You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/03/28 11:49:45 UTC
[2/3] mesos git commit: Added a new '/files' endpoints test using
authentication.
Added a new '/files' endpoints test using authentication.
A new test was added (FilesTest.AuthenticationTest) to probe the
`/files/*` endpoints' behavior when HTTP authentication is enabled.
Review: https://reviews.apache.org/r/45249/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e87201fd
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e87201fd
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e87201fd
Branch: refs/heads/master
Commit: e87201fd9551a5ad086a6e6fc0a30f4ee22f99f4
Parents: 02ec71e
Author: Greg Mann <gr...@mesosphere.io>
Authored: Mon Mar 28 01:04:15 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Mar 28 02:46:25 2016 -0700
----------------------------------------------------------------------
src/tests/files_tests.cpp | 96 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 95 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/e87201fd/src/tests/files_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/files_tests.cpp b/src/tests/files_tests.cpp
index b389495..bf050e7 100644
--- a/src/tests/files_tests.cpp
+++ b/src/tests/files_tests.cpp
@@ -18,6 +18,8 @@
#include <gmock/gmock.h>
+#include <mesos/authentication/http/basic_authenticator_factory.hpp>
+
#include <process/future.hpp>
#include <process/gtest.hpp>
#include <process/http.hpp>
@@ -33,21 +35,64 @@
#include "files/files.hpp"
+#include "tests/mesos.hpp"
+
+namespace authentication = process::http::authentication;
+
using process::Future;
+using process::Owned;
using process::http::BadRequest;
using process::http::NotFound;
using process::http::OK;
using process::http::Response;
+using process::http::Unauthorized;
using std::string;
+using mesos::http::authentication::BasicAuthenticatorFactory;
+
namespace mesos {
namespace internal {
namespace tests {
+class FilesTest : public TemporaryDirectoryTest
+{
+protected:
+ void setBasicHttpAuthenticator(
+ const string& realm,
+ const Credentials& credentials)
+ {
+ Try<authentication::Authenticator*> authenticator =
+ BasicAuthenticatorFactory::create(realm, credentials);
+
+ ASSERT_SOME(authenticator);
+
+ // Add this realm to the set of realms which will be unset during teardown.
+ realms.insert(realm);
-class FilesTest : public TemporaryDirectoryTest {};
+ // Pass ownership of the authenticator to libprocess.
+ AWAIT_READY(authentication::setAuthenticator(
+ realm,
+ Owned<authentication::Authenticator>(authenticator.get())));
+ }
+
+ virtual void TearDown()
+ {
+ foreach (const string& realm, realms) {
+ // We need to wait in order to ensure that the operation completes before
+ // we leave `TearDown`. Otherwise, we may leak a mock object.
+ AWAIT_READY(authentication::unsetAuthenticator(realm));
+ }
+
+ realms.clear();
+
+ TemporaryDirectoryTest::TearDown();
+ }
+
+private:
+ hashset<string> realms;
+};
TEST_F(FilesTest, AttachTest)
@@ -297,6 +342,55 @@ TEST_F(FilesTest, DownloadTest)
AWAIT_EXPECT_RESPONSE_BODY_EQ(data, response);
}
+
+// Tests that requests to the '/files/*' endpoints receive an `Unauthorized`
+// response when HTTP authentication is enabled and an invalid credential is
+// provided.
+TEST_F(FilesTest, AuthenticationTest)
+{
+ const string AUTHENTICATION_REALM = "realm";
+
+ Credentials credentials;
+ credentials.add_credentials()->CopyFrom(DEFAULT_CREDENTIAL);
+
+ // Create a basic HTTP authenticator with the specified credentials and set it
+ // as the authenticator for `AUTHENTICATION_REALM`.
+ setBasicHttpAuthenticator(AUTHENTICATION_REALM, credentials);
+
+ // The realm is passed to `Files` to enable
+ // HTTP authentication on its endpoints.
+ Files files(AUTHENTICATION_REALM);
+
+ process::UPID upid("files", process::address());
+
+ Credential badCredential;
+ badCredential.set_principal("bad-principal");
+ badCredential.set_secret("bad-secret");
+
+ const string expectedAuthorizationHeader =
+ "Basic realm=\"" + AUTHENTICATION_REALM + "\"";
+
+ Future<Response> response = process::http::get(upid, "browse");
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+ EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+ expectedAuthorizationHeader);
+
+ response = process::http::get(upid, "read");
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+ EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+ expectedAuthorizationHeader);
+
+ response = process::http::get(upid, "download");
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+ EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+ expectedAuthorizationHeader);
+
+ response = process::http::get(upid, "debug");
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+ EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+ expectedAuthorizationHeader);
+}
+
} // namespace tests {
} // namespace internal {
} // namespace mesos {