From c557db08544f6ee551334f53005c3f45611b7444 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Tue, 10 Aug 2021 17:00:41 +1000 Subject: test: add zip for "group.auth" and update acceptance tests using this project. --- test/acceptance/artifacts_test.go | 3 +- test/acceptance/auth_test.go | 53 ++++++++++++++++++++----------- test/acceptance/helpers_test.go | 14 ++++---- test/acceptance/testdata/api_responses.go | 11 +++++++ 4 files changed, 53 insertions(+), 28 deletions(-) (limited to 'test') diff --git a/test/acceptance/artifacts_test.go b/test/acceptance/artifacts_test.go index 398b62a6..443fedbb 100644 --- a/test/acceptance/artifacts_test.go +++ b/test/acceptance/artifacts_test.go @@ -227,12 +227,11 @@ func TestPrivateArtifactProxyRequest(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - configFile, cleanup := defaultConfigFileWith(t, + configFile := defaultConfigFileWith(t, "gitlab-server="+testServer.URL, "artifacts-server="+artifactServerURL, "auth-redirect-uri=https://projects.gitlab-example.com/auth", tt.binaryOption) - defer cleanup() RunPagesProcessWithStubGitLabServer(t, withListeners([]ListenSpec{httpsListener}), diff --git a/test/acceptance/auth_test.go b/test/acceptance/auth_test.go index c6948c13..4dceaad0 100644 --- a/test/acceptance/auth_test.go +++ b/test/acceptance/auth_test.go @@ -15,8 +15,9 @@ import ( ) func TestWhenAuthIsDisabledPrivateIsNotAccessible(t *testing.T) { - teardown := RunPagesProcess(t, *pagesBinary, supportedListeners(), "", "") - defer teardown() + RunPagesProcessWithStubGitLabServer(t, + withListeners([]ListenSpec{httpListener}), + ) rsp, err := GetPageFromListener(t, httpListener, "group.auth.gitlab-example.com", "private.project/") @@ -26,8 +27,7 @@ func TestWhenAuthIsDisabledPrivateIsNotAccessible(t *testing.T) { } func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") - defer teardown() + runPagesWithAuth(t, []ListenSpec{httpsListener}) rsp, err := GetRedirectPage(t, httpsListener, "group.auth.gitlab-example.com", "private.project/") @@ -57,8 +57,7 @@ func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { } func TestWhenAuthDeniedWillCauseUnauthorized(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") - defer teardown() + runPagesWithAuth(t, []ListenSpec{httpsListener}) rsp, err := GetPageFromListener(t, httpsListener, "projects.gitlab-example.com", "/auth?error=access_denied") @@ -68,8 +67,7 @@ func TestWhenAuthDeniedWillCauseUnauthorized(t *testing.T) { require.Equal(t, http.StatusUnauthorized, rsp.StatusCode) } func TestWhenLoginCallbackWithWrongStateShouldFail(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") - defer teardown() + runPagesWithAuth(t, []ListenSpec{httpsListener}) rsp, err := GetRedirectPage(t, httpsListener, "group.auth.gitlab-example.com", "private.project/") @@ -86,8 +84,7 @@ func TestWhenLoginCallbackWithWrongStateShouldFail(t *testing.T) { } func TestWhenLoginCallbackWithUnencryptedCode(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") - defer teardown() + runPagesWithAuth(t, []ListenSpec{httpsListener}) rsp, err := GetRedirectPage(t, httpsListener, "group.auth.gitlab-example.com", "private.project/") @@ -110,6 +107,7 @@ func TestWhenLoginCallbackWithUnencryptedCode(t *testing.T) { require.Equal(t, http.StatusInternalServerError, authrsp.StatusCode) } +// TODO: NEED TO MOVE THIS to handler in api_responses func handleAccessControlArtifactRequests(t *testing.T, w http.ResponseWriter, r *http.Request) bool { authorization := r.Header.Get("Authorization") @@ -175,21 +173,19 @@ func sleepIfAuthorized(t *testing.T, authorization string, w http.ResponseWriter } } -func TestAccessControlUnderCustomDomain(t *testing.T) { +func TestAccessControlUnderCustomDomainStandalone(t *testing.T) { skipUnlessEnabled(t, "not-inplace-chroot") - testServer := makeGitLabPagesAccessStub(t) - testServer.Start() - defer testServer.Close() - - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), testServer.URL, "https://public-gitlab-auth.com") - defer teardown() + // + //teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), testServer.URL, "https://public-gitlab-auth.com") + //defer teardown() + runPagesWithAuth(t, []ListenSpec{httpListener}) tests := map[string]struct { domain string path string }{ - "private_domain": { + "private_domain_only": { domain: "private.domain.com", path: "", }, @@ -722,3 +718,24 @@ func getValidCookieAndState(t *testing.T, domain string) (string, string) { return cookie, state } + +func runPagesWithAuth(t *testing.T, listeners []ListenSpec) { + t.Helper() + + testServer := makeGitLabPagesAccessStub(t) + testServer.Start() + t.Cleanup(testServer.Close) + + configFile := defaultConfigFileWith(t, + "internal-gitlab-server="+testServer.URL, + "gitlab-server=https://public-gitlab-auth.com", + "auth-redirect-uri=https://projects.gitlab-example.com/auth", + ) + + RunPagesProcessWithStubGitLabServer(t, + withListeners(listeners), + withArguments([]string{ + "-config=" + configFile, + }), + ) +} diff --git a/test/acceptance/helpers_test.go b/test/acceptance/helpers_test.go index a627cc00..20af4095 100644 --- a/test/acceptance/helpers_test.go +++ b/test/acceptance/helpers_test.go @@ -256,11 +256,10 @@ func RunPagesProcessWithStubGitLabServer(t *testing.T, opts ...processOption) *L } func RunPagesProcessWithAuth(t *testing.T, pagesBinary string, listeners []ListenSpec, internalServer string, publicServer string) func() { - configFile, cleanup := defaultConfigFileWith(t, + configFile := defaultConfigFileWith(t, "internal-gitlab-server="+internalServer, "gitlab-server="+publicServer, "auth-redirect-uri=https://projects.gitlab-example.com/auth") - defer cleanup() _, cleanup2 := runPagesProcess(t, true, pagesBinary, listeners, "", nil, "-config="+configFile, @@ -292,10 +291,9 @@ func RunPagesProcessWithGitlabServerWithSSLCertDir(t *testing.T, pagesBinary str } func runPagesProcessWithGitlabServer(t *testing.T, pagesBinary string, listeners []ListenSpec, promPort string, extraEnv []string, gitlabServer string) func() { - configFile, cleanup := defaultConfigFileWith(t, + configFile := defaultConfigFileWith(t, "gitlab-server="+gitlabServer, "auth-redirect-uri=https://projects.gitlab-example.com/auth") - defer cleanup() _, cleanup2 := runPagesProcess(t, true, pagesBinary, listeners, promPort, extraEnv, "-config="+configFile) @@ -720,7 +718,7 @@ func newConfigFile(t *testing.T, configs ...string) string { return f.Name() } -func defaultConfigFileWith(t *testing.T, configs ...string) (string, func()) { +func defaultConfigFileWith(t *testing.T, configs ...string) string { t.Helper() configs = append(configs, "auth-client-id=clientID", @@ -731,12 +729,12 @@ func defaultConfigFileWith(t *testing.T, configs ...string) (string, func()) { name := newConfigFile(t, configs...) - cleanup := func() { + t.Cleanup(func() { err := os.Remove(name) require.NoError(t, err) - } + }) - return name, cleanup + return name } func copyFile(dest, src string) error { diff --git a/test/acceptance/testdata/api_responses.go b/test/acceptance/testdata/api_responses.go index b36563bb..80e761d7 100644 --- a/test/acceptance/testdata/api_responses.go +++ b/test/acceptance/testdata/api_responses.go @@ -66,6 +66,17 @@ var DomainResponses = map[string]responseFn{ https: true, pathOnDisk: "group.https-only/project5", }), + "group.auth.gitlab-example.com": generateVirtualDomainFromDir("group.auth", "group.auth.gitlab-example.com", map[string]projectConfig{ + "/private.project": { + projectID: 1005, + accessControl: true, + }, + }), + "private.domain.com": customDomain(projectConfig{ + projectID: 1006, + accessControl: true, + pathOnDisk: "group.auth/private.project", + }), // NOTE: before adding more domains here, generate the zip archive by running (per project) // make zip PROJECT_SUBDIR=group/serving // make zip PROJECT_SUBDIR=group/project2 -- cgit v1.2.3