From 21dfb446e793357f900b9251fdc30f08860efdc0 Mon Sep 17 00:00:00 2001
From: Easton Crupper <65553218+ecrupper@users.noreply.github.com>
Date: Wed, 4 Sep 2024 10:21:19 -0400
Subject: [PATCH] enhance(mock): add admin key rotation (#1174)

* enhance(mock): add admin key rotation

* new files, old rules
---
 mock/server/rotate_keys.go | 27 +++++++++++++++++++++++++++
 mock/server/server.go      |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 mock/server/rotate_keys.go

diff --git a/mock/server/rotate_keys.go b/mock/server/rotate_keys.go
new file mode 100644
index 000000000..3623f4c12
--- /dev/null
+++ b/mock/server/rotate_keys.go
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package server
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/go-vela/server/router/middleware/auth"
+	"github.com/go-vela/types"
+)
+
+// rotateKeys returns success message. Pass `invalid` to auth header to test 401 error.
+func rotateKeys(c *gin.Context) {
+	tkn, _ := auth.RetrieveAccessToken(c.Request)
+
+	if strings.EqualFold(tkn, "invalid") {
+		data := "unauthorized"
+		c.AbortWithStatusJSON(http.StatusUnauthorized, types.Error{Message: &data})
+
+		return
+	}
+
+	c.JSON(http.StatusOK, "keys rotated successfully")
+}
diff --git a/mock/server/server.go b/mock/server/server.go
index 4b249cec3..8a2532a86 100644
--- a/mock/server/server.go
+++ b/mock/server/server.go
@@ -151,6 +151,7 @@ func FakeHandler() http.Handler {
 	// mock endpoints for oidc calls
 	e.GET("/_services/token/.well-known/openid-configuration", openIDConfig)
 	e.GET("/_services/token/.well-known/jwks", getJWKS)
+	e.POST("/api/v1/admin/rotate_oidc_keys", rotateKeys)
 
 	// mock endpoint for queue credentials
 	e.GET("/api/v1/queue/info", getQueueCreds)