From 97f9021c881fd90ffd282c2b35eb292c3bd6de7b Mon Sep 17 00:00:00 2001
From: Heikki Linnakangas <heikki.linnakangas@iki.fi>
Date: Thu, 12 Aug 2021 20:46:14 +0300
Subject: [PATCH] Fix JWT token encoding issue in test.

On my laptop, the server was receiving the token as a string with extra
b'...' escaping, e.g as "b'eyJ0....0ifQA'" instead of just "eyJ0....0ifQA".
That was causing the test to fail.

I'm using Python 3.9, while the CI is using Python 3.8. I suspect that's
why. My version of pyjwt might be different too.

See also https://github.com/jpadilla/pyjwt/issues/391.
---
 test_runner/batch_others/test_auth.py | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/test_runner/batch_others/test_auth.py b/test_runner/batch_others/test_auth.py
index 062e54c3be..6f3dc167fe 100644
--- a/test_runner/batch_others/test_auth.py
+++ b/test_runner/batch_others/test_auth.py
@@ -22,6 +22,25 @@ class AuthKeys:
     pub: bytes
     priv: bytes
 
+    def generate_management_token(self):
+        token = jwt.encode({"scope": "pageserverapi"}, self.priv, algorithm="RS256")
+
+        # jwt.encode can return 'bytes' or 'str', depending on Python version or type
+        # hinting or something (not sure what). If it returned 'bytes', convert it to 'str'
+        # explicitly.
+        if isinstance(token, bytes):
+            token = token.decode()
+
+        return token
+
+    def generate_tenant_token(self, tenant_id):
+        token = jwt.encode({"scope": "tenant", "tenant_id": tenant_id}, self.priv, algorithm="RS256")
+
+        if isinstance(token, bytes):
+            token = token.decode()
+
+        return token
+
 
 @pytest.fixture
 def auth_keys(repo_dir: str) -> AuthKeys:
@@ -34,9 +53,9 @@ def auth_keys(repo_dir: str) -> AuthKeys:
 def test_pageserver_auth(pageserver_auth_enabled: ZenithPageserver, auth_keys: AuthKeys):
     ps = pageserver_auth_enabled
 
-    tenant_token = jwt.encode({"scope": "tenant", "tenant_id": ps.initial_tenant}, auth_keys.priv, algorithm="RS256")
-    invalid_tenant_token = jwt.encode({"scope": "tenant", "tenant_id": uuid4().hex}, auth_keys.priv, algorithm="RS256")
-    management_token = jwt.encode({"scope": "pageserverapi"}, auth_keys.priv, algorithm="RS256")
+    tenant_token = auth_keys.generate_tenant_token(ps.initial_tenant)
+    invalid_tenant_token = auth_keys.generate_tenant_token(uuid4().hex)
+    management_token = auth_keys.generate_management_token()
 
     # this does not invoke auth check and only decodes jwt and checks it for validity
     # check both tokens
@@ -72,7 +91,7 @@ def test_compute_auth_to_pageserver(
     ps = pageserver_auth_enabled
     # since we are in progress of refactoring protocols between compute safekeeper and page server
     # use hardcoded management token in safekeeper
-    management_token = jwt.encode({"scope": "pageserverapi"}, auth_keys.priv, algorithm="RS256")
+    management_token = auth_keys.generate_management_token()
 
     branch = f"test_compute_auth_to_pageserver{with_wal_acceptors}"
     zenith_cli.run(["branch", branch, "empty"])