From e0d79dff72a1e8508af87f7aedbe31f72a326a7d Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Fri, 19 Feb 2016 10:12:39 -0800 Subject: [PATCH] Clean up authz integration-cli test - Order the flow of the handlers more cleanly--read req, do actions, write response. - Add "always allowed" endpoints to handle `/_ping` and `/info` usage from the test framework/daemon start/restart management Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) Upstream-commit: 074561b0ecc1e1b2e476c5aa06a8e6ea858239c1 Component: engine --- .../docker_cli_authz_unix_test.go | 48 ++++++++++++++----- 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_authz_unix_test.go b/components/engine/integration-cli/docker_cli_authz_unix_test.go index 9e0de88fad..e5858e90e9 100644 --- a/components/engine/integration-cli/docker_cli_authz_unix_test.go +++ b/components/engine/integration-cli/docker_cli_authz_unix_test.go @@ -30,6 +30,10 @@ const ( containerListAPI = "/containers/json" ) +var ( + alwaysAllowed = []string{"/_ping", "/info"} +) + func init() { check.Suite(&DockerAuthzSuite{ ds: &DockerSuite{}, @@ -74,12 +78,6 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) { }) mux.HandleFunc("/AuthZPlugin.AuthZReq", func(w http.ResponseWriter, r *http.Request) { - if s.ctrl.reqRes.Err != "" { - w.WriteHeader(http.StatusInternalServerError) - } - b, err := json.Marshal(s.ctrl.reqRes) - c.Assert(err, check.IsNil) - w.Write(b) defer r.Body.Close() body, err := ioutil.ReadAll(r.Body) c.Assert(err, check.IsNil) @@ -96,16 +94,20 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) { } s.ctrl.requestsURIs = append(s.ctrl.requestsURIs, authReq.RequestURI) + + reqRes := s.ctrl.reqRes + if isAllowed(authReq.RequestURI) { + reqRes = authorization.Response{Allow: true} + } + if reqRes.Err != "" { + w.WriteHeader(http.StatusInternalServerError) + } + b, err := json.Marshal(reqRes) + c.Assert(err, check.IsNil) + w.Write(b) }) mux.HandleFunc("/AuthZPlugin.AuthZRes", func(w http.ResponseWriter, r *http.Request) { - if s.ctrl.resRes.Err != "" { - w.WriteHeader(http.StatusInternalServerError) - } - b, err := json.Marshal(s.ctrl.resRes) - c.Assert(err, check.IsNil) - w.Write(b) - defer r.Body.Close() body, err := ioutil.ReadAll(r.Body) c.Assert(err, check.IsNil) @@ -120,6 +122,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) { if strings.HasSuffix(authReq.RequestURI, containerListAPI) { s.ctrl.psResponseCnt++ } + resRes := s.ctrl.resRes + if isAllowed(authReq.RequestURI) { + resRes = authorization.Response{Allow: true} + } + if resRes.Err != "" { + w.WriteHeader(http.StatusInternalServerError) + } + b, err := json.Marshal(resRes) + c.Assert(err, check.IsNil) + w.Write(b) }) err := os.MkdirAll("/etc/docker/plugins", 0755) @@ -130,6 +142,16 @@ func (s *DockerAuthzSuite) SetUpSuite(c *check.C) { c.Assert(err, checker.IsNil) } +// check for always allowed endpoints to not inhibit test framework functions +func isAllowed(reqURI string) bool { + for _, endpoint := range alwaysAllowed { + if strings.HasSuffix(reqURI, endpoint) { + return true + } + } + return false +} + // assertAuthHeaders validates authentication headers are removed func assertAuthHeaders(c *check.C, headers map[string]string) error { for k := range headers {