mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 05:45:46 +00:00
2af6bc434a
* # This is a combination of 9 commits. # This is the 1st commit message: init without tests # This is the commit message #2: change log # This is the commit message #3: fix tests # This is the commit message #4: fix tests # This is the commit message #5: added tests # This is the commit message #6: change log breaking change # This is the commit message #7: removed breaking change # This is the commit message #8: fix test # This is the commit message #9: keeping the test behaviour same * # This is a combination of 12 commits. # This is the 1st commit message: init without tests # This is the commit message #2: change log # This is the commit message #3: fix tests # This is the commit message #4: fix tests # This is the commit message #5: added tests # This is the commit message #6: change log breaking change # This is the commit message #7: removed breaking change # This is the commit message #8: fix test # This is the commit message #9: keeping the test behaviour same # This is the commit message #10: made enable debug atomic bool # This is the commit message #11: fix lint # This is the commit message #12: fix test true enable debug * parent 10f500e895d92cc3691ade7b74a33db755d22039 author absolutelightning <ashesh.vidyut@hashicorp.com> 1687352587 +0530 committer absolutelightning <ashesh.vidyut@hashicorp.com> 1687352592 +0530 init without tests change log fix tests fix tests added tests change log breaking change removed breaking change fix test keeping the test behaviour same made enable debug atomic bool fix lint fix test true enable debug using enable debug in agent as atomic bool test fixes fix tests fix tests added update on correct locaiton fix tests fix reloadable config enable debug fix tests fix init and acl 403 * revert commit
227 lines
5.6 KiB
Go
227 lines
5.6 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package agent
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/hashicorp/consul/testrpc"
|
|
)
|
|
|
|
// extra endpoints that should be tested, and their allowed methods
|
|
var extraTestEndpoints = map[string][]string{
|
|
"/v1/query": {"GET", "POST"},
|
|
"/v1/query/": {"GET", "PUT", "DELETE"},
|
|
"/v1/query/xxx/execute": {"GET"},
|
|
"/v1/query/xxx/explain": {"GET"},
|
|
}
|
|
|
|
// These endpoints are ignored in unit testing for response codes
|
|
var ignoredEndpoints = []string{"/v1/status/peers", "/v1/agent/monitor", "/v1/agent/reload"}
|
|
|
|
// These have custom logic
|
|
var customEndpoints = []string{"/v1/query", "/v1/query/"}
|
|
|
|
// includePathInTest returns whether this path should be ignored for the purpose of testing its response code
|
|
func includePathInTest(path string) bool {
|
|
ignored := false
|
|
for _, p := range ignoredEndpoints {
|
|
if p == path {
|
|
ignored = true
|
|
break
|
|
}
|
|
}
|
|
for _, p := range customEndpoints {
|
|
if p == path {
|
|
ignored = true
|
|
break
|
|
}
|
|
}
|
|
|
|
return !ignored
|
|
}
|
|
|
|
func newHttpClient(timeout time.Duration) *http.Client {
|
|
return &http.Client{
|
|
Timeout: timeout,
|
|
Transport: &http.Transport{
|
|
Dial: (&net.Dialer{
|
|
Timeout: timeout,
|
|
}).Dial,
|
|
TLSHandshakeTimeout: timeout,
|
|
},
|
|
}
|
|
}
|
|
|
|
func TestHTTPAPI_MethodNotAllowed_OSS(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("too slow for testing.Short")
|
|
}
|
|
|
|
// To avoid actually triggering RPCs that are allowed, lock everything down
|
|
// with default-deny ACLs. This drops the test runtime from 11s to 0.6s.
|
|
a := NewTestAgent(t, `
|
|
primary_datacenter = "dc1"
|
|
acl {
|
|
enabled = true
|
|
default_policy = "deny"
|
|
tokens {
|
|
initial_management = "sekrit"
|
|
agent = "sekrit"
|
|
}
|
|
}
|
|
`)
|
|
defer a.Shutdown()
|
|
// Use the initial management token here so the wait actually works.
|
|
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("sekrit"))
|
|
|
|
all := []string{"GET", "PUT", "POST", "DELETE", "HEAD", "OPTIONS"}
|
|
|
|
client := newHttpClient(15 * time.Second)
|
|
|
|
testMethodNotAllowed := func(t *testing.T, method string, path string, allowedMethods []string) {
|
|
t.Run(method+" "+path, func(t *testing.T) {
|
|
uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), path)
|
|
req, _ := http.NewRequest(method, uri, nil)
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
t.Fatal("client.Do failed: ", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
allowed := method == "OPTIONS"
|
|
for _, allowedMethod := range allowedMethods {
|
|
if allowedMethod == method {
|
|
allowed = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if allowed && resp.StatusCode == http.StatusMethodNotAllowed {
|
|
t.Fatalf("method allowed: got status code %d want any other code", resp.StatusCode)
|
|
}
|
|
if !allowed && resp.StatusCode != http.StatusMethodNotAllowed {
|
|
t.Fatalf("method not allowed: got status code %d want %d", resp.StatusCode, http.StatusMethodNotAllowed)
|
|
}
|
|
})
|
|
}
|
|
|
|
for path, methods := range extraTestEndpoints {
|
|
for _, method := range all {
|
|
testMethodNotAllowed(t, method, path, methods)
|
|
}
|
|
}
|
|
|
|
for path, methods := range allowedMethods {
|
|
if includePathInTest(path) {
|
|
for _, method := range all {
|
|
testMethodNotAllowed(t, method, path, methods)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestHTTPAPI_OptionMethod_OSS(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("too slow for testing.Short")
|
|
}
|
|
|
|
a := NewTestAgent(t, `acl_datacenter = "dc1"`)
|
|
defer a.Shutdown()
|
|
testrpc.WaitForTestAgent(t, a.RPC, "dc1")
|
|
|
|
testOptionMethod := func(path string, methods []string) {
|
|
t.Run("OPTIONS "+path, func(t *testing.T) {
|
|
uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), path)
|
|
req, _ := http.NewRequest("OPTIONS", uri, nil)
|
|
resp := httptest.NewRecorder()
|
|
a.enableDebug.Store(true)
|
|
a.srv.handler().ServeHTTP(resp, req)
|
|
allMethods := append([]string{"OPTIONS"}, methods...)
|
|
|
|
if resp.Code != http.StatusOK {
|
|
t.Fatalf("options request: got status code %d want %d", resp.Code, http.StatusOK)
|
|
}
|
|
|
|
optionsStr := resp.Header().Get("Allow")
|
|
if optionsStr == "" {
|
|
t.Fatalf("options request: got empty 'Allow' header")
|
|
} else if optionsStr != strings.Join(allMethods, ",") {
|
|
t.Fatalf("options request: got 'Allow' header value of %s want %s", optionsStr, allMethods)
|
|
}
|
|
})
|
|
}
|
|
|
|
for path, methods := range extraTestEndpoints {
|
|
testOptionMethod(path, methods)
|
|
}
|
|
for path, methods := range allowedMethods {
|
|
if includePathInTest(path) {
|
|
testOptionMethod(path, methods)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestHTTPAPI_AllowedNets_OSS(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("too slow for testing.Short")
|
|
}
|
|
|
|
a := NewTestAgent(t, `
|
|
acl_datacenter = "dc1"
|
|
http_config {
|
|
allow_write_http_from = ["127.0.0.1/8"]
|
|
}
|
|
`)
|
|
defer a.Shutdown()
|
|
testrpc.WaitForTestAgent(t, a.RPC, "dc1")
|
|
|
|
testOptionMethod := func(path string, method string) {
|
|
t.Run(method+" "+path, func(t *testing.T) {
|
|
uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), path)
|
|
req, _ := http.NewRequest(method, uri, nil)
|
|
req.RemoteAddr = "192.168.1.2:5555"
|
|
resp := httptest.NewRecorder()
|
|
a.enableDebug.Store(true)
|
|
|
|
a.srv.handler().ServeHTTP(resp, req)
|
|
|
|
require.Equal(t, http.StatusForbidden, resp.Code, "%s %s", method, path)
|
|
})
|
|
}
|
|
|
|
for path, methods := range extraTestEndpoints {
|
|
if !includePathInTest(path) {
|
|
continue
|
|
}
|
|
for _, method := range methods {
|
|
if method == http.MethodGet {
|
|
continue
|
|
}
|
|
|
|
testOptionMethod(path, method)
|
|
}
|
|
}
|
|
for path, methods := range allowedMethods {
|
|
if !includePathInTest(path) {
|
|
continue
|
|
}
|
|
for _, method := range methods {
|
|
if method == http.MethodGet {
|
|
continue
|
|
}
|
|
|
|
testOptionMethod(path, method)
|
|
}
|
|
}
|
|
}
|