From e1c070d84e21502d6eca502a87175e271ee990df Mon Sep 17 00:00:00 2001
From: Bobby Rullo <bobby.rullo@coreos.com>
Date: Tue, 26 Apr 2016 11:35:34 -0700
Subject: [PATCH] admin: add trustedPeers bootstrap api

---
 admin/api.go                  |  5 ++-
 integration/admin_api_test.go | 60 ++++++++++++++++++++++++++---------
 2 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/admin/api.go b/admin/api.go
index b7e2f39c..bb805803 100644
--- a/admin/api.go
+++ b/admin/api.go
@@ -141,7 +141,10 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem
 	}
 
 	// metadata is guaranteed to have at least one redirect_uri by earlier validation.
-	creds, err := a.clientManager.New(cli, nil)
+	creds, err := a.clientManager.New(cli, &clientmanager.ClientOptions{
+		TrustedPeers: req.Client.TrustedPeers,
+	})
+
 	if err != nil {
 		return adminschema.ClientCreateResponse{}, mapError(err)
 	}
diff --git a/integration/admin_api_test.go b/integration/admin_api_test.go
index ada83054..5b4b285c 100644
--- a/integration/admin_api_test.go
+++ b/integration/admin_api_test.go
@@ -86,7 +86,9 @@ func makeAdminAPITestFixtures() *adminAPITestFixtures {
 
 	var cliCount int
 	secGen := func() ([]byte, error) {
-		return []byte(fmt.Sprintf("client_%v", cliCount)), nil
+		id := []byte(fmt.Sprintf("client_%v", cliCount))
+		cliCount++
+		return id, nil
 	}
 	cr := db.NewClientRepo(dbMap)
 	clientIDGenerator := func(hostport string) (string, error) {
@@ -379,9 +381,11 @@ func TestCreateClient(t *testing.T) {
 		}
 		return u
 	}
-	addIDAndSecret := func(cli adminschema.Client) *adminschema.Client {
-		cli.Id = "client_auth.example.com"
-		cli.Secret = base64.URLEncoding.EncodeToString([]byte("client_0"))
+
+	addIDAndSecret := func(cliNum int, hostport string, cli adminschema.Client) *adminschema.Client {
+		cli.Id = fmt.Sprintf("client_%v.example.com", hostport)
+		cli.Secret = base64.URLEncoding.EncodeToString([]byte(
+			fmt.Sprintf("client_%d", cliNum)))
 		return &cli
 	}
 
@@ -404,16 +408,20 @@ func TestCreateClient(t *testing.T) {
 
 	adminMultiRedirect := adminClientGood
 	adminMultiRedirect.RedirectURIs = []string{"https://auth.example.com/", "https://auth2.example.com/"}
-	clientMultiRedirect := clientGoodAdmin
+	clientMultiRedirect := clientGood
 	clientMultiRedirect.Metadata.RedirectURIs = append(
 		clientMultiRedirect.Metadata.RedirectURIs,
 		*mustParseURL("https://auth2.example.com/"))
 
+	adminClientWithPeers := adminClientGood
+	adminClientWithPeers.TrustedPeers = []string{"test_client_0"}
+
 	tests := []struct {
-		req        adminschema.ClientCreateRequest
-		want       adminschema.ClientCreateResponse
-		wantClient client.Client
-		wantError  int
+		req              adminschema.ClientCreateRequest
+		want             adminschema.ClientCreateResponse
+		wantClient       client.Client
+		wantError        int
+		wantTrustedPeers []string
 	}{
 		{
 			req:       adminschema.ClientCreateRequest{},
@@ -440,7 +448,7 @@ func TestCreateClient(t *testing.T) {
 				Client: &adminClientGood,
 			},
 			want: adminschema.ClientCreateResponse{
-				Client: addIDAndSecret(adminClientGood),
+				Client: addIDAndSecret(2, "auth", adminClientGood),
 			},
 			wantClient: clientGood,
 		},
@@ -449,7 +457,7 @@ func TestCreateClient(t *testing.T) {
 				Client: &adminAdminClient,
 			},
 			want: adminschema.ClientCreateResponse{
-				Client: addIDAndSecret(adminAdminClient),
+				Client: addIDAndSecret(2, "auth", adminAdminClient),
 			},
 			wantClient: clientGoodAdmin,
 		},
@@ -458,17 +466,39 @@ func TestCreateClient(t *testing.T) {
 				Client: &adminMultiRedirect,
 			},
 			want: adminschema.ClientCreateResponse{
-				Client: addIDAndSecret(adminMultiRedirect),
+				Client: addIDAndSecret(2, "auth", adminMultiRedirect),
 			},
 			wantClient: clientMultiRedirect,
 		},
+		{
+			req: adminschema.ClientCreateRequest{
+				Client: &adminClientWithPeers,
+			},
+			want: adminschema.ClientCreateResponse{
+				Client: addIDAndSecret(2, "auth", adminClientWithPeers),
+			},
+			wantClient:       clientGood,
+			wantTrustedPeers: []string{"test_client_0"},
+		},
 	}
 
 	for i, tt := range tests {
-		if i != 3 {
-			continue
-		}
 		f := makeAdminAPITestFixtures()
+		for j, r := range []string{"https://client0.example.com",
+			"https://client1.example.com"} {
+			_, err := f.cr.New(nil, client.Client{
+				Credentials: oidc.ClientCredentials{
+					ID: fmt.Sprintf("test_client_%d", j),
+				},
+				Metadata: oidc.ClientMetadata{
+					RedirectURIs: []url.URL{*mustParseURL(r)},
+				},
+			})
+			if err != nil {
+				t.Errorf("case %d, client %d: unexpected error creating client: %v", i, j, err)
+				continue
+			}
+		}
 
 		resp, err := f.adClient.Client.Create(&tt.req).Do()
 		if tt.wantError != 0 {