From db4b1d3822daf0a0da0ba6e838231251950f3f2e Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 19 Nov 2017 18:11:34 +0100
Subject: Add: scenario for testing unauthorized access

---
 yarns/600-unauthz.yarn | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 yarns/600-unauthz.yarn

(limited to 'yarns/600-unauthz.yarn')

diff --git a/yarns/600-unauthz.yarn b/yarns/600-unauthz.yarn
new file mode 100644
index 0000000..7eaf902
--- /dev/null
+++ b/yarns/600-unauthz.yarn
@@ -0,0 +1,97 @@
+<!--
+
+Copyright 2017 Lars Wirzenius
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+
+# Unauthorized requests
+
+This scenario make unauthorized requests and checks the right error is
+returned.
+
+    SCENARIO unauthorized requests
+
+Set up the controller.
+
+    GIVEN an RSA key pair for token signing
+    AND controller config uses statedir at the state directory
+    AND an access token for user with scopes
+    ... uapi_projects_post
+    ... uapi_projects_id_pipelines_id_put
+    ... uapi_projects_id_pipelines_id_get
+    ... uapi_projects_id_builds_get
+    ... uapi_workers_id_get
+    ... uapi_builds_get
+    ... uapi_builds_id_get
+    ... uapi_logs_id_get
+    AND a running ick controller
+
+    WHEN user makes request POST /projects with a valid token and body
+    ... {
+    ...     "project": "rome",
+    ...     "pipelines": [
+    ...         {
+    ...             "name": "construct",
+    ...             "actions": [
+    ...                 { "shell": "day 1" },
+    ...                 { "shell": "day 2" }
+    ...             ]
+    ...         }
+    ...     ]
+    ... }
+    THEN result has status code 201
+
+    GIVEN an access token for outsider with scopes
+    ... uapi_version_get
+    WHEN outsider makes request POST /projects 
+    ... with an invalid token and body {}
+    THEN result has status code 401
+
+    WHEN outsider makes request
+    ... GET /projects/rome/pipelines/construct
+    ... with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request GET /builds with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request
+    ... POST /workers with an invalid token and body [}
+    THEN result has status code 401
+
+    WHEN outsider makes request
+    ... PUT /projects/rome/pipelines/construct with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request
+    ... GET /work/obelix with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request
+    ... GET /workers/obelix with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request
+    ... GET /builds with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request GET /logs/1 with an invalid token
+    THEN result has status code 401
+
+    WHEN outsider makes request POST /work with an invalid token and body {}
+    THEN result has status code 401
+
+    FINALLY stop ick controller
-- 
cgit v1.2.1