VictoriaMetrics/app/vmauth/auth_config_test.go

package main

import (
	"bytes"
	"fmt"
	"regexp"
	"testing"

	"gopkg.in/yaml.v2"
)

func TestParseAuthConfigFailure(t *testing.T) {
	f := func(s string) {
		t.Helper()
		_, err := parseAuthConfig([]byte(s))
		if err == nil {
			t.Fatalf("expecting non-nil error")
		}
	}

	// Empty config
	f(``)

	// Invalid entry
	f(`foobar`)
	f(`foobar: baz`)

	// Empty users
	f(`users: []`)

	// Missing url_prefix
	f(`
users:
- username: foo
`)

	// Invalid url_prefix
	f(`
users:
- username: foo
  url_prefix: bar
`)
	f(`
users:
- username: foo
  url_prefix: ftp://bar
`)
	f(`
users:
- username: foo
  url_prefix: //bar
`)
	f(`
users:
- username: foo
  url_prefix: http:///bar
`)

	// Username and bearer_token in a single config
	f(`
users:
- username: foo
  bearer_token: bbb
  url_prefix: http://foo.bar
`)

	// Bearer_token and password in a single config
	f(`
users:
- password: foo
  bearer_token: bbb
  url_prefix: http://foo.bar
`)

	// Duplicate users
	f(`
users:
- username: foo
  url_prefix: http://foo.bar
- username: bar
  url_prefix: http://xxx.yyy
- username: foo
  url_prefix: https://sss.sss
`)

	// Duplicate bearer_tokens
	f(`
users:
- bearer_token: foo
  url_prefix: http://foo.bar
- username: bar
  url_prefix: http://xxx.yyy
- bearer_token: foo
  url_prefix: https://sss.sss
`)

	// Missing url_prefix in url_map
	f(`
users:
- username: a
  url_map:
  - src_paths: ["/foo/bar"]
`)

	// Missing src_paths in url_map
	f(`
users:
- username: a
  url_map:
  - url_prefix: http://foobar
`)

	// Invalid regexp in src_path.
	f(`
users:
- username: a
  url_map:
  - src_paths: ['fo[obar']
    url_prefix: http://foobar
`)
}

func TestParseAuthConfigSuccess(t *testing.T) {
	f := func(s string, expectedAuthConfig map[string]*UserInfo) {
		t.Helper()
		m, err := parseAuthConfig([]byte(s))
		if err != nil {
			t.Fatalf("unexpected error: %s", err)
		}
		removeMetrics(m)
		if err := areEqualConfigs(m, expectedAuthConfig); err != nil {
			t.Fatal(err)
		}
	}

	// Single user
	f(`
users:
- username: foo
  password: bar
  url_prefix: http://aaa:343/bbb
`, map[string]*UserInfo{
		getAuthToken("", "foo", "bar"): {
			Username:  "foo",
			Password:  "bar",
			URLPrefix: "http://aaa:343/bbb",
		},
	})

	// Multiple users
	f(`
users:
- username: foo
  url_prefix: http://foo
- username: bar
  url_prefix: https://bar/x///
`, map[string]*UserInfo{
		getAuthToken("", "foo", ""): {
			Username:  "foo",
			URLPrefix: "http://foo",
		},
		getAuthToken("", "bar", ""): {
			Username:  "bar",
			URLPrefix: "https://bar/x",
		},
	})

	// non-empty URLMap
	f(`
users:
- bearer_token: foo
  url_map:
  - src_paths: ["/api/v1/query","/api/v1/query_range","/api/v1/label/[^./]+/.+"]
    url_prefix: http://vmselect/select/0/prometheus
  - src_paths: ["/api/v1/write"]
    url_prefix: http://vminsert/insert/0/prometheus
`, map[string]*UserInfo{
		getAuthToken("foo", "", ""): {
			BearerToken: "foo",
			URLMap: []URLMap{
				{
					SrcPaths:  getSrcPaths([]string{"/api/v1/query", "/api/v1/query_range", "/api/v1/label/[^./]+/.+"}),
					URLPrefix: "http://vmselect/select/0/prometheus",
				},
				{
					SrcPaths:  getSrcPaths([]string{"/api/v1/write"}),
					URLPrefix: "http://vminsert/insert/0/prometheus",
				},
			},
		},
	})
}

func getSrcPaths(paths []string) []*SrcPath {
	var sps []*SrcPath
	for _, path := range paths {
		sps = append(sps, &SrcPath{
			sOriginal: path,
			re:        regexp.MustCompile("^(?:" + path + ")$"),
		})
	}
	return sps
}

func removeMetrics(m map[string]*UserInfo) {
	for _, info := range m {
		info.requests = nil
	}
}

func areEqualConfigs(a, b map[string]*UserInfo) error {
	aData, err := yaml.Marshal(a)
	if err != nil {
		return fmt.Errorf("cannot marshal a: %w", err)
	}
	bData, err := yaml.Marshal(b)
	if err != nil {
		return fmt.Errorf("cannot marshal b: %w", err)
	}
	if !bytes.Equal(aData, bData) {
		return fmt.Errorf("unexpected configs;\ngot\n%s\nwant\n%s", aData, bData)
	}
	return nil
}
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`package main`

			`import (`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`"bytes"`
			`"fmt"`
			`"regexp"`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`"testing"`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00
			`"gopkg.in/yaml.v2"`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`)`

			`func TestParseAuthConfigFailure(t *testing.T) {`
			`f := func(s string) {`
			`t.Helper()`
			`_, err := parseAuthConfig([]byte(s))`
			`if err == nil {`
			`t.Fatalf("expecting non-nil error")`
			`}`
			`}`

			`// Empty config`
			f(``)

			`// Invalid entry`
			f(`foobar`)
			f(`foobar: baz`)

			`// Empty users`
			f(`users: []`)

			`// Missing url_prefix`
			f(`
			`users:`
			`- username: foo`
			`)

			`// Invalid url_prefix`
			f(`
			`users:`
			`- username: foo`
			`url_prefix: bar`
			`)
			f(`
			`users:`
			`- username: foo`
			`url_prefix: ftp://bar`
			`)
			f(`
			`users:`
			`- username: foo`
			`url_prefix: //bar`
			`)
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			f(`
			`users:`
			`- username: foo`
			`url_prefix: http:///bar`
			`)
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`// Username and bearer_token in a single config`
			f(`
			`users:`
			`- username: foo`
			`bearer_token: bbb`
			`url_prefix: http://foo.bar`
			`)

			`// Bearer_token and password in a single config`
			f(`
			`users:`
			`- password: foo`
			`bearer_token: bbb`
			`url_prefix: http://foo.bar`
			`)

app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`// Duplicate users`
			f(`
			`users:`
			`- username: foo`
			`url_prefix: http://foo.bar`
			`- username: bar`
			`url_prefix: http://xxx.yyy`
			`- username: foo`
			`url_prefix: https://sss.sss`
			`)
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`// Duplicate bearer_tokens`
			f(`
			`users:`
			`- bearer_token: foo`
			`url_prefix: http://foo.bar`
			`- username: bar`
			`url_prefix: http://xxx.yyy`
			`- bearer_token: foo`
			`url_prefix: https://sss.sss`
			`)

app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`// Missing url_prefix in url_map`
			f(`
			`users:`
			`- username: a`
			`url_map:`
			`- src_paths: ["/foo/bar"]`
			`)

			`// Missing src_paths in url_map`
			f(`
			`users:`
			`- username: a`
			`url_map:`
			`- url_prefix: http://foobar`
			`)

app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`// Invalid regexp in src_path.`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			f(`
			`users:`
			`- username: a`
			`url_map:`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`- src_paths: ['fo[obar']`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`url_prefix: http://foobar`
			`)
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`}`

			`func TestParseAuthConfigSuccess(t *testing.T) {`
			`f := func(s string, expectedAuthConfig map[string]*UserInfo) {`
			`t.Helper()`
			`m, err := parseAuthConfig([]byte(s))`
			`if err != nil {`
			`t.Fatalf("unexpected error: %s", err)`
			`}`
			`removeMetrics(m)`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`if err := areEqualConfigs(m, expectedAuthConfig); err != nil {`
			`t.Fatal(err)`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`}`
			`}`

			`// Single user`
			f(`
			`users:`
			`- username: foo`
			`password: bar`
			`url_prefix: http://aaa:343/bbb`
			`, map[string]*UserInfo{
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`getAuthToken("", "foo", "bar"): {`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`Username: "foo",`
			`Password: "bar",`
			`URLPrefix: "http://aaa:343/bbb",`
			`},`
			`})`

			`// Multiple users`
			f(`
			`users:`
			`- username: foo`
			`url_prefix: http://foo`
			`- username: bar`
			`url_prefix: https://bar/x///`
			`, map[string]*UserInfo{
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`getAuthToken("", "foo", ""): {`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`Username: "foo",`
			`URLPrefix: "http://foo",`
			`},`
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`getAuthToken("", "bar", ""): {`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`Username: "bar",`
			`URLPrefix: "https://bar/x",`
			`},`
			`})`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00
			`// non-empty URLMap`
			f(`
			`users:`
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`- bearer_token: foo`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`url_map:`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`- src_paths: ["/api/v1/query","/api/v1/query_range","/api/v1/label/[^./]+/.+"]`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`url_prefix: http://vmselect/select/0/prometheus`
			`- src_paths: ["/api/v1/write"]`
			`url_prefix: http://vminsert/insert/0/prometheus`
			`, map[string]*UserInfo{
app/vmauth: add support for authorization via `Authorization: Bearer <token>` 2021-04-02 21:14:53 +02:00			`getAuthToken("foo", "", ""): {`
			`BearerToken: "foo",`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`URLMap: []URLMap{`
			`{`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`SrcPaths: getSrcPaths([]string{"/api/v1/query", "/api/v1/query_range", "/api/v1/label/[^./]+/.+"}),`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`URLPrefix: "http://vmselect/select/0/prometheus",`
			`},`
			`{`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`SrcPaths: getSrcPaths([]string{"/api/v1/write"}),`
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064 2021-02-11 11:40:59 +01:00			`URLPrefix: "http://vminsert/insert/0/prometheus",`
			`},`
			`},`
			`},`
			`})`
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`}`

app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00			`func getSrcPaths(paths []string) []*SrcPath {`
			`var sps []*SrcPath`
			`for _, path := range paths {`
			`sps = append(sps, &SrcPath{`
			`sOriginal: path,`
			`re: regexp.MustCompile("^(?:" + path + ")$"),`
			`})`
			`}`
			`return sps`
			`}`

app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details 2020-05-05 09:53:42 +02:00			`func removeMetrics(m map[string]*UserInfo) {`
			`for _, info := range m {`
			`info.requests = nil`
			`}`
			`}`
app/vmauth: allow using regexps in `url_map` paths See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1112 2021-03-05 17:21:11 +01:00
			`func areEqualConfigs(a, b map[string]*UserInfo) error {`
			`aData, err := yaml.Marshal(a)`
			`if err != nil {`
			`return fmt.Errorf("cannot marshal a: %w", err)`
			`}`
			`bData, err := yaml.Marshal(b)`
			`if err != nil {`
			`return fmt.Errorf("cannot marshal b: %w", err)`
			`}`
			`if !bytes.Equal(aData, bData) {`
			`return fmt.Errorf("unexpected configs;\ngot\n%s\nwant\n%s", aData, bData)`
			`}`
			`return nil`
			`}`