minor refactor + tests for app.go just to improve test coverage.
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
This commit is contained in:
parent
ddde6b4363
commit
6dcec265a0
2 changed files with 105 additions and 31 deletions
|
@ -304,37 +304,7 @@ func (app *App) authorized(w http.ResponseWriter, r *http.Request, context *Cont
|
||||||
var accessRecords []auth.Access
|
var accessRecords []auth.Access
|
||||||
|
|
||||||
if repo != "" {
|
if repo != "" {
|
||||||
resource := auth.Resource{
|
accessRecords = appendAccessRecords(accessRecords, r.Method, repo)
|
||||||
Type: "repository",
|
|
||||||
Name: repo,
|
|
||||||
}
|
|
||||||
|
|
||||||
switch r.Method {
|
|
||||||
case "GET", "HEAD":
|
|
||||||
accessRecords = append(accessRecords,
|
|
||||||
auth.Access{
|
|
||||||
Resource: resource,
|
|
||||||
Action: "pull",
|
|
||||||
})
|
|
||||||
case "POST", "PUT", "PATCH":
|
|
||||||
accessRecords = append(accessRecords,
|
|
||||||
auth.Access{
|
|
||||||
Resource: resource,
|
|
||||||
Action: "pull",
|
|
||||||
},
|
|
||||||
auth.Access{
|
|
||||||
Resource: resource,
|
|
||||||
Action: "push",
|
|
||||||
})
|
|
||||||
case "DELETE":
|
|
||||||
// DELETE access requires full admin rights, which is represented
|
|
||||||
// as "*". This may not be ideal.
|
|
||||||
accessRecords = append(accessRecords,
|
|
||||||
auth.Access{
|
|
||||||
Resource: resource,
|
|
||||||
Action: "*",
|
|
||||||
})
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
// Only allow the name not to be set on the base route.
|
// Only allow the name not to be set on the base route.
|
||||||
if app.nameRequired(r) {
|
if app.nameRequired(r) {
|
||||||
|
@ -411,3 +381,39 @@ func apiBase(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
fmt.Fprint(w, emptyJSON)
|
fmt.Fprint(w, emptyJSON)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// appendAccessRecords checks the method and adds the appropriate Access records to the records list.
|
||||||
|
func appendAccessRecords(records []auth.Access, method string, repo string) []auth.Access {
|
||||||
|
resource := auth.Resource{
|
||||||
|
Type: "repository",
|
||||||
|
Name: repo,
|
||||||
|
}
|
||||||
|
|
||||||
|
switch method {
|
||||||
|
case "GET", "HEAD":
|
||||||
|
records = append(records,
|
||||||
|
auth.Access{
|
||||||
|
Resource: resource,
|
||||||
|
Action: "pull",
|
||||||
|
})
|
||||||
|
case "POST", "PUT", "PATCH":
|
||||||
|
records = append(records,
|
||||||
|
auth.Access{
|
||||||
|
Resource: resource,
|
||||||
|
Action: "pull",
|
||||||
|
},
|
||||||
|
auth.Access{
|
||||||
|
Resource: resource,
|
||||||
|
Action: "push",
|
||||||
|
})
|
||||||
|
case "DELETE":
|
||||||
|
// DELETE access requires full admin rights, which is represented
|
||||||
|
// as "*". This may not be ideal.
|
||||||
|
records = append(records,
|
||||||
|
auth.Access{
|
||||||
|
Resource: resource,
|
||||||
|
Action: "*",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
return records
|
||||||
|
}
|
||||||
|
|
|
@ -5,10 +5,12 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/docker/distribution/configuration"
|
"github.com/docker/distribution/configuration"
|
||||||
"github.com/docker/distribution/registry/api/v2"
|
"github.com/docker/distribution/registry/api/v2"
|
||||||
|
"github.com/docker/distribution/registry/auth"
|
||||||
_ "github.com/docker/distribution/registry/auth/silly"
|
_ "github.com/docker/distribution/registry/auth/silly"
|
||||||
"github.com/docker/distribution/registry/storage"
|
"github.com/docker/distribution/registry/storage"
|
||||||
"github.com/docker/distribution/registry/storage/driver/inmemory"
|
"github.com/docker/distribution/registry/storage/driver/inmemory"
|
||||||
|
@ -200,3 +202,69 @@ func TestNewApp(t *testing.T) {
|
||||||
t.Fatalf("unexpected error code: %v != %v", errs.Errors[0].Code, v2.ErrorCodeUnauthorized)
|
t.Fatalf("unexpected error code: %v != %v", errs.Errors[0].Code, v2.ErrorCodeUnauthorized)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Test the access record accumulator
|
||||||
|
func TestAppendAccessRecords(t *testing.T) {
|
||||||
|
repo := "testRepo"
|
||||||
|
|
||||||
|
expectedResource := auth.Resource{
|
||||||
|
Type: "repository",
|
||||||
|
Name: repo,
|
||||||
|
}
|
||||||
|
|
||||||
|
expectedPullRecord := auth.Access{
|
||||||
|
Resource: expectedResource,
|
||||||
|
Action: "pull",
|
||||||
|
}
|
||||||
|
expectedPushRecord := auth.Access{
|
||||||
|
Resource: expectedResource,
|
||||||
|
Action: "push",
|
||||||
|
}
|
||||||
|
expectedAllRecord := auth.Access{
|
||||||
|
Resource: expectedResource,
|
||||||
|
Action: "*",
|
||||||
|
}
|
||||||
|
|
||||||
|
records := []auth.Access{}
|
||||||
|
result := appendAccessRecords(records, "GET", repo)
|
||||||
|
expectedResult := []auth.Access{expectedPullRecord}
|
||||||
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
|
t.Fatalf("Actual access record differs from expected")
|
||||||
|
}
|
||||||
|
|
||||||
|
records = []auth.Access{}
|
||||||
|
result = appendAccessRecords(records, "HEAD", repo)
|
||||||
|
expectedResult = []auth.Access{expectedPullRecord}
|
||||||
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
|
t.Fatalf("Actual access record differs from expected")
|
||||||
|
}
|
||||||
|
|
||||||
|
records = []auth.Access{}
|
||||||
|
result = appendAccessRecords(records, "POST", repo)
|
||||||
|
expectedResult = []auth.Access{expectedPullRecord, expectedPushRecord}
|
||||||
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
|
t.Fatalf("Actual access record differs from expected")
|
||||||
|
}
|
||||||
|
|
||||||
|
records = []auth.Access{}
|
||||||
|
result = appendAccessRecords(records, "PUT", repo)
|
||||||
|
expectedResult = []auth.Access{expectedPullRecord, expectedPushRecord}
|
||||||
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
|
t.Fatalf("Actual access record differs from expected")
|
||||||
|
}
|
||||||
|
|
||||||
|
records = []auth.Access{}
|
||||||
|
result = appendAccessRecords(records, "PATCH", repo)
|
||||||
|
expectedResult = []auth.Access{expectedPullRecord, expectedPushRecord}
|
||||||
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
|
t.Fatalf("Actual access record differs from expected")
|
||||||
|
}
|
||||||
|
|
||||||
|
records = []auth.Access{}
|
||||||
|
result = appendAccessRecords(records, "DELETE", repo)
|
||||||
|
expectedResult = []auth.Access{expectedAllRecord}
|
||||||
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
|
t.Fatalf("Actual access record differs from expected")
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue