projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
17217: Remove crufty test util funcs.
[arvados.git] / services / arv-git-httpd / auth_handler_test.go
diff --git a/services/arv-git-httpd/auth_handler_test.go b/services/arv-git-httpd/auth_handler_test.go
index df64999405ed2a91a31b24abb6292e1ed76be7ec..688b256dcb0c20aeb5fb7a30fd7144eb1e25f01c 100644 (file)
--- a/services/arv-git-httpd/auth_handler_test.go
+++ b/services/arv-git-httpd/auth_handler_test.go
@@ -5,19 +5,131 @@
 package main
 
 import (
+       "io"
+       "log"
        "net/http"
        "net/http/httptest"
        "net/url"
+       "path/filepath"
+       "strings"
 
+       "git.arvados.org/arvados.git/lib/config"
+       "git.arvados.org/arvados.git/sdk/go/arvados"
+       "git.arvados.org/arvados.git/sdk/go/arvadostest"
+       "git.arvados.org/arvados.git/sdk/go/ctxlog"
        check "gopkg.in/check.v1"
 )
 
 var _ = check.Suite(&AuthHandlerSuite{})
 
-type AuthHandlerSuite struct{}
+type AuthHandlerSuite struct {
+       cluster *arvados.Cluster
+}
+
+func (s *AuthHandlerSuite) SetUpTest(c *check.C) {
+       arvadostest.ResetEnv()
+       repoRoot, err := filepath.Abs("../api/tmp/git/test")
+       c.Assert(err, check.IsNil)
+
+       cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
+       c.Assert(err, check.Equals, nil)
+       s.cluster, err = cfg.GetCluster("")
+       c.Assert(err, check.Equals, nil)
+
+       s.cluster.Services.GitHTTP.InternalURLs = map[arvados.URL]arvados.ServiceInstance{{Host: "localhost:0"}: {}}
+       s.cluster.TLS.Insecure = true
+       s.cluster.Git.GitCommand = "/usr/bin/git"
+       s.cluster.Git.Repositories = repoRoot
+}
+
+func (s *AuthHandlerSuite) TestPermission(c *check.C) {
+       h := &authHandler{handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+               log.Printf("%v", r.URL)
+               io.WriteString(w, r.URL.Path)
+       }), cluster: s.cluster}
+       baseURL, err := url.Parse("http://git.example/")
+       c.Assert(err, check.IsNil)
+       for _, trial := range []struct {
+               label   string
+               token   string
+               pathIn  string
+               pathOut string
+               status  int
+       }{
+               {
+                       label:   "read repo by name",
+                       token:   arvadostest.ActiveToken,
+                       pathIn:  arvadostest.Repository2Name + ".git/git-upload-pack",
+                       pathOut: arvadostest.Repository2UUID + ".git/git-upload-pack",
+               },
+               {
+                       label:   "read repo by uuid",
+                       token:   arvadostest.ActiveToken,
+                       pathIn:  arvadostest.Repository2UUID + ".git/git-upload-pack",
+                       pathOut: arvadostest.Repository2UUID + ".git/git-upload-pack",
+               },
+               {
+                       label:   "write repo by name",
+                       token:   arvadostest.ActiveToken,
+                       pathIn:  arvadostest.Repository2Name + ".git/git-receive-pack",
+                       pathOut: arvadostest.Repository2UUID + ".git/git-receive-pack",
+               },
+               {
+                       label:   "write repo by uuid",
+                       token:   arvadostest.ActiveToken,
+                       pathIn:  arvadostest.Repository2UUID + ".git/git-receive-pack",
+                       pathOut: arvadostest.Repository2UUID + ".git/git-receive-pack",
+               },
+               {
+                       label:  "uuid not found",
+                       token:  arvadostest.ActiveToken,
+                       pathIn: strings.Replace(arvadostest.Repository2UUID, "6", "z", -1) + ".git/git-upload-pack",
+                       status: http.StatusNotFound,
+               },
+               {
+                       label:  "name not found",
+                       token:  arvadostest.ActiveToken,
+                       pathIn: "nonexistent-bogus.git/git-upload-pack",
+                       status: http.StatusNotFound,
+               },
+               {
+                       label:   "read read-only repo",
+                       token:   arvadostest.SpectatorToken,
+                       pathIn:  arvadostest.FooRepoName + ".git/git-upload-pack",
+                       pathOut: arvadostest.FooRepoUUID + "/.git/git-upload-pack",
+               },
+               {
+                       label:  "write read-only repo",
+                       token:  arvadostest.SpectatorToken,
+                       pathIn: arvadostest.FooRepoName + ".git/git-receive-pack",
+                       status: http.StatusForbidden,
+               },
+       } {
+               c.Logf("trial label: %q", trial.label)
+               u, err := baseURL.Parse(trial.pathIn)
+               c.Assert(err, check.IsNil)
+               resp := httptest.NewRecorder()
+               req := &http.Request{
+                       Method: "POST",
+                       URL:    u,
+                       Header: http.Header{
+                               "Authorization": {"Bearer " + trial.token}}}
+               h.ServeHTTP(resp, req)
+               if trial.status == 0 {
+                       trial.status = http.StatusOK
+               }
+               c.Check(resp.Code, check.Equals, trial.status)
+               if trial.status < 400 {
+                       if trial.pathOut != "" && !strings.HasPrefix(trial.pathOut, "/") {
+                               trial.pathOut = "/" + trial.pathOut
+                       }
+                       c.Check(resp.Body.String(), check.Equals, trial.pathOut)
+               }
+       }
+}
 
 func (s *AuthHandlerSuite) TestCORS(c *check.C) {
-       h := &authHandler{}
+       h := &authHandler{cluster: s.cluster}
 
        // CORS preflight
        resp := httptest.NewRecorder()