particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

worker: Add identity filter and client oauth support

Browse source
This commit is contained in:
sanne 2021-06-07 09:33:21 +02:00 committed by Sanne Raymaekers
parent 968e7b210f
commit 0ea31c39d5
11 changed files with 277 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

26
cmd/osbuild-composer/composer.go
View file

@ -68,7 +68,7 @@ func NewComposer(config *ComposerConfigFile, stateDir, cacheDir string, logger *
return nil, fmt.Errorf("cannot create jobqueue: %v", err) return nil, fmt.Errorf("cannot create jobqueue: %v", err)
} }
c.workers = worker.NewServer(c.logger, jobs, artifactsDir) c.workers = worker.NewServer(c.logger, jobs, artifactsDir, c.config.WorkerAPI.IdentityFilter)
return &c, nil return &c, nil
} }
@ -135,17 +135,21 @@ func (c *Composer) InitLocalWorker(l net.Listener) {
} }
func (c *Composer) InitRemoteWorkers(cert, key string, l net.Listener) error { func (c *Composer) InitRemoteWorkers(cert, key string, l net.Listener) error {
tlsConfig, err := createTLSConfig(&connectionConfig{ if len(c.config.WorkerAPI.IdentityFilter) > 0 {
CACertFile: c.config.Worker.CA, c.workerListener = l
ServerKeyFile: key, } else {
ServerCertFile: cert, tlsConfig, err := createTLSConfig(&connectionConfig{
AllowedDomains: c.config.Worker.AllowedDomains, CACertFile: c.config.Worker.CA,
}) ServerKeyFile: key,
if err != nil { ServerCertFile: cert,
return fmt.Errorf("Error creating TLS configuration for remote worker API: %v", err) AllowedDomains: c.config.Worker.AllowedDomains,
} })
if err != nil {
return fmt.Errorf("Error creating TLS configuration for remote worker API: %v", err)
}
c.workerListener = tls.NewListener(l, tlsConfig) c.workerListener = tls.NewListener(l, tlsConfig)
}
return nil return nil
} }

3
cmd/osbuild-composer/config.go
View file

@ -18,6 +18,9 @@ type ComposerConfigFile struct {
ComposerAPI struct { ComposerAPI struct {
IdentityFilter []string `toml:"identity_filter"` IdentityFilter []string `toml:"identity_filter"`
} `toml:"composer_api"` } `toml:"composer_api"`
WorkerAPI struct {
IdentityFilter []string `toml:"identity_filter"`
} `toml:"worker_api"`
} }
func LoadConfig(name string) (*ComposerConfigFile, error) { func LoadConfig(name string) (*ComposerConfigFile, error) {

23
cmd/osbuild-worker/main.go
View file

@ -90,12 +90,16 @@ func main() {
Azure *struct { Azure *struct {
Credentials string `toml:"credentials"` Credentials string `toml:"credentials"`
} `toml:"azure"` } `toml:"azure"`
Authentication *struct {
OAuthURL string `toml:"oauth_url"`
OfflineTokenPath string `toml:"offline_token"`
} `toml:"authentication"`
} }
var unix bool var unix bool
flag.BoolVar(&unix, "unix", false, "Interpret 'address' as a path to a unix domain socket instead of a network address") flag.BoolVar(&unix, "unix", false, "Interpret 'address' as a path to a unix domain socket instead of a network address")
flag.Usage = func() { flag.Usage = func() {
fmt.Fprintf(flag.CommandLine.Output(), "Usage: %s [-unix] address\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), "Usage: %s [-unix] address basepath\n", os.Args[0])
flag.PrintDefaults() flag.PrintDefaults()
os.Exit(0) os.Exit(0)
} }
@ -142,6 +146,21 @@ func main() {
var client *worker.Client var client *worker.Client
if unix { if unix {
client = worker.NewClientUnix(address) client = worker.NewClientUnix(address)
} else if config.Authentication != nil && config.Authentication.OfflineTokenPath != "" {
t, err := ioutil.ReadFile(config.Authentication.OfflineTokenPath)
if err != nil {
log.Fatalf("Could not read offline token: %v", err)
}
token := string(t)
if config.Authentication.OAuthURL == "" {
log.Fatal("OAuth URL should be specified together with the offline token")
}
client, err = worker.NewClient("https://"+address, nil, &token, &config.Authentication.OAuthURL)
if err != nil {
log.Fatalf("Error creating worker client: %v", err)
}
} else { } else {
conf, err := createTLSConfig(&connectionConfig{ conf, err := createTLSConfig(&connectionConfig{
CACertFile: "/etc/osbuild-composer/ca-crt.pem", CACertFile: "/etc/osbuild-composer/ca-crt.pem",
@ -152,7 +171,7 @@ func main() {
log.Fatalf("Error creating TLS config: %v", err) log.Fatalf("Error creating TLS config: %v", err)
} }
client, err = worker.NewClient("https://"+address, conf) client, err = worker.NewClient("https://"+address, conf, nil, nil)
if err != nil { if err != nil {
log.Fatalf("Error creating worker client: %v", err) log.Fatalf("Error creating worker client: %v", err)
} }

5
docs/news/unreleased/worker-oauth2-support.md Normal file
View file

@ -0,0 +1,5 @@
# Workers: oauth2 support
This change is mainly targeted for getting composer into `cloud.redhat.com`. It
allows remote workers to connect to composer starting from a refresh token, and
is offered as an alternative to the client certificate authentication.

19
internal/cloudapi/server.go
View file

@ -34,16 +34,6 @@ type Server struct {
type contextKey int type contextKey int
const (
identityHeaderKey contextKey = iota
)
type IdentityHeader struct {
Identity struct {
AccountNumber string `json:"account_number"`
} `json:"identity"`
}
// NewServer creates a new cloud server // NewServer creates a new cloud server
func NewServer(workers *worker.Server, rpmMetadata rpmmd.RPMMD, distros *distroregistry.Registry) *Server { func NewServer(workers *worker.Server, rpmMetadata rpmmd.RPMMD, distros *distroregistry.Registry) *Server {
server := &Server{ server := &Server{
@ -72,6 +62,13 @@ func (server *Server) Handler(path string, identityFilter []string) http.Handler
func (server *Server) VerifyIdentityHeader(next http.Handler) http.Handler { func (server *Server) VerifyIdentityHeader(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const identityHeaderKey contextKey = iota
type identityHeader struct {
Identity struct {
AccountNumber string `json:"account_number"`
} `json:"identity"`
}
idHeaderB64 := r.Header["X-Rh-Identity"] idHeaderB64 := r.Header["X-Rh-Identity"]
if len(idHeaderB64) != 1 { if len(idHeaderB64) != 1 {
http.Error(w, "Auth header is not present", http.StatusNotFound) http.Error(w, "Auth header is not present", http.StatusNotFound)
@ -84,7 +81,7 @@ func (server *Server) VerifyIdentityHeader(next http.Handler) http.Handler {
return return
} }
var idHeader IdentityHeader var idHeader identityHeader
err = json.Unmarshal([]byte(strings.TrimSuffix(fmt.Sprintf("%s", b64Result), "\n")), &idHeader) err = json.Unmarshal([]byte(strings.TrimSuffix(fmt.Sprintf("%s", b64Result), "\n")), &idHeader)
if err != nil { if err != nil {
http.Error(w, "Auth header has incorrect format", http.StatusNotFound) http.Error(w, "Auth header has incorrect format", http.StatusNotFound)

2
internal/mocks/rpmmd/fixtures.go
View file

@ -57,7 +57,7 @@ func createBaseWorkersFixture(tmpdir string) *worker.Server {
if err != nil { if err != nil {
panic(err) panic(err)
} }
return worker.NewServer(nil, q, "") return worker.NewServer(nil, q, "", []string{})
} }
func createBaseDepsolveFixture() []rpmmd.PackageSpec { func createBaseDepsolveFixture() []rpmmd.PackageSpec {

13
internal/test/helpers.go
View file

@ -50,9 +50,14 @@ func externalRequest(method, path, body string) *http.Response {
return resp return resp
} }
func internalRequest(api http.Handler, method, path, body string) *http.Response { func internalRequest(api http.Handler, method, path, body string, header map[string]string) *http.Response {
req := httptest.NewRequest(method, path, bytes.NewReader([]byte(body))) req := httptest.NewRequest(method, path, bytes.NewReader([]byte(body)))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
for k, h := range header {
req.Header.Set(k, h)
}
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
api.ServeHTTP(resp, req) api.ServeHTTP(resp, req)
@ -66,10 +71,14 @@ func SendHTTP(api http.Handler, external bool, method, path, body string) *http.
} }
return externalRequest(method, path, body) return externalRequest(method, path, body)
} else { } else {
return internalRequest(api, method, path, body) return internalRequest(api, method, path, body, map[string]string{})
} }
} }
func SendHTTPWithHeader(api http.Handler, method, path, body string, header map[string]string) *http.Response {
return internalRequest(api, method, path, body, header)
}
// this function serves to drop fields that shouldn't be tested from the unmarshalled json objects // this function serves to drop fields that shouldn't be tested from the unmarshalled json objects
func dropFields(obj interface{}, fields ...string) { func dropFields(obj interface{}, fields ...string) {
switch v := obj.(type) { switch v := obj.(type) {

1
internal/worker/api/api.go
View file

@ -3,3 +3,4 @@
package api package api
const BasePath = "/api/worker/v1" const BasePath = "/api/worker/v1"
const CloudBasePath = "/api/composer-worker/v1"

125
internal/worker/client.go
View file

@ -10,15 +10,29 @@ import (
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
"strings"
"sync"
"time"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/osbuild/osbuild-composer/internal/common" "github.com/osbuild/osbuild-composer/internal/common"
"github.com/osbuild/osbuild-composer/internal/worker/api" "github.com/osbuild/osbuild-composer/internal/worker/api"
) )
type bearerToken struct {
AccessToken string `json:"access_token"`
ValidForSeconds int `json:"expires_in"`
}
type Client struct { type Client struct {
server *url.URL server *url.URL
requester *http.Client requester *http.Client
offlineToken *string
oAuthURL *string
lastTokenRefresh *time.Time
bearerToken *bearerToken
tokenMu *sync.Mutex
} }
type Job interface { type Job interface {
@ -33,7 +47,7 @@ type Job interface {
} }
type job struct { type job struct {
requester *http.Client client *Client
id uuid.UUID id uuid.UUID
location string location string
artifactLocation string artifactLocation string
@ -42,24 +56,33 @@ type job struct {
dynamicArgs []json.RawMessage dynamicArgs []json.RawMessage
} }
func NewClient(baseURL string, conf *tls.Config) (*Client, error) { func NewClient(baseURL string, conf *tls.Config, offlineToken, oAuthURL *string) (*Client, error) {
server, err := url.Parse(baseURL) server, err := url.Parse(baseURL)
if err != nil { if err != nil {
return nil, err return nil, err
} }
server, err = server.Parse(api.BasePath + "/") bp := api.BasePath
if offlineToken != nil {
bp = api.CloudBasePath
}
server, err = server.Parse(bp + "/")
if err != nil { if err != nil {
panic(err) panic(err)
} }
requester := &http.Client{ if conf != nil && offlineToken != nil {
Transport: &http.Transport{ return nil, fmt.Errorf("error creating client, both tls and oauth are enabled")
TLSClientConfig: conf,
},
} }
return &Client{server, requester}, nil requester := &http.Client{}
if conf != nil {
requester.Transport = &http.Transport{
TLSClientConfig: conf,
}
}
return &Client{server, requester, offlineToken, oAuthURL, nil, nil, &sync.Mutex{}}, nil
} }
func NewClientUnix(path string) *Client { func NewClientUnix(path string) *Client {
@ -81,7 +104,62 @@ func NewClientUnix(path string) *Client {
}, },
} }
return &Client{server, requester} return &Client{server, requester, nil, nil, nil, nil, nil}
}
// Note: Only call this function with Client.tokenMu locked!
func (c *Client) refreshBearerToken() error {
if c.offlineToken == nil || c.oAuthURL == nil {
return fmt.Errorf("No offline token or oauth url available")
}
data := url.Values{}
data.Set("grant_type", "refresh_token")
data.Set("client_id", "rhsm-api")
data.Set("refresh_token", *c.offlineToken)
t := time.Now()
resp, err := http.Post(*c.oAuthURL, "application/x-www-form-urlencoded", strings.NewReader(data.Encode()))
if err != nil {
return err
}
var bt bearerToken
err = json.NewDecoder(resp.Body).Decode(&bt)
if err != nil {
return err
}
c.bearerToken = &bt
c.lastTokenRefresh = &t
return nil
}
func (c *Client) NewRequest(method, url string, body io.Reader) (*http.Request, error) {
req, err := http.NewRequest(method, url, body)
if err != nil {
return nil, err
}
// If we're using OAUTH, add the Bearer token
if c.offlineToken != nil {
// make sure we have a valid token
var d time.Duration
c.tokenMu.Lock()
defer c.tokenMu.Unlock()
if c.lastTokenRefresh != nil {
d = time.Since(*c.lastTokenRefresh)
}
if c.bearerToken == nil || d.Seconds() >= (float64(c.bearerToken.ValidForSeconds)*0.8) {
err = c.refreshBearerToken()
if err != nil {
return nil, err
}
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", c.bearerToken.AccessToken))
}
return req, nil
} }
func (c *Client) RequestJob(types []string) (Job, error) { func (c *Client) RequestJob(types []string) (Job, error) {
@ -100,7 +178,13 @@ func (c *Client) RequestJob(types []string) (Job, error) {
panic(err) panic(err)
} }
response, err := c.requester.Post(url.String(), "application/json", &buf) req, err := c.NewRequest("POST", url.String(), &buf)
if err != nil {
return nil, err
}
req.Header.Add("Content-Type", "application/json")
response, err := c.requester.Do(req)
if err != nil { if err != nil {
return nil, fmt.Errorf("error requesting job: %v", err) return nil, fmt.Errorf("error requesting job: %v", err)
} }
@ -127,7 +211,7 @@ func (c *Client) RequestJob(types []string) (Job, error) {
} }
return &job{ return &job{
requester: c.requester, client: c,
id: jr.Id, id: jr.Id,
jobType: jr.Type, jobType: jr.Type,
args: jr.Args, args: jr.Args,
@ -174,14 +258,14 @@ func (j *job) Update(result interface{}) error {
panic(err) panic(err)
} }
req, err := http.NewRequest("PATCH", j.location, &buf) req, err := j.client.NewRequest("PATCH", j.location, &buf)
if err != nil { if err != nil {
panic(err) panic(err)
} }
req.Header.Add("Content-Type", "application/json") req.Header.Add("Content-Type", "application/json")
response, err := j.requester.Do(req) response, err := j.client.requester.Do(req)
if err != nil { if err != nil {
return fmt.Errorf("error fetching job info: %v", err) return fmt.Errorf("error fetching job info: %v", err)
} }
@ -195,7 +279,12 @@ func (j *job) Update(result interface{}) error {
} }
func (j *job) Canceled() (bool, error) { func (j *job) Canceled() (bool, error) {
response, err := j.requester.Get(j.location) req, err := j.client.NewRequest("GET", j.location, nil)
if err != nil {
return false, err
}
response, err := j.client.requester.Do(req)
if err != nil { if err != nil {
return false, fmt.Errorf("error fetching job info: %v", err) return false, fmt.Errorf("error fetching job info: %v", err)
} }
@ -229,14 +318,14 @@ func (j *job) UploadArtifact(name string, reader io.Reader) error {
panic(err) panic(err)
} }
req, err := http.NewRequest("PUT", loc.String(), reader) req, err := j.client.NewRequest("PUT", loc.String(), reader)
if err != nil { if err != nil {
return fmt.Errorf("cannot create request: %v", err) return fmt.Errorf("cannot create request: %v", err)
} }
req.Header.Add("Content-Type", "application/octet-stream") req.Header.Add("Content-Type", "application/octet-stream")
response, err := j.requester.Do(req) response, err := j.client.requester.Do(req)
if err != nil { if err != nil {
return fmt.Errorf("error uploading artifact: %v", err) return fmt.Errorf("error uploading artifact: %v", err)
} }

71
internal/worker/server.go
View file

@ -2,6 +2,7 @@ package worker
import ( import (
"context" "context"
"encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -11,6 +12,7 @@ import (
"net/http" "net/http"
"os" "os"
"path" "path"
"strings"
"sync" "sync"
"time" "time"
@ -22,9 +24,11 @@ import (
) )
type Server struct { type Server struct {
jobs jobqueue.JobQueue jobs jobqueue.JobQueue
logger *log.Logger logger *log.Logger
artifactsDir string artifactsDir string
identityFilter []string
basePath string
// Currently running jobs. Workers are not handed job ids, but // Currently running jobs. Workers are not handed job ids, but
// independent tokens which serve as an indirection. This enables // independent tokens which serve as an indirection. This enables
@ -48,12 +52,14 @@ type JobStatus struct {
var ErrTokenNotExist = errors.New("worker token does not exist") var ErrTokenNotExist = errors.New("worker token does not exist")
func NewServer(logger *log.Logger, jobs jobqueue.JobQueue, artifactsDir string) *Server { func NewServer(logger *log.Logger, jobs jobqueue.JobQueue, artifactsDir string, identityFilter []string) *Server {
return &Server{ return &Server{
jobs: jobs, jobs: jobs,
logger: logger, logger: logger,
artifactsDir: artifactsDir, artifactsDir: artifactsDir,
running: make(map[uuid.UUID]uuid.UUID), identityFilter: identityFilter,
running: make(map[uuid.UUID]uuid.UUID),
} }
} }
@ -68,14 +74,57 @@ func (s *Server) Handler() http.Handler {
e.DefaultHTTPErrorHandler(err, c) e.DefaultHTTPErrorHandler(err, c)
} }
var mws []echo.MiddlewareFunc
if len(s.identityFilter) > 0 {
mws = append(mws, s.VerifyIdentityHeader)
}
handler := apiHandlers{ handler := apiHandlers{
server: s, server: s,
} }
api.RegisterHandlers(e.Group(api.BasePath), &handler) api.RegisterHandlers(e.Group(api.BasePath, mws...), &handler)
api.RegisterHandlers(e.Group(api.CloudBasePath, mws...), &handler)
return e return e
} }
func (s *Server) VerifyIdentityHeader(nextHandler echo.HandlerFunc) echo.HandlerFunc {
return func(ctx echo.Context) error {
type identityHeader struct {
Identity struct {
AccountNumber string `json:"account_number"`
} `json:"identity"`
}
request := ctx.Request()
idHeaderB64 := request.Header["X-Rh-Identity"]
if len(idHeaderB64) != 1 {
return echo.NewHTTPError(http.StatusNotFound, "Auth header is not present")
}
b64Result, err := base64.StdEncoding.DecodeString(idHeaderB64[0])
if err != nil {
return echo.NewHTTPError(http.StatusNotFound, "Auth header has incorrect format")
}
var idHeader identityHeader
err = json.Unmarshal([]byte(strings.TrimSuffix(fmt.Sprintf("%s", b64Result), "\n")), &idHeader)
if err != nil {
return echo.NewHTTPError(http.StatusNotFound, "Auth header has incorrect format")
}
for _, i := range s.identityFilter {
if idHeader.Identity.AccountNumber == i {
ctx.Set("IdentityHeader", idHeader)
return nextHandler(ctx)
}
}
return echo.NewHTTPError(http.StatusNotFound, "Account not allowed")
}
}
func (s *Server) EnqueueOSBuild(arch string, job *OSBuildJob) (uuid.UUID, error) { func (s *Server) EnqueueOSBuild(arch string, job *OSBuildJob) (uuid.UUID, error) {
return s.jobs.Enqueue("osbuild:"+arch, job, nil) return s.jobs.Enqueue("osbuild:"+arch, job, nil)
} }
@ -302,8 +351,8 @@ func (h *apiHandlers) RequestJob(ctx echo.Context) error {
return ctx.JSON(http.StatusCreated, requestJobResponse{ return ctx.JSON(http.StatusCreated, requestJobResponse{
Id: jobId, Id: jobId,
Location: fmt.Sprintf("%s/jobs/%v", api.BasePath, token), Location: fmt.Sprintf("%s/jobs/%v", h.server.basePath, token),
ArtifactLocation: fmt.Sprintf("%s/jobs/%v/artifacts/", api.BasePath, token), ArtifactLocation: fmt.Sprintf("%s/jobs/%v/artifacts/", h.server.basePath, token),
Type: jobType, Type: jobType,
Args: jobArgs, Args: jobArgs,
DynamicArgs: dynamicJobArgs, DynamicArgs: dynamicJobArgs,

54
internal/worker/server_test.go
View file

@ -9,6 +9,7 @@ import (
"testing" "testing"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/osbuild/osbuild-composer/internal/distro" "github.com/osbuild/osbuild-composer/internal/distro"
@ -18,12 +19,12 @@ import (
"github.com/osbuild/osbuild-composer/internal/worker" "github.com/osbuild/osbuild-composer/internal/worker"
) )
func newTestServer(t *testing.T, tempdir string) *worker.Server { func newTestServer(t *testing.T, tempdir string, identities []string) *worker.Server {
q, err := fsjobqueue.New(tempdir) q, err := fsjobqueue.New(tempdir)
if err != nil { if err != nil {
t.Fatalf("error creating fsjobqueue: %v", err) t.Fatalf("error creating fsjobqueue: %v", err)
} }
return worker.NewServer(nil, q, "") return worker.NewServer(nil, q, "", identities)
} }
// Ensure that the status request returns OK. // Ensure that the status request returns OK.
@ -32,7 +33,7 @@ func TestStatus(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
defer os.RemoveAll(tempdir) defer os.RemoveAll(tempdir)
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
handler := server.Handler() handler := server.Handler()
test.TestRoute(t, handler, false, "GET", "/api/worker/v1/status", ``, http.StatusOK, `{"status":"OK"}`, "message") test.TestRoute(t, handler, false, "GET", "/api/worker/v1/status", ``, http.StatusOK, `{"status":"OK"}`, "message")
} }
@ -63,7 +64,7 @@ func TestErrors(t *testing.T) {
defer os.RemoveAll(tempdir) defer os.RemoveAll(tempdir)
for _, c := range cases { for _, c := range cases {
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
handler := server.Handler() handler := server.Handler()
test.TestRoute(t, handler, false, c.Method, c.Path, c.Body, c.ExpectedStatus, "{}", "message") test.TestRoute(t, handler, false, c.Method, c.Path, c.Body, c.ExpectedStatus, "{}", "message")
} }
@ -87,7 +88,7 @@ func TestCreate(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("error creating osbuild manifest: %v", err) t.Fatalf("error creating osbuild manifest: %v", err)
} }
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
handler := server.Handler() handler := server.Handler()
_, err = server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest}) _, err = server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest})
@ -116,7 +117,7 @@ func TestCancel(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("error creating osbuild manifest: %v", err) t.Fatalf("error creating osbuild manifest: %v", err)
} }
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
handler := server.Handler() handler := server.Handler()
jobId, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest}) jobId, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest})
@ -157,7 +158,7 @@ func TestUpdate(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("error creating osbuild manifest: %v", err) t.Fatalf("error creating osbuild manifest: %v", err)
} }
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
handler := server.Handler() handler := server.Handler()
jobId, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest}) jobId, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest})
@ -186,7 +187,7 @@ func TestArgs(t *testing.T) {
tempdir, err := ioutil.TempDir("", "worker-tests-") tempdir, err := ioutil.TempDir("", "worker-tests-")
require.NoError(t, err) require.NoError(t, err)
defer os.RemoveAll(tempdir) defer os.RemoveAll(tempdir)
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
job := worker.OSBuildJob{ job := worker.OSBuildJob{
Manifest: manifest, Manifest: manifest,
@ -226,7 +227,7 @@ func TestUpload(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("error creating osbuild manifest: %v", err) t.Fatalf("error creating osbuild manifest: %v", err)
} }
server := newTestServer(t, tempdir) server := newTestServer(t, tempdir, []string{})
handler := server.Handler() handler := server.Handler()
jobID, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest}) jobID, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest})
@ -241,3 +242,38 @@ func TestUpload(t *testing.T) {
test.TestRoute(t, handler, false, "PUT", fmt.Sprintf("/api/worker/v1/jobs/%s/artifacts/foobar", token), `this is my artifact`, http.StatusOK, `?`) test.TestRoute(t, handler, false, "PUT", fmt.Sprintf("/api/worker/v1/jobs/%s/artifacts/foobar", token), `this is my artifact`, http.StatusOK, `?`)
} }
func TestIdentities(t *testing.T) {
tempdir, err := ioutil.TempDir("", "worker-tests-")
require.NoError(t, err)
defer os.RemoveAll(tempdir)
// distroStruct := test_distro.New()
// arch, err := distroStruct.GetArch(test_distro.TestArchName)
// require.NoError(t, err)
// imageType, err := arch.GetImageType(test_distro.TestImageTypeName)
// require.NoError(t, err)
// manifest, err := imageType.Manifest(nil, distro.ImageOptions{Size: imageType.Size(0)}, nil, nil, 0)
// require.NoError(t, err)
server := newTestServer(t, tempdir, []string{"000000"})
handler := server.Handler()
// _, err := server.EnqueueOSBuild(arch.Name(), &worker.OSBuildJob{Manifest: manifest})
// require.NoError(t, err)
test.TestRoute(t, handler, false, "GET", "/api/worker/v1/status", ``, http.StatusNotFound, `{"message":"Auth header is not present"}`, "message")
header := map[string]string{
"x-rh-identity": "eyJlbnRpdGxlbWVudHMiOnsiaW5zaWdodHMiOnsiaXNfZW50aXRsZWQiOnRydWV9LCJzbWFydF9tYW5hZ2VtZW50Ijp7ImlzX2VudGl0bGVkIjp0cnVlfSwib3BlbnNoaWZ0Ijp7ImlzX2VudGl0bGVkIjp0cnVlfSwiaHlicmlkIjp7ImlzX2VudGl0bGVkIjp0cnVlfSwibWlncmF0aW9ucyI6eyJpc19lbnRpdGxlZCI6dHJ1ZX0sImFuc2libGUiOnsiaXNfZW50aXRsZWQiOnRydWV9fSwiaWRlbnRpdHkiOnsiYWNjb3VudF9udW1iZXIiOiIwMDAwMDMiLCJ0eXBlIjoiVXNlciIsInVzZXIiOnsidXNlcm5hbWUiOiJ1c2VyIiwiZW1haWwiOiJ1c2VyQHVzZXIudXNlciIsImZpcnN0X25hbWUiOiJ1c2VyIiwibGFzdF9uYW1lIjoidXNlciIsImlzX2FjdGl2ZSI6dHJ1ZSwiaXNfb3JnX2FkbWluIjp0cnVlLCJpc19pbnRlcm5hbCI6dHJ1ZSwibG9jYWxlIjoiZW4tVVMifSwiaW50ZXJuYWwiOnsib3JnX2lkIjoiMDAwMDAwIn19fQo=",
}
response := test.SendHTTPWithHeader(handler, "GET", "/api/worker/v1/status", ``, header)
assert.Equal(t, 404, response.StatusCode, "status mismatch")
header = map[string]string{
"x-rh-identity": "eyJlbnRpdGxlbWVudHMiOnsiaW5zaWdodHMiOnsiaXNfZW50aXRsZWQiOnRydWV9LCJzbWFydF9tYW5hZ2VtZW50Ijp7ImlzX2VudGl0bGVkIjp0cnVlfSwib3BlbnNoaWZ0Ijp7ImlzX2VudGl0bGVkIjp0cnVlfSwiaHlicmlkIjp7ImlzX2VudGl0bGVkIjp0cnVlfSwibWlncmF0aW9ucyI6eyJpc19lbnRpdGxlZCI6dHJ1ZX0sImFuc2libGUiOnsiaXNfZW50aXRsZWQiOnRydWV9fSwiaWRlbnRpdHkiOnsiYWNjb3VudF9udW1iZXIiOiIwMDAwMDAiLCJ0eXBlIjoiVXNlciIsInVzZXIiOnsidXNlcm5hbWUiOiJ1c2VyIiwiZW1haWwiOiJ1c2VyQHVzZXIudXNlciIsImZpcnN0X25hbWUiOiJ1c2VyIiwibGFzdF9uYW1lIjoidXNlciIsImlzX2FjdGl2ZSI6dHJ1ZSwiaXNfb3JnX2FkbWluIjp0cnVlLCJpc19pbnRlcm5hbCI6dHJ1ZSwibG9jYWxlIjoiZW4tVVMifSwiaW50ZXJuYWwiOnsib3JnX2lkIjoiMDAwMDAwIn19fQ==",
}
response = test.SendHTTPWithHeader(handler, "GET", "/api/worker/v1/status", ``, header)
assert.Equal(t, 200, response.StatusCode, "status mismatch")
}