diff options
Diffstat (limited to 'yarns/600-unauthz.yarn')
-rw-r--r-- | yarns/600-unauthz.yarn | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/yarns/600-unauthz.yarn b/yarns/600-unauthz.yarn new file mode 100644 index 0000000..7eaf902 --- /dev/null +++ b/yarns/600-unauthz.yarn @@ -0,0 +1,97 @@ +<!-- + +Copyright 2017 Lars Wirzenius + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see <http://www.gnu.org/licenses/>. + +--> + +# Unauthorized requests + +This scenario make unauthorized requests and checks the right error is +returned. + + SCENARIO unauthorized requests + +Set up the controller. + + GIVEN an RSA key pair for token signing + AND controller config uses statedir at the state directory + AND an access token for user with scopes + ... uapi_projects_post + ... uapi_projects_id_pipelines_id_put + ... uapi_projects_id_pipelines_id_get + ... uapi_projects_id_builds_get + ... uapi_workers_id_get + ... uapi_builds_get + ... uapi_builds_id_get + ... uapi_logs_id_get + AND a running ick controller + + WHEN user makes request POST /projects with a valid token and body + ... { + ... "project": "rome", + ... "pipelines": [ + ... { + ... "name": "construct", + ... "actions": [ + ... { "shell": "day 1" }, + ... { "shell": "day 2" } + ... ] + ... } + ... ] + ... } + THEN result has status code 201 + + GIVEN an access token for outsider with scopes + ... uapi_version_get + WHEN outsider makes request POST /projects + ... with an invalid token and body {} + THEN result has status code 401 + + WHEN outsider makes request + ... GET /projects/rome/pipelines/construct + ... with an invalid token + THEN result has status code 401 + + WHEN outsider makes request GET /builds with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... POST /workers with an invalid token and body [} + THEN result has status code 401 + + WHEN outsider makes request + ... PUT /projects/rome/pipelines/construct with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... GET /work/obelix with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... GET /workers/obelix with an invalid token + THEN result has status code 401 + + WHEN outsider makes request + ... GET /builds with an invalid token + THEN result has status code 401 + + WHEN outsider makes request GET /logs/1 with an invalid token + THEN result has status code 401 + + WHEN outsider makes request POST /work with an invalid token and body {} + THEN result has status code 401 + + FINALLY stop ick controller |