}
// Test /index requests:
-// - enforce_permissions off | unauthenticated /index request
-// - enforce_permissions off | unauthenticated /index/prefix request
-// - enforce_permissions off | authenticated /index request | non-superuser
-// - enforce_permissions off | authenticated /index/prefix request | non-superuser
-// - enforce_permissions off | authenticated /index request | superuser
-// - enforce_permissions off | authenticated /index/prefix request | superuser
-// - enforce_permissions on | unauthenticated /index request
-// - enforce_permissions on | unauthenticated /index/prefix request
-// - enforce_permissions on | authenticated /index request | non-superuser
-// - enforce_permissions on | authenticated /index/prefix request | non-superuser
-// - enforce_permissions on | authenticated /index request | superuser
-// - enforce_permissions on | authenticated /index/prefix request | superuser
+// - unauthenticated /index request
+// - unauthenticated /index/prefix request
+// - authenticated /index request | non-superuser
+// - authenticated /index/prefix request | non-superuser
+// - authenticated /index request | superuser
+// - authenticated /index/prefix request | superuser
//
// The only /index requests that should succeed are those issued by the
-// superuser when enforce_permissions = true.
+// superuser. They should pass regardless of the value of enforce_permissions.
//
func TestIndexHandler(t *testing.T) {
defer teardown()
api_token: data_manager_token,
}
- // ----------------------------
- // enforce_permissions disabled
- // All /index requests should fail.
- enforce_permissions = false
+ // -------------------------------------------------------------
+ // Only the superuser should be allowed to issue /index requests.
+
+ // ---------------------------
+ // enforce_permissions enabled
+ // This setting should not affect tests passing.
+ enforce_permissions = true
// unauthenticated /index request
- // => PermissionError
+ // => UnauthorizedError
response := IssueRequest(rest, unauthenticated_req)
ExpectStatusCode(t,
- "enforce_permissions off, unauthenticated request",
- PermissionError.HTTPCode,
+ "enforce_permissions on, unauthenticated request",
+ UnauthorizedError.HTTPCode,
response)
// unauthenticated /index/prefix request
- // => PermissionError
+ // => UnauthorizedError
response = IssueRequest(rest, unauth_prefix_req)
ExpectStatusCode(t,
- "enforce_permissions off, unauthenticated /index/prefix request",
- PermissionError.HTTPCode,
+ "permissions on, unauthenticated /index/prefix request",
+ UnauthorizedError.HTTPCode,
response)
// authenticated /index request, non-superuser
- // => PermissionError
+ // => UnauthorizedError
response = IssueRequest(rest, authenticated_req)
ExpectStatusCode(t,
- "enforce_permissions off, authenticated request, non-superuser",
- PermissionError.HTTPCode,
+ "permissions on, authenticated request, non-superuser",
+ UnauthorizedError.HTTPCode,
response)
// authenticated /index/prefix request, non-superuser
- // => PermissionError
+ // => UnauthorizedError
response = IssueRequest(rest, auth_prefix_req)
ExpectStatusCode(t,
- "enforce_permissions off, authenticated /index/prefix request, non-superuser",
- PermissionError.HTTPCode,
+ "permissions on, authenticated /index/prefix request, non-superuser",
+ UnauthorizedError.HTTPCode,
response)
- // authenticated /index request, superuser
- // => PermissionError
+ // superuser /index request
+ // => OK
response = IssueRequest(rest, superuser_req)
ExpectStatusCode(t,
- "enforce_permissions off, superuser request",
- PermissionError.HTTPCode,
- response)
-
- // superuser /index/prefix request
- // => PermissionError
- response = IssueRequest(rest, superuser_prefix_req)
- ExpectStatusCode(t,
- "enforce_permissions off, superuser /index/prefix request",
- PermissionError.HTTPCode,
- response)
-
- // ---------------------------
- // enforce_permissions enabled
- // Only the superuser should be allowed to issue /index requests.
- enforce_permissions = true
-
- // unauthenticated /index request
- // => PermissionError
- response = IssueRequest(rest, unauthenticated_req)
- ExpectStatusCode(t,
- "enforce_permissions on, unauthenticated request",
- PermissionError.HTTPCode,
- response)
-
- // unauthenticated /index/prefix request
- // => PermissionError
- response = IssueRequest(rest, unauth_prefix_req)
- ExpectStatusCode(t,
- "permissions on, unauthenticated /index/prefix request",
- PermissionError.HTTPCode,
- response)
-
- // authenticated /index request, non-superuser
- // => PermissionError
- response = IssueRequest(rest, authenticated_req)
- ExpectStatusCode(t,
- "permissions on, authenticated request, non-superuser",
- PermissionError.HTTPCode,
+ "permissions on, superuser request",
+ http.StatusOK,
response)
- // authenticated /index/prefix request, non-superuser
- // => PermissionError
- response = IssueRequest(rest, auth_prefix_req)
- ExpectStatusCode(t,
- "permissions on, authenticated /index/prefix request, non-superuser",
- PermissionError.HTTPCode,
- response)
+ // ----------------------------
+ // enforce_permissions disabled
+ // Valid Request should still pass.
+ enforce_permissions = false
// superuser /index request
// => OK
http.StatusOK,
response)
+
+
expected := `^` + TEST_HASH + `\+\d+ \d+\n` +
TEST_HASH_2 + `\+\d+ \d+\n$`
match, _ := regexp.MatchString(expected, response.Body.String())
}
var testcases = []pullTest{
{
- "pull: user token, good request",
+ "Valid pull list from an ordinary user",
RequestTester{"/pull", user_token, "PUT", good_json},
http.StatusUnauthorized,
"Unauthorized\n",
},
{
- "pull: user token, bad request",
+ "Invalid pull request from an ordinary user",
RequestTester{"/pull", user_token, "PUT", bad_json},
http.StatusUnauthorized,
"Unauthorized\n",
},
{
- "pull: data manager token, good request",
+ "Valid pull request from the data manager",
RequestTester{"/pull", data_manager_token, "PUT", good_json},
http.StatusOK,
"Received 3 pull requests\n",
},
{
- "pull: data manager token, bad request",
+ "Invalid pull request from the data manager",
RequestTester{"/pull", data_manager_token, "PUT", bad_json},
http.StatusBadRequest,
"Bad Request\n",
// The Keep pull manager should have received one good list with 3
// requests on it.
- var output_list = make([]PullRequest, 3)
for i := 0; i < 3; i++ {
item := <-pullq.NextItem
- if pr, ok := item.(PullRequest); ok {
- output_list[i] = pr
- } else {
+ if _, ok := item.(PullRequest); !ok {
t.Errorf("item %v could not be parsed as a PullRequest", item)
}
}
+
+ expectChannelEmpty(t, pullq.NextItem)
}
// TestTrashHandler
var testcases = []trashTest{
{
- "trash: user token, good request",
+ "Valid trash list from an ordinary user",
RequestTester{"/trash", user_token, "PUT", good_json},
http.StatusUnauthorized,
"Unauthorized\n",
},
{
- "trash: user token, bad request",
+ "Invalid trash list from an ordinary user",
RequestTester{"/trash", user_token, "PUT", bad_json},
http.StatusUnauthorized,
"Unauthorized\n",
},
{
- "trash: data manager token, good request",
+ "Valid trash list from the data manager",
RequestTester{"/trash", data_manager_token, "PUT", good_json},
http.StatusOK,
"Received 3 trash requests\n",
},
{
- "trash: data manager token, bad request",
+ "Invalid trash list from the data manager",
RequestTester{"/trash", data_manager_token, "PUT", bad_json},
http.StatusBadRequest,
"Bad Request\n",
// The trash collector should have received one good list with 3
// requests on it.
- var output_list = make([]TrashRequest, 3)
for i := 0; i < 3; i++ {
item := <-trashq.NextItem
- if tr, ok := item.(TrashRequest); ok {
- output_list[i] = tr
- } else {
+ if _, ok := item.(TrashRequest); !ok {
t.Errorf("item %v could not be parsed as a TrashRequest", item)
}
}
+
+ expectChannelEmpty(t, trashq.NextItem)
}
// ====================
projects / arvados.git / blobdiff