func TestLeaderLeaseSwapWhileWaiting(t *testing.T) {
util.DeleteAllEtcdKeys()
client := util.NewEtcdClient()
key := "/random/key"
if _, err := client.Create(key, "holder", 10); err != nil {
t.Fatal(err)
}
go func() {
time.Sleep(time.Second)
if _, err := client.Set(key, "other", 10); err != nil {
t.Fatal(err)
}
glog.Infof("Changed key ownership")
}()
lease := leaderlease.NewEtcd(client, key, "other", 10)
ch := make(chan struct{})
go lease.AcquireAndHold(ch)
<-ch
glog.Infof("Lease acquired")
lease.Release()
<-ch
glog.Infof("Lease gone")
}
func StartConfiguredMasterWithOptions(masterConfig *configapi.MasterConfig, testOptions TestOptions) (string, error) {
if testOptions.DeleteAllEtcdKeys {
util.DeleteAllEtcdKeys()
}
if err := start.NewMaster(masterConfig, true, true).Start(); err != nil {
return "", err
}
adminKubeConfigFile := util.KubeConfigPath()
clientConfig, err := util.GetClusterAdminClientConfig(adminKubeConfigFile)
if err != nil {
return "", err
}
masterURL, err := url.Parse(clientConfig.Host)
if err != nil {
return "", err
}
// wait for the server to come up: 35 seconds
if err := cmdutil.WaitForSuccessfulDial(true, "tcp", masterURL.Host, 100*time.Millisecond, 1*time.Second, 35); err != nil {
return "", err
}
for {
// confirm that we can actually query from the api server
if client, err := util.GetClusterAdminClient(adminKubeConfigFile); err == nil {
if _, err := client.ClusterPolicies().List(labels.Everything(), fields.Everything()); err == nil {
break
}
}
time.Sleep(100 * time.Millisecond)
}
return adminKubeConfigFile, nil
}
func TestLeaderLeaseAcquire(t *testing.T) {
util.DeleteAllEtcdKeys()
client := util.NewEtcdClient()
key := "/random/key"
held := make(chan struct{})
go func() {
<-held
if _, err := client.Delete(key, false); err != nil {
t.Fatal(err)
}
glog.Infof("Deleted key")
}()
lease := leaderlease.NewEtcd(client, key, "holder", 10)
ch := make(chan struct{})
go lease.AcquireAndHold(ch)
<-ch
glog.Infof("Lease acquired")
close(held)
<-ch
glog.Infof("Lease lost")
select {
case _, ok := <-held:
if ok {
t.Error("did not acquire the lease")
}
default:
t.Error("lease is still open")
}
}
func TestTriggers_manual(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestDeployOpenshift(t)
defer openshift.Close()
config := deploytest.OkDeploymentConfig(0)
config.Namespace = testutil.Namespace()
config.Triggers = []deployapi.DeploymentTriggerPolicy{
{
Type: deployapi.DeploymentTriggerManual,
},
}
dc, err := openshift.Client.DeploymentConfigs(testutil.Namespace()).Create(config)
if err != nil {
t.Fatalf("Couldn't create DeploymentConfig: %v %#v", err, config)
}
watch, err := openshift.KubeClient.ReplicationControllers(testutil.Namespace()).Watch(labels.Everything(), fields.Everything(), dc.ResourceVersion)
if err != nil {
t.Fatalf("Couldn't subscribe to Deployments: %v", err)
}
defer watch.Stop()
retryErr := kclient.RetryOnConflict(wait.Backoff{Steps: maxUpdateRetries}, func() error {
config, err := openshift.Client.DeploymentConfigs(testutil.Namespace()).Generate(config.Name)
if err != nil {
return err
}
if config.LatestVersion != 1 {
t.Fatalf("Generated deployment should have version 1: %#v", config)
}
t.Logf("config(1): %#v", config)
updatedConfig, err := openshift.Client.DeploymentConfigs(testutil.Namespace()).Update(config)
if err != nil {
return err
}
t.Logf("config(2): %#v", updatedConfig)
return nil
})
if retryErr != nil {
t.Fatal(err)
}
event := <-watch.ResultChan()
if e, a := watchapi.Added, event.Type; e != a {
t.Fatalf("expected watch event type %s, got %s", e, a)
}
deployment := event.Object.(*kapi.ReplicationController)
if e, a := config.Name, deployutil.DeploymentConfigNameFor(deployment); e != a {
t.Fatalf("Expected deployment annotated with deploymentConfig '%s', got '%s'", e, a)
}
if e, a := 1, deployutil.DeploymentVersionFor(deployment); e != a {
t.Fatalf("Deployment annotation version does not match: %#v", deployment)
}
}
func TestListBuildConfigs(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
buildConfigs, err := openshift.Client.BuildConfigs(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
if len(buildConfigs.Items) != 0 {
t.Errorf("Expected no buildConfigs, got %#v", buildConfigs.Items)
}
}
func TestDeleteBuild(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
build := mockBuild()
actual, err := openshift.Client.Builds(testutil.Namespace()).Create(build)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if err := openshift.Client.Builds(testutil.Namespace()).Delete(actual.Name); err != nil {
t.Fatalf("Unxpected error: %v", err)
}
}
func TestUpdateBuildConfig(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
buildConfig := mockBuildConfig()
actual, err := openshift.Client.BuildConfigs(testutil.Namespace()).Create(buildConfig)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
actual, err = openshift.Client.BuildConfigs(testutil.Namespace()).Get(actual.Name)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if _, err := openshift.Client.BuildConfigs(testutil.Namespace()).Update(actual); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
}
func TestCreateBuildConfig(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
buildConfig := mockBuildConfig()
expected, err := openshift.Client.BuildConfigs(testutil.Namespace()).Create(buildConfig)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if expected.Name == "" {
t.Errorf("Unexpected empty buildConfig ID %v", expected)
}
buildConfigs, err := openshift.Client.BuildConfigs(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
if len(buildConfigs.Items) != 1 {
t.Errorf("Expected one buildConfig, got %#v", buildConfigs.Items)
}
}
func TestWebhookGitHubPing(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
openshift.KubeClient.Namespaces().Create(&kapi.Namespace{
ObjectMeta: kapi.ObjectMeta{Name: testutil.Namespace()},
})
// create buildconfig
buildConfig := mockBuildConfigImageParms("originalImage", "imageStream", "validTag")
if _, err := openshift.Client.BuildConfigs(testutil.Namespace()).Create(buildConfig); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
watch, err := openshift.Client.Builds(testutil.Namespace()).Watch(labels.Everything(), fields.Everything(), "0")
if err != nil {
t.Fatalf("Couldn't subscribe to builds: %v", err)
}
defer watch.Stop()
for _, s := range []string{
"/oapi/v1/namespaces/" + testutil.Namespace() + "/buildconfigs/pushbuild/webhooks/secret101/github",
} {
// trigger build event sending push notification
postFile(&http.Client{}, "ping", "pingevent.json", openshift.server.URL+s, http.StatusOK, t)
// TODO: improve negative testing
timer := time.NewTimer(time.Second / 2)
select {
case <-timer.C:
// nothing should happen
case event := <-watch.ResultChan():
build := event.Object.(*buildapi.Build)
t.Fatalf("Unexpected build created: %#v", build)
}
}
}
func TestWatchBuilds(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
build := mockBuild()
watch, err := openshift.Client.Builds(testutil.Namespace()).Watch(labels.Everything(), fields.Everything(), "0")
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
defer watch.Stop()
expected, err := openshift.Client.Builds(testutil.Namespace()).Create(build)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
event := <-watch.ResultChan()
actual := event.Object.(*buildapi.Build)
if e, a := expected.Name, actual.Name; e != a {
t.Errorf("Expected build Name %s, got %s", e, a)
}
}
func TestTriggers_configChange(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestDeployOpenshift(t)
defer openshift.Close()
config := deploytest.OkDeploymentConfig(0)
config.Namespace = testutil.Namespace()
config.Triggers[0] = deploytest.OkConfigChangeTrigger()
var err error
watch, err := openshift.KubeClient.ReplicationControllers(testutil.Namespace()).Watch(labels.Everything(), fields.Everything(), "0")
if err != nil {
t.Fatalf("Couldn't subscribe to Deployments %v", err)
}
defer watch.Stop()
// submit the initial deployment config
if _, err := openshift.Client.DeploymentConfigs(testutil.Namespace()).Create(config); err != nil {
t.Fatalf("Couldn't create DeploymentConfig: %v", err)
}
// verify the initial deployment exists
event := <-watch.ResultChan()
if e, a := watchapi.Added, event.Type; e != a {
t.Fatalf("expected watch event type %s, got %s", e, a)
}
deployment := event.Object.(*kapi.ReplicationController)
if e, a := config.Name, deployutil.DeploymentConfigNameFor(deployment); e != a {
t.Fatalf("Expected deployment annotated with deploymentConfig '%s', got '%s'", e, a)
}
assertEnvVarEquals("ENV1", "VAL1", deployment, t)
// submit a new config with an updated environment variable
if config, err = openshift.Client.DeploymentConfigs(testutil.Namespace()).Generate(config.Name); err != nil {
t.Fatalf("Error generating config: %v", err)
}
config.Template.ControllerTemplate.Template.Spec.Containers[0].Env[0].Value = "UPDATED"
// before we update the config, we need to update the state of the existing deployment
// this is required to be done manually since the deployment and deployer pod controllers are not run in this test
deployment.Annotations[deployapi.DeploymentStatusAnnotation] = string(deployapi.DeploymentStatusComplete)
// update the deployment
if _, err = openshift.KubeClient.ReplicationControllers(testutil.Namespace()).Update(deployment); err != nil {
t.Fatalf("Error updating existing deployment: %v", err)
}
event = <-watch.ResultChan()
if e, a := watchapi.Modified, event.Type; e != a {
t.Fatalf("expected watch event type %s, got %s", e, a)
}
if _, err := openshift.Client.DeploymentConfigs(testutil.Namespace()).Update(config); err != nil {
t.Fatalf("Couldn't create updated DeploymentConfig: %v", err)
}
event = <-watch.ResultChan()
if e, a := watchapi.Added, event.Type; e != a {
t.Fatalf("expected watch event type %s, got %s", e, a)
}
newDeployment := event.Object.(*kapi.ReplicationController)
assertEnvVarEquals("ENV1", "UPDATED", newDeployment, t)
if newDeployment.Name == deployment.Name {
t.Fatalf("expected new deployment; old=%s, new=%s", deployment.Name, newDeployment.Name)
}
}
// TestProjectIsNamespace verifies that a project is a namespace, and a namespace is a project
func TestProjectIsNamespace(t *testing.T) {
testutil.DeleteAllEtcdKeys()
etcdClient := testutil.NewEtcdClient()
etcdHelper, err := master.NewEtcdStorage(etcdClient, latest.InterfacesFor, "v1", etcdtest.PathPrefix())
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
// create a kube and its client
kubeInterfaces, _ := klatest.InterfacesFor(klatest.Version)
namespaceStorage, _, _ := namespaceetcd.NewStorage(etcdHelper)
kubeStorage := map[string]rest.Storage{
"namespaces": namespaceStorage,
}
osMux := http.NewServeMux()
server := httptest.NewServer(osMux)
defer server.Close()
handlerContainer := master.NewHandlerContainer(osMux)
version := &apiserver.APIGroupVersion{
Root: "/api",
Version: "v1beta3",
Storage: kubeStorage,
Codec: kv1beta3.Codec,
Mapper: klatest.RESTMapper,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: kubeInterfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := version.InstallREST(handlerContainer); err != nil {
t.Fatalf("unable to install REST: %v", err)
}
kubeClient, err := kclient.New(&kclient.Config{Host: server.URL, Version: "v1beta3"})
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
// create an origin
originInterfaces, _ := latest.InterfacesFor(latest.Version)
originStorage := map[string]rest.Storage{
"projects": projectregistry.NewREST(kubeClient.Namespaces(), nil),
}
osVersion := &apiserver.APIGroupVersion{
Root: "/oapi",
Version: "v1",
Storage: originStorage,
Codec: latest.Codec,
Mapper: latest.RESTMapper,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: originInterfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := osVersion.InstallREST(handlerContainer); err != nil {
t.Fatalf("unable to install REST: %v", err)
}
originClient, err := client.New(&kclient.Config{Host: server.URL})
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// create a namespace
namespace := &kapi.Namespace{
ObjectMeta: kapi.ObjectMeta{Name: "integration-test"},
}
namespaceResult, err := kubeClient.Namespaces().Create(namespace)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// now try to get the project with the same name and ensure it is our namespace
project, err := originClient.Projects().Get(namespaceResult.Name)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if project.Name != namespace.Name {
t.Fatalf("Project name did not match namespace name, project %v, namespace %v", project.Name, namespace.Name)
}
// now create a project
project = &projectapi.Project{
ObjectMeta: kapi.ObjectMeta{
Name: "new-project",
Annotations: map[string]string{
"openshift.io/display-name": "Hello World",
"openshift.io/node-selector": "env=test",
},
},
}
projectResult, err := originClient.Projects().Create(project)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// now get the namespace for that project
namespace, err = kubeClient.Namespaces().Get(projectResult.Name)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if project.Name != namespace.Name {
t.Fatalf("Project name did not match namespace name, project %v, namespace %v", project.Name, namespace.Name)
}
if project.Annotations["openshift.io/display-name"] != namespace.Annotations["openshift.io/display-name"] {
t.Fatalf("Project display name did not match namespace annotation, project %v, namespace %v", project.Annotations["openshift.io/display-name"], namespace.Annotations["openshift.io/display-name"])
}
if project.Annotations["openshift.io/node-selector"] != namespace.Annotations["openshift.io/node-selector"] {
t.Fatalf("Project node selector did not match namespace node selector, project %v, namespace %v", project.Annotations["openshift.io/node-selector"], namespace.Annotations["openshift.io/node-selector"])
}
}
func TestCLIGetToken(t *testing.T) {
testutil.DeleteAllEtcdKeys()
// setup
etcdClient := testutil.NewEtcdClient()
etcdHelper, _ := master.NewEtcdStorage(etcdClient, latest.InterfacesFor, latest.Version, etcdtest.PathPrefix())
accessTokenStorage := accesstokenetcd.NewREST(etcdHelper)
accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage)
authorizeTokenStorage := authorizetokenetcd.NewREST(etcdHelper)
authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage)
clientStorage := clientetcd.NewREST(etcdHelper)
clientRegistry := clientregistry.NewRegistry(clientStorage)
clientAuthStorage := clientauthetcd.NewREST(etcdHelper)
clientAuthRegistry := clientauthregistry.NewRegistry(clientAuthStorage)
userStorage := useretcd.NewREST(etcdHelper)
userRegistry := userregistry.NewRegistry(userStorage)
identityStorage := identityetcd.NewREST(etcdHelper)
identityRegistry := identityregistry.NewRegistry(identityStorage)
identityMapper := identitymapper.NewAlwaysCreateUserIdentityToUserMapper(identityRegistry, userRegistry)
authRequestHandler := basicauthrequest.NewBasicAuthAuthentication(allowanypassword.New("get-token-test", identityMapper), true)
authHandler := oauthhandlers.NewUnionAuthenticationHandler(
map[string]oauthhandlers.AuthenticationChallenger{"login": passwordchallenger.NewBasicAuthChallenger("openshift")}, nil, nil)
storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, oauthregistry.NewUserConversion())
config := osinserver.NewDefaultServerConfig()
grantChecker := oauthregistry.NewClientAuthorizationGrantChecker(clientAuthRegistry)
grantHandler := oauthhandlers.NewAutoGrant()
server := osinserver.New(
config,
storage,
osinserver.AuthorizeHandlers{
oauthhandlers.NewAuthorizeAuthenticator(
authRequestHandler,
authHandler,
oauthhandlers.EmptyError{},
),
oauthhandlers.NewGrantCheck(
grantChecker,
grantHandler,
oauthhandlers.EmptyError{},
),
},
osinserver.AccessHandlers{
oauthhandlers.NewDenyAccessAuthenticator(),
},
osinserver.NewDefaultErrorHandler(),
)
mux := http.NewServeMux()
server.Install(mux, origin.OpenShiftOAuthAPIPrefix)
oauthServer := httptest.NewServer(http.Handler(mux))
defer oauthServer.Close()
t.Logf("oauth server is on %v\n", oauthServer.URL)
// create the default oauth clients with redirects to our server
origin.CreateOrUpdateDefaultOAuthClients(oauthServer.URL, []string{oauthServer.URL}, clientRegistry)
flags := pflag.NewFlagSet("test-flags", pflag.ContinueOnError)
clientCfg := clientcmd.NewConfig()
clientCfg.Bind(flags)
flags.Parse(strings.Split("--master="+oauthServer.URL, " "))
reader := bytes.NewBufferString("user\npass")
accessToken, err := tokencmd.RequestToken(clientCfg.OpenShiftConfig(), reader, "", "")
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if len(accessToken) == 0 {
t.Error("Expected accessToken, but did not get one")
}
// lets see if this access token is any good
token, err := accessTokenRegistry.GetAccessToken(kapi.NewContext(), accessToken)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if token.UserName != "user" {
t.Errorf("Expected token for \"user\", but got: %#v", token)
}
}
func TestOAuthStorage(t *testing.T) {
testutil.DeleteAllEtcdKeys()
groupMeta := registered.GroupOrDie(api.GroupName)
etcdClient, err := testutil.MakeNewEtcdClient()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
etcdHelper := etcdstorage.NewEtcdStorage(etcdClient, kapi.Codecs.LegacyCodec(groupMeta.GroupVersions...), etcdtest.PathPrefix())
accessTokenStorage := accesstokenetcd.NewREST(etcdHelper)
accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage)
authorizeTokenStorage := authorizetokenetcd.NewREST(etcdHelper)
authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage)
clientStorage := clientetcd.NewREST(etcdHelper)
clientRegistry := clientregistry.NewRegistry(clientStorage)
user := &testUser{UserName: "******", UserUID: "1"}
storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, user)
oauthServer := osinserver.New(
osinserver.NewDefaultServerConfig(),
storage,
osinserver.AuthorizeHandlerFunc(func(ar *osin.AuthorizeRequest, w http.ResponseWriter) (bool, error) {
ar.UserData = "test"
ar.Authorized = true
return false, nil
}),
osinserver.AccessHandlerFunc(func(ar *osin.AccessRequest, w http.ResponseWriter) error {
ar.UserData = "test"
ar.Authorized = true
ar.GenerateRefresh = false
return nil
}),
osinserver.NewDefaultErrorHandler(),
)
mux := http.NewServeMux()
oauthServer.Install(mux, "")
server := httptest.NewServer(mux)
defer server.Close()
ch := make(chan *osincli.AccessData, 1)
var oaclient *osincli.Client
var authReq *osincli.AuthorizeRequest
assertServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
data, err := authReq.HandleRequest(r)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
tokenReq := oaclient.NewAccessRequest(osincli.AUTHORIZATION_CODE, data)
token, err := tokenReq.GetToken()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
ch <- token
}))
clientRegistry.CreateClient(kapi.NewContext(), &api.OAuthClient{
ObjectMeta: kapi.ObjectMeta{Name: "test"},
Secret: "secret",
RedirectURIs: []string{assertServer.URL + "/assert"},
})
storedClient, err := storage.GetClient("test")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if storedClient.GetSecret() != "secret" {
t.Fatalf("unexpected stored client: %#v", storedClient)
}
oaclientConfig := &osincli.ClientConfig{
ClientId: "test",
ClientSecret: "secret",
RedirectUrl: assertServer.URL + "/assert",
AuthorizeUrl: server.URL + "/authorize",
TokenUrl: server.URL + "/token",
}
osinclient, err := osincli.NewClient(oaclientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
oaclient = osinclient // initialize the assert server client as well
authReq = oaclient.NewAuthorizeRequest(osincli.CODE)
config := &oauth2.Config{
ClientID: "test",
ClientSecret: "",
Scopes: []string{"a_scope"},
RedirectURL: assertServer.URL + "/assert",
Endpoint: oauth2.Endpoint{
AuthURL: server.URL + "/authorize",
TokenURL: server.URL + "/token",
},
}
url := config.AuthCodeURL("")
client := http.Client{ /*CheckRedirect: func(req *http.Request, via []*http.Request) error {
t.Logf("redirect (%d): to %s, %#v", len(via), req.URL, req)
return nil
}*/}
resp, err := client.Get(url)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if resp.StatusCode != http.StatusOK {
t.Fatalf("unexpected response: %#v", resp)
}
token := <-ch
if token.AccessToken == "" {
t.Errorf("unexpected access token: %#v", token)
}
actualToken, err := accessTokenRegistry.GetAccessToken(kapi.NewContext(), token.AccessToken)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if actualToken.UserUID != "1" || actualToken.UserName != "test" {
t.Errorf("unexpected stored token: %#v", actualToken)
}
}
func TestAuthProxyOnAuthorize(t *testing.T) {
testutil.DeleteAllEtcdKeys()
// setup
etcdClient := testutil.NewEtcdClient()
etcdHelper, _ := master.NewEtcdStorage(etcdClient, latest.InterfacesFor, latest.Version, etcdtest.PathPrefix())
accessTokenStorage := accesstokenetcd.NewREST(etcdHelper)
accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage)
authorizeTokenStorage := authorizetokenetcd.NewREST(etcdHelper)
authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage)
clientStorage := clientetcd.NewREST(etcdHelper)
clientRegistry := clientregistry.NewRegistry(clientStorage)
clientAuthStorage := clientauthetcd.NewREST(etcdHelper)
clientAuthRegistry := clientauthregistry.NewRegistry(clientAuthStorage)
userStorage := useretcd.NewREST(etcdHelper)
userRegistry := userregistry.NewRegistry(userStorage)
identityStorage := identityetcd.NewREST(etcdHelper)
identityRegistry := identityregistry.NewRegistry(identityStorage)
identityMapper := identitymapper.NewAlwaysCreateUserIdentityToUserMapper(identityRegistry, userRegistry)
// this auth request handler is the one that is supposed to recognize information from a front proxy
authRequestHandler := headerrequest.NewAuthenticator("front-proxy-test", headerrequest.NewDefaultConfig(), identityMapper)
authHandler := &oauthhandlers.EmptyAuth{}
storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, oauthregistry.NewUserConversion())
config := osinserver.NewDefaultServerConfig()
grantChecker := oauthregistry.NewClientAuthorizationGrantChecker(clientAuthRegistry)
grantHandler := oauthhandlers.NewAutoGrant()
server := osinserver.New(
config,
storage,
osinserver.AuthorizeHandlers{
oauthhandlers.NewAuthorizeAuthenticator(
authRequestHandler,
authHandler,
oauthhandlers.EmptyError{},
),
oauthhandlers.NewGrantCheck(
grantChecker,
grantHandler,
oauthhandlers.EmptyError{},
),
},
osinserver.AccessHandlers{
oauthhandlers.NewDenyAccessAuthenticator(),
},
osinserver.NewDefaultErrorHandler(),
)
mux := http.NewServeMux()
server.Install(mux, origin.OpenShiftOAuthAPIPrefix)
oauthServer := httptest.NewServer(http.Handler(mux))
defer oauthServer.Close()
t.Logf("oauth server is on %v\n", oauthServer.URL)
// set up a front proxy guarding the oauth server
proxyHTTPHandler := NewBasicAuthChallenger("TestRegistryAndServer", validUsers, NewXRemoteUserProxyingHandler(oauthServer.URL))
proxyServer := httptest.NewServer(proxyHTTPHandler)
defer proxyServer.Close()
t.Logf("proxy server is on %v\n", proxyServer.URL)
// need to prime clients so that we can get back a code. the client must be valid
createClient(t, clientRegistry, &oauthapi.OAuthClient{ObjectMeta: kapi.ObjectMeta{Name: "test"}, Secret: "secret", RedirectURIs: []string{oauthServer.URL}})
// our simple URL to get back a code. We want to go through the front proxy
rawAuthorizeRequest := proxyServer.URL + origin.OpenShiftOAuthAPIPrefix + "/authorize?response_type=code&client_id=test"
// the first request we make to the front proxy should challenge us for authentication info
shouldBeAChallengeResponse, err := http.Get(rawAuthorizeRequest)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if shouldBeAChallengeResponse.StatusCode != http.StatusUnauthorized {
t.Errorf("Expected Unauthorized, but got %v", shouldBeAChallengeResponse.StatusCode)
}
// create an http.Client to make our next request. We need a custom Transport to authenticate us through our front proxy
// and a custom CheckRedirect so that we can keep track of the redirect responses we're getting
// OAuth requests a few redirects that we don't really care about checking, so this simpler than using a round tripper
// and manually handling redirects and setting our auth information every time for the front proxy
redirectedUrls := make([]url.URL, 10)
httpClient := http.Client{
CheckRedirect: getRedirectMethod(t, &redirectedUrls),
Transport: kclient.NewBasicAuthRoundTripper("sanefarmer", "who?", http.DefaultTransport),
}
// make our authorize request again, but this time our transport has properly set the auth info for the front proxy
req, err := http.NewRequest("GET", rawAuthorizeRequest, nil)
_, err = httpClient.Do(req)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
// check the last redirect and see if we got a code
foundCode := ""
if len(redirectedUrls) > 0 {
foundCode = redirectedUrls[len(redirectedUrls)-1].Query().Get("code")
}
if len(foundCode) == 0 {
t.Errorf("Did not find code in any redirect: %v", redirectedUrls)
} else {
t.Logf("Found code %v\n", foundCode)
}
}
func TestBuildConfigClient(t *testing.T) {
testutil.DeleteAllEtcdKeys()
openshift := NewTestBuildOpenshift(t)
defer openshift.Close()
buildConfigs, err := openshift.Client.BuildConfigs(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("unexpected error %v", err)
}
if len(buildConfigs.Items) != 0 {
t.Errorf("expected no buildConfigs, got %#v", buildConfigs)
}
// get a validation error
buildConfig := &buildapi.BuildConfig{
ObjectMeta: kapi.ObjectMeta{
GenerateName: "mock-build",
Labels: map[string]string{
"label1": "value1",
"label2": "value2",
},
},
Spec: buildapi.BuildConfigSpec{
BuildSpec: buildapi.BuildSpec{
Source: buildapi.BuildSource{
Type: buildapi.BuildSourceGit,
Git: &buildapi.GitBuildSource{
URI: "http://my.docker/build",
},
ContextDir: "context",
},
Strategy: buildapi.BuildStrategy{
Type: buildapi.DockerBuildStrategyType,
DockerStrategy: &buildapi.DockerBuildStrategy{},
},
Output: buildapi.BuildOutput{
To: &kapi.ObjectReference{
Kind: "DockerImage",
Name: "namespace/builtimage",
},
},
},
},
}
// get a created buildConfig
got, err := openshift.Client.BuildConfigs(testutil.Namespace()).Create(buildConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if got.Name == "" {
t.Errorf("unexpected empty buildConfig ID %v", got)
}
// get a list of buildConfigs
buildConfigs, err = openshift.Client.BuildConfigs(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if len(buildConfigs.Items) != 1 {
t.Errorf("expected one buildConfig, got %#v", buildConfigs)
}
actual := buildConfigs.Items[0]
if actual.Name != got.Name {
t.Errorf("expected buildConfig %#v, got %#v", got, actual)
}
// delete a buildConfig
err = openshift.Client.BuildConfigs(testutil.Namespace()).Delete(got.Name)
if err != nil {
t.Fatalf("unexpected error %v", err)
}
buildConfigs, err = openshift.Client.BuildConfigs(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("unexpected error %v", err)
}
if len(buildConfigs.Items) != 0 {
t.Errorf("expected no buildConfigs, got %#v", buildConfigs)
}
}