diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-11-19 18:11:34 +0100 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-11-19 18:11:34 +0100 |
commit | db4b1d3822daf0a0da0ba6e838231251950f3f2e (patch) | |
tree | 1384ce2356308d15cc2c466558f427dc6050f297 /yarns/600-unauthz.yarn | |
parent | 196e9c65b6ed1a488a7163148a75b72aea3d07fe (diff) | |
download | ick2-db4b1d3822daf0a0da0ba6e838231251950f3f2e.tar.gz |
Add: scenario for testing unauthorized access
Diffstat (limited to 'yarns/600-unauthz.yarn')
-rw-r--r-- | yarns/600-unauthz.yarn | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/yarns/600-unauthz.yarn b/yarns/600-unauthz.yarn new file mode 100644 index 0000000..7eaf902 --- /dev/null +++ b/yarns/600-unauthz.yarn @@ -0,0 +1,97 @@ +<!-- + +Copyright 2017 Lars Wirzenius + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see <http://www.gnu.org/licenses/>. + +--> + +# Unauthorized requests + +This scenario make unauthorized requests and checks the right error is +returned. + + SCENARIO unauthorized requests + +Set up the controller. + + GIVEN an RSA key pair for token signing + AND controller config uses statedir at the state directory + AND an access token for user with scopes + ... uapi_projects_post + ... uapi_projects_id_pipelines_id_put + ... uapi_projects_id_pipelines_id_get + ... uapi_projects_id_builds_get + ... uapi_workers_id_get + ... uapi_builds_get + ... uapi_builds_id_get + ... uapi_logs_id_get + AND a running ick controller + + WHEN user makes request POST /projects with a valid token and body + ... { + ... "project": "rome", + ... "pipelines": [ + ... { + ... "name": "construct", + ... "actions": [ + ... { "shell": "day 1" }, + ... { "shell": "day 2" } + ... ] + ... } + ... ] + ... } + THEN result has status code 201 + + GIVEN an access token for outsider with scopes + ... uapi_version_get + WHEN outsider makes request POST /projects + ... with an invalid token and body {} + THEN result has status code 401 + + WHEN outsider makes request + ... GET /projects/rome/pipelines/construct + ... with an invalid token + THEN result has status code 401 + + WHEN outsider makes request GET /builds with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... POST /workers with an invalid token and body [} + THEN result has status code 401 + + WHEN outsider makes request + ... PUT /projects/rome/pipelines/construct with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... GET /work/obelix with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... GET /workers/obelix with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... GET /builds with an invalid token + THEN result has status code 401 + + WHEN outsider makes request GET /logs/1 with an invalid token + THEN result has status code 401 + + WHEN outsider makes request POST /work with an invalid token and body {} + THEN result has status code 401 + + FINALLY stop ick controller |