Skip to content

Commit

Permalink
httptransport: fix auth test logging
Browse files Browse the repository at this point in the history
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
  • Loading branch information
hdonnay committed Aug 11, 2021
1 parent 1e0a43a commit f7fdc90
Showing 1 changed file with 77 additions and 68 deletions.
145 changes: 77 additions & 68 deletions httptransport/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,104 +2,112 @@ package httptransport

import (
"bytes"
"context"
"crypto/rand"
"encoding/hex"
"fmt"
"io"
"net"
"net/http"
"net/http/httptest"
"testing"

"gopkg.in/square/go-jose.v2/jwt"

"github.com/quay/clair/v4/config"
"github.com/quay/zlog"
)

type authTestcase struct {
Name string
Claims *jwt.Claims
ConfigMod func(*testing.T, *config.Config)
Config config.Config
Name string
ShouldFail bool
ConfigMod func(*testing.T, *config.Config)
Claims *jwt.Claims
}

var defaultClaims = jwt.Claims{
Issuer: IntraserviceIssuer,
}

func (tc *authTestcase) Run(t *testing.T) {
// Generate a nonce to return upon request.
b := make([]byte, 16)
if _, err := io.ReadFull(rand.Reader, b); err != nil {
t.Fatal(err)
}
nonce := hex.EncodeToString(b)

// Return the nonce when called.
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if a := r.Header.Get("authorization"); a != "" {
t.Logf("Authorization: %s", a)
func (tc *authTestcase) Run(ctx context.Context) func(*testing.T) {
return func(t *testing.T) {
ctx := zlog.Test(ctx, t)
// Generate a nonce to return upon request.
b := make([]byte, 16)
if _, err := io.ReadFull(rand.Reader, b); err != nil {
t.Fatal(err)
}
nonce := hex.EncodeToString(b)

// Return the nonce when called.
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if a := r.Header.Get("authorization"); a != "" {
t.Logf("Authorization: %s", a)
}
fmt.Fprint(w, nonce)
})

// Create a handler that has auth according to the config.
h, err := authHandler(&tc.Config, next)
if err != nil {
t.Error(err)
}
fmt.Fprint(w, nonce)
})

// Create a handler that has auth according to the config.
h, err := authHandler(&tc.Config, next)
if err != nil {
t.Error(err)
}

// Wire up the handler to a test server.
srv := httptest.NewServer(h)
defer srv.Close()
// Wire up the handler to a test server.
srv := httptest.NewUnstartedServer(h)
srv.Config.BaseContext = func(_ net.Listener) context.Context { return ctx }
srv.Start()
defer srv.Close()

// Modify the config, if present
if f := tc.ConfigMod; f != nil {
f(t, &tc.Config)
}
// Modify the config, if present
if f := tc.ConfigMod; f != nil {
f(t, &tc.Config)
}

// Use a default intraservice claim if not set.
if tc.Claims == nil {
tc.Claims = &defaultClaims
}
// Use a default intraservice claim if not set.
if tc.Claims == nil {
tc.Claims = &defaultClaims
}

// Create a client that has auth according to the config.
c, authed, err := tc.Config.Client(nil, tc.Claims)
if err != nil {
t.Error(err)
}
t.Logf("authed: %v", authed)
// Create a client that has auth according to the config.
c, authed, err := tc.Config.Client(nil, tc.Claims)
if err != nil {
t.Error(err)
}
t.Logf("authed: %v", authed)

// Make the request.
res, err := c.Get(srv.URL)
if err != nil {
t.Fatal(err)
}
defer res.Body.Close()
wantStatus := http.StatusOK
if tc.ShouldFail {
wantStatus = http.StatusUnauthorized
}
t.Logf("status code: %v", res.StatusCode)
if res.StatusCode != wantStatus {
t.Fail()
}
var buf bytes.Buffer
if _, err := io.Copy(&buf, res.Body); err != nil {
t.Error(err)
}
// Make the request.
res, err := c.Get(srv.URL)
if err != nil {
t.Fatal(err)
}
defer res.Body.Close()
wantStatus := http.StatusOK
if tc.ShouldFail {
wantStatus = http.StatusUnauthorized
}
t.Logf("status code: %v", res.StatusCode)
if res.StatusCode != wantStatus {
t.Fail()
}
var buf bytes.Buffer
if _, err := io.Copy(&buf, res.Body); err != nil {
t.Error(err)
}

// Compare the nonce.
got, want := buf.String(), nonce
t.Logf("http request, got: %q want: %q", got, want)
if got != want && !tc.ShouldFail {
t.Fail()
// Compare the nonce.
got, want := buf.String(), nonce
t.Logf("http request, got: %q want: %q", got, want)
if got != want && !tc.ShouldFail {
t.Fail()
}
}
}

// TestAuth tests configuring both http server and client.
func TestAuth(t *testing.T) {
var fakeKey = []byte("deadbeef")
fakeKey := []byte("deadbeef")
tt := []authTestcase{
{Name: "None"},
{
Expand Down Expand Up @@ -147,7 +155,7 @@ func TestAuth(t *testing.T) {
},
},
ShouldFail: true,
ConfigMod: func(t *testing.T, cfg *config.Config) { cfg.Auth.PSK.Key = []byte("badbeef") },
ConfigMod: func(_ *testing.T, cfg *config.Config) { cfg.Auth.PSK.Key = []byte("badbeef") },
},
{
Name: "FakeKeyserverFail",
Expand All @@ -160,7 +168,7 @@ func TestAuth(t *testing.T) {
},
},
ShouldFail: true,
ConfigMod: func(t *testing.T, cfg *config.Config) { cfg.Auth.Keyserver = nil },
ConfigMod: func(_ *testing.T, cfg *config.Config) { cfg.Auth.Keyserver = nil },
},
{
Name: "PSKFail",
Expand All @@ -173,11 +181,12 @@ func TestAuth(t *testing.T) {
},
},
ShouldFail: true,
ConfigMod: func(t *testing.T, cfg *config.Config) { cfg.Auth.PSK = nil },
ConfigMod: func(_ *testing.T, cfg *config.Config) { cfg.Auth.PSK = nil },
},
}

ctx := zlog.Test(context.Background(), t)
for _, tc := range tt {
t.Run(tc.Name, tc.Run)
t.Run(tc.Name, tc.Run(ctx))
}
}

0 comments on commit f7fdc90

Please sign in to comment.