def test_if_upstream_headers_are_correct(self, master_ar_process,
valid_user_header):
generic_upstream_headers_verify_test(
master_ar_process,
valid_user_header,
'/system/health/v1/foo/bar',
)
def test_if_upstream_headers_are_correct(self, master_ar_process,
valid_user_header):
generic_upstream_headers_verify_test(
master_ar_process,
valid_user_header,
'/exhibitor/some/path',
)
def test_if_upstream_headers_are_correct(self, master_ar_process,
valid_user_header):
path = '/agent/de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1/logs/v1/foo/bar'
generic_upstream_headers_verify_test(
master_ar_process,
valid_user_header,
path,
)
def test_if_accept_encoding_header_is_removed_from_upstream_request(
self, master_ar_process_perclass, mocker, valid_user_header):
headers = copy.deepcopy(valid_user_header)
headers['Accept-Encoding'] = 'gzip'
generic_upstream_headers_verify_test(master_ar_process_perclass,
headers,
'/agent/de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1/',
assert_headers_absent=["Accept-Encoding"],
)
def test_if_accept_encoding_header_is_removed_from_upstream_request(
self, master_ar_process_perclass, mocker, valid_user_header):
headers = copy.deepcopy(valid_user_header)
headers['Accept-Encoding'] = 'gzip'
generic_upstream_headers_verify_test(master_ar_process_perclass,
headers,
'/service/scheduler-alwaysthere/foo/bar/',
assert_headers_absent=["Accept-Encoding"],
)
def test_if_websockets_conn_upgrade_is_supported(
self, master_ar_process_perclass, mocker, valid_user_header):
headers = copy.deepcopy(valid_user_header)
headers['Upgrade'] = 'WebSocket'
headers['Connection'] = 'upgrade'
generic_upstream_headers_verify_test(master_ar_process_perclass,
headers,
'/service/scheduler-alwaysthere/foo/bar/',
assert_headers=headers,
)
def test_if_websockets_conn_upgrade_is_supported(
self, master_ar_process_perclass, mocker, valid_user_header):
headers = copy.deepcopy(valid_user_header)
headers['Upgrade'] = 'WebSocket'
headers['Connection'] = 'upgrade'
generic_upstream_headers_verify_test(
master_ar_process_perclass,
headers,
'/service/scheduler-alwaysthere/foo/bar/',
assert_headers=headers,
)
def test_if_upstream_headers_are_correct(
self,
master_ar_process,
valid_user_header,
endpoint_type,
):
path_fmt = '/system/v1/leader/{}/foo/bar/bzzz'
generic_upstream_headers_verify_test(
master_ar_process,
valid_user_header,
path_fmt.format(endpoint_type),
)
def test_if_upstream_headers_are_correct(
self,
master_ar_process,
valid_user_header,
prefix,
):
path_fmt = '/system/v1/agent/de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1{}/foo/bar'
generic_upstream_headers_verify_test(
master_ar_process,
valid_user_header,
path_fmt.format(prefix),
)
def test_if_leader_is_local_state_is_handled(self, nginx_class,
valid_user_header):
ar = nginx_class()
path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism'
path_expected = '/foo/bar?a1=GET+param&a2=foobarism'
with GuardedSubprocess(ar):
generic_correct_upstream_dest_test(ar, valid_user_header,
path_sent,
"http://127.0.0.1:15055")
generic_correct_upstream_request_test(ar, valid_user_header,
path_sent, path_expected)
generic_upstream_headers_verify_test(ar, valid_user_header,
path_sent)
def test_if_upstream_headers_are_correct(self,
agent_ar_process,
valid_user_header):
accel_buff_header = {"X-Accel-Buffering": "TEST"}
req_headers = copy.deepcopy(valid_user_header)
req_headers.update(accel_buff_header)
generic_upstream_headers_verify_test(agent_ar_process,
req_headers,
'/system/v1/logs/v1/foo/bar',
assert_headers=accel_buff_header,
)
def test_if_upstream_headers_are_correct(self, agent_ar_process,
valid_user_header):
accel_buff_header = {"X-Accel-Buffering": "TEST"}
req_headers = copy.deepcopy(valid_user_header)
req_headers.update(accel_buff_header)
generic_upstream_headers_verify_test(
agent_ar_process,
req_headers,
'/system/v1/logs/v1/foo/bar',
assert_headers=accel_buff_header,
)
def test_if_leader_is_nonlocal_state_is_handled(self, nginx_class,
valid_user_header,
dns_server_mock):
ar = nginx_class()
path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism'
path_expected = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism'
dns_server_mock.set_dns_entry('leader.mesos.', ip='127.0.0.3')
with GuardedSubprocess(ar):
generic_correct_upstream_dest_test(ar, valid_user_header,
path_sent,
"http://127.0.0.3:80")
generic_correct_upstream_request_test(ar, valid_user_header,
path_sent, path_expected)
generic_upstream_headers_verify_test(
ar,
valid_user_header,
path_sent,
assert_headers={"DCOS-Forwarded": "true"})
def test_if_leader_is_local_state_is_handled(
self, nginx_class, valid_user_header):
ar = nginx_class()
path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism'
path_expected = '/foo/bar?a1=GET+param&a2=foobarism'
with GuardedSubprocess(ar):
generic_correct_upstream_dest_test(
ar,
valid_user_header,
path_sent,
"http://127.0.0.1:15055")
generic_correct_upstream_request_test(
ar,
valid_user_header,
path_sent,
path_expected)
generic_upstream_headers_verify_test(
ar,
valid_user_header,
path_sent)
def test_if_upstream_headers_are_correct(
self,
master_ar_process_perclass,
valid_user_header,
path,
pass_authheader,
):
if pass_authheader is True:
generic_upstream_headers_verify_test(master_ar_process_perclass,
valid_user_header,
path,
assert_headers=valid_user_header,
)
elif pass_authheader is False:
generic_upstream_headers_verify_test(
master_ar_process_perclass,
valid_user_header,
path,
assert_headers_absent=["Authorization"]
)
# None
else:
generic_upstream_headers_verify_test(master_ar_process_perclass,
valid_user_header,
path,
)
def test_if_upstream_headers_are_correct(
self,
master_ar_process_perclass,
valid_user_header,
path,
pass_authheader,
):
if pass_authheader is True:
generic_upstream_headers_verify_test(
master_ar_process_perclass,
valid_user_header,
path,
assert_headers=valid_user_header,
)
elif pass_authheader is False:
generic_upstream_headers_verify_test(
master_ar_process_perclass,
valid_user_header,
path,
assert_headers_absent=["Authorization"])
# None
else:
generic_upstream_headers_verify_test(
master_ar_process_perclass,
valid_user_header,
path,
)
def test_if_upstream_headers_are_correct(
self,
agent_ar_process_perclass,
valid_user_header,
path,
jwt_forwarded_test,
):
if jwt_forwarded_test is True:
generic_upstream_headers_verify_test(
agent_ar_process_perclass,
valid_user_header,
path,
assert_headers=valid_user_header,
)
elif jwt_forwarded_test is False:
generic_upstream_headers_verify_test(
agent_ar_process_perclass,
valid_user_header,
path,
assert_headers_absent=["Authorization"])
# None == 'skip'
else:
generic_upstream_headers_verify_test(
agent_ar_process_perclass,
valid_user_header,
path,
)
def test_if_leader_is_nonlocal_state_is_handled(
self, nginx_class, valid_user_header, dns_server_mock):
ar = nginx_class()
path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism'
path_expected = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism'
dns_server_mock.set_dns_entry('leader.mesos.', ip='127.0.0.3')
with GuardedSubprocess(ar):
generic_correct_upstream_dest_test(
ar,
valid_user_header,
path_sent,
"http://127.0.0.3:80")
generic_correct_upstream_request_test(
ar,
valid_user_header,
path_sent,
path_expected)
generic_upstream_headers_verify_test(
ar,
valid_user_header,
path_sent,
assert_headers={"DCOS-Forwarded": "true"})
def test_if_upstream_headers_are_correct(
self,
agent_ar_process_perclass,
valid_user_header,
path,
jwt_forwarded_test,
):
headers_present = {}
headers_absent = []
if jwt_forwarded_test is True:
headers_present.update(valid_user_header)
elif jwt_forwarded_test is False:
headers_absent.append("Authorization")
# jwt_forwarded_test == "skip", do nothing
generic_upstream_headers_verify_test(
agent_ar_process_perclass,
valid_user_header,
path,
assert_headers=headers_present,
assert_headers_absent=headers_absent,
)
def test_if_upstream_headers_are_correct(
self,
agent_ar_process_perclass,
valid_user_header,
path,
jwt_forwarded_test,
):
headers_present = {}
headers_absent = []
if jwt_forwarded_test is True:
headers_present.update(valid_user_header)
elif jwt_forwarded_test is False:
headers_absent.append("Authorization")
# jwt_forwarded_test == "skip", do nothing
generic_upstream_headers_verify_test(
agent_ar_process_perclass,
valid_user_header,
path,
assert_headers=headers_present,
assert_headers_absent=headers_absent,
)
def _universal_test_if_upstream_headers_are_correct(
self,
ar_process,
valid_user_header,
path,
jwt_forwarded_test,
skip_authcookie_filtering_test,
):
headers_present = {}
headers_absent = []
if jwt_forwarded_test is True:
headers_present.update(valid_user_header)
elif jwt_forwarded_test is False:
headers_absent.append("Authorization")
# jwt_forwarded_test == "skip", do nothing
generic_upstream_headers_verify_test(
ar_process,
valid_user_header,
path,
assert_headers=headers_present,
assert_headers_absent=headers_absent,
)
if skip_authcookie_filtering_test:
return
filtered_cookies = ['dcos-acs-info-cookie', 'dcos-acs-auth-cookie']
jar = {}
# both dcos-* cookies should be removed by AR
# the dcos-acs-auth-cookie cookie is simply the DC/OS authentication token:
jar['dcos-acs-auth-cookie'] = valid_user_header['Authorization']
# the dcos-acs-info-cookie is a base64-encoded JSON-encoded dictionary
# which contains `uid`, `descrption` and `is_remote` fields which relate to
# the DC/OS authentication token from the `dcos-acs-auth-cookie` cookie.
jar['dcos-acs-info-cookie'] = (
'eyJ1aWQiOiAiYm9vdHN0cmFwdXNlciIsICJkZX'
'NjcmlwdGlvbiI6ICJCb290c3RyYXAgc3VwZXJ1c2VyIiwgImlzX3JlbW90ZSI6IGZ'
'hbHNlfQ==')
# First case - cookie contains ONLY dcos-specific cookies, `Cookie` header
# should not be sent
generic_upstream_cookies_verify_test(
ar_process,
valid_user_header,
path,
cookies_to_send=jar,
assert_cookies_absent=filtered_cookies,
)
# Second case - apart from dcos-specific cookies, client also sends
# a cookie that must be forwarded upstream:
cookies_present = {'some-random-cookie': 'some-random-value'}
jar.update(cookies_present)
generic_upstream_cookies_verify_test(
ar_process,
valid_user_header,
path,
cookies_to_send=jar,
assert_cookies_absent=filtered_cookies,
assert_cookies_present=cookies_present,
)
def _universal_test_if_upstream_headers_are_correct(
self,
ar_process,
valid_user_header,
path,
jwt_forwarded_test,
skip_authcookie_filtering_test,
):
headers_present = {}
headers_absent = []
if jwt_forwarded_test is True:
headers_present.update(valid_user_header)
elif jwt_forwarded_test is False:
headers_absent.append("Authorization")
# jwt_forwarded_test == "skip", do nothing
generic_upstream_headers_verify_test(
ar_process,
valid_user_header,
path,
assert_headers=headers_present,
assert_headers_absent=headers_absent,
)
if skip_authcookie_filtering_test:
return
filtered_cookies = ['dcos-acs-info-cookie', 'dcos-acs-auth-cookie']
jar = {}
# both dcos-* cookies should be removed by AR
# the dcos-acs-auth-cookie cookie is simply the DC/OS authentication token:
jar['dcos-acs-auth-cookie'] = valid_user_header['Authorization']
# the dcos-acs-info-cookie is a base64-encoded JSON-encoded dictionary
# which contains `uid`, `descrption` and `is_remote` fields which relate to
# the DC/OS authentication token from the `dcos-acs-auth-cookie` cookie.
jar['dcos-acs-info-cookie'] = (
'eyJ1aWQiOiAiYm9vdHN0cmFwdXNlciIsICJkZX'
'NjcmlwdGlvbiI6ICJCb290c3RyYXAgc3VwZXJ1c2VyIiwgImlzX3JlbW90ZSI6IGZ'
'hbHNlfQ==')
# First case - cookie contains ONLY dcos-specific cookies, `Cookie` header
# should not be sent
generic_upstream_cookies_verify_test(
ar_process,
valid_user_header,
path,
cookies_to_send=jar,
assert_cookies_absent=filtered_cookies,
)
# Second case - apart from dcos-specific cookies, client also sends
# a cookie that must be forwarded upstream:
cookies_present = {'some-random-cookie': 'some-random-value'}
jar.update(cookies_present)
generic_upstream_cookies_verify_test(
ar_process,
valid_user_header,
path,
cookies_to_send=jar,
assert_cookies_absent=filtered_cookies,
assert_cookies_present=cookies_present,
)
