From cd0d5599ad6910a2a0057b4280ad2470d18ff46d Mon Sep 17 00:00:00 2001 From: Nikhil Sinha <131262146+nikhilsinhaparseable@users.noreply.github.com> Date: Tue, 17 Sep 2024 11:59:14 +0530 Subject: [PATCH] fix for server change (#76) server change: ingestion using POST /logstream/{logstream} is restricted quest change: use ingest client to ingest in the test --- quest_test.go | 18 +++++++++++++----- test_utils.go | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 37 insertions(+), 29 deletions(-) diff --git a/quest_test.go b/quest_test.go index 8049e80..f7ce55f 100644 --- a/quest_test.go +++ b/quest_test.go @@ -439,7 +439,7 @@ func TestSmokeRbacBasic(t *testing.T) { userClient := NewGlob.QueryClient userClient.Username = "dummy" userClient.Password = RegenPassword(t, NewGlob.QueryClient, "dummy") - checkAPIAccess(t, userClient, NewGlob.Stream, "editor") + checkAPIAccess(t, userClient, NewGlob.QueryClient, NewGlob.Stream, "editor") DeleteUser(t, NewGlob.QueryClient, "dummy") DeleteRole(t, NewGlob.QueryClient, "dummy") } @@ -474,11 +474,19 @@ func TestSmokeRoles(t *testing.T) { AssertRole(t, NewGlob.QueryClient, tc.roleName, tc.body) username := tc.roleName + "_user" password := CreateUserWithRole(t, NewGlob.QueryClient, username, []string{tc.roleName}) + var ingestClient HTTPClient + queryClient := NewGlob.QueryClient + queryClient.Username = username + queryClient.Password = password + if NewGlob.IngestorUrl.String() != "" { + ingestClient := NewGlob.IngestorClient + ingestClient.Username = username + ingestClient.Password = password + } else { + ingestClient = queryClient + } - userClient := NewGlob.QueryClient - userClient.Username = username - userClient.Password = password - checkAPIAccess(t, userClient, NewGlob.Stream, tc.roleName) + checkAPIAccess(t, queryClient, ingestClient, NewGlob.Stream, tc.roleName) DeleteUser(t, NewGlob.QueryClient, username) DeleteRole(t, NewGlob.QueryClient, tc.roleName) }) diff --git a/test_utils.go b/test_utils.go index be72054..bd916c0 100644 --- a/test_utils.go +++ b/test_utils.go @@ -485,78 +485,78 @@ func PutSingleEvent(t *testing.T, client HTTPClient, stream string) { require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) } -func checkAPIAccess(t *testing.T, client HTTPClient, stream string, role string) { +func checkAPIAccess(t *testing.T, queryClient HTTPClient, ingestClient HTTPClient, stream string, role string) { switch role { case "editor": // Check access to non-protected API - req, _ := client.NewRequest("GET", "liveness", nil) - response, err := client.Do(req) + req, _ := queryClient.NewRequest("GET", "liveness", nil) + response, err := queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Check access to protected API with access - req, _ = client.NewRequest("GET", "logstream", nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("GET", "logstream", nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Attempt to call protected API without access - req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) case "writer": // Check access to non-protected API - req, _ := client.NewRequest("GET", "liveness", nil) - response, err := client.Do(req) + req, _ := queryClient.NewRequest("GET", "liveness", nil) + response, err := queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Check access to protected API with access - req, _ = client.NewRequest("GET", "logstream", nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("GET", "logstream", nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Attempt to call protected API without access - req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 403, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) case "reader": // Check access to non-protected API - req, _ := client.NewRequest("GET", "liveness", nil) - response, err := client.Do(req) + req, _ := queryClient.NewRequest("GET", "liveness", nil) + response, err := queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Check access to protected API with access - req, _ = client.NewRequest("GET", "logstream", nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("GET", "logstream", nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Attempt to call protected API without access - req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 403, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) case "ingestor": // Check access to non-protected API - req, _ := client.NewRequest("GET", "liveness", nil) - response, err := client.Do(req) + req, _ := queryClient.NewRequest("GET", "liveness", nil) + response, err := queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) // Check access to protected API with access - PutSingleEvent(t, client, stream) + PutSingleEvent(t, ingestClient, stream) // Attempt to call protected API without access - req, _ = client.NewRequest("DELETE", "logstream/"+stream, nil) - response, err = client.Do(req) + req, _ = queryClient.NewRequest("DELETE", "logstream/"+stream, nil) + response, err = queryClient.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) require.Equalf(t, 403, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) }