refine test for #183

kiwigrid · Nov 8, 2022 · 8193ead · 8193ead
1 parent 0b27368
commit 8193ead
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -121,6 +121,7 @@ jobs:
         kubectl cp sidecar-5xx:/tmp/absolute/absolute.txt /tmp/5xx/absolute.txt
         kubectl cp sidecar-5xx:/tmp-5xx/relative/relative.txt /tmp/5xx/relative.txt
         kubectl cp sidecar-5xx:/tmp-5xx/500.txt /tmp/5xx/500.txt
+        kubectl cp sidecar-5xx:/tmp-5xx/secured.txt /tmp/5xx/secured.txt
 
     - name: Verify files
       run: |
@@ -132,6 +133,7 @@ jobs:
           echo -n "This absolutely exists" | diff - /tmp/absolute.txt &&
           echo -n "This relatively exists" | diff - /tmp/relative.txt &&
           echo -n "allowed" | diff - /tmp/secured.txt &&
+          echo -n '{"detail":"Not authenticated"}' | diff - /tmp/5xx/secured.txt &&
           [ ! -f /tmp/500.txt ] && echo "No 5xx file created" &&
           ls /tmp/script_result &&
           echo -n "Hello World!" | diff - /tmp/5xx/hello.world &&

diff --git a/test/resources/sidecar.yaml b/test/resources/sidecar.yaml
@@ -62,9 +62,12 @@ spec:
       - name: SCRIPT
         value: "/opt/script.sh"
       - name: REQ_USERNAME
-        value: "se§ure"
+        value: "user1"
       - name: REQ_PASSWORD
-        value: "s§cröt"
+        value: "abcdefghijklmnopqrstuvwxyz"
+      - name: REQ_BASIC_AUTH_ENCODING
+        # the python server we're using for the tests expects ascii encoding of basic auth credentials, hence we can't use non-ascii characters in the password or username
+        value: "ascii"
       - name: LOG_LEVEL
         value: "DEBUG"
   volumes:
@@ -104,8 +107,6 @@ spec:
         value: "true"
       - name: LOG_LEVEL
         value: "DEBUG"
-      - name: REQ_BASIC_AUTH_ENCODING
-        value: 'ascii'
   volumes:
   - name: shared-volume
     emptyDir: {}

diff --git a/test/server/server.py b/test/server/server.py
@@ -1,5 +1,7 @@
 from fastapi import Depends, FastAPI, status, HTTPException
+from fastapi.logger import logger
 from fastapi.security import HTTPBasic, HTTPBasicCredentials
+from starlette.responses import PlainTextResponse
 
 app = FastAPI()
 
@@ -31,13 +33,13 @@ async def read_item():
     return 503
 
 
-@app.get("/secured", status_code=200)
+@app.get("/secured", status_code=200, response_class=PlainTextResponse)
 async def read_secure_data(auth: HTTPBasicCredentials = Depends(basic_auth_scheme)):
-    if auth.username != 'foo' or auth.password != 'bar':
-        print(f"wrong auth: ${auth.username} : ${auth.password}")
+    if auth.username != 'user1' or auth.password != 'abcdefghijklmnopqrstuvwxyz':
+        logger.warning("[WARN] wrong auth: %s : %s ", auth.username, auth.password)
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Incorrect email or password",
+            detail=f"Incorrect user (${auth.username}) or password (${auth.password})",
             headers={"WWW-Authenticate": "Basic"},
         )
     return 'allowed'