Refactor OIDC provider tests to share base mock server helper (#3138)

* Initial plan

* refactor: share OIDC mock server helper across provider tests

* test: tidy shared OIDC mock helper naming and comments

* test: align shared OIDC mock helper callback naming

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

Author: Copilot

containers/api-proxy/aws-oidc-token-provider.test.js

@@ -2,58 +2,38 @@
 
 const http = require('http');
 const { AwsOidcTokenProvider } = require('./aws-oidc-token-provider');
+const { createBaseMockServer } = require('./test-helpers/mock-oidc-server');
 
 function createMockServer(handlers = {}) {
-  const server = http.createServer((req, res) => {
-    let body = '';
-    req.on('data', chunk => { body += chunk; });
-    req.on('end', () => {
-      const url = new URL(req.url, `http://localhost`);
-
-      // GitHub OIDC token endpoint
-      if (url.pathname === '/token' && req.method === 'GET') {
-        const handler = handlers.oidcToken || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({ value: 'mock-github-oidc-jwt', count: 1 }),
-        }));
-        const result = handler(url, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      // AWS STS AssumeRoleWithWebIdentity
-      if (url.pathname === '/' && url.searchParams.get('Action') === 'AssumeRoleWithWebIdentity') {
-        const handler = handlers.stsAssume || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({
-            AssumeRoleWithWebIdentityResponse: {
-              AssumeRoleWithWebIdentityResult: {
-                Credentials: {
-                  AccessKeyId: 'AKIAIOSFODNN7EXAMPLE',
-                  SecretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
-                  SessionToken: 'FwoGZXIvYXdzEBYaDN...',
-                  Expiration: new Date(Date.now() + 3600000).toISOString(),
-                },
-                AssumedRoleUser: {
-                  AssumedRoleId: 'AROA3XFRBF23:awf-oidc-session',
-                  Arn: 'arn:aws:sts::123456789012:assumed-role/role/awf-oidc-session',
-                },
+  return createBaseMockServer((url, req, res, routeHandlers) => {
+    if (url.pathname === '/' && url.searchParams.get('Action') === 'AssumeRoleWithWebIdentity') {
+      const handler = routeHandlers.stsAssume || (() => ({
+        statusCode: 200,
+        body: JSON.stringify({
+          AssumeRoleWithWebIdentityResponse: {
+            AssumeRoleWithWebIdentityResult: {
+              Credentials: {
+                AccessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+                SecretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+                SessionToken: 'FwoGZXIvYXdzEBYaDN...',
+                Expiration: new Date(Date.now() + 3600000).toISOString(),
+              },
+              AssumedRoleUser: {
+                AssumedRoleId: 'AROA3XFRBF23:awf-oidc-session',
+                Arn: 'arn:aws:sts::123456789012:assumed-role/role/awf-oidc-session',
               },
             },
-          }),
-        }));
-        const result = handler(url, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      res.writeHead(404);
-      res.end('Not found');
-    });
-  });
-  return server;
+          },
+        }),
+      }));
+      const result = handler(url, req);
+      res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
+      res.end(result.body);
+      return true;
+    }
+
+    return false;
+  }, handlers);
 }
 
 describe('AwsOidcTokenProvider', () => {

containers/api-proxy/gcp-oidc-token-provider.test.js

@@ -2,62 +2,41 @@
 
 const http = require('http');
 const { GcpOidcTokenProvider } = require('./gcp-oidc-token-provider');
+const { createBaseMockServer } = require('./test-helpers/mock-oidc-server');
 
 function createMockServer(handlers = {}) {
-  const server = http.createServer((req, res) => {
-    let body = '';
-    req.on('data', chunk => { body += chunk; });
-    req.on('end', () => {
-      const url = new URL(req.url, `http://localhost`);
-
-      // GitHub OIDC token endpoint
-      if (url.pathname === '/token' && req.method === 'GET') {
-        const handler = handlers.oidcToken || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({ value: 'mock-github-oidc-jwt', count: 1 }),
-        }));
-        const result = handler(url, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      // GCP STS token exchange
-      if (url.pathname === '/v1/token' && req.method === 'POST') {
-        const handler = handlers.stsToken || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({
-            access_token: 'mock-federated-token',
-            expires_in: 3600,
-            token_type: 'Bearer',
-          }),
-        }));
-        const result = handler(body, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      // GCP service account impersonation
-      if (url.pathname.includes(':generateAccessToken') && req.method === 'POST') {
-        const handler = handlers.impersonate || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({
-            accessToken: 'mock-sa-token',
-            expireTime: new Date(Date.now() + 3600000).toISOString(),
-          }),
-        }));
-        const result = handler(body, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      res.writeHead(404);
-      res.end('Not found');
-    });
-  });
-  return server;
+  return createBaseMockServer((url, req, res, routeHandlers, body) => {
+    if (url.pathname === '/v1/token' && req.method === 'POST') {
+      const handler = routeHandlers.stsToken || (() => ({
+        statusCode: 200,
+        body: JSON.stringify({
+          access_token: 'mock-federated-token',
+          expires_in: 3600,
+          token_type: 'Bearer',
+        }),
+      }));
+      const result = handler(body, req);
+      res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
+      res.end(result.body);
+      return true;
+    }
+
+    if (url.pathname.includes(':generateAccessToken') && req.method === 'POST') {
+      const handler = routeHandlers.impersonate || (() => ({
+        statusCode: 200,
+        body: JSON.stringify({
+          accessToken: 'mock-sa-token',
+          expireTime: new Date(Date.now() + 3600000).toISOString(),
+        }),
+      }));
+      const result = handler(body, req);
+      res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
+      res.end(result.body);
+      return true;
+    }
+
+    return false;
+  }, handlers);
 }
 
 describe('GcpOidcTokenProvider', () => {

containers/api-proxy/oidc-token-provider.test.js

@@ -3,44 +3,24 @@
 const http = require('http');
 const { httpPost } = require('./github-oidc');
 const { OidcTokenProvider } = require('./oidc-token-provider');
+const { createBaseMockServer } = require('./test-helpers/mock-oidc-server');
 
-// Helper to create a mock HTTP server that responds to token requests
+// Helper to create a mock OIDC server with Azure token exchange support
 function createMockOidcServer(handlers = {}) {
-  const server = http.createServer((req, res) => {
-    let body = '';
-    req.on('data', chunk => { body += chunk; });
-    req.on('end', () => {
-      const url = new URL(req.url, `http://localhost`);
-
-      // GitHub OIDC token endpoint
-      if (url.pathname === '/token' && req.method === 'GET') {
-        const handler = handlers.oidcToken || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({ value: 'mock-github-oidc-jwt', count: 1 }),
-        }));
-        const result = handler(url, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      // Azure token exchange endpoint
-      if (url.pathname.includes('/oauth2/v2.0/token') && req.method === 'POST') {
-        const handler = handlers.azureToken || (() => ({
-          statusCode: 200,
-          body: JSON.stringify({ access_token: 'mock-azure-ad-token', expires_in: 3600 }),
-        }));
-        const result = handler(body, req);
-        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
-        res.end(result.body);
-        return;
-      }
-
-      res.writeHead(404);
-      res.end('Not found');
-    });
-  });
-  return server;
+  return createBaseMockServer((url, req, res, routeHandlers, body) => {
+    if (url.pathname.includes('/oauth2/v2.0/token') && req.method === 'POST') {
+      const handler = routeHandlers.azureToken || (() => ({
+        statusCode: 200,
+        body: JSON.stringify({ access_token: 'mock-azure-ad-token', expires_in: 3600 }),
+      }));
+      const result = handler(body, req);
+      res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
+      res.end(result.body);
+      return true;
+    }
+
+    return false;
+  }, handlers);
 }
 
 describe('OidcTokenProvider', () => {

containers/api-proxy/test-helpers/mock-oidc-server.js

@@ -0,0 +1,36 @@
+'use strict';
+
+const http = require('http');
+
+function createBaseMockServer(handleProviderRoute, handlers = {}) {
+  const routeHandler = handleProviderRoute || (() => false);
+
+  return http.createServer((req, res) => {
+    let body = '';
+    req.on('data', chunk => { body += chunk; });
+    req.on('end', () => {
+      const url = new URL(req.url, 'http://localhost');
+
+      if (url.pathname === '/token' && req.method === 'GET') {
+        const handler = handlers.oidcToken || (() => ({
+          statusCode: 200,
+          body: JSON.stringify({ value: 'mock-github-oidc-jwt', count: 1 }),
+        }));
+        const result = handler(url, req);
+        res.writeHead(result.statusCode, { 'Content-Type': 'application/json' });
+        res.end(result.body);
+        return;
+      }
+
+      const handled = routeHandler(url, req, res, handlers, body);
+      if (handled) {
+        return;
+      }
+
+      res.writeHead(404);
+      res.end('Not found');
+    });
+  });
+}
+
+module.exports = { createBaseMockServer };