Skip to content

authz: make it easier to test authn/authz protection for new endpoints #652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 31, 2022
Merged

authz: make it easier to test authn/authz protection for new endpoints #652

merged 5 commits into from
Jan 31, 2022

Conversation

davepacheco
Copy link
Collaborator

@davepacheco davepacheco commented Jan 28, 2022
edited
Loading

This change creates a new top-level integration test that has a hardcoded list of API endpoints to which we've added authn/authz protection. This way, when we add that protection for new endpoints, we can add them to this list without having to sprinkle all the other integration tests with a bunch of extra requests to check every case (and risk getting them wrong).

I tried to keep the per-endpoint metadata as minimal as possible.

Still to-do here:

  • clean up and document the structures in the new test
  • check the log output to make sure we're covering what I think we're covering
  • find the remaining tests that have ad hoc authn/authz checks, make sure they're covered by the new test, and remove them from the other tests

@davepacheco davepacheco mentioned this pull request Jan 28, 2022
Closed
71 tasks
@davepacheco
Copy link
Collaborator Author

For future reference, here's some example log output (at "debug" level):

[2022-01-31T10:28:28.708145449-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations)
[2022-01-31T10:28:28.708591102-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations)
[2022-01-31T10:28:28.709053118-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client request (body=Body(Empty), uri=http://127.0.0.1:54828/organizations, method=GET)
[2022-01-31T10:28:28.715149498-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=001de000-05e4-4000-8000-000000004007, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.716047253-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=Some(Actor(001de000-05e4-4000-8000-000000004007)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Database, action=Query)
[2022-01-31T10:28:28.717096590-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=001de000-05e4-4000-8000-000000004007, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828)
    roles: RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
[2022-01-31T10:28:28.720510050-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=Some(Actor(001de000-05e4-4000-8000-000000004007)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Fleet, action=ListChildren)
[2022-01-31T10:28:28.722004239-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=001de000-05e4-4000-8000-000000004007, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.723334648-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, actor=Some(Actor(001de000-05e4-4000-8000-000000004007)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Database, action=Query)
[2022-01-31T10:28:28.725713823-08:00]  INFO: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: request completed (req_id=7e7633bf-fcec-4da2-8556-cf5c18c7cf6b, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, response_code=200)
[2022-01-31T10:28:28.726126667-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client received response (status=200)
[2022-01-31T10:28:28.726363144-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=GET)
[2022-01-31T10:28:28.726616084-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client request (body=Body(Empty), uri=http://127.0.0.1:54828/organizations, method=GET)
[2022-01-31T10:28:28.729614196-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=001de000-05e4-4000-8000-000000060001, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.730074350-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=Some(Actor(001de000-05e4-4000-8000-000000060001)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Ok(()), resource=Database, action=Query)
[2022-01-31T10:28:28.730609273-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: roles (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=001de000-05e4-4000-8000-000000060001, authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, roles="RoleSet { roles: {} }")
[2022-01-31T10:28:28.735807117-08:00] DEBUG: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: authorize result (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, actor=Some(Actor(001de000-05e4-4000-8000-000000060001)), authenticated=true, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, result=Err(Forbidden), resource=Fleet, action=ListChildren)
[2022-01-31T10:28:28.736667748-08:00]  INFO: 45d91e21-5539-4dd2-9834-464a2b4dfc35/dropshot_external/26607 on ivanova: request completed (req_id=3dd43534-bb42-4451-8f80-6dca5a7b7a72, uri=/organizations, method=GET, remote_addr=127.0.0.1:39894, local_addr=127.0.0.1:54828, error_message_external=Forbidden, error_message_internal=Forbidden, response_code=403)
[2022-01-31T10:28:28.737132498-08:00]  INFO: test_unauthorized/external client test context/26607 on ivanova: client received response (status=403)
...

and here are the log messages from the test itself:

[2022-01-31T10:28:28.708145449-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations)
[2022-01-31T10:28:28.708591102-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations)
[2022-01-31T10:28:28.726363144-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=GET)
[2022-01-31T10:28:28.737372660-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=GET)
[2022-01-31T10:28:28.741650626-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=GET)
[2022-01-31T10:28:28.744151449-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=GET)
[2022-01-31T10:28:28.746587327-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=PUT)
[2022-01-31T10:28:28.748235542-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=PUT)
[2022-01-31T10:28:28.749883416-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=PUT)
[2022-01-31T10:28:28.751536517-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=PUT)
[2022-01-31T10:28:28.753190099-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=POST)
[2022-01-31T10:28:28.759259770-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=POST)
[2022-01-31T10:28:28.763622230-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=POST)
[2022-01-31T10:28:28.766164454-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=POST)
[2022-01-31T10:28:28.768688260-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.770314562-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.771938381-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.773563572-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=DELETE)
[2022-01-31T10:28:28.775198506-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.776830417-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.778460294-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.780095179-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations, method=TRACE)
[2022-01-31T10:28:28.781728041-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations/demo-org)
[2022-01-31T10:28:28.781952980-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations/demo-org)
[2022-01-31T10:28:28.789961321-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.798373913-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.802859003-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.806986118-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=GET)
[2022-01-31T10:28:28.809559928-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.837525611-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.846588046-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.851871054-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=PUT)
[2022-01-31T10:28:28.857072473-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.860640089-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.864223718-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.867811864-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=POST)
[2022-01-31T10:28:28.871349456-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.884148824-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.889870144-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.892378308-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=DELETE)
[2022-01-31T10:28:28.894858651-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.896523269-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.898178905-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.899838506-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org, method=TRACE)
[2022-01-31T10:28:28.901496975-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations/demo-org/projects)
[2022-01-31T10:28:28.901717027-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations/demo-org/projects)
[2022-01-31T10:28:28.916892466-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.947295049-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.956165982-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.961178505-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=GET)
[2022-01-31T10:28:28.964475504-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.966165760-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.967852160-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.969541735-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=PUT)
[2022-01-31T10:28:28.971228886-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.979653897-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.984192735-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.986807215-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=POST)
[2022-01-31T10:28:28.989420463-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.991108806-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.992781947-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.994451853-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=DELETE)
[2022-01-31T10:28:28.996121999-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:28.997838473-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:28.999525214-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:29.001238634-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects, method=TRACE)
[2022-01-31T10:28:29.002931423-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/organizations/demo-org/projects/demo-project)
[2022-01-31T10:28:29.003156403-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/organizations/demo-org/projects/demo-project)
[2022-01-31T10:28:29.029574209-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.095191143-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.104385020-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.109455497-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=GET)
[2022-01-31T10:28:29.114491754-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.158831662-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.168043785-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.173228560-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=PUT)
[2022-01-31T10:28:29.177420660-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.179210081-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.181009006-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.182805878-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=POST)
[2022-01-31T10:28:29.184533970-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.220848071-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.229808567-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.234017181-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=DELETE)
[2022-01-31T10:28:29.236537433-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.238215631-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.239890915-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.241565948-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/organizations/demo-org/projects/demo-project, method=TRACE)
[2022-01-31T10:28:29.243252869-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/roles)
[2022-01-31T10:28:29.243475856-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/roles)
[2022-01-31T10:28:29.251117940-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=GET)
[2022-01-31T10:28:29.257229292-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=GET)
[2022-01-31T10:28:29.261650227-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=GET)
[2022-01-31T10:28:29.264182577-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=GET)
[2022-01-31T10:28:29.266721205-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=PUT)
[2022-01-31T10:28:29.268418832-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=PUT)
[2022-01-31T10:28:29.270145491-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=PUT)
[2022-01-31T10:28:29.271844920-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=PUT)
[2022-01-31T10:28:29.273547935-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=POST)
[2022-01-31T10:28:29.275248556-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=POST)
[2022-01-31T10:28:29.276945632-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=POST)
[2022-01-31T10:28:29.278672181-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=POST)
[2022-01-31T10:28:29.280368245-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=DELETE)
[2022-01-31T10:28:29.282037760-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=DELETE)
[2022-01-31T10:28:29.283710521-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=DELETE)
[2022-01-31T10:28:29.285382229-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=DELETE)
[2022-01-31T10:28:29.287053377-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles, method=TRACE)
[2022-01-31T10:28:29.288727259-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles, method=TRACE)
[2022-01-31T10:28:29.290396915-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles, method=TRACE)
[2022-01-31T10:28:29.292069154-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles, method=TRACE)
[2022-01-31T10:28:29.293742315-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/roles/fleet.admin)
[2022-01-31T10:28:29.293964030-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/roles/fleet.admin)
[2022-01-31T10:28:29.301574577-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.307729393-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.312161435-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.314695046-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=GET)
[2022-01-31T10:28:29.317217881-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.318914847-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.320604903-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.322302649-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=PUT)
[2022-01-31T10:28:29.324006064-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.325697863-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.327393737-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.329088799-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=POST)
[2022-01-31T10:28:29.330787297-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.332473357-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.334153648-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.335849052-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=DELETE)
[2022-01-31T10:28:29.337535482-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.339206930-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.340875164-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.342550538-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/roles/fleet.admin, method=TRACE)
[2022-01-31T10:28:29.344219392-08:00]  INFO: test_unauthorized/26607 on ivanova: test: begin endpoint (url=/users)
[2022-01-31T10:28:29.344440366-08:00]  INFO: test_unauthorized/26607 on ivanova: test: privileged GET (url=/users)
[2022-01-31T10:28:29.349620694-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users, method=GET)
[2022-01-31T10:28:29.355716844-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users, method=GET)
[2022-01-31T10:28:29.360090931-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users, method=GET)
[2022-01-31T10:28:29.362614657-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users, method=GET)
[2022-01-31T10:28:29.365122771-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users, method=PUT)
[2022-01-31T10:28:29.366819657-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users, method=PUT)
[2022-01-31T10:28:29.369244879-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users, method=PUT)
[2022-01-31T10:28:29.371601261-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users, method=PUT)
[2022-01-31T10:28:29.373851437-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users, method=POST)
[2022-01-31T10:28:29.375568582-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users, method=POST)
[2022-01-31T10:28:29.386489979-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.392642311-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.397063697-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.399555087-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users/db-init, method=GET)
[2022-01-31T10:28:29.402026847-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.403698676-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.405371496-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.407051798-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad cred syntax (url=/users/db-init, method=PUT)
[2022-01-31T10:28:29.408730817-08:00]  INFO: test_unauthorized/26607 on ivanova: test: authenticated, unauthorized (url=/users/db-init, method=POST)
[2022-01-31T10:28:29.410402986-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=POST)
[2022-01-31T10:28:29.412074545-08:00]  INFO: test_unauthorized/26607 on ivanova: test: bogus creds: bad actor (url=/users/db-init, method=POST)
[2022-01-31T10:28:29.415150881-08:00]  INFO: test_unauthorized/26607 on ivanova: test: unauthenticated (url=/users/db-init, method=TRACE)

So it looks like it's doing roughly what I'd expect.

@davepacheco davepacheco marked this pull request as ready for review January 31, 2022 18:44
@davepacheco davepacheco requested a review from smklein January 31, 2022 18:44
@david-crespo
Copy link
Contributor

This looks very nice, gets rid of a lot of boilerplate. So for a new endpoint, the workflow is to write explicit tests for the happy authed case (plus perhaps some endpoint-specific authz logic if there is some?), but for the base logged-out/logged-in tests you add an entry to the list in unauthorized.rs?

@davepacheco
Copy link
Collaborator Author

Yes, exactly!

@davepacheco davepacheco merged commit 814687d into main Jan 31, 2022
@davepacheco davepacheco deleted the authz-tests branch January 31, 2022 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-crespo david-crespo david-crespo approved these changes

@smklein smklein Awaiting requested review from smklein

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davepacheco @david-crespo