2022-01-08 23:45:21 +03:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
2022-12-04 01:42:30 +03:00
|
|
|
"net"
|
2022-01-08 23:45:21 +03:00
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestBackendFetchCredential(t *testing.T) {
|
|
|
|
examples := []struct {
|
|
|
|
name string
|
|
|
|
backend Backend
|
|
|
|
resourceName string
|
|
|
|
cred *BackendCredential
|
|
|
|
reqCtx *gin.Context
|
|
|
|
ctx func() (context.Context, context.CancelFunc)
|
|
|
|
err error
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Bad auth token",
|
|
|
|
backend: Backend{Endpoint: "http://localhost:5555/unauthorized"},
|
2022-12-02 20:45:23 +03:00
|
|
|
err: errors.New("backend credential fetch received HTTP status code 401"),
|
2022-01-08 23:45:21 +03:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Backend timeout",
|
|
|
|
backend: Backend{Endpoint: "http://localhost:5555/timeout"},
|
|
|
|
ctx: func() (context.Context, context.CancelFunc) {
|
|
|
|
return context.WithTimeout(context.Background(), time.Millisecond*100)
|
|
|
|
},
|
|
|
|
err: errors.New("Unable to connect to the auth backend"),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Empty response",
|
|
|
|
backend: Backend{Endpoint: "http://localhost:5555/empty-response"},
|
|
|
|
err: errors.New("Connection string is required"),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Missing header",
|
|
|
|
backend: Backend{Endpoint: "http://localhost:5555/pass-header"},
|
2022-12-02 20:45:23 +03:00
|
|
|
err: errors.New("backend credential fetch received HTTP status code 400"),
|
2022-01-08 23:45:21 +03:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Require header",
|
|
|
|
backend: Backend{
|
|
|
|
Endpoint: "http://localhost:5555/pass-header",
|
2022-12-02 20:45:23 +03:00
|
|
|
PassHeaders: []string{"x-foo"},
|
2022-01-08 23:45:21 +03:00
|
|
|
},
|
|
|
|
reqCtx: &gin.Context{
|
|
|
|
Request: &http.Request{
|
|
|
|
Header: http.Header{
|
|
|
|
"X-Foo": []string{"bar"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
cred: &BackendCredential{DatabaseURL: "postgres://hostname/bar"},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Success",
|
|
|
|
backend: Backend{Endpoint: "http://localhost:5555/success"},
|
|
|
|
cred: &BackendCredential{DatabaseURL: "postgres://hostname/dbname"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
srvCtx, srvCancel := context.WithTimeout(context.Background(), time.Minute)
|
|
|
|
defer srvCancel()
|
|
|
|
|
2022-12-04 01:42:30 +03:00
|
|
|
startTestBackend(srvCtx, "localhost:5555")
|
2022-01-08 23:45:21 +03:00
|
|
|
|
|
|
|
for _, ex := range examples {
|
|
|
|
t.Run(ex.name, func(t *testing.T) {
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
if ex.ctx != nil {
|
|
|
|
ctx, cancel = ex.ctx()
|
|
|
|
}
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
reqCtx := ex.reqCtx
|
|
|
|
if reqCtx == nil {
|
|
|
|
reqCtx = &gin.Context{
|
|
|
|
Request: &http.Request{},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
cred, err := ex.backend.FetchCredential(ctx, ex.resourceName, reqCtx)
|
|
|
|
assert.Equal(t, ex.err, err)
|
|
|
|
assert.Equal(t, ex.cred, cred)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func startTestBackend(ctx context.Context, listenAddr string) {
|
|
|
|
router := gin.New()
|
|
|
|
|
|
|
|
router.Use(func(c *gin.Context) {
|
|
|
|
if c.GetHeader("content-type") != "application/json" {
|
|
|
|
c.AbortWithStatus(http.StatusBadRequest)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
router.POST("/unauthorized", func(c *gin.Context) {
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
|
|
})
|
|
|
|
|
|
|
|
router.POST("/timeout", func(c *gin.Context) {
|
|
|
|
time.Sleep(time.Second)
|
|
|
|
c.JSON(http.StatusOK, gin.H{})
|
|
|
|
})
|
|
|
|
|
|
|
|
router.POST("/empty-response", func(c *gin.Context) {
|
|
|
|
c.JSON(http.StatusOK, gin.H{})
|
|
|
|
})
|
|
|
|
|
|
|
|
router.POST("/pass-header", func(c *gin.Context) {
|
|
|
|
req := BackendRequest{}
|
|
|
|
if err := c.BindJSON(&req); err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
header := req.Headers["x-foo"]
|
|
|
|
if header == "" {
|
|
|
|
c.AbortWithStatus(http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
|
|
"database_url": "postgres://hostname/" + header,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
router.POST("/success", func(c *gin.Context) {
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
|
|
"database_url": "postgres://hostname/dbname",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
server := &http.Server{Addr: listenAddr, Handler: router}
|
2022-12-04 01:42:30 +03:00
|
|
|
mustStartServer(server)
|
2022-01-08 23:45:21 +03:00
|
|
|
|
2022-12-04 01:42:30 +03:00
|
|
|
go func() {
|
|
|
|
<-ctx.Done()
|
|
|
|
if err := server.Shutdown(context.Background()); err != nil && err != http.ErrServerClosed {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}()
|
2022-11-15 01:10:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func mustStartServer(server *http.Server) {
|
2022-12-04 01:42:30 +03:00
|
|
|
go func() {
|
|
|
|
err := server.ListenAndServe()
|
|
|
|
if err != nil && err != http.ErrServerClosed {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
if err := waitForServer(server.Addr, 5); err != nil {
|
2022-11-15 01:10:50 +03:00
|
|
|
panic(err)
|
2022-01-08 23:45:21 +03:00
|
|
|
}
|
|
|
|
}
|
2022-12-04 01:42:30 +03:00
|
|
|
|
|
|
|
func waitForServer(addr string, n int) error {
|
|
|
|
var lastErr error
|
|
|
|
|
|
|
|
for i := 0; i < n; i++ {
|
|
|
|
conn, err := net.Dial("tcp", addr)
|
|
|
|
if err == nil {
|
|
|
|
conn.Close()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
lastErr = err
|
|
|
|
time.Sleep(time.Millisecond * 100)
|
|
|
|
}
|
|
|
|
|
|
|
|
return lastErr
|
|
|
|
}
|