kensa 0.4.1

data/server.rb

@@ -0,0 +1,13 @@
+require 'sinatra'
+require 'yajl'
+require 'restclient'
+
+post "/heroku/resources" do
+  resp = { :id => 123, :config => { "FOO" => "bar" } }
+  #resp = { :id => 123 }
+  Yajl::Encoder.encode(resp)
+end
+
+delete "/heroku/resources/:id" do
+  "ok"
+end

data/set-env.sh

@@ -0,0 +1,4 @@
+PATH=$(pwd)/bin:$PATH
+RUBYOPT=rubygems
+RUBYLIB=$(pwd)/lib:$RUBYLIB
+export PATH RUBYOPT RUBYLIB

data/test/deprovision_check.rb

@@ -0,0 +1,36 @@
+require File.dirname(__FILE__) + "/helper"
+
+class DeprovisionCheckTest < Test::Unit::TestCase
+  include Heroku::Sensei
+
+  setup do
+    @data = Manifest.skeleton.merge :id => 123
+    @responses = [
+      [200, ""],
+      [401, ""],
+    ]
+  end
+
+  def check ; DeprovisionCheck ; end
+
+  test "valid on 200" do
+    assert_valid do |check|
+      stub :delete, check, @responses
+    end
+  end
+
+  test "status other than 200" do
+    @responses[0] = [500, ""]
+    assert_invalid do |check|
+      stub :delete, check, @responses
+    end
+  end
+
+  test "runs auth check" do
+    @responses[1] = [200, ""]
+    assert_invalid do |check|
+      stub :delete, check, @responses
+    end
+  end
+
+end

data/test/helper.rb

@@ -0,0 +1,48 @@
+require 'heroku/kensa'
+require 'contest'
+
+class Test::Unit::TestCase
+
+  def assert_valid(data=@data, &blk)
+    check = create_check(data, &blk)
+    assert check.call
+  end
+
+  def assert_invalid(data=@data, &blk)
+    check = create_check(data, &blk)
+    assert !check.call
+  end
+
+  def create_check(data, &blk)
+    check = self.check.new(data)
+    blk.call(check) if blk
+    check
+  end
+
+  module Headerize
+    attr_accessor :headers
+  end
+
+  def to_json(data, headers={})
+    body = Yajl::Encoder.encode(data)
+    add_headers(body, headers)
+  end
+
+  def add_headers(o, headers={})
+    o.extend Headerize
+    o.headers = {}
+    o.headers["Content-Type"] ||= "application/json"
+    o.headers.merge!(headers)
+    o
+  end
+
+  def stub(meth, o, returns)
+    o.instance_eval { @returns = Array(returns) }
+    eval <<-EVAL
+    def o.#{meth}(*args)
+      @returns.shift || fail("Nothing else to return from stub'ed method")
+    end
+    EVAL
+  end
+
+end

data/test/manifest_check_test.rb

@@ -0,0 +1,142 @@
+require File.dirname(__FILE__) + "/helper"
+
+class ManifestCheckTest < Test::Unit::TestCase
+  include Heroku::Sensei
+
+  def check ; ManifestCheck ; end
+
+  setup do
+    @data = Manifest.skeleton
+    @data["plans"] << {
+      "id" => "advanced",
+      "name" => "Advanced",
+      "price" => "100",
+      "price_unit" => "month"
+    }
+  end
+
+  test "is valid if no errors" do
+    assert_valid
+  end
+
+  test "has an id" do
+    @data.delete("id")
+    assert_invalid
+  end
+
+  test "has a name" do
+    @data.delete("name")
+    assert_invalid
+  end
+
+  test "api key exists" do
+    @data.delete("api")
+    assert_invalid
+  end
+
+  test "api is a Hash" do
+    @data["api"] = ""
+    assert_invalid
+  end
+
+  test "api has a username" do
+    @data["api"].delete("username")
+    assert_invalid
+  end
+
+  test "api has a password" do
+    @data["api"].delete("password")
+    assert_invalid
+  end
+
+  test "api contains test" do
+    @data["api"].delete("test")
+    assert_invalid
+  end
+
+  test "api contains production" do
+    @data["api"].delete("production")
+    assert_invalid
+  end
+
+  test "api contains production of https" do
+    @data["api"]["production"] = "http://foo.com"
+    assert_invalid
+  end
+
+  test "api contains config_vars array" do
+    @data["api"]["config_vars"] = "test"
+    assert_invalid
+  end
+
+  test "api contains at least one config var" do
+    @data["api"]["config_vars"].clear
+    assert_invalid
+  end
+
+  test "all config vars are in upper case" do
+    @data["api"]["config_vars"] << 'MYADDON_invalid_var'
+    assert_invalid
+  end
+
+  test "assert config var prefixes match addon id" do
+    @data["api"]["config_vars"] << 'MONGO_URL'
+    assert_invalid
+  end
+
+  test "plans key must exist" do
+    @data.delete("plans")
+    assert_invalid
+  end
+
+  test "plans key must be an Array" do
+    @data["plans"] = ""
+    assert_invalid
+  end
+
+  test "has at least one plan" do
+    @data["plans"] = []
+    assert_invalid
+  end
+
+  test "all plans are a hash" do
+    @data["plans"][0] = ""
+    assert_invalid
+  end
+
+  test "all plans have an id" do
+    @data["plans"].first.delete("id")
+    assert_invalid
+  end
+
+  test "all plans have an unique id" do
+    @data["plans"].first["id"] = @data["plans"].last["id"]
+    assert_invalid
+  end
+
+  test "all plans have a name" do
+    @data["plans"].first.delete("name")
+    assert_invalid
+  end
+
+  test "all plans have a unique name" do
+    @data["plans"].first["name"] = @data["plans"].last["name"]
+    assert_invalid
+  end
+
+  test "plans have a price" do
+    @data["plans"].first.delete("price")
+    assert_invalid
+  end
+
+  test "plans have an integer price" do
+    @data["plans"].first["price"] = "fiddy cent"
+    assert_invalid
+  end
+
+  test "plans have a valid price_unit" do
+    @data["plans"].first["price_unit"] = "first ov da munth"
+    assert_invalid
+  end
+
+end

data/test/provision_check_test.rb

@@ -0,0 +1,50 @@
+require File.dirname(__FILE__) + "/helper"
+
+class ProvisionCheckTest < Test::Unit::TestCase
+  include Heroku::Sensei
+
+  setup do
+    @data = Manifest.skeleton
+    @responses = [
+      [200, to_json({ :id => 456 })],
+      [401, "Unauthorized"]
+    ]
+  end
+
+  def check ; ProvisionCheck ; end
+
+  test "valid on 200 for the regular check, and 401 for the auth check" do
+    assert_valid do |check|
+      stub :post, check, @responses
+    end
+  end
+
+  test "invalid JSON" do
+    @responses[0] = [200, "---"]
+    assert_invalid do |check|
+      stub :post, check, @responses
+    end
+  end
+
+  test "status other than 200" do
+    @responses[0] = [500, to_json({ :id => 456 })]
+    assert_invalid do |check|
+      stub :post, check, @responses
+    end
+  end
+
+  test "runs provision response check" do
+    @responses[0] = [200, to_json({ :noid => 456 })]
+    assert_invalid do |check|
+      stub :post, check, @responses
+    end
+  end
+
+  test "runs auth check" do
+    @responses[1] = [200, to_json({ :id => 456 })]
+    assert_invalid do |check|
+      stub :post, check, @responses
+    end
+  end
+
+end

data/test/provision_response_check_test.rb

@@ -0,0 +1,72 @@
+require File.dirname(__FILE__) + "/helper"
+
+class ProvisionResponseCheckTest < Test::Unit::TestCase
+  include Heroku::Sensei
+
+  def check ; ProvisionResponseCheck ; end
+
+  setup do
+    @response = { "id" => "123" }
+    @data = Manifest.skeleton.merge(:provision_response => @response)
+    @data['api']['config_vars'] << "MYADDON_CONFIG"
+  end
+
+  test "is valid if no errors" do
+    assert_valid
+  end
+
+  test "has an id" do
+    @response.delete("id")
+    assert_invalid
+  end
+
+  describe "when config is present" do
+
+    test "is a hash" do
+      @response["config"] = ""
+      assert_invalid
+    end
+
+    test "each key is previously set in the manifest" do
+      @response["config"] = { "MYSQL_URL" => "http://..." }
+      assert_invalid
+    end
+
+    test "each value is a string" do
+      @response["config"] = { "MYADDON_URL" => {} }
+      assert_invalid
+    end
+
+    test "asserts _URL vars are valid URIs" do
+      @response["config"] = { "MYADDON_URL" => "abc:" }
+      assert_invalid
+    end
+
+    test "asserts _URL vars have a host" do
+      @response["config"] = { "MYADDON_URL" => "path" }
+      assert_invalid
+    end
+
+    test "asserts _URL vars have a scheme" do
+      @response["config"] = { "MYADDON_URL" => "//host/path" }
+      assert_invalid
+    end
+
+    test "doesn't run URI test against other vars" do
+      @response["config"] = { "MYADDON_CONFIG" => "abc:" }
+      assert_valid
+    end
+
+    test "doesn't allow localhost URIs on production" do
+      @data[:env] = 'production'
+      @response["config"] = { "MYADDON_URL" => "http://localhost/abc" }
+      assert_invalid
+    end
+
+    test "is valid otherwise" do
+      @response["config"] = { "MYADDON_URL" => "http://localhost/abc" }
+      assert_valid
+    end
+  end
+
+end

data/test/resources/test_server.rb

@@ -0,0 +1,43 @@
+require 'rubygems'
+require 'sinatra'
+
+enable :sessions
+
+helpers do
+  def unauthorized!(status=403)
+    throw(:halt, [status, "Not authorized\n"])
+  end
+
+  def make_token
+    Digest::SHA1.hexdigest([params[:id], 'SSO_SALT', params[:timestamp]].join(':'))
+  end
+  
+  def login
+    session[:logged_in] = true
+    redirect '/'
+  end
+end
+
+get '/working/heroku/resources/:id' do
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  login
+end
+
+get '/notoken/heroku/resources/:id' do
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  login
+end
+
+get '/notimestamp/heroku/resources/:id' do
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:token] == make_token
+  login
+end
+
+get '/' do
+  unauthorized! unless session[:logged_in]
+  "OK"
+end

data/test/sso_check_test.rb

@@ -0,0 +1,28 @@
+require File.dirname(__FILE__) + "/helper"
+
+class SsoCheckTest < Test::Unit::TestCase
+  include Heroku::Sensei
+
+  setup do
+    @data = Manifest.skeleton.merge :id => 123
+    @data['api']['sso_salt'] = 'SSO_SALT'
+  end
+
+  def check ; SsoCheck ; end
+
+  test "working sso request" do
+    @data['api']['test'] += "working"
+    assert_valid
+  end
+
+  test "rejects bad token" do
+    @data['api']['test'] += "notoken"
+    assert_invalid
+  end
+
+  test "rejects old timestamp" do
+    @data['api']['test'] += "notimestamp"
+    assert_invalid
+  end
+
+end