1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Merge pull request #20509 from estesp/cleanup-authz-test

Clean up authz integration-cli test
This commit is contained in:
Antonio Murdaca 2016-02-20 12:10:29 +01:00
commit 076b3558fc
2 changed files with 62 additions and 40 deletions

View file

@ -30,6 +30,10 @@ const (
containerListAPI = "/containers/json"
)
var (
alwaysAllowed = []string{"/_ping", "/info"}
)
func init() {
check.Suite(&DockerAuthzSuite{
ds: &DockerSuite{},
@ -74,12 +78,6 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
})
mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
if s.ctrl.reqRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(s.ctrl.reqRes)
c.Assert(err, check.IsNil)
w.Write(b)
defer r.Body.Close()
body, err := ioutil.ReadAll(r.Body)
c.Assert(err, check.IsNil)
@ -96,16 +94,20 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
}
s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI)
reqRes := s.ctrl.reqRes
if isAllowed(authReq.RequestURI) {
reqRes = authorization.Response{Allow: true}
}
if reqRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(reqRes)
c.Assert(err, check.IsNil)
w.Write(b)
})
mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
if s.ctrl.resRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(s.ctrl.resRes)
c.Assert(err, check.IsNil)
w.Write(b)
defer r.Body.Close()
body, err := ioutil.ReadAll(r.Body)
c.Assert(err, check.IsNil)
@ -120,6 +122,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
s.ctrl.psResponseCnt++
}
resRes := s.ctrl.resRes
if isAllowed(authReq.RequestURI) {
resRes = authorization.Response{Allow: true}
}
if resRes.Err != "" {
w.WriteHeader(http.StatusInternalServerError)
}
b, err := json.Marshal(resRes)
c.Assert(err, check.IsNil)
w.Write(b)
})
err := os.MkdirAll("/etc/docker/plugins", 0755)
@ -130,6 +142,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
c.Assert(err, checker.IsNil)
}
// check for always allowed endpoints to not inhibit test framework functions
func isAllowed(reqURI string) bool {
for _, endpoint := range alwaysAllowed {
if strings.HasSuffix(reqURI, endpoint) {
return true
}
}
return false
}
// assertAuthHeaders validates authentication headers are removed
func assertAuthHeaders(c *check.C, headers map[string]string) error {
for k := range headers {
@ -171,13 +193,10 @@ func (s *DockerAuthzSuite) TearDownSuite(c *check.C) {
func (s *DockerAuthzSuite) TestAuthZPluginAllowRequest(c *check.C) {
// start the daemon and load busybox, --net=none build fails otherwise
// cause it needs to pull busybox
c.Assert(s.d.StartWithBusybox(), check.IsNil)
// restart the daemon and enable the plugin, otherwise busybox loading
// is blocked by the plugin itself
c.Assert(s.d.Restart("--authorization-plugin="+testAuthZPlugin), check.IsNil)
c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin), check.IsNil)
s.ctrl.reqRes.Allow = true
s.ctrl.resRes.Allow = true
c.Assert(s.d.LoadBusybox(), check.IsNil)
// Ensure command successful
out, err := s.d.Cmd("run", "-d", "busybox", "top")
@ -234,12 +253,10 @@ func (s *DockerAuthzSuite) TestAuthZPluginAllowEventStream(c *check.C) {
testRequires(c, DaemonIsLinux)
// start the daemon and load busybox to avoid pulling busybox from Docker Hub
c.Assert(s.d.StartWithBusybox(), check.IsNil)
// restart the daemon and enable the authorization plugin, otherwise busybox loading
// is blocked by the plugin itself
c.Assert(s.d.Restart("--authorization-plugin="+testAuthZPlugin), check.IsNil)
c.Assert(s.d.Start("--authorization-plugin="+testAuthZPlugin), check.IsNil)
s.ctrl.reqRes.Allow = true
s.ctrl.resRes.Allow = true
c.Assert(s.d.LoadBusybox(), check.IsNil)
startTime := strconv.FormatInt(daemonTime(c).Unix(), 10)
// Add another command to to enable event pipelining

View file

@ -321,24 +321,7 @@ func (d *Daemon) StartWithBusybox(arg ...string) error {
if err := d.Start(arg...); err != nil {
return err
}
bb := filepath.Join(d.folder, "busybox.tar")
if _, err := os.Stat(bb); err != nil {
if !os.IsNotExist(err) {
return fmt.Errorf("unexpected error on busybox.tar stat: %v", err)
}
// saving busybox image from main daemon
if err := exec.Command(dockerBinary, "save", "--output", bb, "busybox:latest").Run(); err != nil {
return fmt.Errorf("could not save busybox image: %v", err)
}
}
// loading busybox image to this daemon
if out, err := d.Cmd("load", "--input", bb); err != nil {
return fmt.Errorf("could not load busybox image: %s", out)
}
if err := os.Remove(bb); err != nil {
d.c.Logf("could not remove %s: %v", bb, err)
}
return nil
return d.LoadBusybox()
}
// Stop will send a SIGINT every second and wait for the daemon to stop.
@ -413,6 +396,28 @@ func (d *Daemon) Restart(arg ...string) error {
return d.Start(arg...)
}
// LoadBusybox will load the stored busybox into a newly started daemon
func (d *Daemon) LoadBusybox() error {
bb := filepath.Join(d.folder, "busybox.tar")
if _, err := os.Stat(bb); err != nil {
if !os.IsNotExist(err) {
return fmt.Errorf("unexpected error on busybox.tar stat: %v", err)
}
// saving busybox image from main daemon
if err := exec.Command(dockerBinary, "save", "--output", bb, "busybox:latest").Run(); err != nil {
return fmt.Errorf("could not save busybox image: %v", err)
}
}
// loading busybox image to this daemon
if out, err := d.Cmd("load", "--input", bb); err != nil {
return fmt.Errorf("could not load busybox image: %s", out)
}
if err := os.Remove(bb); err != nil {
d.c.Logf("could not remove %s: %v", bb, err)
}
return nil
}
func (d *Daemon) queryRootDir() (string, error) {
// update daemon root by asking /info endpoint (to support user
// namespaced daemon with root remapped uid.gid directory)