Refactor RDP proxy handling and update related tests
This commit is contained in:
@@ -0,0 +1,206 @@
|
||||
package webingress
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestHTTPHandlerRedirectsToHTTPS(t *testing.T) {
|
||||
runtime := Runtime{Config: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform"}}
|
||||
req := httptest.NewRequest(http.MethodGet, "http://admin.example.test/cluster-admin/dashboard?x=1", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusPermanentRedirect {
|
||||
t.Fatalf("status = %d", rec.Code)
|
||||
}
|
||||
if rec.Header().Get("Location") != "https://admin.example.test/cluster-admin/dashboard?x=1" {
|
||||
t.Fatalf("Location = %q", rec.Header().Get("Location"))
|
||||
}
|
||||
}
|
||||
|
||||
func TestHTTPSHandlerBlocksUnknownServiceClass(t *testing.T) {
|
||||
runtime := Runtime{
|
||||
Config: RuntimeConfig{
|
||||
ServiceType: "public-ingress",
|
||||
Scope: "organization",
|
||||
ServiceClasses: []string{"organization_portal", "user_portal"},
|
||||
},
|
||||
Now: fixedNow,
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodGet, "https://org.example.test/platform-admin/root", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPSHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusForbidden {
|
||||
t.Fatalf("status = %d body=%s", rec.Code, rec.Body.String())
|
||||
}
|
||||
var payload Response
|
||||
if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
|
||||
t.Fatalf("decode response: %v", err)
|
||||
}
|
||||
if payload.Reason != "service_class_not_allowed" || payload.ServiceClass != "platform_admin" || payload.Scope != "organization" {
|
||||
t.Fatalf("payload = %+v", payload)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHTTPSHandlerRequiresFabricServiceChannelBinding(t *testing.T) {
|
||||
runtime := Runtime{
|
||||
Config: RuntimeConfig{
|
||||
ServiceType: "admin-ingress",
|
||||
Scope: "platform",
|
||||
ServiceClasses: []string{"platform_admin", "cluster_admin"},
|
||||
},
|
||||
Now: fixedNow,
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodPost, "https://admin.example.test/platform-admin/root", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPSHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusNotImplemented {
|
||||
t.Fatalf("status = %d body=%s", rec.Code, rec.Body.String())
|
||||
}
|
||||
var payload Response
|
||||
if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
|
||||
t.Fatalf("decode response: %v", err)
|
||||
}
|
||||
if payload.Reason != "fabric_service_channel_binding_not_implemented" ||
|
||||
payload.ServiceClass != "platform_admin" ||
|
||||
payload.ObservedAt != "2026-05-17T00:00:00Z" {
|
||||
t.Fatalf("payload = %+v", payload)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHTTPSHandlerForwardsAllowedRequestToBinder(t *testing.T) {
|
||||
binder := &recordingBinder{
|
||||
response: FabricResponse{
|
||||
StatusCode: http.StatusAccepted,
|
||||
Headers: http.Header{"X-RAP-Result": []string{"accepted"}},
|
||||
Body: []byte(`{"ok":true}`),
|
||||
},
|
||||
}
|
||||
runtime := Runtime{
|
||||
Config: RuntimeConfig{
|
||||
ServiceType: "admin-ingress",
|
||||
Scope: "platform",
|
||||
ServiceClasses: []string{"platform_admin", "cluster_admin"},
|
||||
},
|
||||
Binder: binder,
|
||||
Now: fixedNow,
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodPost, "https://admin.example.test/platform-admin/root?tab=nodes", strings.NewReader(`{"hello":"world"}`))
|
||||
req.Header.Set("X-RAP-Service-Class", "platform_admin")
|
||||
req.Header.Set("Authorization", "Bearer secret")
|
||||
req.Header.Set("X-Trace-ID", "trace-1")
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPSHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusAccepted {
|
||||
t.Fatalf("status = %d body=%s", rec.Code, rec.Body.String())
|
||||
}
|
||||
if rec.Header().Get("X-RAP-Result") != "accepted" || rec.Body.String() != `{"ok":true}` {
|
||||
t.Fatalf("unexpected response headers=%v body=%s", rec.Header(), rec.Body.String())
|
||||
}
|
||||
if binder.request.ServiceClass != "platform_admin" ||
|
||||
binder.request.Scope != "platform" ||
|
||||
binder.request.Path != "/platform-admin/root" ||
|
||||
binder.request.Query != "tab=nodes" ||
|
||||
string(binder.request.Body) != `{"hello":"world"}` {
|
||||
t.Fatalf("request = %+v", binder.request)
|
||||
}
|
||||
if binder.request.Headers.Get("Authorization") != "" || binder.request.Headers.Get("X-Trace-ID") != "trace-1" {
|
||||
t.Fatalf("headers = %#v", binder.request.Headers)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHTTPSHandlerDerivesFabricScopeFromServiceClass(t *testing.T) {
|
||||
binder := &recordingBinder{response: FabricResponse{StatusCode: http.StatusOK}}
|
||||
runtime := Runtime{
|
||||
Config: RuntimeConfig{
|
||||
ServiceType: "admin-ingress",
|
||||
Scope: "platform",
|
||||
ServiceClasses: []string{"platform_admin", "cluster_admin"},
|
||||
},
|
||||
Binder: binder,
|
||||
Now: fixedNow,
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodGet, "https://admin.example.test/cluster-admin/ui-manifest", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPSHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf("status = %d body=%s", rec.Code, rec.Body.String())
|
||||
}
|
||||
if binder.request.ServiceClass != "cluster_admin" || binder.request.Scope != "cluster" {
|
||||
t.Fatalf("request = %+v", binder.request)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHTTPSHandlerReportsBinderFailure(t *testing.T) {
|
||||
runtime := Runtime{
|
||||
Config: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform", ServiceClasses: []string{"platform_admin"}},
|
||||
Binder: failingBinder{},
|
||||
Now: fixedNow,
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodPost, "https://admin.example.test/platform-admin/root", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPSHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusBadGateway {
|
||||
t.Fatalf("status = %d body=%s", rec.Code, rec.Body.String())
|
||||
}
|
||||
var payload Response
|
||||
if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
|
||||
t.Fatalf("decode response: %v", err)
|
||||
}
|
||||
if payload.Reason != "fabric_service_channel_forward_failed" {
|
||||
t.Fatalf("payload = %+v", payload)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHTTPSHandlerHealth(t *testing.T) {
|
||||
runtime := Runtime{Config: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform"}, Now: fixedNow}
|
||||
req := httptest.NewRequest(http.MethodGet, "https://admin.example.test/healthz", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
runtime.HTTPSHandler().ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf("status = %d body=%s", rec.Code, rec.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
func fixedNow() time.Time {
|
||||
return time.Date(2026, 5, 17, 0, 0, 0, 0, time.UTC)
|
||||
}
|
||||
|
||||
type recordingBinder struct {
|
||||
request FabricRequest
|
||||
response FabricResponse
|
||||
}
|
||||
|
||||
func (b *recordingBinder) Forward(_ context.Context, request FabricRequest) (FabricResponse, error) {
|
||||
b.request = request
|
||||
return b.response, nil
|
||||
}
|
||||
|
||||
type failingBinder struct{}
|
||||
|
||||
func (failingBinder) Forward(context.Context, FabricRequest) (FabricResponse, error) {
|
||||
return FabricResponse{}, errTestBinderFailure{}
|
||||
}
|
||||
|
||||
type errTestBinderFailure struct{}
|
||||
|
||||
func (errTestBinderFailure) Error() string { return "binder failed" }
|
||||
Reference in New Issue
Block a user