We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Clean up authz integration-cli test

- Order the flow of the handlers more cleanly--read req, do actions,
  write response.
- Add "always allowed" endpoints to handle `/_ping` and `/info` usage
  from the test framework/daemon start/restart management

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Phil Estes 9 years ago
parent
06af9471f8
commit
074561b0ec
1 changed files with 32 additions and 10 deletions
Split View Show Diff Stats
  1. 32 10
      integration-cli/docker_cli_authz_unix_test.go

+ 32 - 10
integration-cli/docker_cli_authz_unix_test.go
View File 

@@ -30,6 +30,10 @@ const (
 
 	containerListAPI    = "/containers/json"
 
 )
 
 
+var (
 
+	alwaysAllowed = []string{"/_ping", "/info"}
 
+)
 
+
 
 func init() {
 
 	check.Suite(&DockerAuthzSuite{
 
 		ds: &DockerSuite{},
 
@@ -74,12 +78,6 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
 
 	})
 
 
 	mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) {
 
-		if s.ctrl.reqRes.Err != "" {
 
-			w.WriteHeader(http.StatusInternalServerError)
 
-		}
 
-		b, err := json.Marshal(s.ctrl.reqRes)
 
-		c.Assert(err, check.IsNil)
 
-		w.Write(b)
 
 		defer r.Body.Close()
 
 		body, err := ioutil.ReadAll(r.Body)
 
 		c.Assert(err, check.IsNil)
 
@@ -96,16 +94,20 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
 
 		}
 
 
 		s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI)
 
-	})
 
 
-	mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
 
-		if s.ctrl.resRes.Err != "" {
 
+		reqRes := s.ctrl.reqRes
 
+		if isAllowed(authReq.RequestURI) {
 
+			reqRes = authorization.Response{Allow: true}
 
+		}
 
+		if reqRes.Err != "" {
 
 			w.WriteHeader(http.StatusInternalServerError)
 
 		}
 
-		b, err := json.Marshal(s.ctrl.resRes)
 
+		b, err := json.Marshal(reqRes)
 
 		c.Assert(err, check.IsNil)
 
 		w.Write(b)
 
+	})
 
 
+	mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) {
 
 		defer r.Body.Close()
 
 		body, err := ioutil.ReadAll(r.Body)
 
 		c.Assert(err, check.IsNil)
 
@@ -120,6 +122,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
 
 		if strings.HasSuffix(authReq.RequestURI, containerListAPI) {
 
 			s.ctrl.psResponseCnt++
 
 		}
 
+		resRes := s.ctrl.resRes
 
+		if isAllowed(authReq.RequestURI) {
 
+			resRes = authorization.Response{Allow: true}
 
+		}
 
+		if resRes.Err != "" {
 
+			w.WriteHeader(http.StatusInternalServerError)
 
+		}
 
+		b, err := json.Marshal(resRes)
 
+		c.Assert(err, check.IsNil)
 
+		w.Write(b)
 
 	})
 
 
 	err := os.MkdirAll("/etc/docker/plugins", 0755)
 
@@ -130,6 +142,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) {
 
 	c.Assert(err, checker.IsNil)
 
 }
 
 
+// check for always allowed endpoints to not inhibit test framework functions
 
+func isAllowed(reqURI string) bool {
 
+	for _, endpoint := range alwaysAllowed {
 
+		if strings.HasSuffix(reqURI, endpoint) {
 
+			return true
 
+		}
 
+	}
 
+	return false
 
+}
 
+
 
 // assertAuthHeaders validates authentication headers are removed
 
 func assertAuthHeaders(c *check.C, headers map[string]string) error {
 
 	for k := range headers {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5