kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Clean up authz integration-cli test

Browse source 
- Order the flow of the handlers more cleanly--read req, do actions,
  write response.
- Add "always allowed" endpoints to handle `/_ping` and `/info` usage
  from the test framework/daemon start/restart management

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This commit is contained in:
Phil Estes 2016-02-19 10:12:39 -08:00
parent 06af9471f8
commit 074561b0ec
1 changed files with 35 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
integration-cli/docker_cli_authz_unix_test.go
View file

@ -30,6 +30,10 @@ const (
containerListAPI = "/containers/json" containerListAPI = "/containers/json"
) )
var (
alwaysAllowed = []string{"/_ping", "/info"}
)
func init() { func init() {
check.Suite(&DockerAuthzSuite{ check.Suite(&DockerAuthzSuite{
ds: &DockerSuite{}, ds: &DockerSuite{},
@ -74,12 +78,6 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
}) })
mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) { mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
if s.ctrl.reqRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(s.ctrl.reqRes)
c.Assert(err, check.IsNil)
w.Write(b)
defer r.Body.Close() defer r.Body.Close()
body, err := ioutil.ReadAll(r.Body) body, err := ioutil.ReadAll(r.Body)
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
@ -96,16 +94,20 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
} }
s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI) s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI)
reqRes := s.ctrl.reqRes
if isAllowed(authReq.RequestURI) {
reqRes = authorization.Response{Allow: true}
}
if reqRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(reqRes)
c.Assert(err, check.IsNil)
w.Write(b)
}) })
mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) { mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
if s.ctrl.resRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(s.ctrl.resRes)
c.Assert(err, check.IsNil)
w.Write(b)
defer r.Body.Close() defer r.Body.Close()
body, err := ioutil.ReadAll(r.Body) body, err := ioutil.ReadAll(r.Body)
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
@ -120,6 +122,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
if strings.HasSuffix(authReq.RequestURI, containerListAPI) { if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
s.ctrl.psResponseCnt++ s.ctrl.psResponseCnt++
} }
resRes := s.ctrl.resRes
if isAllowed(authReq.RequestURI) {
resRes = authorization.Response{Allow: true}
}
if resRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(resRes)
c.Assert(err, check.IsNil)
w.Write(b)
}) })
err := os.MkdirAll("/etc/docker/plugins", 0755) err := os.MkdirAll("/etc/docker/plugins", 0755)
@ -130,6 +142,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
// check for always allowed endpoints to not inhibit test framework functions
func isAllowed(reqURI string) bool {
for _, endpoint := range alwaysAllowed {
if strings.HasSuffix(reqURI, endpoint) {
return true
}
}
return false
}
// assertAuthHeaders validates authentication headers are removed // assertAuthHeaders validates authentication headers are removed
func assertAuthHeaders(c *check.C, headers map[string]string) error { func assertAuthHeaders(c *check.C, headers map[string]string) error {
for k := range headers { for k := range headers {