summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPawel Chojnacki <pawel@chojnacki.ws>2017-07-06 13:36:16 +0200
committerPawel Chojnacki <pawel@chojnacki.ws>2017-07-06 15:43:57 +0200
commit2951a09967db1ec18050c2b94fe8d809d7ee966f (patch)
tree34087ca161f465b0d8a4d5ff3e12f3731e4b903d
parentbeb81e14ec49f7f5aff23d5b4534ba190f79d433 (diff)
downloadgitlab-ce-2951a09967db1ec18050c2b94fe8d809d7ee966f.tar.gz
Add tests for token auth.
-rw-r--r--app/controllers/concerns/requires_whitelisted_monitoring_client.rb8
-rw-r--r--spec/controllers/health_check_controller_spec.rb2
-rw-r--r--spec/controllers/health_controller_spec.rb73
3 files changed, 63 insertions, 20 deletions
diff --git a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
index e77fe4026cc..ad2f4bbc486 100644
--- a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
+++ b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
@@ -1,13 +1,13 @@
module RequiresWhitelistedMonitoringClient
extend ActiveSupport::Concern
included do
- before_action :validate_ip_whitelisted_or_token_is_valid!
+ before_action :validate_ip_whitelisted_or_valid_token!
end
private
- def validate_ip_whitelisted_or_token_is_valid!
- render_404 unless client_ip_whitelisted? || token_valid?
+ def validate_ip_whitelisted_or_valid_token!
+ render_404 unless client_ip_whitelisted? || valid_token?
end
def client_ip_whitelisted?
@@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient
@ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
end
- def token_valid?
+ def valid_token?
token = params[:token].presence || request.headers['TOKEN']
token.present? &&
ActiveSupport::SecurityUtils.variable_size_secure_compare(
diff --git a/spec/controllers/health_check_controller_spec.rb b/spec/controllers/health_check_controller_spec.rb
index e7abe1ba78d..72a5602f23e 100644
--- a/spec/controllers/health_check_controller_spec.rb
+++ b/spec/controllers/health_check_controller_spec.rb
@@ -46,8 +46,6 @@ describe HealthCheckController do
end
context 'when services are up and accessed from whitelisted ips' do
- let(:ip) { '127.0.0.1' }
-
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
diff --git a/spec/controllers/health_controller_spec.rb b/spec/controllers/health_controller_spec.rb
index 4b22155a431..ce79f068fa1 100644
--- a/spec/controllers/health_controller_spec.rb
+++ b/spec/controllers/health_controller_spec.rb
@@ -4,6 +4,7 @@ describe HealthController do
include StubENV
let(:json_response) { JSON.parse(response.body) }
+ let(:token) { current_application_settings.health_check_access_token }
let(:whitelisted_ip) { '127.0.0.1' }
let(:not_whitelisted_ip) { '127.0.0.2' }
@@ -13,13 +14,11 @@ describe HealthController do
end
describe '#readiness' do
- context 'accessed from whitelisted ip' do
- before do
- allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
- end
+ shared_context 'endpoint responding with readiness data' do
+ subject { get :readiness }
- it 'returns proper response' do
- get :readiness
+ it 'responds with readiness checks data' do
+ subject
expect(json_response['db_check']['status']).to eq('ok')
expect(json_response['redis_check']['status']).to eq('ok')
@@ -28,27 +27,49 @@ describe HealthController do
end
end
+ context 'accessed from whitelisted ip' do
+ before do
+ allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
+ end
+
+ it_behaves_like 'endpoint responding with readiness data'
+ end
+
context 'accessed from not whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
end
- it 'returns proper response' do
+ it 'responds with resource not found' do
get :readiness
expect(response.status).to eq(404)
end
+
+ context 'accessed with valid token' do
+ context 'token passed in request header' do
+ before do
+ request.headers['TOKEN'] = token
+ end
+
+ it_behaves_like 'endpoint responding with readiness data'
+ end
+ end
+
+ context 'token passed as URL param' do
+ it_behaves_like 'endpoint responding with readiness data' do
+ subject { get :readiness, token: token }
+ end
+ end
end
end
describe '#liveness' do
- context 'accessed from whitelisted ip' do
- before do
- allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
- end
+ shared_context 'endpoint responding with liveness data' do
+ subject { get :liveness }
- it 'returns proper response' do
- get :liveness
+ it 'responds with liveness checks data' do
+ subject
expect(json_response['db_check']['status']).to eq('ok')
expect(json_response['redis_check']['status']).to eq('ok')
@@ -56,16 +77,40 @@ describe HealthController do
end
end
+ context 'accessed from whitelisted ip' do
+ before do
+ allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
+ end
+
+ it_behaves_like 'endpoint responding with liveness data'
+ end
+
context 'accessed from not whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
end
- it 'returns proper response' do
+ it 'responds with resource not found' do
get :liveness
expect(response.status).to eq(404)
end
+
+ context 'accessed with valid token' do
+ context 'token passed in request header' do
+ before do
+ request.headers['TOKEN'] = token
+ end
+
+ it_behaves_like 'endpoint responding with liveness data'
+ end
+
+ context 'token passed as URL param' do
+ it_behaves_like 'endpoint responding with liveness data' do
+ subject { get :liveness, token: token }
+ end
+ end
+ end
end
end
end