fix: adjust tests to match variable usage in plugin

nb-99 · chrisingenhaag · commit 6920523e896f · 2025-10-22T17:12:23.000+02:00
diff --git a/spec/01-unit/gateway/securitylog_spec.lua b/spec/01-unit/gateway/securitylog_spec.lua
@@ -5,113 +5,75 @@
 local helpers = require "spec.helpers"
 
 describe("Plugin: jwt-keycloak (security logging)", function()
-  
   before_each(function()
     helpers.setup_kong_mock()
     helpers.setup_socket_mocks()
   end)
-  
+
   after_each(function()
     helpers.teardown_kong_mock()
     helpers.teardown_socket_mocks()
   end)
 
   describe("security_event", function()
-    it("should log security events and set ngx vars", function()
-      local securitylog = require("kong.plugins.jwt-keycloak.gateway.securitylog")
-      
-      -- Mock ngx.var to capture the set values
-      local captured_vars = {}
-      ngx.var = setmetatable({}, {
-        __newindex = function(t, k, v)
-          captured_vars[k] = v
-        end
-      })
-      
+    it("should log security events and set kong.ctx.shared vars", function()
+      local securitylog = require("gateway.securitylog")
+
       -- Test security_event function
       securitylog.security_event('ua200', 'test event details')
-      
-      -- Verify that the ngx vars were set correctly
-      assert.equals('ua200', captured_vars.sec_event_code)
-      assert.equals('test event details', captured_vars.sec_event_details)
+
+      -- Verify that the ctx.shared vars were set correctly
+      assert.equals('ua200', kong.ctx.shared.sec_event_code)
+      assert.equals('test event details', kong.ctx.shared.sec_event_details)
     end)
   end)
 
   describe("collect_gateway_data", function()
     it("should set gateway_consumer to anonymous when jwt is nil", function()
-      local securitylog = require("kong.plugins.jwt-keycloak.gateway.securitylog")
-      
-      -- Mock ngx.var to capture the set values
-      local captured_vars = {}
-      ngx.var = setmetatable({}, {
-        __newindex = function(t, k, v)
-          captured_vars[k] = v
-        end
-      })
-      
+      local securitylog = require("gateway.securitylog")
+
       -- Test with nil jwt
       securitylog.collect_gateway_data(nil)
-      
-      assert.equals("anonymous", captured_vars.gateway_consumer)
+
+      assert.equals("anonymous", kong.ctx.shared.gateway_consumer)
     end)
 
     it("should set gateway_consumer to anonymous when jwt.claims is nil", function()
-      local securitylog = require("kong.plugins.jwt-keycloak.gateway.securitylog")
-      
-      local captured_vars = {}
-      ngx.var = setmetatable({}, {
-        __newindex = function(t, k, v)
-          captured_vars[k] = v
-        end
-      })
-      
+      local securitylog = require("gateway.securitylog")
+
       -- Test with jwt but no claims
       local jwt = {}
       securitylog.collect_gateway_data(jwt)
-      
-      assert.equals("anonymous", captured_vars.gateway_consumer)
+
+      assert.equals("anonymous", kong.ctx.shared.gateway_consumer)
     end)
 
     it("should set gateway_consumer to clientId when available", function()
-      local securitylog = require("kong.plugins.jwt-keycloak.gateway.securitylog")
-      
-      local captured_vars = {}
-      ngx.var = setmetatable({}, {
-        __newindex = function(t, k, v)
-          captured_vars[k] = v
-        end
-      })
-      
+      local securitylog = require("gateway.securitylog")
+
       -- Test with jwt containing clientId
       local jwt = {
         claims = {
           clientId = "test-client-123"
         }
       }
       securitylog.collect_gateway_data(jwt)
-      
-      assert.equals("test-client-123", captured_vars.gateway_consumer)
+
+      assert.equals("test-client-123", kong.ctx.shared.gateway_consumer)
     end)
 
     it("should set gateway_consumer to anonymous when clientId is not a string", function()
-      local securitylog = require("kong.plugins.jwt-keycloak.gateway.securitylog")
-      
-      local captured_vars = {}
-      ngx.var = setmetatable({}, {
-        __newindex = function(t, k, v)
-          captured_vars[k] = v
-        end
-      })
-      
+      local securitylog = require("gateway.securitylog")
+
       -- Test with jwt containing non-string clientId
       local jwt = {
         claims = {
-          clientId = 123  -- number instead of string
+          clientId = 123 -- number instead of string
         }
       }
       securitylog.collect_gateway_data(jwt)
-      
-      assert.equals("anonymous", captured_vars.gateway_consumer)
+
+      assert.equals("anonymous", kong.ctx.shared.gateway_consumer)
     end)
   end)
-end)
+end)
diff --git a/spec/helpers.lua b/spec/helpers.lua
@@ -13,6 +13,10 @@ local mock_kong = {
     err = function(...) end,
     info = function(...) end,
     warn = function(...) end
+  },
+  -- ctx.shared is used by gateway/securitylog.lua
+  ctx = {
+    shared = {}
   }
 }
 
@@ -22,51 +26,53 @@ local mock_ngx = {
     -- Simple base64 encoding for tests (this is a minimal implementation)
     local chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
     local result = ''
-    local bytes = {s:byte(1, -1)}
-    
+    local bytes = { s:byte(1, -1) }
+
     for i = 1, #bytes, 3 do
-      local b1, b2, b3 = bytes[i], bytes[i+1], bytes[i+2]
+      local b1, b2, b3 = bytes[i], bytes[i + 1], bytes[i + 2]
       local n = (b1 or 0) * 65536 + (b2 or 0) * 256 + (b3 or 0)
       result = result .. chars:sub(math.floor(n / 262144) + 1, math.floor(n / 262144) + 1)
       result = result .. chars:sub((math.floor(n / 4096) % 64) + 1, (math.floor(n / 4096) % 64) + 1)
       result = result .. (b2 and chars:sub((math.floor(n / 64) % 64) + 1, (math.floor(n / 64) % 64) + 1) or '=')
       result = result .. (b3 and chars:sub((n % 64) + 1, (n % 64) + 1) or '=')
     end
-    
+
     return result
   end,
-  
+
   decode_base64 = function(s)
     -- Simple base64 decoding for tests
     local chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
     local lookup = {}
     for i = 1, #chars do
       lookup[chars:byte(i)] = i - 1
     end
-    
+
     s = s:gsub('=+$', '')
     local result = ''
-    
+
     for i = 1, #s, 4 do
-      local a, b, c, d = s:byte(i, i+3)
+      local a, b, c, d = s:byte(i, i + 3)
       local n = (lookup[a] or 0) * 262144 + (lookup[b] or 0) * 4096 + (lookup[c] or 0) * 64 + (lookup[d] or 0)
       result = result .. string.char(math.floor(n / 65536) % 256)
       if c then result = result .. string.char(math.floor(n / 256) % 256) end
       if d then result = result .. string.char(n % 256) end
     end
-    
+
     return result
   end,
-  
+
   -- Mock ngx.var for security logging
   var = {},
-  
+
   -- Mock ngx.DEBUG constant
   DEBUG = 7
 }
 
 -- Mock functions for testing
 function helpers.setup_kong_mock()
+  -- reset ctx.shared for each test to ensure isolation
+  mock_kong.ctx = { shared = {} }
   _G.kong = mock_kong
   _G.ngx = mock_ngx
 end
@@ -81,7 +87,7 @@ local mock_cjson_safe = {
   decode = function(data)
     -- Simple JSON decoder for tests
     if data == '{"test": "data"}' then
-      return {test = "data"}
+      return { test = "data" }
     end
     return nil, "parse error"
   end
@@ -148,4 +154,4 @@ function helpers.teardown_socket_mocks()
   package.loaded["ngx.errlog"] = nil
 end
 
-return helpers
+return helpers
