def test_if_iam_broken_resp_code_is_handled(
self,
master_ar_process_perclass,
valid_user_header,
mocker,
):
mocker.send_command(
endpoint_id='http://127.0.0.1:8101',
func_name='always_bork',
aux_data=True,
)
log_messages = {
'UID from the valid DC/OS authentication token: `bozydar`':
SearchCriteria(1, True),
"Unexpected response from IAM: ":
SearchCriteria(1, True),
}
assert_endpoint_response(
master_ar_process_perclass,
EXHIBITOR_PATH,
500,
assert_stderr=log_messages,
headers=valid_user_header,
)
def test_if_broken_mesos_does_not_break_marathon_cache(
self, nginx_class, mocker, valid_user_header):
filter_regexp = {
'Mesos state request failed: invalid response status: 500':
SearchCriteria(1, True),
'Marathon apps cache has been successfully updated':
SearchCriteria(1, True),
}
# Break marathon
mocker.send_command(endpoint_id='http://127.0.0.2:5050',
func_name='always_bork',
aux_data=True)
ar = nginx_class()
url = ar.make_url_from_path('/service/scheduler-alwaysthere/bar/baz')
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
timeout=(CACHE_FIRST_POLL_DELAY + 1),
line_buffer=ar.stderr_line_buffer)
resp = requests.get(url,
allow_redirects=False,
headers=valid_user_header)
lbf.scan_log_buffer()
assert resp.status_code == 200
req_data = resp.json()
assert req_data['endpoint_id'] == 'http://127.0.0.1:16000'
assert lbf.extra_matches == {}
def test_if_broken_marathon_does_not_break_mesos_cache(
self, nginx_class, mocker, valid_user_header):
filter_regexp = {
'Marathon app request failed: invalid response status: 500':
SearchCriteria(1, True),
'Mesos state cache has been successfully updated':
SearchCriteria(1, True),
}
# Break marathon
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='always_bork',
aux_data=True)
ar = nginx_class()
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
timeout=(CACHE_FIRST_POLL_DELAY + 1),
line_buffer=ar.stderr_line_buffer)
ping_mesos_agent(ar, valid_user_header)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_missing_mesos_leader_entry_is_handled(self, nginx_class,
valid_user_header,
dns_server_mock):
filter_regexp = {
'Failed to instantiate the resolver':
SearchCriteria(0, True),
'DNS server returned error code':
SearchCriteria(1, True),
'`Mesos Leader` state cache has been successfully updated':
SearchCriteria(0, True),
}
ar = nginx_class()
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
line_buffer=ar.stderr_line_buffer)
# Unfortunatelly there are upstreams that use `leader.mesos` and
# removing this entry too early will result in Nginx failing to start.
# So we need to do it right after nginx starts, but before first
# cache update.
time.sleep(1)
dns_server_mock.remove_dns_entry('leader.mesos.')
# Now let's trigger the cache update:
ping_mesos_agent(ar, valid_user_header)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_public_ip_detect_script_failue_is_handled(
self, master_ar_process_perclass, valid_user_header):
url = master_ar_process_perclass.make_url_from_path('/metadata')
filter_regexp = {
'Traceback \(most recent call last\):':
SearchCriteria(1, True),
("FileNotFoundError: \[Errno 2\] No such file or directory:"
" '/usr/local/detect_ip_public_data.txt'"):
SearchCriteria(1, True),
}
lbf = LineBufferFilter(
filter_regexp,
line_buffer=master_ar_process_perclass.stderr_line_buffer)
with lbf, overridden_file_content(
'/usr/local/detect_ip_public_data.txt'):
os.unlink('/usr/local/detect_ip_public_data.txt')
resp = requests.get(url,
allow_redirects=False,
headers=valid_user_header)
assert resp.status_code == 200
assert lbf.extra_matches == {}
resp_data = resp.json()
assert resp_data['PUBLIC_IPV4'] == "127.0.0.1"
def test_if_broken_marathon_causes_marathon_cache_to_expire_and_requests_to_fail(
self, nginx_class, mocker, superuser_user_header):
filter_regexp = {
'Marathon app request failed: invalid response status: 500':
SearchCriteria(1, False),
'Mesos state cache has been successfully updated':
SearchCriteria(2, False),
'Cache entry `svcapps` is too old, aborting request':
SearchCriteria(1, True),
}
ar = nginx_class(
cache_max_age_soft_limit=3,
cache_max_age_hard_limit=4,
cache_expiration=2,
cache_poll_period=3,
)
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='enable_nginx_app')
url = ar.make_url_from_path('/service/nginx-enabled/foo/bar/')
with GuardedSubprocess(ar):
# Register Line buffer filter:
lbf = LineBufferFilter(
filter_regexp,
timeout=5, # Just to give LBF enough time
line_buffer=ar.stderr_line_buffer)
# Trigger cache update by issuing request:
resp = requests.get(url,
allow_redirects=False,
headers=superuser_user_header)
assert resp.status_code == 200
# Break marathon
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='always_bork',
aux_data=True)
# Wait for the cache to be old enough to be discarded by AR:
# cache_max_age_hard_limit + 1s for good measure
# must be more than cache_poll_period
time.sleep(4 + 1)
# Perform the main/test request:
resp = requests.get(url,
allow_redirects=False,
headers=superuser_user_header)
assert resp.status_code == 503
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_cache_refresh_occurs_regularly(self, nginx_class, mocker,
valid_user_header):
filter_regexp = {
'Executing cache refresh triggered by timer':
SearchCriteria(3, False),
'Cache `[\s\w]+` expired. Refresh.':
SearchCriteria(8, True),
'Mesos state cache has been successfully updated':
SearchCriteria(3, True),
'Marathon apps cache has been successfully updated':
SearchCriteria(3, True),
'Marathon leader cache has been successfully updated':
SearchCriteria(3, True),
}
cache_poll_period = 4
# Enable recording for marathon
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='record_requests')
# Enable recording for mesos
mocker.send_command(endpoint_id='http://127.0.0.2:5050',
func_name='record_requests')
# Make regular polling occur faster than usual to speed up the tests.
ar = nginx_class(cache_poll_period=cache_poll_period,
cache_expiration=3)
# In total, we should get three cache updates in given time frame:
timeout = CACHE_FIRST_POLL_DELAY + cache_poll_period * 2 + 1
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
timeout=timeout,
line_buffer=ar.stderr_line_buffer)
lbf.scan_log_buffer()
# Do a request that uses cache so that we can verify that data was
# in fact cached and no more than one req to mesos/marathon
# backends were made
ping_mesos_agent(ar, valid_user_header)
mesos_requests = mocker.send_command(
endpoint_id='http://127.0.0.2:5050',
func_name='get_recorded_requests')
marathon_requests = mocker.send_command(
endpoint_id='http://127.0.0.1:8080',
func_name='get_recorded_requests')
assert lbf.extra_matches == {}
assert len(mesos_requests) == 3
assert len(marathon_requests) == 6
def test_if_cache_refresh_is_triggered_by_request(self, nginx_class,
mocker,
valid_user_header):
"""...right after Nginx has started."""
filter_regexp = {
'Executing cache refresh triggered by request':
SearchCriteria(1, True),
'Cache `[\s\w]+` empty. Fetching.':
SearchCriteria(3, True),
'Mesos state cache has been successfully updated':
SearchCriteria(1, True),
'Marathon apps cache has been successfully updated':
SearchCriteria(1, True),
'Marathon leader cache has been successfully updated':
SearchCriteria(1, True),
}
# Enable recording for marathon
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='record_requests')
# Enable recording for mesos
mocker.send_command(endpoint_id='http://127.0.0.2:5050',
func_name='record_requests')
# Make sure that timers will not interfere:
ar = nginx_class(cache_first_poll_delay=120,
cache_poll_period=120,
cache_expiration=115)
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
timeout=5,
line_buffer=ar.stderr_line_buffer)
ping_mesos_agent(ar, valid_user_header)
lbf.scan_log_buffer()
# Do an extra request so that we can verify that data was in fact
# cached and no more than one req to mesos/marathon backends were
# made
ping_mesos_agent(ar, valid_user_header)
mesos_requests = mocker.send_command(
endpoint_id='http://127.0.0.2:5050',
func_name='get_recorded_requests')
marathon_requests = mocker.send_command(
endpoint_id='http://127.0.0.1:8080',
func_name='get_recorded_requests')
assert lbf.extra_matches == {}
assert len(mesos_requests) == 1
assert len(marathon_requests) == 2
def test_if_temp_marathon_borkage_does_not_disrupt_caching(
self, nginx_class, mocker, valid_user_header):
filter_regexp = {
'Marathon app request failed: invalid response status: 500':
SearchCriteria(1, False),
'Mesos state cache has been successfully updated':
SearchCriteria(2, False),
'Using stale `svcapps` cache entry to fulfill the request':
SearchCriteria(1, True),
}
ar = nginx_class(
cache_max_age_soft_limit=3,
cache_max_age_hard_limit=1200,
cache_expiration=2,
cache_poll_period=3,
)
url = ar.make_url_from_path('/service/scheduler-alwaysthere/foo/bar/')
with GuardedSubprocess(ar):
# Register Line buffer filter:
lbf = LineBufferFilter(
filter_regexp,
timeout=5, # Just to give LBF enough time
line_buffer=ar.stderr_line_buffer)
# Trigger cache update by issuing request:
resp = requests.get(url,
allow_redirects=False,
headers=valid_user_header)
assert resp.status_code == 200
# Break marathon
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='always_bork',
aux_data=True)
# Wait for the cache to be old enough to be considered stale by AR:
# cache_max_age_soft_limit + 1s for a good measure
time.sleep(3 + 1)
# Perform the main/test request:
resp = requests.get(url,
allow_redirects=False,
headers=valid_user_header)
assert resp.status_code == 200
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_invalid_auth_token_in_cookie(self, master_ar_process_perclass):
log_messages = {
"No auth token in request.": SearchCriteria(0, True),
"Invalid token. Reason: invalid jwt string":
SearchCriteria(1, True),
}
assert_endpoint_response(
master_ar_process_perclass,
EXHIBITOR_PATH,
401,
assert_stderr=log_messages,
cookies={"dcos-acs-auth-cookie": "invalid"},
)
def test_if_var_is_verified(self, invalid_ip, nginx_class, mocker):
filter_regexp = {
'Local Mesos Master IP: unknown': SearchCriteria(1, True),
'HOST_IP var is not a valid ipv4: {}'.format(invalid_ip):
SearchCriteria(1, True),
}
ar = nginx_class(host_ip=invalid_ip)
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
line_buffer=ar.stderr_line_buffer)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_upstream_wrong_json(self, nginx_class, mocker, valid_user_header):
filter_regexp = {
"Cannot decode Marathon apps JSON: ": SearchCriteria(1, True),
}
ar = nginx_class()
# Set wrong non-json response content
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='set_encoded_response',
aux_data=b"wrong response")
url = ar.make_url_from_path('/service/scheduler-alwaysthere/foo/bar/')
with GuardedSubprocess(ar):
# Register Line buffer filter:
lbf = LineBufferFilter(
filter_regexp,
timeout=5, # Just to give LBF enough time
line_buffer=ar.stderr_line_buffer)
# Trigger cache update by issuing request:
resp = requests.get(url,
allow_redirects=False,
headers=valid_user_header)
assert "cache state is invalid" in resp.content.decode('utf-8')
assert resp.status_code == 503
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_valid_auth_token_in_cookie(self, master_ar_process, valid_jwt_generator):
log_messages = {
"No auth token in request.": SearchCriteria(0, True),
"Invalid token. Reason: invalid jwt string":
SearchCriteria(0, True),
"UID from valid JWT: `test`": SearchCriteria(1, True),
}
token = valid_jwt_generator(uid='test')
assert_endpoint_response(
master_ar_process,
EXHIBITOR_PATH,
200,
assert_stderr=log_messages,
cookies={"dcos-acs-auth-cookie": token},
)
def test_auth_token_not_provided(self, master_ar_process_perclass):
log_messages = {
"No auth token in request.": SearchCriteria(1, True),
}
assert_endpoint_response(
master_ar_process_perclass, EXHIBITOR_PATH, 401, assert_stderr=log_messages)
def test_if_default_scheme_is_honoured_by_agent_endpoint(
self, nginx_class, mocker, superuser_user_header):
filter_regexp = {'Default scheme: https://': SearchCriteria(1, False)}
ar = nginx_class(default_scheme="https://")
agent_id = '35f210bb-bb58-4559-9932-b62619e72b6d-S0'
url_good = ar.make_url_from_path(
'/agent/{}/blah/blah'.format(agent_id))
agent_id = 'de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1'
url_bad = ar.make_url_from_path('/agent/{}/blah/blah'.format(agent_id))
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
line_buffer=ar.stderr_line_buffer)
resp = requests.get(url_bad,
allow_redirects=False,
headers=superuser_user_header)
assert resp.status_code == 502
resp = requests.get(url_good,
allow_redirects=False,
headers=superuser_user_header)
assert resp.status_code == 200
req_data = resp.json()
assert req_data['endpoint_id'] == 'https://127.0.0.1:15401'
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_default_scheme_is_honoured_by_agent_endpoint(
self, nginx_class, mocker, valid_user_header):
filter_regexp = {'Default scheme: https://': SearchCriteria(1, False)}
ar = nginx_class(default_scheme="https://")
agent_id = AGENT3_ID
url_good = ar.make_url_from_path('/agent/{}/blah/blah'.format(agent_id))
agent_id = AGENT1_ID
url_bad = ar.make_url_from_path('/agent/{}/blah/blah'.format(agent_id))
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
line_buffer=ar.stderr_line_buffer)
resp = requests.get(url_bad,
allow_redirects=False,
headers=valid_user_header)
assert resp.status_code == 502
resp = requests.get(url_good,
allow_redirects=False,
headers=valid_user_header)
assert resp.status_code == 200
req_data = resp.json()
assert req_data['endpoint_id'] == 'https://127.0.0.1:15401'
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_valid_auth_attempt_is_logged_correctly(
self, master_ar_process, valid_jwt_generator, mocker):
# Create some random, unique user that we can grep for:
uid = 'some_random_string_abc213421341'
mocker.send_command(endpoint_id='http://127.0.0.1:8101',
func_name='add_user',
aux_data={'uid': uid})
filter_regexp = {
'validate_jwt_or_exit\(\): UID from valid JWT: `{}`'.format(uid):
SearchCriteria(1, False)}
lbf = LineBufferFilter(filter_regexp,
line_buffer=master_ar_process.stderr_line_buffer)
# Create token for this user:
token = valid_jwt_generator(uid)
header = {'Authorization': 'token={}'.format(token)}
url = master_ar_process.make_url_from_path()
with lbf:
resp = requests.get(url,
allow_redirects=False,
headers=header)
assert resp.status_code == 200
assert lbf.extra_matches == {}
def test_if_first_cache_refresh_occurs_earlier(self, nginx_class, mocker,
valid_user_header):
filter_regexp = {
'Executing cache refresh triggered by timer':
SearchCriteria(1, False),
'Cache `[\s\w]+` empty. Fetching.':
SearchCriteria(3, True),
'Mesos state cache has been successfully updated':
SearchCriteria(1, True),
'Marathon apps cache has been successfully updated':
SearchCriteria(1, True),
'Marathon leader cache has been successfully updated':
SearchCriteria(1, True),
}
# Enable recording for marathon
mocker.send_command(endpoint_id='http://127.0.0.1:8080',
func_name='record_requests')
# Enable recording for Mesos
mocker.send_command(endpoint_id='http://127.0.0.2:5050',
func_name='record_requests')
# Make regular polling occur later than usual, so that we get clear
# results.
ar = nginx_class(cache_poll_period=60, cache_expiration=55)
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
timeout=(CACHE_FIRST_POLL_DELAY + 1),
line_buffer=ar.stderr_line_buffer)
lbf.scan_log_buffer()
# Do a request that uses cache so that we can verify that data was
# in fact cached and no more than one req to mesos/marathon
# backends were made
ping_mesos_agent(ar, valid_user_header)
mesos_requests = mocker.send_command(
endpoint_id='http://127.0.0.2:5050',
func_name='get_recorded_requests')
marathon_requests = mocker.send_command(
endpoint_id='http://127.0.0.1:8080',
func_name='get_recorded_requests')
assert lbf.extra_matches == {}
assert len(mesos_requests) == 1
assert len(marathon_requests) == 2
def test_if_mesos_leader_locality_is_resolved(self, nginx_class,
valid_user_header,
dns_server_mock):
cache_poll_period = 4
nonlocal_leader_ip = "127.0.0.3"
local_leader_ip = "127.0.0.2"
filter_regexp_pre = {
'Failed to instantiate the resolver':
SearchCriteria(0, True),
'Mesos Leader is non-local: `{}`'.format(nonlocal_leader_ip):
SearchCriteria(1, True),
'Local Mesos Master IP address is unknown, cache entry is unusable':
SearchCriteria(0, True),
'`Mesos Leader` state cache has been successfully updated':
SearchCriteria(1, True),
}
filter_regexp_post = {
'Failed to instantiate the resolver':
SearchCriteria(0, True),
'Mesos Leader is local':
SearchCriteria(1, True),
'Local Mesos Master IP address is unknown, cache entry is unusable':
SearchCriteria(0, True),
'`Mesos Leader` state cache has been successfully updated':
SearchCriteria(1, True),
}
dns_server_mock.set_dns_entry('leader.mesos.', ip=nonlocal_leader_ip)
ar = nginx_class(cache_poll_period=cache_poll_period,
cache_expiration=3)
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp_pre,
line_buffer=ar.stderr_line_buffer)
# Just trigger the cache update:
ping_mesos_agent(ar, valid_user_header)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
dns_server_mock.set_dns_entry('leader.mesos.', ip=local_leader_ip)
# First poll (2s) + normal poll interval(4s) < 2 * normal poll
# interval(4s)
time.sleep(cache_poll_period * 2)
lbf = LineBufferFilter(filter_regexp_post,
line_buffer=ar.stderr_line_buffer)
# Just trigger the cache update:
ping_mesos_agent(ar, valid_user_header)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_unset_hostip_var_is_handled(self, nginx_class, valid_user_header):
filter_regexp = {
'Local Mesos Master IP address is unknown, cache entry is unusable':
SearchCriteria(1, True),
'`Mesos Leader` state cache has been successfully updated':
SearchCriteria(1, True),
}
ar = nginx_class(host_ip=None)
with GuardedSubprocess(ar):
lbf = LineBufferFilter(filter_regexp,
line_buffer=ar.stderr_line_buffer)
# Just trigger the cache update:
ping_mesos_agent(ar, valid_user_header)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_if_broken_mesos_causes_mesos_cache_to_expire_and_requests_to_fail(
self, nginx_class, mocker, valid_user_header):
filter_regexp = {
'Mesos state request failed: invalid response status: 500':
SearchCriteria(1, False),
'Marathon apps cache has been successfully updated':
SearchCriteria(2, False),
'Cache entry `mesosstate` is too old, aborting request':
SearchCriteria(1, True),
}
ar = nginx_class(
cache_poll_period=3,
cache_expiration=2,
cache_max_age_soft_limit=3,
cache_max_age_hard_limit=4,
)
with GuardedSubprocess(ar):
# Register Line buffer filter:
lbf = LineBufferFilter(
filter_regexp,
timeout=5, # Just to give LBF enough time
line_buffer=ar.stderr_line_buffer)
# Trigger cache update using a request:
ping_mesos_agent(ar, valid_user_header)
# Break mesos
mocker.send_command(endpoint_id='http://127.0.0.2:5050',
func_name='always_bork',
aux_data=True)
# Wait for the cache to be old enough to be discarded by AR:
# cache_max_age_hard_limit + 1s for good measure
# must be more than cache_poll_period
time.sleep(4 + 1)
# Perform the main/test request:
ping_mesos_agent(ar, valid_user_header, expect_status=503)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_valid_auth_token_in_cookie(self, master_ar_process_perclass,
jwt_generator):
log_messages = {
"No auth token in request.":
SearchCriteria(0, True),
"Invalid token. Reason: invalid jwt string":
SearchCriteria(0, True),
"UID from the valid DC/OS authentication token: `test`":
SearchCriteria(1, True),
}
token = jwt_generator(uid='test')
assert_endpoint_response(
master_ar_process_perclass,
EXHIBITOR_PATH,
200,
assert_error_log=log_messages,
cookies={"dcos-acs-auth-cookie": token},
)
def test_if_temp_mesos_borkage_does_not_dirupt_caching(
self, nginx_class, mocker, valid_user_header):
filter_regexp = {
'Mesos state request failed: invalid response status: 500':
SearchCriteria(1, False),
'Marathon apps cache has been successfully updated':
SearchCriteria(2, False),
'Using stale `mesosstate` cache entry to fulfill the request':
SearchCriteria(1, True),
}
ar = nginx_class(
cache_poll_period=3,
cache_expiration=2,
cache_max_age_soft_limit=3,
cache_max_age_hard_limit=1800,
)
with GuardedSubprocess(ar):
# Register Line buffer filter:
lbf = LineBufferFilter(
filter_regexp,
timeout=5, # Just to give LBF enough time
line_buffer=ar.stderr_line_buffer)
# Trigger cache update using a request:
ping_mesos_agent(ar, valid_user_header)
# Break mesos
mocker.send_command(endpoint_id='http://127.0.0.2:5050',
func_name='always_bork',
aux_data=True)
# Wait for the cache to be old enough to become stale:
# cache_max_age_soft_limit + 1s for good measure
time.sleep(3 + 1)
# Perform the main/test request:
ping_mesos_agent(ar, valid_user_header, expect_status=200)
lbf.scan_log_buffer()
assert lbf.extra_matches == {}
def test_app_without_labels(
self, nginx_class, mocker, superuser_user_header):
app = self._nginx_alwaysthere_app()
app.pop("labels", None)
filter_regexp = {
"Labels not found in app '{}'".format(app["id"]): SearchCriteria(1, True),
}
self.assert_filter_regexp_for_invalid_app(
filter_regexp, app, nginx_class, mocker, superuser_user_header)
def test_valid_auth_token_priority(
self,
master_ar_process_perclass,
valid_user_header,
jwt_generator,
):
log_messages = {
"uid=bozydar": SearchCriteria(1, True),
"uid=test": SearchCriteria(0, True),
}
token = jwt_generator(uid='test')
assert_endpoint_response(
master_ar_process_perclass,
EXHIBITOR_PATH,
200,
assert_error_log=log_messages,
headers=valid_user_header,
cookies={"dcos-acs-auth-cookie": token},
)
def test_valid_auth_token(self, master_ar_process_perclass, valid_user_header):
log_messages = {
"uid=bozydar": SearchCriteria(1, True),
}
assert_endpoint_response(
master_ar_process_perclass,
EXHIBITOR_PATH,
200,
assert_error_log=log_messages,
headers=valid_user_header,
)
def test_valid_auth_token_priority(
self,
master_ar_process,
valid_user_header,
valid_jwt_generator,
):
log_messages = {
"UID from valid JWT: `bozydar`": SearchCriteria(1, True),
"UID from valid JWT: `test`": SearchCriteria(0, True),
}
token = valid_jwt_generator(uid='test')
assert_endpoint_response(
master_ar_process,
EXHIBITOR_PATH,
200,
assert_stderr=log_messages,
headers=valid_user_header,
cookies={"dcos-acs-auth-cookie": token},
)
def test_valid_auth_token(self, master_ar_process, valid_user_header):
log_messages = {
"UID from valid JWT: `bozydar`": SearchCriteria(1, True),
}
assert_endpoint_response(
master_ar_process,
EXHIBITOR_PATH,
200,
assert_stderr=log_messages,
headers=valid_user_header,
)
def test_if_unknown_user_is_forbidden_access(self, mocker,
master_ar_process, path,
valid_user_header):
log_messages = {'User not found: `bozydar`': SearchCriteria(1, True)}
with iam_denies_all_requests(mocker):
with assert_iam_queried_for_uid(mocker, 'bozydar'):
assert_endpoint_response(master_ar_process,
path,
401,
headers=valid_user_header,
assert_stderr=log_messages)
def test_valid_auth_token_in_cookie_with_null_uid(
self,
master_ar_process_perclass,
jwt_generator,
):
log_messages = {
"No auth token in request.": SearchCriteria(0, True),
"Invalid token. Reason: invalid jwt string":
SearchCriteria(0, True),
"Unexpected token payload: missing uid.": SearchCriteria(1, True),
}
token = jwt_generator(uid=None)
assert_endpoint_response(
master_ar_process_perclass,
EXHIBITOR_PATH,
401,
assert_stderr=log_messages,
cookies={"dcos-acs-auth-cookie": token},
)
