kensa 1.1.4 → 1.2.0rc1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/Gemfile +4 -7
- data/Gemfile.lock +59 -23
- data/README.md +1 -1
- data/Rakefile +6 -33
- data/kensa.gemspec +26 -98
- data/lib/heroku/kensa/client.rb +25 -5
- data/lib/heroku/kensa/manifest.rb +9 -3
- data/lib/heroku/kensa/sso.rb +24 -14
- data/lib/heroku/kensa/version.rb +6 -0
- data/lib/heroku/kensa.rb +10 -6
- data/test/deprovision_test.rb +30 -0
- data/test/helper.rb +11 -44
- data/test/lib/dependencies.rb +8 -0
- data/test/lib/formatter.rb +85 -0
- data/test/lib/response.rb +6 -0
- data/test/lib/test_case.rb +56 -0
- data/test/manifest_generation_test.rb +32 -0
- data/test/manifest_test.rb +36 -21
- data/test/plan_change_test.rb +30 -0
- data/test/provision_test.rb +84 -0
- data/test/resources/provider_server.rb +82 -0
- data/test/resources/views/index.haml +6 -0
- data/test/sso_launch_test.rb +130 -0
- data/test/sso_test.rb +52 -106
- metadata +161 -210
- data/lib/heroku/kensa/check.rb +0 -485
- data/test/all_check_test.rb +0 -25
- data/test/deprovision_check_test.rb +0 -36
- data/test/manifest_check_test.rb +0 -79
- data/test/plan_change_check_test.rb +0 -27
- data/test/provision_check_test.rb +0 -43
- data/test/provision_response_check_test.rb +0 -72
- data/test/resources/runner.rb +0 -1
- data/test/resources/server.rb +0 -207
- data/test/sso_check_test.rb +0 -59
@@ -1,72 +0,0 @@
|
|
1
|
-
require 'test/helper'
|
2
|
-
|
3
|
-
class ProvisionResponseCheckTest < Test::Unit::TestCase
|
4
|
-
include Heroku::Kensa
|
5
|
-
|
6
|
-
def check ; ProvisionResponseCheck ; end
|
7
|
-
|
8
|
-
setup do
|
9
|
-
@response = { "id" => "123" }
|
10
|
-
@data = Manifest.new.skeleton.merge(:provision_response => @response)
|
11
|
-
@data['api']['config_vars'] << "MYADDON_CONFIG"
|
12
|
-
end
|
13
|
-
|
14
|
-
test "is valid if no errors" do
|
15
|
-
assert_valid
|
16
|
-
end
|
17
|
-
|
18
|
-
test "has an id" do
|
19
|
-
@response.delete("id")
|
20
|
-
assert_invalid
|
21
|
-
end
|
22
|
-
|
23
|
-
describe "when config is present" do
|
24
|
-
|
25
|
-
test "is a hash" do
|
26
|
-
@response["config"] = ""
|
27
|
-
assert_invalid
|
28
|
-
end
|
29
|
-
|
30
|
-
test "each key is previously set in the manifest" do
|
31
|
-
@response["config"] = { "MYSQL_URL" => "http://..." }
|
32
|
-
assert_invalid
|
33
|
-
end
|
34
|
-
|
35
|
-
test "each value is a string" do
|
36
|
-
@response["config"] = { "MYADDON_URL" => {} }
|
37
|
-
assert_invalid
|
38
|
-
end
|
39
|
-
|
40
|
-
test "asserts _URL vars are valid URIs" do
|
41
|
-
@response["config"] = { "MYADDON_URL" => "abc:" }
|
42
|
-
assert_invalid
|
43
|
-
end
|
44
|
-
|
45
|
-
test "asserts _URL vars have a host" do
|
46
|
-
@response["config"] = { "MYADDON_URL" => "path" }
|
47
|
-
assert_invalid
|
48
|
-
end
|
49
|
-
|
50
|
-
test "asserts _URL vars have a scheme" do
|
51
|
-
@response["config"] = { "MYADDON_URL" => "//host/path" }
|
52
|
-
assert_invalid
|
53
|
-
end
|
54
|
-
|
55
|
-
test "doesn't run URI test against other vars" do
|
56
|
-
@response["config"] = { "MYADDON_CONFIG" => "abc:" }
|
57
|
-
assert_valid
|
58
|
-
end
|
59
|
-
|
60
|
-
test "doesn't allow localhost URIs on production" do
|
61
|
-
@data[:env] = 'production'
|
62
|
-
@response["config"] = { "MYADDON_URL" => "http://localhost/abc" }
|
63
|
-
assert_invalid
|
64
|
-
end
|
65
|
-
|
66
|
-
test "is valid otherwise" do
|
67
|
-
@response["config"] = { "MYADDON_URL" => "http://localhost/abc" }
|
68
|
-
assert_valid
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
end
|
data/test/resources/runner.rb
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
exit(1) if ARGV.first == 'fail'
|
data/test/resources/server.rb
DELETED
@@ -1,207 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'sinatra'
|
3
|
-
require 'json'
|
4
|
-
|
5
|
-
enable :sessions
|
6
|
-
|
7
|
-
helpers do
|
8
|
-
def heroku_only!
|
9
|
-
unless auth_heroku?
|
10
|
-
response['WWW-Authenticate'] = %(Basic realm="Kensa Test Server")
|
11
|
-
unauthorized!(401)
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
def auth_heroku?
|
16
|
-
@auth ||= Rack::Auth::Basic::Request.new(request.env)
|
17
|
-
@auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['myaddon', 'secret']
|
18
|
-
end
|
19
|
-
|
20
|
-
def unauthorized!(status=403)
|
21
|
-
throw(:halt, [status, "Not authorized\n"])
|
22
|
-
end
|
23
|
-
|
24
|
-
def make_token
|
25
|
-
Digest::SHA1.hexdigest([params[:id], 'SSO_SALT', params[:timestamp]].join(':'))
|
26
|
-
end
|
27
|
-
|
28
|
-
def login(heroku_user=true)
|
29
|
-
session.clear
|
30
|
-
session[:logged_in] = true
|
31
|
-
session[:heroku] = heroku_user
|
32
|
-
redirect '/'
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
post '/working/heroku/resources' do
|
37
|
-
heroku_only!
|
38
|
-
{ :id => 123 }.to_json
|
39
|
-
end
|
40
|
-
|
41
|
-
post '/invalid-json/heroku/resources' do
|
42
|
-
heroku_only!
|
43
|
-
'invalidjson'
|
44
|
-
end
|
45
|
-
|
46
|
-
post '/invalid-response/heroku/resources' do
|
47
|
-
heroku_only!
|
48
|
-
nil.to_json
|
49
|
-
end
|
50
|
-
|
51
|
-
post '/invalid-status/heroku/resources' do
|
52
|
-
heroku_only!
|
53
|
-
status 422
|
54
|
-
{ :id => 123 }.to_json
|
55
|
-
end
|
56
|
-
|
57
|
-
post '/invalid-missing-id/heroku/resources' do
|
58
|
-
heroku_only!
|
59
|
-
{ :noid => 123 }.to_json
|
60
|
-
end
|
61
|
-
|
62
|
-
post '/invalid-missing-auth/heroku/resources' do
|
63
|
-
{ :id => 123 }.to_json
|
64
|
-
end
|
65
|
-
|
66
|
-
|
67
|
-
put '/working/heroku/resources/:id' do
|
68
|
-
heroku_only!
|
69
|
-
{}.to_json
|
70
|
-
end
|
71
|
-
|
72
|
-
put '/invalid-missing-auth/heroku/resources/:id' do
|
73
|
-
{ :id => 123 }.to_json
|
74
|
-
end
|
75
|
-
|
76
|
-
put '/invalid-status/heroku/resources/:id' do
|
77
|
-
heroku_only!
|
78
|
-
status 422
|
79
|
-
{}.to_json
|
80
|
-
end
|
81
|
-
|
82
|
-
|
83
|
-
delete '/working/heroku/resources/:id' do
|
84
|
-
heroku_only!
|
85
|
-
"Ok"
|
86
|
-
end
|
87
|
-
|
88
|
-
def sso
|
89
|
-
unauthorized! unless params[:id] && params[:token]
|
90
|
-
unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
|
91
|
-
unauthorized! unless params[:token] == make_token
|
92
|
-
response.set_cookie('heroku-nav-data', params['nav-data'])
|
93
|
-
login
|
94
|
-
end
|
95
|
-
|
96
|
-
get '/working/heroku/resources/:id' do
|
97
|
-
sso
|
98
|
-
end
|
99
|
-
|
100
|
-
post '/working/heroku/resources/:id/sso' do
|
101
|
-
sso
|
102
|
-
end
|
103
|
-
|
104
|
-
def notoken
|
105
|
-
unauthorized! unless params[:id] && params[:token]
|
106
|
-
unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
|
107
|
-
response.set_cookie('heroku-nav-data', params['nav-data'])
|
108
|
-
login
|
109
|
-
end
|
110
|
-
|
111
|
-
get '/notoken/heroku/resources/:id' do
|
112
|
-
notoken
|
113
|
-
end
|
114
|
-
|
115
|
-
post '/notoken/heroku/resources/:id/sso' do
|
116
|
-
notoken
|
117
|
-
end
|
118
|
-
|
119
|
-
def notimestamp
|
120
|
-
unauthorized! unless params[:id] && params[:token]
|
121
|
-
unauthorized! unless params[:token] == make_token
|
122
|
-
response.set_cookie('heroku-nav-data', params['nav-data'])
|
123
|
-
login
|
124
|
-
end
|
125
|
-
|
126
|
-
get '/notimestamp/heroku/resources/:id' do
|
127
|
-
notimestamp
|
128
|
-
end
|
129
|
-
|
130
|
-
post '/notimestamp/heroku/resources/:id/sso' do
|
131
|
-
notimestamp
|
132
|
-
end
|
133
|
-
|
134
|
-
def nolayout
|
135
|
-
unauthorized! unless params[:id] && params[:token]
|
136
|
-
unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
|
137
|
-
unauthorized! unless params[:token] == make_token
|
138
|
-
response.set_cookie('heroku-nav-data', params['nav-data'])
|
139
|
-
login(false)
|
140
|
-
end
|
141
|
-
|
142
|
-
get '/nolayout/heroku/resources/:id' do
|
143
|
-
nolayout
|
144
|
-
end
|
145
|
-
|
146
|
-
post '/nolayout/heroku/resources/:id/sso' do
|
147
|
-
nolayout
|
148
|
-
end
|
149
|
-
|
150
|
-
def nocookie
|
151
|
-
unauthorized! unless params[:id] && params[:token]
|
152
|
-
unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
|
153
|
-
unauthorized! unless params[:token] == make_token
|
154
|
-
login
|
155
|
-
end
|
156
|
-
|
157
|
-
get '/nocookie/heroku/resources/:id' do
|
158
|
-
nocookie
|
159
|
-
end
|
160
|
-
|
161
|
-
post '/nocookie/heroku/resources/:id/sso' do
|
162
|
-
nocookie
|
163
|
-
end
|
164
|
-
|
165
|
-
def badcookie
|
166
|
-
unauthorized! unless params[:id] && params[:token]
|
167
|
-
unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
|
168
|
-
unauthorized! unless params[:token] == make_token
|
169
|
-
response.set_cookie('heroku-nav-data', 'wrong value')
|
170
|
-
login
|
171
|
-
end
|
172
|
-
|
173
|
-
get '/badcookie/heroku/resources/:id' do
|
174
|
-
badcookie
|
175
|
-
end
|
176
|
-
|
177
|
-
post '/badcookie/heroku/resources/:id/sso' do
|
178
|
-
badcookie
|
179
|
-
end
|
180
|
-
|
181
|
-
def sso_user
|
182
|
-
head 404 unless params[:user] == 'username@example.com'
|
183
|
-
sso
|
184
|
-
end
|
185
|
-
|
186
|
-
get '/user/heroku/resources/:id' do
|
187
|
-
sso_user
|
188
|
-
end
|
189
|
-
|
190
|
-
post '/user/heroku/resources/:id/sso' do
|
191
|
-
sso_user
|
192
|
-
end
|
193
|
-
|
194
|
-
get '/' do
|
195
|
-
unauthorized! unless session[:logged_in]
|
196
|
-
haml :index
|
197
|
-
end
|
198
|
-
|
199
|
-
__END__
|
200
|
-
|
201
|
-
@@ index
|
202
|
-
%html
|
203
|
-
%body
|
204
|
-
- if session[:heroku]
|
205
|
-
#heroku-header
|
206
|
-
%h1 Heroku
|
207
|
-
%h1 Sample Addon
|
data/test/sso_check_test.rb
DELETED
@@ -1,59 +0,0 @@
|
|
1
|
-
require 'test/helper'
|
2
|
-
|
3
|
-
class SsoCheckTest < Test::Unit::TestCase
|
4
|
-
include Heroku::Kensa
|
5
|
-
|
6
|
-
setup do
|
7
|
-
@data = Manifest.new.skeleton.merge :id => 123
|
8
|
-
@data['api']['sso_salt'] = 'SSO_SALT'
|
9
|
-
end
|
10
|
-
|
11
|
-
def check ; SsoCheck ; end
|
12
|
-
|
13
|
-
['POST', 'GET'].each do |method|
|
14
|
-
context "via #{method}" do
|
15
|
-
setup { @data['api']['sso'] = method }
|
16
|
-
|
17
|
-
test "working sso request" do
|
18
|
-
@data['api']['test'] += "working"
|
19
|
-
assert_valid
|
20
|
-
end
|
21
|
-
|
22
|
-
test "rejects bad token" do
|
23
|
-
@data['api']['test'] += "notoken"
|
24
|
-
assert_invalid
|
25
|
-
end
|
26
|
-
|
27
|
-
test "rejects old timestamp" do
|
28
|
-
@data['api']['test'] += "notimestamp"
|
29
|
-
assert_invalid
|
30
|
-
end
|
31
|
-
|
32
|
-
test "reject omitted sso salt" do
|
33
|
-
@data['api'].delete 'sso_salt'
|
34
|
-
@data['api']['test'] += "working"
|
35
|
-
assert_invalid
|
36
|
-
end
|
37
|
-
|
38
|
-
test "reject missing heroku layout" do
|
39
|
-
@data['api']['test'] += "nolayout"
|
40
|
-
assert_invalid
|
41
|
-
end
|
42
|
-
|
43
|
-
test "reject missing cookie" do
|
44
|
-
@data['api']['test'] += "nocookie"
|
45
|
-
assert_invalid
|
46
|
-
end
|
47
|
-
|
48
|
-
test "reject invalid cookie value" do
|
49
|
-
@data['api']['test'] += "badcookie"
|
50
|
-
assert_invalid
|
51
|
-
end
|
52
|
-
|
53
|
-
test "sends user param" do
|
54
|
-
@data['api']['test'] += "user"
|
55
|
-
assert_valid
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|