We use cookies to ensure you get the best experience on our website
Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
0ct0pu5
/
moby
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: 6a96684442
Dallar Biçim İmleri
moby
/
pkg
/
authorization
/
authz_unix_test.go

authz_unix_test.go 6.8 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. // +build !windows
    2. 

  2. 

  3. // TODO Windows: This uses a Unix socket for testing. This might be possible
    4. 

  4. // to port to Windows using a named pipe instead.
    5. 

  5. 

  6. package authorization
    7. 

  7. 

  8. import (
    9. 

  9. 	"encoding/json"
    10. 

  10. 	"io/ioutil"
    11. 

  11. 	"net"
    12. 

  12. 	"net/http"
    13. 

  13. 	"net/http/httptest"
    14. 

  14. 	"os"
    15. 

  15. 	"path"
    16. 

  16. 	"reflect"
    17. 

  17. 	"testing"
    18. 

  18. 

  19. 	"bytes"
    20. 

  20. 	"strings"
    21. 

  21. 

  22. 	"github.com/docker/docker/pkg/plugins"
    23. 

  23. 	"github.com/docker/go-connections/tlsconfig"
    24. 

  24. 	"github.com/gorilla/mux"
    25. 

  25. )
    26. 

  26. 

  27. const pluginAddress = "authzplugin.sock"
    28. 

  28. 

  29. func TestAuthZRequestPluginError(t *testing.T) {
    30. 

  30. 	server := authZPluginTestServer{t: t}
    31. 

  31. 	go server.start()
    32. 

  32. 	defer server.stop()
    33. 

  33. 

  34. 	authZPlugin := createTestPlugin(t)
    35. 

  35. 

  36. 	request := Request{
    37. 

  37. 		User:           "user",
    38. 

  38. 		RequestBody:    []byte("sample body"),
    39. 

  39. 		RequestURI:     "www.authz.com",
    40. 

  40. 		RequestMethod:  "GET",
    41. 

  41. 		RequestHeaders: map[string]string{"header": "value"},
    42. 

  42. 	}
    43. 

  43. 	server.replayResponse = Response{
    44. 

  44. 		Err: "an error",
    45. 

  45. 	}
    46. 

  46. 

  47. 	actualResponse, err := authZPlugin.AuthZRequest(&request)
    48. 

  48. 	if err != nil {
    49. 

  49. 		t.Fatalf("Failed to authorize request %v", err)
    50. 

  50. 	}
    51. 

  51. 

  52. 	if !reflect.DeepEqual(server.replayResponse, *actualResponse) {
    53. 

  53. 		t.Fatalf("Response must be equal")
    54. 

  54. 	}
    55. 

  55. 	if !reflect.DeepEqual(request, server.recordedRequest) {
    56. 

  56. 		t.Fatalf("Requests must be equal")
    57. 

  57. 	}
    58. 

  58. }
    59. 

  59. 

  60. func TestAuthZRequestPlugin(t *testing.T) {
    61. 

  61. 	server := authZPluginTestServer{t: t}
    62. 

  62. 	go server.start()
    63. 

  63. 	defer server.stop()
    64. 

  64. 

  65. 	authZPlugin := createTestPlugin(t)
    66. 

  66. 

  67. 	request := Request{
    68. 

  68. 		User:           "user",
    69. 

  69. 		RequestBody:    []byte("sample body"),
    70. 

  70. 		RequestURI:     "www.authz.com",
    71. 

  71. 		RequestMethod:  "GET",
    72. 

  72. 		RequestHeaders: map[string]string{"header": "value"},
    73. 

  73. 	}
    74. 

  74. 	server.replayResponse = Response{
    75. 

  75. 		Allow: true,
    76. 

  76. 		Msg:   "Sample message",
    77. 

  77. 	}
    78. 

  78. 

  79. 	actualResponse, err := authZPlugin.AuthZRequest(&request)
    80. 

  80. 	if err != nil {
    81. 

  81. 		t.Fatalf("Failed to authorize request %v", err)
    82. 

  82. 	}
    83. 

  83. 

  84. 	if !reflect.DeepEqual(server.replayResponse, *actualResponse) {
    85. 

  85. 		t.Fatalf("Response must be equal")
    86. 

  86. 	}
    87. 

  87. 	if !reflect.DeepEqual(request, server.recordedRequest) {
    88. 

  88. 		t.Fatalf("Requests must be equal")
    89. 

  89. 	}
    90. 

  90. }
    91. 

  91. 

  92. func TestAuthZResponsePlugin(t *testing.T) {
    93. 

  93. 	server := authZPluginTestServer{t: t}
    94. 

  94. 	go server.start()
    95. 

  95. 	defer server.stop()
    96. 

  96. 

  97. 	authZPlugin := createTestPlugin(t)
    98. 

  98. 

  99. 	request := Request{
    100. 

  100. 		User:        "user",
    101. 

  101. 		RequestBody: []byte("sample body"),
    102. 

  102. 	}
    103. 

  103. 	server.replayResponse = Response{
    104. 

  104. 		Allow: true,
    105. 

  105. 		Msg:   "Sample message",
    106. 

  106. 	}
    107. 

  107. 

  108. 	actualResponse, err := authZPlugin.AuthZResponse(&request)
    109. 

  109. 	if err != nil {
    110. 

  110. 		t.Fatalf("Failed to authorize request %v", err)
    111. 

  111. 	}
    112. 

  112. 

  113. 	if !reflect.DeepEqual(server.replayResponse, *actualResponse) {
    114. 

  114. 		t.Fatalf("Response must be equal")
    115. 

  115. 	}
    116. 

  116. 	if !reflect.DeepEqual(request, server.recordedRequest) {
    117. 

  117. 		t.Fatalf("Requests must be equal")
    118. 

  118. 	}
    119. 

  119. }
    120. 

  120. 

  121. func TestResponseModifier(t *testing.T) {
    122. 

  122. 	r := httptest.NewRecorder()
    123. 

  123. 	m := NewResponseModifier(r)
    124. 

  124. 	m.Header().Set("h1", "v1")
    125. 

  125. 	m.Write([]byte("body"))
    126. 

  126. 	m.WriteHeader(500)
    127. 

  127. 

  128. 	m.FlushAll()
    129. 

  129. 	if r.Header().Get("h1") != "v1" {
    130. 

  130. 		t.Fatalf("Header value must exists %s", r.Header().Get("h1"))
    131. 

  131. 	}
    132. 

  132. 	if !reflect.DeepEqual(r.Body.Bytes(), []byte("body")) {
    133. 

  133. 		t.Fatalf("Body value must exists %s", r.Body.Bytes())
    134. 

  134. 	}
    135. 

  135. 	if r.Code != 500 {
    136. 

  136. 		t.Fatalf("Status code must be correct %d", r.Code)
    137. 

  137. 	}
    138. 

  138. }
    139. 

  139. 

  140. func TestDrainBody(t *testing.T) {
    141. 

  141. 	tests := []struct {
    142. 

  142. 		length             int // length is the message length send to drainBody
    143. 

  143. 		expectedBodyLength int // expectedBodyLength is the expected body length after drainBody is called
    144. 

  144. 	}{
    145. 

  145. 		{10, 10}, // Small message size
    146. 

  146. 		{maxBodySize - 1, maxBodySize - 1}, // Max message size
    147. 

  147. 		{maxBodySize * 2, 0},               // Large message size (skip copying body)
    148. 

  148. 

  149. 	}
    150. 

  150. 

  151. 	for _, test := range tests {
    152. 

  152. 		msg := strings.Repeat("a", test.length)
    153. 

  153. 		body, closer, err := drainBody(ioutil.NopCloser(bytes.NewReader([]byte(msg))))
    154. 

  154. 		if err != nil {
    155. 

  155. 			t.Fatal(err)
    156. 

  156. 		}
    157. 

  157. 		if len(body) != test.expectedBodyLength {
    158. 

  158. 			t.Fatalf("Body must be copied, actual length: '%d'", len(body))
    159. 

  159. 		}
    160. 

  160. 		if closer == nil {
    161. 

  161. 			t.Fatalf("Closer must not be nil")
    162. 

  162. 		}
    163. 

  163. 		modified, err := ioutil.ReadAll(closer)
    164. 

  164. 		if err != nil {
    165. 

  165. 			t.Fatalf("Error must not be nil: '%v'", err)
    166. 

  166. 		}
    167. 

  167. 		if len(modified) != len(msg) {
    168. 

  168. 			t.Fatalf("Result should not be truncated. Original length: '%d', new length: '%d'", len(msg), len(modified))
    169. 

  169. 		}
    170. 

  170. 	}
    171. 

  171. }
    172. 

  172. 

  173. func TestResponseModifierOverride(t *testing.T) {
    174. 

  174. 	r := httptest.NewRecorder()
    175. 

  175. 	m := NewResponseModifier(r)
    176. 

  176. 	m.Header().Set("h1", "v1")
    177. 

  177. 	m.Write([]byte("body"))
    178. 

  178. 	m.WriteHeader(500)
    179. 

  179. 

  180. 	overrideHeader := make(http.Header)
    181. 

  181. 	overrideHeader.Add("h1", "v2")
    182. 

  182. 	overrideHeaderBytes, err := json.Marshal(overrideHeader)
    183. 

  183. 	if err != nil {
    184. 

  184. 		t.Fatalf("override header failed %v", err)
    185. 

  185. 	}
    186. 

  186. 

  187. 	m.OverrideHeader(overrideHeaderBytes)
    188. 

  188. 	m.OverrideBody([]byte("override body"))
    189. 

  189. 	m.OverrideStatusCode(404)
    190. 

  190. 	m.FlushAll()
    191. 

  191. 	if r.Header().Get("h1") != "v2" {
    192. 

  192. 		t.Fatalf("Header value must exists %s", r.Header().Get("h1"))
    193. 

  193. 	}
    194. 

  194. 	if !reflect.DeepEqual(r.Body.Bytes(), []byte("override body")) {
    195. 

  195. 		t.Fatalf("Body value must exists %s", r.Body.Bytes())
    196. 

  196. 	}
    197. 

  197. 	if r.Code != 404 {
    198. 

  198. 		t.Fatalf("Status code must be correct %d", r.Code)
    199. 

  199. 	}
    200. 

  200. }
    201. 

  201. 

  202. // createTestPlugin creates a new sample authorization plugin
    203. 

  203. func createTestPlugin(t *testing.T) *authorizationPlugin {
    204. 

  204. 	plugin := &plugins.Plugin{Name: "authz"}
    205. 

  205. 	pwd, err := os.Getwd()
    206. 

  206. 	if err != nil {
    207. 

  207. 		t.Fatal(err)
    208. 

  208. 	}
    209. 

  209. 

  210. 	plugin.Client, err = plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), tlsconfig.Options{InsecureSkipVerify: true})
    211. 

  211. 	if err != nil {
    212. 

  212. 		t.Fatalf("Failed to create client %v", err)
    213. 

  213. 	}
    214. 

  214. 

  215. 	return &authorizationPlugin{name: "plugin", plugin: plugin}
    216. 

  216. }
    217. 

  217. 

  218. // AuthZPluginTestServer is a simple server that implements the authZ plugin interface
    219. 

  219. type authZPluginTestServer struct {
    220. 

  220. 	listener net.Listener
    221. 

  221. 	t        *testing.T
    222. 

  222. 	// request stores the request sent from the daemon to the plugin
    223. 

  223. 	recordedRequest Request
    224. 

  224. 	// response stores the response sent from the plugin to the daemon
    225. 

  225. 	replayResponse Response
    226. 

  226. }
    227. 

  227. 

  228. // start starts the test server that implements the plugin
    229. 

  229. func (t *authZPluginTestServer) start() {
    230. 

  230. 	r := mux.NewRouter()
    231. 

  231. 	os.Remove(pluginAddress)
    232. 

  232. 	l, _ := net.ListenUnix("unix", &net.UnixAddr{Name: pluginAddress, Net: "unix"})
    233. 

  233. 	t.listener = l
    234. 

  234. 	r.HandleFunc("/Plugin.Activate", t.activate)
    235. 

  235. 	r.HandleFunc("/"+AuthZApiRequest, t.auth)
    236. 

  236. 	r.HandleFunc("/"+AuthZApiResponse, t.auth)
    237. 

  237. 	server := http.Server{Handler: r, Addr: pluginAddress}
    238. 

  238. 	server.Serve(l)
    239. 

  239. }
    240. 

  240. 

  241. // stop stops the test server that implements the plugin
    242. 

  242. func (t *authZPluginTestServer) stop() {
    243. 

  243. 	os.Remove(pluginAddress)
    244. 

  244. 	if t.listener != nil {
    245. 

  245. 		t.listener.Close()
    246. 

  246. 	}
    247. 

  247. }
    248. 

  248. 

  249. // auth is a used to record/replay the authentication api messages
    250. 

  250. func (t *authZPluginTestServer) auth(w http.ResponseWriter, r *http.Request) {
    251. 

  251. 	t.recordedRequest = Request{}
    252. 

  252. 	body, _ := ioutil.ReadAll(r.Body)
    253. 

  253. 	r.Body.Close()
    254. 

  254. 	json.Unmarshal(body, &t.recordedRequest)
    255. 

  255. 	b, _ := json.Marshal(t.replayResponse)
    256. 

  256. 	w.Write(b)
    257. 

  257. }
    258. 

  258. 

  259. func (t *authZPluginTestServer) activate(w http.ResponseWriter, r *http.Request) {
    260. 

  260. 	b, _ := json.Marshal(plugins.Manifest{Implements: []string{AuthZApiImplements}})
    261. 

  261. 	w.Write(b)
    262. 

  262. }
    263.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5