Skip to content

authz: make it easier to test authn/authz protection for new endpoints#652

Merged
davepacheco merged 5 commits into
mainfrom
authz-tests
Jan 31, 2022
Merged

authz: make it easier to test authn/authz protection for new endpoints#652
davepacheco merged 5 commits into
mainfrom
authz-tests

Conversation

@davepacheco

@davepacheco davepacheco commented Jan 28, 2022
edited
Loading

Copy link
Copy Markdown
Collaborator

This change creates a new top-level integration test that has a hardcoded list of API endpoints to which we've added authn/authz protection. This way, when we add that protection for new endpoints, we can add them to this list without having to sprinkle all the other integration tests with a bunch of extra requests to check every case (and risk getting them wrong).

I tried to keep the per-endpoint metadata as minimal as possible.

Still to-do here:

  • clean up and document the structures in the new test
  • check the log output to make sure we're covering what I think we're covering
  • find the remaining tests that have ad hoc authn/authz checks, make sure they're covered by the new test, and remove them from the other tests

@davepacheco davepacheco mentioned this pull request Jan 28, 2022
Closed
71 tasks
@davepacheco

davepacheco commented Jan 31, 2022

Copy link
Copy Markdown
Collaborator Author

For future reference, here's some example log output (at "debug" level):

[2022-01-31T10:28:28.708145449-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations)
[2022-01-31T10:28:28.708591102-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations)
[2022-01-31T10:28:28.709053118-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client request (body=Body(Empty), uri=http://127.0.0.1:54828/organizations, method=GET)
[2022-01-31T10:28:28.715149498-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=001de000-05e4-4000-8000-000000004007, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.716047253-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=Some(Actor(001de000-05e4-4000-8000-000000004007)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Database, action=Query)
[2022-01-31T10:28:28.717096590-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=001de000-05e4-4000-8000-000000004007, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828)
    roles: RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
[2022-01-31T10:28:28.720510050-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=Some(Actor(001de000-05e4-4000-8000-000000004007)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Fleet, action=ListChildren)
[2022-01-31T10:28:28.722004239-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=001de000-05e4-4000-8000-000000004007, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.723334648-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=Some(Actor(001de000-05e4-4000-8000-000000004007)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Database, action=Query)
[2022-01-31T10:28:28.725713823-08:00]  INFO: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: request completed (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, response_code=200)
[2022-01-31T10:28:28.726126667-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client received response (status=200)
[2022-01-31T10:28:28.726363144-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=GET)
[2022-01-31T10:28:28.726616084-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client request (body=Body(Empty), uri=http://127.0.0.1:54828/organizations, method=GET)
[2022-01-31T10:28:28.729614196-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=001de000-05e4-4000-8000-000000060001, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.730074350-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=Some(Actor(001de000-05e4-4000-8000-000000060001)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Database, action=Query)
[2022-01-31T10:28:28.730609273-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=001de000-05e4-4000-8000-000000060001, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.735807117-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=Some(Actor(001de000-05e4-4000-8000-000000060001)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Err(Forbidden), resource=Fleet, action=ListChildren)
[2022-01-31T10:28:28.736667748-08:00]  INFO: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: request completed (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, error_message_external=Forbidden, error_message_internal=Forbidden, response_code=403)
[2022-01-31T10:28:28.737132498-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client received response (status=403)
...

and here are the log messages from the test itself:

[2022-01-31T10:28:28.708145449-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations)
[2022-01-31T10:28:28.708591102-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations)
[2022-01-31T10:28:28.726363144-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=GET)
[2022-01-31T10:28:28.737372660-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=GET)
[2022-01-31T10:28:28.741650626-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=GET)
[2022-01-31T10:28:28.744151449-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=GET)
[2022-01-31T10:28:28.746587327-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=PUT)
[2022-01-31T10:28:28.748235542-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=PUT)
[2022-01-31T10:28:28.749883416-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=PUT)
[2022-01-31T10:28:28.751536517-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=PUT)
[2022-01-31T10:28:28.753190099-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=POST)
[2022-01-31T10:28:28.759259770-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=POST)
[2022-01-31T10:28:28.763622230-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=POST)
[2022-01-31T10:28:28.766164454-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=POST)
[2022-01-31T10:28:28.768688260-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.770314562-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.771938381-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.773563572-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.775198506-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.776830417-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.778460294-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.780095179-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.781728041-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations/demo-org)
[2022-01-31T10:28:28.781952980-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations/demo-org)
[2022-01-31T10:28:28.789961321-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.798373913-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.802859003-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.806986118-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.809559928-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.837525611-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.846588046-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.851871054-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.857072473-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.860640089-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.864223718-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.867811864-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.871349456-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.884148824-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.889870144-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.892378308-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.894858651-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.896523269-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.898178905-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.899838506-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.901496975-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations/demo-org/projects)
[2022-01-31T10:28:28.901717027-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations/demo-org/projects)
[2022-01-31T10:28:28.916892466-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.947295049-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.956165982-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.961178505-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.964475504-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.966165760-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.967852160-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.969541735-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.971228886-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.979653897-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.984192735-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.986807215-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.989420463-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.991108806-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.992781947-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.994451853-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.996121999-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:28.997838473-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:28.999525214-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:29.001238634-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:29.002931423-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations/demo-org/projects/demo-project)
[2022-01-31T10:28:29.003156403-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations/demo-org/projects/demo-project)
[2022-01-31T10:28:29.029574209-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.095191143-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.104385020-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.109455497-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.114491754-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.158831662-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.168043785-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.173228560-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.177420660-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.179210081-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.181009006-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.182805878-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.184533970-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.220848071-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.229808567-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.234017181-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.236537433-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.238215631-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.239890915-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.241565948-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.243252869-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/roles)
[2022-01-31T10:28:29.243475856-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/roles)
[2022-01-31T10:28:29.251117940-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=GET)
[2022-01-31T10:28:29.257229292-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=GET)
[2022-01-31T10:28:29.261650227-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=GET)
[2022-01-31T10:28:29.264182577-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=GET)
[2022-01-31T10:28:29.266721205-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=PUT)
[2022-01-31T10:28:29.268418832-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=PUT)
[2022-01-31T10:28:29.270145491-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=PUT)
[2022-01-31T10:28:29.271844920-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=PUT)
[2022-01-31T10:28:29.273547935-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=POST)
[2022-01-31T10:28:29.275248556-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=POST)
[2022-01-31T10:28:29.276945632-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=POST)
[2022-01-31T10:28:29.278672181-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=POST)
[2022-01-31T10:28:29.280368245-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=DELETE)
[2022-01-31T10:28:29.282037760-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=DELETE)
[2022-01-31T10:28:29.283710521-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=DELETE)
[2022-01-31T10:28:29.285382229-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=DELETE)
[2022-01-31T10:28:29.287053377-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=TRACE)
[2022-01-31T10:28:29.288727259-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=TRACE)
[2022-01-31T10:28:29.290396915-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=TRACE)
[2022-01-31T10:28:29.292069154-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=TRACE)
[2022-01-31T10:28:29.293742315-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/roles/fleet.admin)
[2022-01-31T10:28:29.293964030-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/roles/fleet.admin)
[2022-01-31T10:28:29.301574577-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.307729393-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.312161435-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.314695046-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.317217881-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.318914847-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.320604903-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.322302649-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.324006064-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.325697863-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.327393737-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.329088799-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.330787297-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.332473357-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.334153648-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.335849052-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.337535482-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.339206930-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.340875164-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.342550538-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.344219392-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/users)
[2022-01-31T10:28:29.344440366-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/users)
[2022-01-31T10:28:29.349620694-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users, method=GET)
[2022-01-31T10:28:29.355716844-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users, method=GET)
[2022-01-31T10:28:29.360090931-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users, method=GET)
[2022-01-31T10:28:29.362614657-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users, method=GET)
[2022-01-31T10:28:29.365122771-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users, method=PUT)
[2022-01-31T10:28:29.366819657-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users, method=PUT)
[2022-01-31T10:28:29.369244879-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users, method=PUT)
[2022-01-31T10:28:29.371601261-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users, method=PUT)
[2022-01-31T10:28:29.373851437-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users, method=POST)
[2022-01-31T10:28:29.375568582-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users, method=POST)
[2022-01-31T10:28:29.386489979-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.392642311-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.397063697-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.399555087-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.402026847-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.403698676-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.405371496-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.407051798-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.408730817-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users/db-init, method=POST)
[2022-01-31T10:28:29.410402986-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=POST)
[2022-01-31T10:28:29.412074545-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users/db-init, method=POST)
[2022-01-31T10:28:29.415150881-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=TRACE)

So it looks like it's doing roughly what I'd expect.

@davepacheco davepacheco marked this pull request as ready for review January 31, 2022 18:44
@davepacheco davepacheco requested a review from smklein January 31, 2022 18:44
@david-crespo

david-crespo commented Jan 31, 2022

Copy link
Copy Markdown
Contributor

This looks very nice, gets rid of a lot of boilerplate. So for a new endpoint, the workflow is to write explicit tests for the happy authed case (plus perhaps some endpoint-specific authz logic if there is some?), but for the base logged-out/logged-in tests you add an entry to the list in unauthorized.rs?

@davepacheco

davepacheco commented Jan 31, 2022

Copy link
Copy Markdown
Collaborator Author

Yes, exactly!

@davepacheco davepacheco merged commit 814687d into main Jan 31, 2022
@davepacheco davepacheco deleted the authz-tests branch January 31, 2022 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@david-crespo david-crespo david-crespo approved these changes

@smklein smklein Awaiting requested review from smklein

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davepacheco @david-crespo