File: azure_test.go

package info (click to toggle)
gitlab-ci-multi-runner 14.10.1-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 31,248 kB
  • sloc: sh: 1,694; makefile: 384; asm: 79; ruby: 68
file content (112 lines) | stat: -rw-r--r-- 2,903 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
//go:build !integration
// +build !integration

package azure

import (
	"fmt"
	"net/http"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"gitlab.com/gitlab-org/gitlab-runner/common"
)

type azureURLGenerationTest struct {
	accountName   string
	accountKey    string
	storageDomain string
	method        string

	expectedErrorOnGeneration bool
}

func TestAzureClientURLGeneration(t *testing.T) {
	tests := map[string]azureURLGenerationTest{
		"missing account name": {
			accountKey:                accountKey,
			method:                    http.MethodGet,
			expectedErrorOnGeneration: true,
		},
		"missing account key": {
			accountName:               accountName,
			method:                    http.MethodGet,
			expectedErrorOnGeneration: true,
		},
		"GET request": {
			accountName: accountName,
			accountKey:  accountKey,
			method:      http.MethodGet,
		},
		"GET request in custom storage domain": {
			accountName:   accountName,
			accountKey:    accountKey,
			storageDomain: "blob.core.chinacloudapi.cn",
			method:        http.MethodGet,
		},

		"PUT request": {
			accountName: accountName,
			accountKey:  accountKey,
			method:      http.MethodPut,
		},
	}

	for tn, tt := range tests {
		t.Run(tn, func(t *testing.T) {
			opts := &signedURLOptions{
				ContainerName: containerName,
				StorageDomain: tt.storageDomain,
				Credentials: &common.CacheAzureCredentials{
					AccountName: tt.accountName,
					AccountKey:  tt.accountKey,
				},
				Method:  tt.method,
				Timeout: 1 * time.Hour,
			}

			url, err := presignedURL(objectName, opts)

			if tt.expectedErrorOnGeneration {
				assert.Error(t, err)
				return
			}

			require.NoError(t, err)
			assert.Equal(t, "https", url.Scheme)

			domain := DefaultAzureServer
			if tt.storageDomain != "" {
				domain = tt.storageDomain
			}
			assert.Equal(t, fmt.Sprintf("%s.%s", tt.accountName, domain), url.Host)
			assert.Equal(t, fmt.Sprintf("/%s/%s", containerName, objectName), url.Path)

			require.NotNil(t, url)

			q := url.Query()
			token, err := getSASToken(objectName, opts)
			require.NoError(t, err)
			assert.Equal(t, q.Encode(), token)

			// Sanity check query parameters from
			// https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
			assert.NotNil(t, q["sv"])                    // SignedVersion
			assert.Equal(t, []string{"b"}, q["sr"])      // SignedResource (blob)
			assert.NotNil(t, q["st"])                    // SignedStart
			assert.NotNil(t, q["se"])                    // SignedExpiry
			assert.NotNil(t, q["sig"])                   // Signature
			assert.Equal(t, []string{"https"}, q["spr"]) // SignedProtocol

			// SignedPermission
			expectedPermissionValue := "w"
			if tt.method == http.MethodGet {
				expectedPermissionValue = "r"
			}
			assert.Equal(t, []string{expectedPermissionValue}, q["sp"])
		})
	}
}