Skip to content

chore: improve testing coverage on ExtractProvisionerDaemonAuthenticated middleware #15622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Nov 26, 2024
Merged

chore: improve testing coverage on ExtractProvisionerDaemonAuthenticated middleware #15622

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
1bfbf46
work-on-testing-cases
defelmnq Nov 22, 2024
d9ab576
improve testing coverage
defelmnq Nov 22, 2024
e26f5e1
improve testing coverage
defelmnq Nov 22, 2024
13d6dd9
improve testing coverage
defelmnq Nov 22, 2024
a6afc33
move middlewar
defelmnq Nov 23, 2024
66bd65e
move middlewar
defelmnq Nov 23, 2024
5eafd6d
improve testing coverage
defelmnq Nov 25, 2024
711eeee
improve testing coverage
defelmnq Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
improve testing coverage
  • Loading branch information
@defelmnq
defelmnq committed Nov 25, 2024
commit 5eafd6d38cf6462fb019ecea660789497dc995ce
3 changes: 3 additions & 0 deletions coderd/httpmw/provisionerdaemon.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ type ExtractProvisionerAuthConfig struct {
PSK string
}

// ExtractProvisionerDaemonAuthenticated authenticates a request as a provisioner daemon.
// If the request is not authenticated, the next handler is called unless Optional is true.
// This function currently is tested inside the enterprise package.
func ExtractProvisionerDaemonAuthenticated(opts ExtractProvisionerAuthConfig) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
Expand Down
5 changes: 5 additions & 0 deletions enterprise/coderd/httpmw/doc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
// Package httpmw contains middleware for HTTP handlers.
// Currently, the tested middleware is inside the AGPL package.
// As the middleware also contains enterprise-only logic, tests had to be
// moved here.
package httpmw
103 changes: 84 additions & 19 deletions enterprise/coderd/httpmw/provisionerdaemon_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,13 @@ import (
"testing"

"github.com/go-chi/chi/v5"
"github.com/google/uuid"
"github.com/stretchr/testify/require"
"go.uber.org/mock/gomock"
"golang.org/x/xerrors"

"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbmock"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/enterprise/coderd/coderdenttest"
Expand All @@ -17,6 +22,10 @@ import (
)

func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
const (
//nolint:gosec // test key generated by test
functionalKey = "5Hl2Qw9kX3nM7vB4jR8pY6tA1cF0eD5uI2oL9gN3mZ4"
)
t.Parallel()

tests := []struct {
Expand All @@ -33,8 +42,7 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
DB: nil,
Optional: true,
},
expectedStatusCode: http.StatusOK,
expectedResponseMessage: "",
expectedStatusCode: http.StatusOK,
},
{
name: "NoKeyProvided_NotOptional",
Expand Down Expand Up @@ -62,9 +70,8 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
DB: nil,
Optional: true,
},
provisionerKey: "key",
expectedStatusCode: http.StatusOK,
expectedResponseMessage: "",
provisionerKey: "key",
expectedStatusCode: http.StatusOK,
},
{
name: "InvalidProvisionerKey_NotOptional",
Expand All @@ -82,9 +89,7 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
DB: nil,
Optional: true,
},
provisionerKey: "invalid",
expectedStatusCode: http.StatusOK,
expectedResponseMessage: "",
provisionerKey: "invalid",
},
{
name: "InvalidProvisionerPSK_NotOptional",
Expand All @@ -104,9 +109,8 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
Optional: true,
PSK: "psk",
},
provisionerPSK: "invalid",
expectedStatusCode: http.StatusOK,
expectedResponseMessage: "",
provisionerPSK: "invalid",
expectedStatusCode: http.StatusOK,
},
{
name: "ValidProvisionerPSK_NotOptional",
Expand All @@ -115,9 +119,8 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
Optional: false,
PSK: "ThisIsAValidPSK",
},
provisionerPSK: "ThisIsAValidPSK",
expectedStatusCode: http.StatusOK,
expectedResponseMessage: "",
provisionerPSK: "ThisIsAValidPSK",
expectedStatusCode: http.StatusOK,
},
}

Expand Down Expand Up @@ -152,8 +155,7 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
t.Run("ProvisionerKey", func(t *testing.T) {
t.Parallel()

ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
defer cancel()
ctx := testutil.Context(t, testutil.WaitShort)
client, db, user := coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{
Expand Down Expand Up @@ -188,8 +190,7 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
t.Run("ProvisionerKey_NotFound", func(t *testing.T) {
t.Parallel()

ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
defer cancel()
ctx := testutil.Context(t, testutil.WaitShort)
client, db, user := coderdenttest.NewWithDatabase(t, &coderdenttest.Options{
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{
Expand All @@ -208,7 +209,9 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeCtx))
res := httptest.NewRecorder()

r.Header.Set(codersdk.ProvisionerDaemonKey, "5Hl2Qw9kX3nM7vB4jR8pY6tA1cF0eD5uI2oL9gN3mZ4")
//nolint:gosec // test key generated by test
pkey := "5Hl2Qw9kX3nM7vB4jR8pY6tA1cF0eD5uI2oL9gN3mZ4"
r.Header.Set(codersdk.ProvisionerDaemonKey, pkey)

httpmw.ExtractProvisionerDaemonAuthenticated(httpmw.ExtractProvisionerAuthConfig{
DB: db,
Expand All @@ -221,4 +224,66 @@ func TestExtractProvisionerDaemonAuthenticated(t *testing.T) {
require.Equal(t, http.StatusUnauthorized, res.Result().StatusCode)
require.Contains(t, res.Body.String(), "provisioner daemon key invalid")
})

t.Run("ProvisionerKey_CompareFail", func(t *testing.T) {
t.Parallel()

ctrl := gomock.NewController(t)
mockDB := dbmock.NewMockStore(ctrl)

gomock.InOrder(
mockDB.EXPECT().GetProvisionerKeyByHashedSecret(gomock.Any(), gomock.Any()).Times(1).Return(database.ProvisionerKey{
ID: uuid.New(),
HashedSecret: []byte("hashedSecret"),
}, nil),
)

routeCtx := chi.NewRouteContext()
r := httptest.NewRequest(http.MethodGet, "/", nil)
r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeCtx))
res := httptest.NewRecorder()

r.Header.Set(codersdk.ProvisionerDaemonKey, functionalKey)

httpmw.ExtractProvisionerDaemonAuthenticated(httpmw.ExtractProvisionerAuthConfig{
DB: mockDB,
Optional: false,
})(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusOK)
})).ServeHTTP(res, r)

//nolint:bodyclose
require.Equal(t, http.StatusUnauthorized, res.Result().StatusCode)
require.Contains(t, res.Body.String(), "provisioner daemon key invalid")
})

t.Run("ProvisionerKey_DBError", func(t *testing.T) {
t.Parallel()

ctrl := gomock.NewController(t)
mockDB := dbmock.NewMockStore(ctrl)

gomock.InOrder(
mockDB.EXPECT().GetProvisionerKeyByHashedSecret(gomock.Any(), gomock.Any()).Times(1).Return(database.ProvisionerKey{}, xerrors.New("error")),
)

routeCtx := chi.NewRouteContext()
r := httptest.NewRequest(http.MethodGet, "/", nil)
r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, routeCtx))
res := httptest.NewRecorder()

//nolint:gosec // test key generated by test
r.Header.Set(codersdk.ProvisionerDaemonKey, functionalKey)

httpmw.ExtractProvisionerDaemonAuthenticated(httpmw.ExtractProvisionerAuthConfig{
DB: mockDB,
Optional: false,
})(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusOK)
})).ServeHTTP(res, r)

//nolint:bodyclose
require.Equal(t, http.StatusUnauthorized, res.Result().StatusCode)
require.Contains(t, res.Body.String(), "get provisioner daemon key")
})
}
Loading