github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/ais/test/auth_test.go

github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/ais/test/auth_test.go (about)

     1  // Package integration_test.
     2  /*
     3   * Copyright (c) 2018-2023, NVIDIA CORPORATION. All rights reserved.
     4   */
     5  package integration_test
     6  
     7  import (
     8  	"errors"
     9  	"net/http"
    10  	"testing"
    11  
    12  	"github.com/NVIDIA/aistore/api"
    13  	"github.com/NVIDIA/aistore/api/apc"
    14  	"github.com/NVIDIA/aistore/cmn"
    15  	"github.com/NVIDIA/aistore/cmn/cos"
    16  	"github.com/NVIDIA/aistore/tools"
    17  	"github.com/NVIDIA/aistore/tools/readers"
    18  	"github.com/NVIDIA/aistore/tools/tassert"
    19  	"github.com/NVIDIA/aistore/tools/tlog"
    20  	"github.com/NVIDIA/aistore/tools/trand"
    21  )
    22  
    23  func createBaseParams() (unAuth, auth api.BaseParams) {
    24  	unAuth = tools.BaseAPIParams()
    25  	unAuth.Token = ""
    26  	auth = tools.BaseAPIParams()
    27  	return
    28  }
    29  
    30  func expectUnauthorized(t *testing.T, err error) {
    31  	tassert.Fatalf(t, err != nil, "expected unauthorized error")
    32  	var herr *cmn.ErrHTTP
    33  	tassert.Fatalf(t, errors.As(err, &herr), "expected cmn.ErrHTTP, got %v", err)
    34  	tassert.Fatalf(
    35  		t, herr.Status == http.StatusUnauthorized,
    36  		"expected status unauthorized, got: %d", herr.Status,
    37  	)
    38  }
    39  
    40  func TestAuthObj(t *testing.T) {
    41  	tools.CheckSkip(t, &tools.SkipTestArgs{RequiresAuth: true})
    42  	var (
    43  		unAuthBP, authBP = createBaseParams()
    44  		bck              = cmn.Bck{Name: trand.String(10)}
    45  	)
    46  	err := api.CreateBucket(authBP, bck, nil)
    47  	tassert.CheckFatal(t, err)
    48  	tlog.Logf("used token[%s...] to create %s\n", authBP.Token[:16], bck.String())
    49  	defer func() {
    50  		err := api.DestroyBucket(authBP, bck)
    51  		tassert.CheckFatal(t, err)
    52  		tlog.Logf("bucket %s destroyed\n", bck.String())
    53  	}()
    54  
    55  	r, _ := readers.NewRand(fileSize, cos.ChecksumNone)
    56  	objName := trand.String(10)
    57  	_, err = api.PutObject(&api.PutArgs{
    58  		BaseParams: unAuthBP,
    59  		Bck:        bck,
    60  		Reader:     r,
    61  		Size:       fileSize,
    62  		ObjName:    objName,
    63  	})
    64  	expectUnauthorized(t, err)
    65  
    66  	r, _ = readers.NewRand(fileSize, cos.ChecksumNone)
    67  	_, err = api.PutObject(&api.PutArgs{
    68  		BaseParams: authBP,
    69  		Bck:        bck,
    70  		Reader:     r,
    71  		Size:       fileSize,
    72  		ObjName:    objName,
    73  	})
    74  	tassert.CheckFatal(t, err)
    75  	tlog.Logf("used token[%s...] to PUT %s\n", authBP.Token[:16], bck.Cname(objName))
    76  }
    77  
    78  func TestAuthBck(t *testing.T) {
    79  	tools.CheckSkip(t, &tools.SkipTestArgs{RequiresAuth: true})
    80  	var (
    81  		unAuthBP, authBP = createBaseParams()
    82  		bck              = cmn.Bck{Name: trand.String(10)}
    83  	)
    84  	err := api.CreateBucket(unAuthBP, bck, nil)
    85  	expectUnauthorized(t, err)
    86  
    87  	err = api.CreateBucket(authBP, bck, nil)
    88  	tassert.CheckFatal(t, err)
    89  	tlog.Logf("used token[%s...] to create %s\n", authBP.Token[:16], bck.String())
    90  
    91  	p, err := api.HeadBucket(authBP, bck, true /* don't add */)
    92  	tassert.CheckFatal(t, err)
    93  	tassert.Errorf(t, p.Provider == apc.AIS, "expected provider %q, got %q", apc.AIS, p.Provider)
    94  
    95  	defer func() {
    96  		err := api.DestroyBucket(authBP, bck)
    97  		tassert.CheckFatal(t, err)
    98  		tlog.Logf("%s destroyed\n", bck.String())
    99  	}()
   100  
   101  	err = api.DestroyBucket(unAuthBP, bck)
   102  	expectUnauthorized(t, err)
   103  }