func startKontrol(pem, pub string, port int) (*Kontrol, *Config) {
conf := config.New()
conf.Username = "******"
conf.KontrolURL = fmt.Sprintf("http://localhost:%d/kite", port)
conf.KontrolKey = pub
conf.KontrolUser = "******"
conf.KiteKey = testutil.NewToken("testuser", pem, pub).Raw
conf.ReadEnvironmentVariables()
DefaultPort = port
kon := New(conf.Copy(), "1.0.0")
// kon.Kite.SetLogLevel(kite.DEBUG)
switch os.Getenv("KONTROL_STORAGE") {
case "etcd":
kon.SetStorage(NewEtcd(nil, kon.Kite.Log))
case "postgres":
p := NewPostgres(nil, kon.Kite.Log)
kon.SetStorage(p)
kon.SetKeyPairStorage(p)
default:
kon.SetStorage(NewEtcd(nil, kon.Kite.Log))
}
kon.AddKeyPair("", pub, pem)
go kon.Run()
<-kon.Kite.ServerReadyNotify()
return kon, &Config{
Config: conf,
Private: pem,
Public: pub,
}
}
func TestRegisterDenyEvil(t *testing.T) {
// TODO(rjeczalik): use sentinel error value instead
const authErr = "no valid authentication key found"
legit, err := NewHelloKite("testuser", conf)
if err != nil {
t.Fatal(err)
}
if _, err = legit.Kite.GetToken(legit.Kite.Kite()); err != nil {
t.Fatal(err)
}
evil := kite.New("testuser", "1.0.0")
evil.Config = conf.Config.Copy()
evil.Config.Port = 6767
evil.Config.Username = "******"
evil.Config.KontrolUser = "******"
evil.Config.KontrolURL = conf.Config.KontrolURL
evil.Config.KiteKey = testutil.NewToken("testuser", testkeys.PrivateEvil, testkeys.PublicEvil).Raw
// KontrolKey can be easily extracted from existing kite.key
evil.Config.KontrolKey = testkeys.Public
evil.Config.ReadEnvironmentVariables()
evilURL := &url.URL{
Scheme: "http",
Host: "127.0.0.1:6767",
Path: "/kite",
}
_, err = evil.Register(evilURL)
if err == nil {
t.Errorf("expected kontrol to deny register request: %s", evil.Kite())
} else {
t.Logf("register denied: %s", err)
}
_, err = evil.GetToken(legit.Kite.Kite())
if err == nil {
t.Errorf("expected kontrol to deny token request: %s", evil.Kite())
} else {
t.Logf("token denied: %s", err)
}
_, err = evil.TellKontrolWithTimeout("registerMachine", 4*time.Second, map[string]interface{}{})
if err == nil {
t.Fatal("expected registerMachine to fail")
}
if !strings.Contains(err.Error(), authErr) {
t.Fatalf("got %q, want %q error", err, authErr)
}
}
func NewHelloKite(name string, conf *Config) (*HelloKite, error) {
k := kite.New(name, "1.0.0")
k.Config = conf.Config.Copy()
k.Config.Port = 0
k.Config.KiteKey = testutil.NewToken(name, conf.Private, conf.Public).Raw
// k.SetLogLevel(kite.DEBUG)
k.HandleFunc("hello", func(r *kite.Request) (interface{}, error) {
return fmt.Sprintf("%s says hello", name), nil
})
go k.Run()
<-k.ServerReadyNotify()
u := &url.URL{
Scheme: "http",
Host: fmt.Sprintf("127.0.0.1:%d", k.Port()),
Path: "/kite",
}
hk := &HelloKite{
Kite: k,
URL: u,
clients: make(map[string]*kite.Client),
regs: make(chan *protocol.RegisterResult, 16),
toks: make(chan struct{}, 16),
renew: make(chan struct{}, 16),
}
hk.Kite.OnRegister(hk.onRegister)
if err := conf.Register(hk); err != nil {
return nil, err
}
return hk, nil
}