def test_if_upstream_headers_are_correct(self, master_ar_process, valid_user_header): generic_upstream_headers_verify_test( master_ar_process, valid_user_header, '/system/health/v1/foo/bar', )
def test_if_upstream_headers_are_correct(self, master_ar_process, valid_user_header): generic_upstream_headers_verify_test( master_ar_process, valid_user_header, '/exhibitor/some/path', )
def test_if_upstream_headers_are_correct(self, master_ar_process, valid_user_header): path = '/agent/de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1/logs/v1/foo/bar' generic_upstream_headers_verify_test( master_ar_process, valid_user_header, path, )
def test_if_accept_encoding_header_is_removed_from_upstream_request( self, master_ar_process_perclass, mocker, valid_user_header): headers = copy.deepcopy(valid_user_header) headers['Accept-Encoding'] = 'gzip' generic_upstream_headers_verify_test(master_ar_process_perclass, headers, '/agent/de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1/', assert_headers_absent=["Accept-Encoding"], )
def test_if_accept_encoding_header_is_removed_from_upstream_request( self, master_ar_process_perclass, mocker, valid_user_header): headers = copy.deepcopy(valid_user_header) headers['Accept-Encoding'] = 'gzip' generic_upstream_headers_verify_test(master_ar_process_perclass, headers, '/service/scheduler-alwaysthere/foo/bar/', assert_headers_absent=["Accept-Encoding"], )
def test_if_websockets_conn_upgrade_is_supported( self, master_ar_process_perclass, mocker, valid_user_header): headers = copy.deepcopy(valid_user_header) headers['Upgrade'] = 'WebSocket' headers['Connection'] = 'upgrade' generic_upstream_headers_verify_test(master_ar_process_perclass, headers, '/service/scheduler-alwaysthere/foo/bar/', assert_headers=headers, )
def test_if_websockets_conn_upgrade_is_supported( self, master_ar_process_perclass, mocker, valid_user_header): headers = copy.deepcopy(valid_user_header) headers['Upgrade'] = 'WebSocket' headers['Connection'] = 'upgrade' generic_upstream_headers_verify_test( master_ar_process_perclass, headers, '/service/scheduler-alwaysthere/foo/bar/', assert_headers=headers, )
def test_if_upstream_headers_are_correct( self, master_ar_process, valid_user_header, endpoint_type, ): path_fmt = '/system/v1/leader/{}/foo/bar/bzzz' generic_upstream_headers_verify_test( master_ar_process, valid_user_header, path_fmt.format(endpoint_type), )
def test_if_upstream_headers_are_correct( self, master_ar_process, valid_user_header, prefix, ): path_fmt = '/system/v1/agent/de1baf83-c36c-4d23-9cb0-f89f596cd6ab-S1{}/foo/bar' generic_upstream_headers_verify_test( master_ar_process, valid_user_header, path_fmt.format(prefix), )
def test_if_leader_is_local_state_is_handled(self, nginx_class, valid_user_header): ar = nginx_class() path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism' path_expected = '/foo/bar?a1=GET+param&a2=foobarism' with GuardedSubprocess(ar): generic_correct_upstream_dest_test(ar, valid_user_header, path_sent, "http://127.0.0.1:15055") generic_correct_upstream_request_test(ar, valid_user_header, path_sent, path_expected) generic_upstream_headers_verify_test(ar, valid_user_header, path_sent)
def test_if_upstream_headers_are_correct(self, agent_ar_process, valid_user_header): accel_buff_header = {"X-Accel-Buffering": "TEST"} req_headers = copy.deepcopy(valid_user_header) req_headers.update(accel_buff_header) generic_upstream_headers_verify_test(agent_ar_process, req_headers, '/system/v1/logs/v1/foo/bar', assert_headers=accel_buff_header, )
def test_if_upstream_headers_are_correct(self, agent_ar_process, valid_user_header): accel_buff_header = {"X-Accel-Buffering": "TEST"} req_headers = copy.deepcopy(valid_user_header) req_headers.update(accel_buff_header) generic_upstream_headers_verify_test( agent_ar_process, req_headers, '/system/v1/logs/v1/foo/bar', assert_headers=accel_buff_header, )
def test_if_leader_is_nonlocal_state_is_handled(self, nginx_class, valid_user_header, dns_server_mock): ar = nginx_class() path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism' path_expected = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism' dns_server_mock.set_dns_entry('leader.mesos.', ip='127.0.0.3') with GuardedSubprocess(ar): generic_correct_upstream_dest_test(ar, valid_user_header, path_sent, "http://127.0.0.3:80") generic_correct_upstream_request_test(ar, valid_user_header, path_sent, path_expected) generic_upstream_headers_verify_test( ar, valid_user_header, path_sent, assert_headers={"DCOS-Forwarded": "true"})
def test_if_leader_is_local_state_is_handled( self, nginx_class, valid_user_header): ar = nginx_class() path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism' path_expected = '/foo/bar?a1=GET+param&a2=foobarism' with GuardedSubprocess(ar): generic_correct_upstream_dest_test( ar, valid_user_header, path_sent, "http://127.0.0.1:15055") generic_correct_upstream_request_test( ar, valid_user_header, path_sent, path_expected) generic_upstream_headers_verify_test( ar, valid_user_header, path_sent)
def test_if_upstream_headers_are_correct( self, master_ar_process_perclass, valid_user_header, path, pass_authheader, ): if pass_authheader is True: generic_upstream_headers_verify_test(master_ar_process_perclass, valid_user_header, path, assert_headers=valid_user_header, ) elif pass_authheader is False: generic_upstream_headers_verify_test( master_ar_process_perclass, valid_user_header, path, assert_headers_absent=["Authorization"] ) # None else: generic_upstream_headers_verify_test(master_ar_process_perclass, valid_user_header, path, )
def test_if_upstream_headers_are_correct( self, master_ar_process_perclass, valid_user_header, path, pass_authheader, ): if pass_authheader is True: generic_upstream_headers_verify_test( master_ar_process_perclass, valid_user_header, path, assert_headers=valid_user_header, ) elif pass_authheader is False: generic_upstream_headers_verify_test( master_ar_process_perclass, valid_user_header, path, assert_headers_absent=["Authorization"]) # None else: generic_upstream_headers_verify_test( master_ar_process_perclass, valid_user_header, path, )
def test_if_upstream_headers_are_correct( self, agent_ar_process_perclass, valid_user_header, path, jwt_forwarded_test, ): if jwt_forwarded_test is True: generic_upstream_headers_verify_test( agent_ar_process_perclass, valid_user_header, path, assert_headers=valid_user_header, ) elif jwt_forwarded_test is False: generic_upstream_headers_verify_test( agent_ar_process_perclass, valid_user_header, path, assert_headers_absent=["Authorization"]) # None == 'skip' else: generic_upstream_headers_verify_test( agent_ar_process_perclass, valid_user_header, path, )
def test_if_leader_is_nonlocal_state_is_handled( self, nginx_class, valid_user_header, dns_server_mock): ar = nginx_class() path_sent = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism' path_expected = '/dcos-history-service/foo/bar?a1=GET+param&a2=foobarism' dns_server_mock.set_dns_entry('leader.mesos.', ip='127.0.0.3') with GuardedSubprocess(ar): generic_correct_upstream_dest_test( ar, valid_user_header, path_sent, "http://127.0.0.3:80") generic_correct_upstream_request_test( ar, valid_user_header, path_sent, path_expected) generic_upstream_headers_verify_test( ar, valid_user_header, path_sent, assert_headers={"DCOS-Forwarded": "true"})
def test_if_upstream_headers_are_correct( self, agent_ar_process_perclass, valid_user_header, path, jwt_forwarded_test, ): headers_present = {} headers_absent = [] if jwt_forwarded_test is True: headers_present.update(valid_user_header) elif jwt_forwarded_test is False: headers_absent.append("Authorization") # jwt_forwarded_test == "skip", do nothing generic_upstream_headers_verify_test( agent_ar_process_perclass, valid_user_header, path, assert_headers=headers_present, assert_headers_absent=headers_absent, )
def test_if_upstream_headers_are_correct( self, agent_ar_process_perclass, valid_user_header, path, jwt_forwarded_test, ): headers_present = {} headers_absent = [] if jwt_forwarded_test is True: headers_present.update(valid_user_header) elif jwt_forwarded_test is False: headers_absent.append("Authorization") # jwt_forwarded_test == "skip", do nothing generic_upstream_headers_verify_test( agent_ar_process_perclass, valid_user_header, path, assert_headers=headers_present, assert_headers_absent=headers_absent, )
def _universal_test_if_upstream_headers_are_correct( self, ar_process, valid_user_header, path, jwt_forwarded_test, skip_authcookie_filtering_test, ): headers_present = {} headers_absent = [] if jwt_forwarded_test is True: headers_present.update(valid_user_header) elif jwt_forwarded_test is False: headers_absent.append("Authorization") # jwt_forwarded_test == "skip", do nothing generic_upstream_headers_verify_test( ar_process, valid_user_header, path, assert_headers=headers_present, assert_headers_absent=headers_absent, ) if skip_authcookie_filtering_test: return filtered_cookies = ['dcos-acs-info-cookie', 'dcos-acs-auth-cookie'] jar = {} # both dcos-* cookies should be removed by AR # the dcos-acs-auth-cookie cookie is simply the DC/OS authentication token: jar['dcos-acs-auth-cookie'] = valid_user_header['Authorization'] # the dcos-acs-info-cookie is a base64-encoded JSON-encoded dictionary # which contains `uid`, `descrption` and `is_remote` fields which relate to # the DC/OS authentication token from the `dcos-acs-auth-cookie` cookie. jar['dcos-acs-info-cookie'] = ( 'eyJ1aWQiOiAiYm9vdHN0cmFwdXNlciIsICJkZX' 'NjcmlwdGlvbiI6ICJCb290c3RyYXAgc3VwZXJ1c2VyIiwgImlzX3JlbW90ZSI6IGZ' 'hbHNlfQ==') # First case - cookie contains ONLY dcos-specific cookies, `Cookie` header # should not be sent generic_upstream_cookies_verify_test( ar_process, valid_user_header, path, cookies_to_send=jar, assert_cookies_absent=filtered_cookies, ) # Second case - apart from dcos-specific cookies, client also sends # a cookie that must be forwarded upstream: cookies_present = {'some-random-cookie': 'some-random-value'} jar.update(cookies_present) generic_upstream_cookies_verify_test( ar_process, valid_user_header, path, cookies_to_send=jar, assert_cookies_absent=filtered_cookies, assert_cookies_present=cookies_present, )
def _universal_test_if_upstream_headers_are_correct( self, ar_process, valid_user_header, path, jwt_forwarded_test, skip_authcookie_filtering_test, ): headers_present = {} headers_absent = [] if jwt_forwarded_test is True: headers_present.update(valid_user_header) elif jwt_forwarded_test is False: headers_absent.append("Authorization") # jwt_forwarded_test == "skip", do nothing generic_upstream_headers_verify_test( ar_process, valid_user_header, path, assert_headers=headers_present, assert_headers_absent=headers_absent, ) if skip_authcookie_filtering_test: return filtered_cookies = ['dcos-acs-info-cookie', 'dcos-acs-auth-cookie'] jar = {} # both dcos-* cookies should be removed by AR # the dcos-acs-auth-cookie cookie is simply the DC/OS authentication token: jar['dcos-acs-auth-cookie'] = valid_user_header['Authorization'] # the dcos-acs-info-cookie is a base64-encoded JSON-encoded dictionary # which contains `uid`, `descrption` and `is_remote` fields which relate to # the DC/OS authentication token from the `dcos-acs-auth-cookie` cookie. jar['dcos-acs-info-cookie'] = ( 'eyJ1aWQiOiAiYm9vdHN0cmFwdXNlciIsICJkZX' 'NjcmlwdGlvbiI6ICJCb290c3RyYXAgc3VwZXJ1c2VyIiwgImlzX3JlbW90ZSI6IGZ' 'hbHNlfQ==') # First case - cookie contains ONLY dcos-specific cookies, `Cookie` header # should not be sent generic_upstream_cookies_verify_test( ar_process, valid_user_header, path, cookies_to_send=jar, assert_cookies_absent=filtered_cookies, ) # Second case - apart from dcos-specific cookies, client also sends # a cookie that must be forwarded upstream: cookies_present = {'some-random-cookie': 'some-random-value'} jar.update(cookies_present) generic_upstream_cookies_verify_test( ar_process, valid_user_header, path, cookies_to_send=jar, assert_cookies_absent=filtered_cookies, assert_cookies_present=cookies_present, )