Commit 2951a099 authored by Pawel Chojnacki's avatar Pawel Chojnacki

Add tests for token auth.

parent beb81e14
module RequiresWhitelistedMonitoringClient module RequiresWhitelistedMonitoringClient
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
before_action :validate_ip_whitelisted_or_token_is_valid! before_action :validate_ip_whitelisted_or_valid_token!
end end
private private
def validate_ip_whitelisted_or_token_is_valid! def validate_ip_whitelisted_or_valid_token!
render_404 unless client_ip_whitelisted? || token_valid? render_404 unless client_ip_whitelisted? || valid_token?
end end
def client_ip_whitelisted? def client_ip_whitelisted?
...@@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient ...@@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient
@ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new)) @ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
end end
def token_valid? def valid_token?
token = params[:token].presence || request.headers['TOKEN'] token = params[:token].presence || request.headers['TOKEN']
token.present? && token.present? &&
ActiveSupport::SecurityUtils.variable_size_secure_compare( ActiveSupport::SecurityUtils.variable_size_secure_compare(
......
...@@ -46,8 +46,6 @@ describe HealthCheckController do ...@@ -46,8 +46,6 @@ describe HealthCheckController do
end end
context 'when services are up and accessed from whitelisted ips' do context 'when services are up and accessed from whitelisted ips' do
let(:ip) { '127.0.0.1' }
before do before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip) allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end end
......
...@@ -4,6 +4,7 @@ describe HealthController do ...@@ -4,6 +4,7 @@ describe HealthController do
include StubENV include StubENV
let(:json_response) { JSON.parse(response.body) } let(:json_response) { JSON.parse(response.body) }
let(:token) { current_application_settings.health_check_access_token }
let(:whitelisted_ip) { '127.0.0.1' } let(:whitelisted_ip) { '127.0.0.1' }
let(:not_whitelisted_ip) { '127.0.0.2' } let(:not_whitelisted_ip) { '127.0.0.2' }
...@@ -13,13 +14,11 @@ describe HealthController do ...@@ -13,13 +14,11 @@ describe HealthController do
end end
describe '#readiness' do describe '#readiness' do
context 'accessed from whitelisted ip' do shared_context 'endpoint responding with readiness data' do
before do subject { get :readiness }
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it 'returns proper response' do it 'responds with readiness checks data' do
get :readiness subject
expect(json_response['db_check']['status']).to eq('ok') expect(json_response['db_check']['status']).to eq('ok')
expect(json_response['redis_check']['status']).to eq('ok') expect(json_response['redis_check']['status']).to eq('ok')
...@@ -28,27 +27,49 @@ describe HealthController do ...@@ -28,27 +27,49 @@ describe HealthController do
end end
end end
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it_behaves_like 'endpoint responding with readiness data'
end
context 'accessed from not whitelisted ip' do context 'accessed from not whitelisted ip' do
before do before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip) allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
end end
it 'returns proper response' do it 'responds with resource not found' do
get :readiness get :readiness
expect(response.status).to eq(404) expect(response.status).to eq(404)
end end
context 'accessed with valid token' do
context 'token passed in request header' do
before do
request.headers['TOKEN'] = token
end
it_behaves_like 'endpoint responding with readiness data'
end
end
context 'token passed as URL param' do
it_behaves_like 'endpoint responding with readiness data' do
subject { get :readiness, token: token }
end
end
end end
end end
describe '#liveness' do describe '#liveness' do
context 'accessed from whitelisted ip' do shared_context 'endpoint responding with liveness data' do
before do subject { get :liveness }
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it 'returns proper response' do it 'responds with liveness checks data' do
get :liveness subject
expect(json_response['db_check']['status']).to eq('ok') expect(json_response['db_check']['status']).to eq('ok')
expect(json_response['redis_check']['status']).to eq('ok') expect(json_response['redis_check']['status']).to eq('ok')
...@@ -56,16 +77,40 @@ describe HealthController do ...@@ -56,16 +77,40 @@ describe HealthController do
end end
end end
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it_behaves_like 'endpoint responding with liveness data'
end
context 'accessed from not whitelisted ip' do context 'accessed from not whitelisted ip' do
before do before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip) allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
end end
it 'returns proper response' do it 'responds with resource not found' do
get :liveness get :liveness
expect(response.status).to eq(404) expect(response.status).to eq(404)
end end
context 'accessed with valid token' do
context 'token passed in request header' do
before do
request.headers['TOKEN'] = token
end
it_behaves_like 'endpoint responding with liveness data'
end
context 'token passed as URL param' do
it_behaves_like 'endpoint responding with liveness data' do
subject { get :liveness, token: token }
end
end
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment