Commit 2951a099 authored by Pawel Chojnacki's avatar Pawel Chojnacki

Add tests for token auth.

parent beb81e14
module RequiresWhitelistedMonitoringClient
extend ActiveSupport::Concern
included do
before_action :validate_ip_whitelisted_or_token_is_valid!
before_action :validate_ip_whitelisted_or_valid_token!
end
private
def validate_ip_whitelisted_or_token_is_valid!
render_404 unless client_ip_whitelisted? || token_valid?
def validate_ip_whitelisted_or_valid_token!
render_404 unless client_ip_whitelisted? || valid_token?
end
def client_ip_whitelisted?
......@@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient
@ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
end
def token_valid?
def valid_token?
token = params[:token].presence || request.headers['TOKEN']
token.present? &&
ActiveSupport::SecurityUtils.variable_size_secure_compare(
......
......@@ -46,8 +46,6 @@ describe HealthCheckController do
end
context 'when services are up and accessed from whitelisted ips' do
let(:ip) { '127.0.0.1' }
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
......
......@@ -4,6 +4,7 @@ describe HealthController do
include StubENV
let(:json_response) { JSON.parse(response.body) }
let(:token) { current_application_settings.health_check_access_token }
let(:whitelisted_ip) { '127.0.0.1' }
let(:not_whitelisted_ip) { '127.0.0.2' }
......@@ -13,13 +14,11 @@ describe HealthController do
end
describe '#readiness' do
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
shared_context 'endpoint responding with readiness data' do
subject { get :readiness }
it 'returns proper response' do
get :readiness
it 'responds with readiness checks data' do
subject
expect(json_response['db_check']['status']).to eq('ok')
expect(json_response['redis_check']['status']).to eq('ok')
......@@ -28,27 +27,49 @@ describe HealthController do
end
end
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it_behaves_like 'endpoint responding with readiness data'
end
context 'accessed from not whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
end
it 'returns proper response' do
it 'responds with resource not found' do
get :readiness
expect(response.status).to eq(404)
end
context 'accessed with valid token' do
context 'token passed in request header' do
before do
request.headers['TOKEN'] = token
end
it_behaves_like 'endpoint responding with readiness data'
end
end
describe '#liveness' do
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
context 'token passed as URL param' do
it_behaves_like 'endpoint responding with readiness data' do
subject { get :readiness, token: token }
end
end
end
end
it 'returns proper response' do
get :liveness
describe '#liveness' do
shared_context 'endpoint responding with liveness data' do
subject { get :liveness }
it 'responds with liveness checks data' do
subject
expect(json_response['db_check']['status']).to eq('ok')
expect(json_response['redis_check']['status']).to eq('ok')
......@@ -56,16 +77,40 @@ describe HealthController do
end
end
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it_behaves_like 'endpoint responding with liveness data'
end
context 'accessed from not whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
end
it 'returns proper response' do
it 'responds with resource not found' do
get :liveness
expect(response.status).to eq(404)
end
context 'accessed with valid token' do
context 'token passed in request header' do
before do
request.headers['TOKEN'] = token
end
it_behaves_like 'endpoint responding with liveness data'
end
context 'token passed as URL param' do
it_behaves_like 'endpoint responding with liveness data' do
subject { get :liveness, token: token }
end
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment