-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create v2 web api endpoints and required related changes
- Loading branch information
Showing
31 changed files
with
596 additions
and
96 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,6 +49,7 @@ import ( | |
"testing" | ||
"time" | ||
|
||
"github.com/coreos/go-semver/semver" | ||
"github.com/gogo/protobuf/proto" | ||
"github.com/google/go-cmp/cmp" | ||
"github.com/google/go-cmp/cmp/cmpopts" | ||
|
@@ -464,7 +465,7 @@ func newWebSuiteWithConfig(t *testing.T, cfg webSuiteConfig) *WebSuite { | |
|
||
// Expired sessions are purged immediately | ||
var sessionLingeringThreshold time.Duration | ||
fs, err := newDebugFileSystem() | ||
fs, err := NewDebugFileSystem(false) | ||
require.NoError(t, err) | ||
|
||
features := *modules.GetModules().Features().ToProto() // safe to dereference because ToProto creates a struct and return a pointer to it | ||
|
@@ -3433,6 +3434,115 @@ func TestTokenGeneration(t *testing.T) { | |
} | ||
} | ||
|
||
func TestEndpointNotFoundHandling(t *testing.T) { | ||
t.Parallel() | ||
const username = "[email protected]" | ||
// Allow user to create tokens. | ||
roleTokenCRD, err := types.NewRole(services.RoleNameForUser(username), types.RoleSpecV6{ | ||
Allow: types.RoleConditions{ | ||
Rules: []types.Rule{ | ||
types.NewRule(types.KindToken, | ||
[]string{types.VerbCreate}), | ||
}, | ||
}, | ||
}) | ||
require.NoError(t, err) | ||
|
||
env := newWebPack(t, 1) | ||
proxy := env.proxies[0] | ||
pack := proxy.authPack(t, username, []types.Role{roleTokenCRD}) | ||
|
||
tt := []struct { | ||
name string | ||
endpoint string | ||
shouldErr bool | ||
}{ | ||
{ | ||
name: "valid endpoint without v1 prefix", | ||
endpoint: "webapi/token", | ||
}, | ||
{ | ||
name: "valid endpoint with v1 prefix", | ||
endpoint: "v1/webapi/token", | ||
}, | ||
{ | ||
name: "valid endpoint with v2 prefix", | ||
endpoint: "v2/webapi/token", | ||
}, | ||
{ | ||
name: "invalid double version prefixes", | ||
endpoint: "v1/v2/webapi/token", | ||
shouldErr: true, | ||
}, | ||
{ | ||
name: "route not matched version prefix", | ||
endpoint: "v9999999/webapi/token", | ||
shouldErr: true, | ||
}, | ||
{ | ||
name: "non api route with prefix", | ||
endpoint: "v1/something/else", | ||
shouldErr: true, | ||
}, | ||
{ | ||
name: "invalid triple version prefixes", | ||
endpoint: "v1/v1/v1/webapi/token", | ||
shouldErr: true, | ||
}, | ||
{ | ||
name: "invalid just prefix", | ||
endpoint: "v1", | ||
shouldErr: true, | ||
}, | ||
{ | ||
name: "invalid prefix", | ||
endpoint: "v1s/webapi/token", | ||
shouldErr: true, | ||
}, | ||
} | ||
|
||
for _, tc := range tt { | ||
tc := tc | ||
t.Run(tc.name, func(t *testing.T) { | ||
re, err := pack.clt.PostJSON(context.Background(), fmt.Sprintf("%s/%s", proxy.web.URL, tc.endpoint), types.ProvisionTokenSpecV2{ | ||
Roles: []types.SystemRole{types.RoleNode}, | ||
JoinMethod: types.JoinMethodToken, | ||
}) | ||
|
||
if tc.shouldErr { | ||
require.True(t, trace.IsNotFound(err)) | ||
|
||
var rawObjMap map[string]*json.RawMessage | ||
require.NoError(t, json.Unmarshal(re.Bytes(), &rawObjMap)) | ||
|
||
errMsg := struct{ Message string }{} | ||
require.NoError(t, json.Unmarshal(*rawObjMap["error"], &errMsg)) | ||
require.Equal(t, "path not found", errMsg.Message) | ||
|
||
fields := struct{ ProxyVersion httplib.ProxyVersion }{} | ||
require.NoError(t, json.Unmarshal(*rawObjMap["fields"], &fields)) | ||
require.Equal(t, teleport.Version, fields.ProxyVersion.String) | ||
|
||
ver, err := semver.NewVersion(teleport.Version) | ||
require.NoError(t, err) | ||
require.Equal(t, ver.Major, fields.ProxyVersion.Major) | ||
require.Equal(t, ver.Minor, fields.ProxyVersion.Minor) | ||
require.Equal(t, ver.Patch, fields.ProxyVersion.Patch) | ||
require.Equal(t, string(ver.PreRelease), fields.ProxyVersion.PreRelease) | ||
|
||
return | ||
} else { | ||
require.NoError(t, err) | ||
|
||
var responseToken nodeJoinToken | ||
err = json.Unmarshal(re.Bytes(), &responseToken) | ||
require.NoError(t, err) | ||
require.Equal(t, types.JoinMethodToken, responseToken.Method) | ||
} | ||
}) | ||
} | ||
} | ||
|
||
func TestInstallDatabaseScriptGeneration(t *testing.T) { | ||
const username = "[email protected]" | ||
|
||
|
@@ -5015,7 +5125,7 @@ func TestDeleteMFA(t *testing.T) { | |
jar, err := cookiejar.New(nil) | ||
require.NoError(t, err) | ||
opts := []roundtrip.ClientParam{roundtrip.BearerAuth(pack.session.Token), roundtrip.CookieJar(jar), roundtrip.HTTPClient(client.NewInsecureWebClient())} | ||
rclt, err := roundtrip.NewClient(proxy.webURL.String(), teleport.WebAPIVersion, opts...) | ||
rclt, err := roundtrip.NewClient(proxy.webURL.String(), "", opts...) | ||
require.NoError(t, err) | ||
clt := client.WebClient{Client: rclt} | ||
jar.SetCookies(&proxy.webURL, pack.cookies) | ||
|
@@ -8319,7 +8429,7 @@ func createProxy(ctx context.Context, t *testing.T, proxyID string, node *regula | |
require.NoError(t, err) | ||
t.Cleanup(func() { require.NoError(t, proxyServer.Close()) }) | ||
|
||
fs, err := newDebugFileSystem() | ||
fs, err := NewDebugFileSystem(false) | ||
require.NoError(t, err) | ||
|
||
authID := state.IdentityID{ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.