Skip to content

Commit

Permalink
fix for server change
Browse files Browse the repository at this point in the history 
server change: ingestion using POST /logstream/{logstream} is restricted
quest change: use ingest client to ingest in the test
  • Loading branch information
@nikhilsinhaparseable
nikhilsinhaparseable committed Sep 17, 2024
1 parent 7961181 commit cd38210
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 29 deletions.
18 changes: 13 additions & 5 deletions quest_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,7 @@ func TestSmokeRbacBasic(t *testing.T) {
userClient := NewGlob.QueryClient
userClient.Username = "dummy"
userClient.Password = RegenPassword(t, NewGlob.QueryClient, "dummy")
checkAPIAccess(t, userClient, NewGlob.Stream, "editor")
checkAPIAccess(t, userClient, NewGlob.QueryClient, NewGlob.Stream, "editor")
DeleteUser(t, NewGlob.QueryClient, "dummy")
DeleteRole(t, NewGlob.QueryClient, "dummy")
}
Expand Down Expand Up @@ -474,11 +474,19 @@ func TestSmokeRoles(t *testing.T) {
AssertRole(t, NewGlob.QueryClient, tc.roleName, tc.body)
username := tc.roleName + "_user"
password := CreateUserWithRole(t, NewGlob.QueryClient, username, []string{tc.roleName})
var ingestClient HTTPClient
queryClient := NewGlob.QueryClient
queryClient.Username = username
queryClient.Password = password
if NewGlob.IngestorUrl.String() != "" {
ingestClient := NewGlob.IngestorClient
ingestClient.Username = username
ingestClient.Password = password
} else {
ingestClient = queryClient
}

userClient := NewGlob.QueryClient
userClient.Username = username
userClient.Password = password
checkAPIAccess(t, userClient, NewGlob.Stream, tc.roleName)
checkAPIAccess(t, queryClient, ingestClient, NewGlob.Stream, tc.roleName)
DeleteUser(t, NewGlob.QueryClient, username)
DeleteRole(t, NewGlob.QueryClient, tc.roleName)
})
Expand Down
48 changes: 24 additions & 24 deletions test_utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -485,78 +485,78 @@ func PutSingleEvent(t *testing.T, client HTTPClient, stream string) {
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))
}

func checkAPIAccess(t *testing.T, client HTTPClient, stream string, role string) {
func checkAPIAccess(t *testing.T, queryClient HTTPClient, ingestClient HTTPClient, stream string, role string) {
switch role {
case "editor":
// Check access to non-protected API
req, _ := client.NewRequest("GET", "liveness", nil)
response, err := client.Do(req)
req, _ := queryClient.NewRequest("GET", "liveness", nil)
response, err := queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Check access to protected API with access
req, _ = client.NewRequest("GET", "logstream", nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("GET", "logstream", nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Attempt to call protected API without access
req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

case "writer":
// Check access to non-protected API
req, _ := client.NewRequest("GET", "liveness", nil)
response, err := client.Do(req)
req, _ := queryClient.NewRequest("GET", "liveness", nil)
response, err := queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Check access to protected API with access
req, _ = client.NewRequest("GET", "logstream", nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("GET", "logstream", nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Attempt to call protected API without access
req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 403, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

case "reader":
// Check access to non-protected API
req, _ := client.NewRequest("GET", "liveness", nil)
response, err := client.Do(req)
req, _ := queryClient.NewRequest("GET", "liveness", nil)
response, err := queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Check access to protected API with access
req, _ = client.NewRequest("GET", "logstream", nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("GET", "logstream", nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Attempt to call protected API without access
req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 403, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

case "ingestor":
// Check access to non-protected API
req, _ := client.NewRequest("GET", "liveness", nil)
response, err := client.Do(req)
req, _ := queryClient.NewRequest("GET", "liveness", nil)
response, err := queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))

// Check access to protected API with access
PutSingleEvent(t, client, stream)
PutSingleEvent(t, ingestClient, stream)

// Attempt to call protected API without access
req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = client.Do(req)
req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil)
response, err = queryClient.Do(req)
require.NoErrorf(t, err, "Request failed: %s", err)
require.Equalf(t, 403, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body))
}
Expand Down

0 comments on commit cd38210

Please sign in to comment.