYrVf/urNEfGIqUld1GSgoRZonaFBhRj6//7KElU9dMVfPeKAcOZmBThnsVFkqDFF04sqPkMYkJA/o+ykxO0c4EDm/EBdmV+6LY/kdDsjEY/7XV+xx16eS5e635XWebRe2Qa0cukjY7vYZtJb7c0A0nKytzL+ptvq8ovEtrEMhNck1zOliba/epgLff4RPEqdHi+CVZvvtY01SVLVjycJVAaHLvZy7waRptRpcsAOWLu/RZ4LxBMrLW1lOk83tzFo+Sya2RGH2N6sKw0YbRQmB3qLEtRGWvIYGWMnImR+H9R7rgf/86pa6k4XvdSK0NpFOnsN5/m/jNYH8p6zQ0ZAr9eG8A3bJCEnRp+yyIzOa0L4rLEt6y74sFRK6ROHAZU8UeTz3DRC5tg+JBxlKY8MmF1jTMshcZMSYeFN5VrvJJe1VJdMuCIh68BwQsPrdaEDNTHgjQkNaKAahJrtGtY1koVZhgjsRMZjTpuDL8bBzS1APM3zsun/qvo5XrU2uQvZtFbHQBBIYNZn9h/Oyp6YPvaMRP/5xkEm8nuNGcAD5sFHzDbMVaJcdoqUuwAjvlt0BvGrzfoB+K7r1U+o6O/FS4HfcjuH1FEdPJGIXkIrc4vJ8vm18zlZWdoE/bvNhCGzBR2c9OB5FcXHXa/ie0vu4gCst1Ch+81q+2j/yy6+J7uTQbODP8kGsitGSlE8zmVahjpoUoSpI48A+8PsTFg/MkElM9wENRPHD/yPDnNMxpl7z0rAqKZpXJ8zB2ij+8SgawaydDHJCtOYaJASvM8ag==';
+const kialiDetails = readKialiConfigs(configuration);
+
+describe('Let create Auth', () => {
+  it('should return session anonymous by default, cookie empty and sessionSeconds to configuration after constructor', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    expect(AuthClient.getSession()).toStrictEqual({
+      sessionInfo: { expiresOn: '', username: 'anonymous' },
+    });
+    expect(AuthClient.getCookie()).toStrictEqual('');
+    expect(AuthClient.getSecondsSession()).toBe(sessionSeconds * MILLISECONDS);
+  });
+  it('should return default sessionSeconds if not sessionTime set', async () => {
+    const AuthClient = new KialiAuthentication(
+      readKialiConfigs(
+        new ConfigReader({
+          catalog: {
+            providers: {
+              kiali: {
+                url: 'https://localhost:4000',
+              },
+            },
+          },
+        }),
+      ),
+    );
+    expect(AuthClient.getSecondsSession()).toBe(timeOutforWarningUser);
+  });
+
+  it('Should set kialiCookie correctly', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    AuthClient.setKialiCookie(rawCookie);
+    expect(AuthClient.getCookie()).toBe(verifyCookie);
+    AuthClient.setKialiCookie('');
+    expect(AuthClient.getCookie()).toBe('');
+  });
+
+  it('Not should relogin when strateDate.now = jest.fn(() => new Date("2020-05-13T12:33:37.000Z"));gy is anonymous', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    AuthClient.setAuthInfo({
+      sessionInfo: { expiresOn: '', username: 'anonymous' },
+      strategy: AuthStrategy.anonymous,
+    });
+    expect(AuthClient.shouldRelogin()).toBeFalsy();
+  });
+
+  it('Should relogin if strategy is not anonymous and cookie is not set', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    AuthClient.setAuthInfo({
+      sessionInfo: { expiresOn: '', username: 'anonymous' },
+      strategy: AuthStrategy.token,
+    });
+    AuthClient.setKialiCookie('');
+    expect(AuthClient.shouldRelogin()).toBeTruthy();
+  });
+
+  it('Not should relogin if strategy is not anonymous and not expire', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    Date.now = jest.fn(() => new Date('2024-01-01T00:00:00.000Z').getTime());
+    AuthClient.setAuthInfo({
+      sessionInfo: {
+        expiresOn: '2024-02-01T00:00:00.000Z',
+        username: 'anonymous',
+      },
+      strategy: AuthStrategy.token,
+    });
+    AuthClient.setKialiCookie(rawCookie);
+    expect(AuthClient.shouldRelogin()).toBeFalsy();
+  });
+
+  it('Should relogin if strategy is not anonymous and cokkie was expire', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    Date.now = jest.fn(() => new Date('2024-03-01T00:00:00.000Z').getTime());
+    AuthClient.setAuthInfo({
+      sessionInfo: {
+        expiresOn: '2024-02-01T00:00:00.000Z',
+        username: 'anonymous',
+      },
+      strategy: AuthStrategy.token,
+    });
+    AuthClient.setKialiCookie(rawCookie);
+    expect(AuthClient.shouldRelogin()).toBeTruthy();
+  });
+
+  it('Should extend session if session expired', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    Date.now = jest.fn(() => new Date('2024-02-01T10:00:00.000Z').getTime());
+    AuthClient.setAuthInfo({
+      sessionInfo: {
+        expiresOn: '2024-02-01T08:00:00.000Z',
+        username: 'anonymous',
+      },
+      strategy: AuthStrategy.token,
+    });
+    AuthClient.setKialiCookie(rawCookie);
+    expect(AuthClient.shouldRelogin()).toBeTruthy();
+  });
+
+  it('Should extend session if timeLeft is lower than sessionSeconds', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    Date.now = jest.fn(() => new Date('2024-02-01T10:00:00.000Z').getTime());
+    AuthClient.setAuthInfo({
+      sessionInfo: {
+        expiresOn: '2024-02-01T11:00:00.000Z',
+        username: 'anonymous',
+      },
+      strategy: AuthStrategy.token,
+    });
+    AuthClient.setKialiCookie(rawCookie);
+    expect(AuthClient.shouldRelogin()).toBeTruthy();
+  });
+
+  it('Should not extend session if timeLeft is greater than sessionSeconds', async () => {
+    const AuthClient = new KialiAuthentication(kialiDetails);
+    Date.now = jest.fn(() => new Date('2024-02-01T10:00:00.000Z').getTime());
+    AuthClient.setAuthInfo({
+      sessionInfo: {
+        expiresOn: '2024-02-01T12:00:00.000Z',
+        username: 'anonymous',
+      },
+      strategy: AuthStrategy.token,
+    });
+    AuthClient.setKialiCookie(rawCookie);
+    expect(AuthClient.shouldRelogin()).toBeFalsy();
+  });
+});