// Testing get without authentication and with bad credentials.
TEST_F(HealthTest, ObserveEndpointBadAuthentication)
{
// Set up a master with authentication required.
// Note that the default master test flags enable HTTP authentication.
Try<PID<Master>> master = StartMaster();
ASSERT_SOME(master);
// Headers for POSTs to maintenance endpoints without authentication.
process::http::Headers unauthenticatedHeaders;
unauthenticatedHeaders["Content-Type"] = "application/json";
// Bad credentials which should fail authentication.
Credential badCredential;
badCredential.set_principal("badPrincipal");
badCredential.set_secret("badSecret");
// Headers for POSTs to maintenance endpoints with bad authentication.
process::http::Headers badAuthenticationHeaders;
badAuthenticationHeaders = createBasicAuthHeaders(badCredential);
badAuthenticationHeaders["Content-Type"] = "application/json";
// Post to observe without authentication.
Future<Response> response = process::http::post(
master.get(),
"observe",
unauthenticatedHeaders,
"monitor=a&hosts=b&level=Ok");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
// Get request without authentication.
response = process::http::get(master.get(), "observe");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
// Post to observe with bad authentication.
response = process::http::post(
master.get(),
"observe",
badAuthenticationHeaders,
"monitor=a&hosts=b&level=Ok");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
// Get request with bad authentication.
response = process::http::get(
master.get(),
"observe",
None(),
createBasicAuthHeaders(badCredential));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
Shutdown();
}
// Testing route without authorization header.
TEST_F(TeardownTest, TeardownEndpointNoHeader)
{
Try<PID<Master> > master = StartMaster();
ASSERT_SOME(master);
MockScheduler sched;
MesosSchedulerDriver driver(
&sched, DEFAULT_FRAMEWORK_INFO, master.get(), DEFAULT_CREDENTIAL);
Future<FrameworkID> frameworkId;
EXPECT_CALL(sched, registered(&driver, _, _))
.WillOnce(FutureArg<1>(&frameworkId));
ASSERT_EQ(DRIVER_RUNNING, driver.start());
AWAIT_READY(frameworkId);
Future<Response> response = process::http::post(
master.get(),
"teardown",
None(),
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
Unauthorized("Mesos master").status,
response);
driver.stop();
driver.join();
Shutdown();
}
// Testing route with bad credentials.
TEST_F(TeardownTest, BadCredentials)
{
Try<Owned<cluster::Master>> master = StartMaster();
ASSERT_SOME(master);
MockScheduler sched;
MesosSchedulerDriver driver(
&sched, DEFAULT_FRAMEWORK_INFO, master.get()->pid, DEFAULT_CREDENTIAL);
Future<FrameworkID> frameworkId;
EXPECT_CALL(sched, registered(&driver, _, _))
.WillOnce(FutureArg<1>(&frameworkId));
ASSERT_EQ(DRIVER_RUNNING, driver.start());
AWAIT_READY(frameworkId);
Credential badCredential;
badCredential.set_principal("badPrincipal");
badCredential.set_secret("badSecret");
Future<Response> response = process::http::post(
master.get()->pid,
"teardown",
createBasicAuthHeaders(badCredential),
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
driver.stop();
driver.join();
}
// Testing route with bad credentials.
TEST_F(TeardownTest, TeardownEndpointBadCredentials)
{
Try<PID<Master> > master = StartMaster();
ASSERT_SOME(master);
MockScheduler sched;
MesosSchedulerDriver driver(
&sched, DEFAULT_FRAMEWORK_INFO, master.get(), DEFAULT_CREDENTIAL);
Future<FrameworkID> frameworkId;
EXPECT_CALL(sched, registered(&driver, _, _))
.WillOnce(FutureArg<1>(&frameworkId));
ASSERT_EQ(DRIVER_RUNNING, driver.start());
AWAIT_READY(frameworkId);
process::http::Headers headers;
headers["Authorization"] = "Basic " +
base64::encode("badPrincipal:badSecret");
Future<Response> response = process::http::post(
master.get(),
"teardown",
headers,
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
driver.stop();
driver.join();
Shutdown();
}
TEST_F(SchedulerHttpApiTest, AuthenticationRequired)
{
Try<Owned<cluster::Master>> master = StartMaster();
ASSERT_SOME(master);
Future<Response> response = process::http::post(
master.get()->pid,
"api/v1/scheduler",
None(),
None());
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
}
// Testing route with bad ACLs.
TEST_F(TeardownTest, TeardownEndpointBadACLs)
{
// Setup ACLs so that no principal can do teardown the framework.
ACLs acls;
mesos::ACL::ShutdownFramework* acl = acls.add_shutdown_frameworks();
acl->mutable_principals()->set_type(mesos::ACL::Entity::NONE);
acl->mutable_framework_principals()->add_values(
DEFAULT_CREDENTIAL.principal());
master::Flags flags = CreateMasterFlags();
flags.acls = acls;
Try<PID<Master> > master = StartMaster(flags);
ASSERT_SOME(master);
MockScheduler sched;
MesosSchedulerDriver driver(
&sched, DEFAULT_FRAMEWORK_INFO, master.get(), DEFAULT_CREDENTIAL);
Future<FrameworkID> frameworkId;
EXPECT_CALL(sched, registered(&driver, _, _))
.WillOnce(FutureArg<1>(&frameworkId));
ASSERT_EQ(DRIVER_RUNNING, driver.start());
AWAIT_READY(frameworkId);
process::http::Headers headers;
headers["Authorization"] = "Basic " +
base64::encode(DEFAULT_CREDENTIAL.principal() +
":" + DEFAULT_CREDENTIAL.secret());
Future<Response> response = process::http::post(
master.get(),
"teardown",
headers,
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
Unauthorized("Mesos master").status,
response);
driver.stop();
driver.join();
Shutdown();
}