-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #16491 from fejta/rev
Allow spyglass to use cookie auth
- Loading branch information
Showing
5 changed files
with
189 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,11 @@ limitations under the License. | |
package spyglass | ||
|
||
import ( | ||
"encoding/base64" | ||
"fmt" | ||
"io/ioutil" | ||
"os" | ||
"strings" | ||
"testing" | ||
) | ||
|
||
|
@@ -80,7 +85,7 @@ func TestNewGCSJobSource(t *testing.T) { | |
// Tests listing objects associated with the current job in GCS | ||
func TestArtifacts_ListGCS(t *testing.T) { | ||
fakeGCSClient := fakeGCSServer.Client() | ||
testAf := NewGCSArtifactFetcher(fakeGCSClient, "") | ||
testAf := NewGCSArtifactFetcher(fakeGCSClient, "", false) | ||
testCases := []struct { | ||
name string | ||
handle artifactHandle | ||
|
@@ -132,7 +137,7 @@ func TestArtifacts_ListGCS(t *testing.T) { | |
// Tests getting handles to objects associated with the current job in GCS | ||
func TestFetchArtifacts_GCS(t *testing.T) { | ||
fakeGCSClient := fakeGCSServer.Client() | ||
testAf := NewGCSArtifactFetcher(fakeGCSClient, "") | ||
testAf := NewGCSArtifactFetcher(fakeGCSClient, "", false) | ||
maxSize := int64(500e6) | ||
testCases := []struct { | ||
name string | ||
|
@@ -173,3 +178,137 @@ func TestFetchArtifacts_GCS(t *testing.T) { | |
} | ||
} | ||
} | ||
|
||
func TestSignURL(t *testing.T) { | ||
// This fake key is revoked and thus worthless but still make its contents less obvious | ||
fakeKeyBuf, err := base64.StdEncoding.DecodeString(` | ||
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5NSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVG | ||
QUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUN4MEF2aW1yMjcwZDdaXG5pamw3b1FRUW1oZTFOb3dpeWMy | ||
UStuQW95aFE1YkQvUW1jb01zcWg2YldneVI0UU90aXVBbHM2VWhJenF4Q25pXG5PazRmbWJqVnhp | ||
STl1Ri9EVTV6ZE5wM0dkQWFiUlVPNW5yWkpMelN0VXhudFBEcjZvK281RHM5YWJJWkNYYUVTXG5o | ||
UWxOdTBrUm5HbHZGUHNkV1JYMmtSN01Yb3pkcXczcHZZRXZyaGlhRStYZnRhUzhKdmZEc0NPT2RQ | ||
OWp5TzNTXG5aR2lkaU5hRmhYK2xnZEcrdHdqOUE3UDFlb1NMbTZCdXVhcjRDOGhlOEVkVGVEbXVk | ||
a1BPeWwvb2tHWU5tSzJkXG5yUkQ0WHBhcy93VGxsTXBLRUZxWllZeVdkRnJvVWQwMFVhQnhHV0cz | ||
UlZ2TWZoRk80QUhrSkNwZlE1U00rSElmXG5VN2lkRjAyYkFnTUJBQUVDZ2dFQURIaVhoTTZ1bFFB | ||
OHZZdzB5T2Q3cGdCd3ZqeHpxckwxc0gvb0l1dzlhK09jXG5QREMxRzV2aU5pZjdRVitEc3haeXlh | ||
T0tISitKVktQcWZodnh3OFNmMHBxQlowdkpwNlR6SVE3R0ZSZXBLUFc4XG5NTVloYWRPZVFiUE00 | ||
emN3dWNpS1VuTW45dU1hcllmc2xxUnZDUjBrSEZDWWtucHB2RjYxckNQMGdZZjJJRXZUXG5qNVlV | ||
QWFrNDlVRDQyaUdEZnh2OGUzMGlMTmRRWE1iMHE3V2dyRGdxL0ttUHM2Q2dOaGRzME1uSlRFbUE5 | ||
YlFtXG52MHV0K2hUYWpXalcxVWNyUTBnM2JjNng1VWN2V1VjK1ZndUllVmxVcEgvM2dJNXVYZkxn | ||
bTVQNThNa0s4UlhTXG5YYW92Rk05VkNNRFhTK25PWk1uSXoyNVd5QmhkNmdpVWs5UkJhc05Tb1FL | ||
QmdRRGFxUXpyYWJUZEZNY1hwVlNnXG41TUpuNEcvSFVPWUxveVM5cE9UZi9qbFN1ZUYrNkt6RGJV | ||
N1F6TC9wT1JtYjJldVdxdmpmZDVBaU1oUnY2Snk1XG41ZVNpa3dYRDZJeS9sZGh3QUdtMUZrZ1ZX | ||
TXJ3ZHlqYjJpV2I2Um4rNXRBYjgwdzNEN2ZTWWhEWkxUOWJCNjdCXG4ybGxiOGFycEJRcndZUFFB | ||
U2pUVUVYQnVJUUtCZ1FEUUxVemkrd0tHNEhLeko1NE1sQjFoR3cwSFZlWEV4T0pmXG53bS9IVjhl | ||
aThDeHZLMTRoRXpCT3JXQi9aNlo4VFFxWnA0eENnYkNiY0hwY3pLRUxvcDA2K2hqa1N3ZkR2TUJZ | ||
XG5mNnN6U2RSenNYVTI1NndmcG1hRjJ0TlJZZFpVblh2QWc5MFIrb1BFSjhrRHd4cjdiMGZmL3lu | ||
b0UrWUx0ckowXG53dklad3Joc093S0JnQWVPbWlTMHRZeUNnRkwvNHNuZ3ZodEs5WElGQ0w1VU9C | ||
dlp6Qk0xdlJOdjJ5eEFyRi9nXG5zajJqSmVyUWoyTUVpQkRmL2RQelZPYnBwaTByOCthMDNFOEdG | ||
OGZxakpxK2VnbDg2aXBaQjhxOUU5NTFyOUxSXG5Xa1ZtTEFEVVIxTC8rSjFhakxiWHJzOWlzZkxh | ||
ZEI2OUJpT1lXWmpPRk0reitocmNkYkR5blZraEFvR0FJbW42XG50ZU1zN2NNWTh3anZsY0MrZ3Br | ||
SU5GZzgzYVIyajhJQzNIOWtYMGs0N3ovS0ZjbW9TTGxjcEhNc0VJeGozamJXXG5kd0FkZy9TNkpi | ||
RW1SbGdoaWVoaVNRc21RM05ta0xxNlFJWkorcjR4VkZ4RUZnOWFEM0szVUZMT0xickRCSFpJXG5D | ||
M3JRWVpMNkpnY1E1TlBtbTk4QXZIN2RucjRiRGpaVDgzSS9McFVDZ1lFQWttNXlvVUtZY0tXMVQz | ||
R1hadUNIXG40SDNWVGVzZDZyb3pKWUhmTWVkNE9jQ3l1bnBIVmZmSmFCMFIxRjZ2MjFQaitCVWlW | ||
WjBzU010RjEvTE1uQkc4XG5TQVlQUnVxOHVNUUdNQTFpdE1Hc2VhMmg1V2RhbXNGODhXRFd4VEoy | ||
QXVnblJHNERsdmJLUDhPQmVLUFFKeDhEXG5RMzJ2SVpNUVkyV1hVMVhwUkMrNWs5RT1cbi0tLS0t | ||
RU5EIFBSSVZBVEUgS0VZLS0tLS1cbgo=`) | ||
if err != nil { | ||
t.Fatalf("Failed to decode fake key: %v", err) | ||
} | ||
fakePrivateKey := strings.TrimSpace(string(fakeKeyBuf)) | ||
cases := []struct { | ||
name string | ||
fakeCreds string | ||
useCookie bool | ||
expected string | ||
contains []string | ||
err bool | ||
}{ | ||
{ | ||
name: "anon auth works", | ||
expected: fmt.Sprintf("https://%s/foo/bar/stuff", anonHost), | ||
}, | ||
{ | ||
name: "cookie auth works", | ||
useCookie: true, | ||
expected: fmt.Sprintf("https://%s/foo/bar/stuff", cookieHost), | ||
}, | ||
{ | ||
name: "invalid json file errors", | ||
fakeCreds: "yaml: 123", | ||
err: true, | ||
}, | ||
{ | ||
name: "bad private key errors", | ||
fakeCreds: `{ | ||
"type": "service_account", | ||
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE==\n-----END PRIVATE KEY-----\n", | ||
"client_email": "[email protected]" | ||
}`, | ||
err: true, | ||
}, | ||
{ | ||
name: "bad type errors", | ||
fakeCreds: `{ | ||
"type": "user", | ||
"private_key": "` + fakePrivateKey + `", | ||
"client_email": "[email protected]" | ||
}`, | ||
err: true, | ||
}, | ||
{ | ||
name: "signed URLs work", | ||
fakeCreds: `{ | ||
"type": "service_account", | ||
"private_key": "` + fakePrivateKey + `", | ||
"client_email": "[email protected]" | ||
}`, | ||
contains: []string{ | ||
"https://storage.googleapis.com/foo/bar/stuff?", | ||
"GoogleAccessId=fake-user%40k8s.io", | ||
"Signature=", // Do not particularly care about the Signature contents | ||
}, | ||
}, | ||
} | ||
|
||
for _, tc := range cases { | ||
t.Run(tc.name, func(t *testing.T) { | ||
var path string | ||
if tc.fakeCreds != "" { | ||
fp, err := ioutil.TempFile("", "fake-creds") | ||
if err != nil { | ||
t.Fatalf("Failed to create fake creds: %v", err) | ||
} | ||
|
||
path = fp.Name() | ||
defer os.Remove(path) | ||
if _, err := fp.Write([]byte(tc.fakeCreds)); err != nil { | ||
t.Fatalf("Failed to write fake creds %s: %v", path, err) | ||
} | ||
|
||
if err := fp.Close(); err != nil { | ||
t.Fatalf("Failed to close fake creds %s: %v", path, err) | ||
} | ||
} | ||
af := NewGCSArtifactFetcher(nil, path, tc.useCookie) | ||
actual, err := af.signURL("foo", "bar/stuff") | ||
switch { | ||
case err != nil: | ||
if !tc.err { | ||
t.Errorf("unexpected error: %v", err) | ||
} | ||
case tc.err: | ||
t.Errorf("Failed to receive an expected error, got %q", actual) | ||
case len(tc.contains) == 0 && actual != tc.expected: | ||
t.Errorf("signURL(): got %q, want %q", actual, tc.expected) | ||
default: | ||
for _, part := range tc.contains { | ||
if !strings.Contains(actual, part) { | ||
t.Errorf("signURL(): got %q, does not contain %q", actual, part) | ||
} | ||
} | ||
} | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.