func (s *S) TestExportEnvironmentsBackward(c *gocheck.C) {
envNames := []string{
"TSURU_S3_ACCESS_KEY_ID", "TSURU_S3_SECRET_KEY",
"TSURU_APPNAME", "TSURU_HOST", "TSURU_S3_ENDPOINT",
"TSURU_S3_LOCATIONCONSTRAINT", "TSURU_S3_BUCKET",
"TSURU_APP_TOKEN",
}
app := App{Name: "moon", Platform: "opeth", Env: make(map[string]bind.EnvVar)}
for _, name := range envNames {
envVar := bind.EnvVar{Name: name, Value: name, Public: false}
if strings.HasPrefix(name, "TSURU_S3_") {
envVar.InstanceName = s3InstanceName
}
app.Env[name] = envVar
}
token, err := auth.CreateApplicationToken(app.Name)
c.Assert(err, gocheck.IsNil)
app.Env["TSURU_APP_TOKEN"] = bind.EnvVar{Name: "TSURU_APP_NAME", Value: token.Token}
err = s.conn.Apps().Insert(app)
c.Assert(err, gocheck.IsNil)
defer s.conn.Apps().Remove(bson.M{"name": app.Name})
ctx := action.BWContext{Params: []interface{}{&app}}
exportEnvironmentsAction.Backward(ctx)
copy, err := GetByName(app.Name)
c.Assert(err, gocheck.IsNil)
for _, name := range envNames {
if _, ok := copy.Env[name]; ok {
c.Errorf("Variable %q should be unexported, but it's still exported.", name)
}
}
_, err = auth.GetToken("bearer " + token.Token)
c.Assert(err, gocheck.Equals, auth.ErrInvalidToken)
}
func (fn AdminRequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
setVersionHeaders(w)
defer func() {
if r.Body != nil {
r.Body.Close()
}
}()
fw := io.FlushingWriter{ResponseWriter: w}
header := r.Header.Get("Authorization")
if header == "" {
http.Error(&fw, "You must provide the Authorization header", http.StatusUnauthorized)
} else if t, err := auth.GetToken(header); err != nil {
http.Error(&fw, "Invalid token", http.StatusUnauthorized)
} else if user, err := t.User(); err != nil || !user.IsAdmin() {
http.Error(&fw, "Forbidden", http.StatusForbidden)
} else if err = fn(&fw, r, t); err != nil {
code := http.StatusInternalServerError
if e, ok := err.(*errors.HTTP); ok {
code = e.Code
}
if fw.Wrote() {
fmt.Fprintln(&fw, err)
} else {
http.Error(&fw, err.Error(), code)
}
log.Error(err.Error())
}
}
func (s *S) TestExportEnvironmentsForward(c *gocheck.C) {
expectedHost := "localhost"
config.Set("host", expectedHost)
app := App{Name: "mist", Platform: "opeth"}
err := s.conn.Apps().Insert(app)
c.Assert(err, gocheck.IsNil)
defer s.conn.Apps().Remove(bson.M{"name": app.Name})
env := s3Env{
Auth: aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"},
bucket: app.Name + "-bucket",
endpoint: s.t.S3Server.URL(),
locationConstraint: true,
}
ctx := action.FWContext{Params: []interface{}{&app}, Previous: &env}
result, err := exportEnvironmentsAction.Forward(ctx)
c.Assert(err, gocheck.IsNil)
c.Assert(result, gocheck.Equals, &env)
err = app.Get()
c.Assert(err, gocheck.IsNil)
appEnv := app.InstanceEnv(s3InstanceName)
c.Assert(appEnv["TSURU_S3_ENDPOINT"].Value, gocheck.Equals, env.endpoint)
c.Assert(appEnv["TSURU_S3_ENDPOINT"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_S3_LOCATIONCONSTRAINT"].Value, gocheck.Equals, "true")
c.Assert(appEnv["TSURU_S3_LOCATIONCONSTRAINT"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_S3_ACCESS_KEY_ID"].Value, gocheck.Equals, env.AccessKey)
c.Assert(appEnv["TSURU_S3_ACCESS_KEY_ID"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_S3_SECRET_KEY"].Value, gocheck.Equals, env.SecretKey)
c.Assert(appEnv["TSURU_S3_SECRET_KEY"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_S3_BUCKET"].Value, gocheck.Equals, env.bucket)
c.Assert(appEnv["TSURU_S3_BUCKET"].Public, gocheck.Equals, false)
appEnv = app.InstanceEnv("")
c.Assert(appEnv["TSURU_APPNAME"].Value, gocheck.Equals, app.Name)
c.Assert(appEnv["TSURU_APPNAME"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_HOST"].Value, gocheck.Equals, expectedHost)
c.Assert(appEnv["TSURU_HOST"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_APP_TOKEN"].Value, gocheck.Not(gocheck.Equals), "")
c.Assert(appEnv["TSURU_APP_TOKEN"].Public, gocheck.Equals, false)
t, err := auth.GetToken("bearer " + appEnv["TSURU_APP_TOKEN"].Value)
c.Assert(err, gocheck.IsNil)
c.Assert(t.AppName, gocheck.Equals, app.Name)
message, err := aqueue().Get(2e9)
c.Assert(err, gocheck.IsNil)
defer message.Delete()
c.Assert(message.Action, gocheck.Equals, regenerateApprc)
c.Assert(message.Args, gocheck.DeepEquals, []string{app.Name})
}
func validate(token string, r *http.Request) (*auth.Token, error) {
if token == "" {
return nil, &errors.HTTP{
Message: "You must provide the Authorization header",
}
}
invalid := &errors.HTTP{Message: "Invalid token"}
t, err := auth.GetToken(token)
if err != nil {
return nil, invalid
}
if t.AppName != "" {
if q := r.URL.Query().Get(":app"); q != "" && t.AppName != q {
return nil, invalid
}
}
return t, nil
}
