[2/3] mesos git commit: Added a new '/files' endpoints test using authentication.

[me...@apache.org]

Added a new '/files' endpoints test using authentication.

A new test was added (FilesTest.AuthenticationTest) to probe the
`/files/*` endpoints' behavior when HTTP authentication is enabled.

Review: https://reviews.apache.org/r/45249/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e87201fd
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e87201fd
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e87201fd

Branch: refs/heads/master
Commit: e87201fd9551a5ad086a6e6fc0a30f4ee22f99f4
Parents: 02ec71e
Author: Greg Mann <gr...@mesosphere.io>
Authored: Mon Mar 28 01:04:15 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Mar 28 02:46:25 2016 -0700

----------------------------------------------------------------------
 src/tests/files_tests.cpp | 96 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 95 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/e87201fd/src/tests/files_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/files_tests.cpp b/src/tests/files_tests.cpp
index b389495..bf050e7 100644
--- a/src/tests/files_tests.cpp
+++ b/src/tests/files_tests.cpp
@@ -18,6 +18,8 @@
 
 #include <gmock/gmock.h>
 
+#include <mesos/authentication/http/basic_authenticator_factory.hpp>
+
 #include <process/future.hpp>
 #include <process/gtest.hpp>
 #include <process/http.hpp>
@@ -33,21 +35,64 @@
 
 #include "files/files.hpp"
 
+#include "tests/mesos.hpp"
+
+namespace authentication = process::http::authentication;
+
 using process::Future;
+using process::Owned;
 
 using process::http::BadRequest;
 using process::http::NotFound;
 using process::http::OK;
 using process::http::Response;
+using process::http::Unauthorized;
 
 using std::string;
 
+using mesos::http::authentication::BasicAuthenticatorFactory;
+
 namespace mesos {
 namespace internal {
 namespace tests {
 
+class FilesTest : public TemporaryDirectoryTest
+{
+protected:
+  void setBasicHttpAuthenticator(
+      const string& realm,
+      const Credentials& credentials)
+  {
+    Try<authentication::Authenticator*> authenticator =
+      BasicAuthenticatorFactory::create(realm, credentials);
+
+    ASSERT_SOME(authenticator);
+
+    // Add this realm to the set of realms which will be unset during teardown.
+    realms.insert(realm);
 
-class FilesTest : public TemporaryDirectoryTest {};
+    // Pass ownership of the authenticator to libprocess.
+    AWAIT_READY(authentication::setAuthenticator(
+        realm,
+        Owned<authentication::Authenticator>(authenticator.get())));
+  }
+
+  virtual void TearDown()
+  {
+    foreach (const string& realm, realms) {
+      // We need to wait in order to ensure that the operation completes before
+      // we leave `TearDown`. Otherwise, we may leak a mock object.
+      AWAIT_READY(authentication::unsetAuthenticator(realm));
+    }
+
+    realms.clear();
+
+    TemporaryDirectoryTest::TearDown();
+  }
+
+private:
+  hashset<string> realms;
+};
 
 
 TEST_F(FilesTest, AttachTest)
@@ -297,6 +342,55 @@ TEST_F(FilesTest, DownloadTest)
   AWAIT_EXPECT_RESPONSE_BODY_EQ(data, response);
 }
 
+
+// Tests that requests to the '/files/*' endpoints receive an `Unauthorized`
+// response when HTTP authentication is enabled and an invalid credential is
+// provided.
+TEST_F(FilesTest, AuthenticationTest)
+{
+  const string AUTHENTICATION_REALM = "realm";
+
+  Credentials credentials;
+  credentials.add_credentials()->CopyFrom(DEFAULT_CREDENTIAL);
+
+  // Create a basic HTTP authenticator with the specified credentials and set it
+  // as the authenticator for `AUTHENTICATION_REALM`.
+  setBasicHttpAuthenticator(AUTHENTICATION_REALM, credentials);
+
+  // The realm is passed to `Files` to enable
+  // HTTP authentication on its endpoints.
+  Files files(AUTHENTICATION_REALM);
+
+  process::UPID upid("files", process::address());
+
+  Credential badCredential;
+  badCredential.set_principal("bad-principal");
+  badCredential.set_secret("bad-secret");
+
+  const string expectedAuthorizationHeader =
+    "Basic realm=\"" + AUTHENTICATION_REALM + "\"";
+
+  Future<Response> response = process::http::get(upid, "browse");
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+  EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+            expectedAuthorizationHeader);
+
+  response = process::http::get(upid, "read");
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+  EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+            expectedAuthorizationHeader);
+
+  response = process::http::get(upid, "download");
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+  EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+            expectedAuthorizationHeader);
+
+  response = process::http::get(upid, "debug");
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
+  EXPECT_EQ(response.get().headers.at("WWW-Authenticate"),
+            expectedAuthorizationHeader);
+}
+
 } // namespace tests {
 } // namespace internal {
 } // namespace mesos {