influxdb/chronograf/server/middle_test.go

package server

import (
	"context"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/bouk/httprouter"
	"github.com/influxdata/platform/chronograf"
	"github.com/influxdata/platform/chronograf/mocks"
	"github.com/influxdata/platform/chronograf/oauth2"
)

func TestRouteMatchesPrincipal(t *testing.T) {
	type fields struct {
		OrganizationsStore chronograf.OrganizationsStore
		Logger             chronograf.Logger
	}
	type args struct {
		useAuth      bool
		principal    *oauth2.Principal
		routerParams *httprouter.Params
	}
	type wants struct {
		matches bool
	}
	tests := []struct {
		name   string
		fields fields
		args   args
		wants  wants
	}{
		{
			name: "route matches request params",
			fields: fields{
				Logger: &chronograf.NoopLogger{},
				OrganizationsStore: &mocks.OrganizationsStore{
					DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {
						return &chronograf.Organization{
							ID: "default",
						}, nil
					},
				},
			},
			args: args{
				useAuth: true,
				principal: &oauth2.Principal{
					Subject:      "user",
					Issuer:       "github",
					Organization: "default",
				},
				routerParams: &httprouter.Params{
					{
						Key:   "oid",
						Value: "default",
					},
				},
			},
			wants: wants{
				matches: true,
			},
		},
		{
			name: "route does not match request params",
			fields: fields{
				Logger: &chronograf.NoopLogger{},
				OrganizationsStore: &mocks.OrganizationsStore{
					DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {
						return &chronograf.Organization{
							ID: "default",
						}, nil
					},
				},
			},
			args: args{
				useAuth: true,
				principal: &oauth2.Principal{
					Subject:      "user",
					Issuer:       "github",
					Organization: "default",
				},
				routerParams: &httprouter.Params{
					{
						Key:   "oid",
						Value: "other",
					},
				},
			},
			wants: wants{
				matches: false,
			},
		},
		{
			name: "missing principal",
			fields: fields{
				Logger: &chronograf.NoopLogger{},
				OrganizationsStore: &mocks.OrganizationsStore{
					DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {
						return &chronograf.Organization{
							ID: "default",
						}, nil
					},
				},
			},
			args: args{
				useAuth:   true,
				principal: nil,
				routerParams: &httprouter.Params{
					{
						Key:   "oid",
						Value: "other",
					},
				},
			},
			wants: wants{
				matches: false,
			},
		},
		{
			name: "not using auth",
			fields: fields{
				Logger: &chronograf.NoopLogger{},
				OrganizationsStore: &mocks.OrganizationsStore{
					DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {
						return &chronograf.Organization{
							ID: "default",
						}, nil
					},
				},
			},
			args: args{
				useAuth: false,
				principal: &oauth2.Principal{
					Subject:      "user",
					Issuer:       "github",
					Organization: "default",
				},
				routerParams: &httprouter.Params{
					{
						Key:   "oid",
						Value: "other",
					},
				},
			},
			wants: wants{
				matches: true,
			},
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			store := &mocks.Store{
				OrganizationsStore: tt.fields.OrganizationsStore,
			}
			var matches bool
			next := func(w http.ResponseWriter, r *http.Request) {
				matches = true
			}
			fn := RouteMatchesPrincipal(
				store,
				tt.args.useAuth,
				tt.fields.Logger,
				next,
			)

			w := httptest.NewRecorder()
			url := "http://any.url"
			r := httptest.NewRequest(
				"GET",
				url,
				nil,
			)
			if tt.args.routerParams != nil {
				r = r.WithContext(httprouter.WithParams(r.Context(), *tt.args.routerParams))
			}
			if tt.args.principal == nil {
				r = r.WithContext(context.WithValue(r.Context(), oauth2.PrincipalKey, nil))
			} else {
				r = r.WithContext(context.WithValue(r.Context(), oauth2.PrincipalKey, *tt.args.principal))
			}
			fn(w, r)

			if matches != tt.wants.matches {
				t.Errorf("%q. RouteMatchesPrincipal() = %v, expected %v", tt.name, matches, tt.wants.matches)
			}

			if !matches && w.Code != http.StatusForbidden {
				t.Errorf("%q. RouteMatchesPrincipal() Status Code = %v, expected %v", tt.name, w.Code, http.StatusForbidden)
			}

		})
	}
}
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`package server`

			`import (`
			`"context"`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

			`"github.com/bouk/httprouter"`
chore(chronograf): change package imports to be nested under platform The following command it what was executed: find . -type f \|grep chronograf \| xargs perl -p -i -e 's\|github.com/influxdata/chronograf\|github.com/influxdata/platform/chronograf\|g' 2018-07-19 20:52:14 +00:00			`"github.com/influxdata/platform/chronograf"`
			`"github.com/influxdata/platform/chronograf/mocks"`
			`"github.com/influxdata/platform/chronograf/oauth2"`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`)`

			`func TestRouteMatchesPrincipal(t *testing.T) {`
			`type fields struct {`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`OrganizationsStore chronograf.OrganizationsStore`
			`Logger chronograf.Logger`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`}`
			`type args struct {`
			`useAuth bool`
			`principal *oauth2.Principal`
			`routerParams *httprouter.Params`
			`}`
			`type wants struct {`
			`matches bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`wants wants`
			`}{`
			`{`
			`name: "route matches request params",`
			`fields: fields{`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00			`Logger: &chronograf.NoopLogger{},`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`OrganizationsStore: &mocks.OrganizationsStore{`
			`DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {`
			`return &chronograf.Organization{`
			`ID: "default",`
			`}, nil`
			`},`
			`},`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`},`
			`args: args{`
			`useAuth: true,`
			`principal: &oauth2.Principal{`
			`Subject: "user",`
			`Issuer: "github",`
			`Organization: "default",`
			`},`
			`routerParams: &httprouter.Params{`
			`{`
			`Key: "oid",`
			`Value: "default",`
			`},`
			`},`
			`},`
			`wants: wants{`
			`matches: true,`
			`},`
			`},`
			`{`
			`name: "route does not match request params",`
			`fields: fields{`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00			`Logger: &chronograf.NoopLogger{},`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`OrganizationsStore: &mocks.OrganizationsStore{`
			`DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {`
			`return &chronograf.Organization{`
			`ID: "default",`
			`}, nil`
			`},`
			`},`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`},`
			`args: args{`
			`useAuth: true,`
			`principal: &oauth2.Principal{`
			`Subject: "user",`
			`Issuer: "github",`
			`Organization: "default",`
			`},`
			`routerParams: &httprouter.Params{`
			`{`
			`Key: "oid",`
			`Value: "other",`
			`},`
			`},`
			`},`
			`wants: wants{`
			`matches: false,`
			`},`
			`},`
			`{`
			`name: "missing principal",`
			`fields: fields{`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00			`Logger: &chronograf.NoopLogger{},`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`OrganizationsStore: &mocks.OrganizationsStore{`
			`DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {`
			`return &chronograf.Organization{`
			`ID: "default",`
			`}, nil`
			`},`
			`},`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`},`
			`args: args{`
			`useAuth: true,`
			`principal: nil,`
			`routerParams: &httprouter.Params{`
			`{`
			`Key: "oid",`
			`Value: "other",`
			`},`
			`},`
			`},`
			`wants: wants{`
			`matches: false,`
			`},`
			`},`
			`{`
			`name: "not using auth",`
			`fields: fields{`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00			`Logger: &chronograf.NoopLogger{},`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`OrganizationsStore: &mocks.OrganizationsStore{`
			`DefaultOrganizationF: func(ctx context.Context) (*chronograf.Organization, error) {`
			`return &chronograf.Organization{`
			`ID: "default",`
			`}, nil`
			`},`
			`},`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`},`
			`args: args{`
			`useAuth: false,`
			`principal: &oauth2.Principal{`
			`Subject: "user",`
			`Issuer: "github",`
			`Organization: "default",`
			`},`
			`routerParams: &httprouter.Params{`
			`{`
			`Key: "oid",`
			`Value: "other",`
			`},`
			`},`
			`},`
			`wants: wants{`
			`matches: true,`
			`},`
			`},`
			`}`

			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`store := &mocks.Store{`
			`OrganizationsStore: tt.fields.OrganizationsStore,`
			`}`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`var matches bool`
			`next := func(w http.ResponseWriter, r *http.Request) {`
			`matches = true`
			`}`
			`fn := RouteMatchesPrincipal(`
Fix RouteMatchesPrincipal if org isnt on principal 2018-01-17 17:42:32 +00:00			`store,`
Nest user routes under organization Add global user routes 2018-01-16 21:45:58 +00:00			`tt.args.useAuth,`
			`tt.fields.Logger,`
			`next,`
			`)`

			`w := httptest.NewRecorder()`
			`url := "http://any.url"`
			`r := httptest.NewRequest(`
			`"GET",`
			`url,`
			`nil,`
			`)`
			`if tt.args.routerParams != nil {`
			`r = r.WithContext(httprouter.WithParams(r.Context(), *tt.args.routerParams))`
			`}`
			`if tt.args.principal == nil {`
			`r = r.WithContext(context.WithValue(r.Context(), oauth2.PrincipalKey, nil))`
			`} else {`
			`r = r.WithContext(context.WithValue(r.Context(), oauth2.PrincipalKey, *tt.args.principal))`
			`}`
			`fn(w, r)`

			`if matches != tt.wants.matches {`
			`t.Errorf("%q. RouteMatchesPrincipal() = %v, expected %v", tt.name, matches, tt.wants.matches)`
			`}`

			`if !matches && w.Code != http.StatusForbidden {`
			`t.Errorf("%q. RouteMatchesPrincipal() Status Code = %v, expected %v", tt.name, w.Code, http.StatusForbidden)`
			`}`

			`})`
			`}`
			`}`