From 224afe3b367cba9b978115e969e714c14c71caa6 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 24 Apr 2018 17:03:17 +0300 Subject: Change: GET /work, POST /worker use access token to identify worker --- yarns/300-workers.yarn | 5 +-- yarns/400-build.yarn | 82 ++++++++++++++++++++++------------------------- yarns/500-build-fail.yarn | 13 ++++---- yarns/600-unauthz.yarn | 4 +-- yarns/900-local.yarn | 3 +- 5 files changed, 52 insertions(+), 55 deletions(-) (limited to 'yarns') diff --git a/yarns/300-workers.yarn b/yarns/300-workers.yarn index 4e975ea..89444f9 100644 --- a/yarns/300-workers.yarn +++ b/yarns/300-workers.yarn @@ -55,10 +55,11 @@ controller API. It doesn't actually talk to the worker itself. GIVEN an RSA key pair for token signing AND an access token for user with scopes ... uapi_workers_get - ... uapi_workers_post ... uapi_workers_id_get ... uapi_workers_id_put ... uapi_workers_id_delete + AND an access token for obelix with scopes + ... uapi_workers_post AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store AND controller config uses https://auth.example.com as authentication @@ -68,7 +69,7 @@ controller API. It doesn't actually talk to the worker itself. THEN result has status code 200 AND body matches { "workers": [] } - WHEN user makes request POST /workers with a valid token and body + WHEN obelix makes request POST /workers with a valid token and body ... { ... "worker": "obelix", ... "protocol": "ssh", diff --git a/yarns/400-build.yarn b/yarns/400-build.yarn index 13257a0..c167ac2 100644 --- a/yarns/400-build.yarn +++ b/yarns/400-build.yarn @@ -86,13 +86,12 @@ There are no builds for the project yet, and is idle. Register a worker. - GIVEN an access token for worker-manager with scopes + GIVEN an access token for obelix with scopes ... uapi_workers_post ... uapi_work_post - ... uapi_work_id_get - WHEN worker-manager makes request POST /workers with a valid token and body + ... uapi_work_get + WHEN obelix makes request POST /workers with a valid token and body ... { - ... "worker": "obelix" ... } THEN result has status code 201 @@ -113,7 +112,7 @@ be in the path or can we get it in the access token?** Note that the controller has inserted a special additional step to get the worker to construct a new workspace for the build. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -131,7 +130,7 @@ the worker to construct a new workspace for the build. ... } ... } - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -212,7 +211,7 @@ User can now see pipeline is running and which worker is building it. Worker reports workspace creation is done. Note the zero exit code. - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/1", ... "worker": "obelix", @@ -226,7 +225,7 @@ Worker reports workspace creation is done. Note the zero exit code. Worker requests more work, and gets the first actual build step. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -247,7 +246,7 @@ Worker requests more work, and gets the first actual build step. Worker reports some build output. Note the null exit code. The step hasn't finished yet. - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/1", ... "worker": "obelix", @@ -262,7 +261,7 @@ hasn't finished yet. Worker-manager still gets the same step, since the first build step didnt't finish. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -289,7 +288,7 @@ The build log is immediately accessible. Report the step is done, and successfully. - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/1", ... "worker": "obelix", @@ -336,7 +335,7 @@ The build status now shows the next step as the active one. Now there's another step to do. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -379,7 +378,7 @@ User sees changed status. Report it done. - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/1", ... "worker": "obelix", @@ -393,7 +392,7 @@ Report it done. Now there's no more work to do. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches {} @@ -463,7 +462,7 @@ Start build again. This should become build number 2. ... with a valid token and body { "status": "triggered" } THEN result has status code 200 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -523,7 +522,7 @@ Start build again. This should become build number 2. ... ] ... } - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/2", ... "worker": "obelix", @@ -535,7 +534,7 @@ Start build again. This should become build number 2. ... } THEN result has status code 201 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -553,7 +552,7 @@ Start build again. This should become build number 2. ... } ... } - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/2", ... "worker": "obelix", @@ -565,10 +564,10 @@ Start build again. This should become build number 2. ... } THEN result has status code 201 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/2", ... "worker": "obelix", @@ -674,13 +673,12 @@ Add a couple of projects. Register a worker. - GIVEN an access token for worker-manager with scopes + GIVEN an access token for obelix with scopes ... uapi_workers_post ... uapi_work_post - ... uapi_work_id_get - WHEN worker-manager makes request POST /workers with a valid token and body + ... uapi_work_get + WHEN obelix makes request POST /workers with a valid token and body ... { - ... "worker": "obelix" ... } THEN result has status code 201 @@ -690,14 +688,14 @@ Build the first project. ... with a valid token and body { "status": "triggered" } THEN result has status code 200 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "action": "create_workspace", ... "where": "host" ... } - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "first/1", ... "build_number": 1, @@ -710,14 +708,14 @@ Build the first project. ... } THEN result has status code 201 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "shell": "something", ... "where": "host" ... } - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "first/1", ... "build_number": 1, @@ -739,14 +737,14 @@ Build second project. ... with a valid token and body { "status": "triggered" } THEN result has status code 200 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "action": "create_workspace", ... "where": "host" ... } - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "second/1", ... "worker": "obelix", @@ -758,14 +756,14 @@ Build second project. ... } THEN result has status code 201 - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "shell": "something", ... "where": "host" ... } - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "second/1", ... "worker": "obelix", @@ -839,20 +837,18 @@ Register a couple of workers. GIVEN an access token for asterix with scopes ... uapi_workers_post ... uapi_work_post - ... uapi_work_id_get + ... uapi_work_get WHEN asterix makes request POST /workers with a valid token and body ... { - ... "worker": "asterix" ... } THEN result has status code 201 GIVEN an access token for obelix with scopes ... uapi_workers_post ... uapi_work_post - ... uapi_work_id_get + ... uapi_work_get WHEN obelix makes request POST /workers with a valid token and body ... { - ... "worker": "obelix" ... } THEN result has status code 201 @@ -865,7 +861,7 @@ Trigger both projects. WHEN user requests list of builds THEN the list of builds is [] - WHEN asterix makes request GET /work/asterix + WHEN asterix makes request GET /work THEN result is step ... { ... "action": "create_workspace", @@ -879,7 +875,7 @@ Trigger both projects. ... with a valid token and body { "status": "triggered" } THEN result has status code 200 - WHEN obelix makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "action": "create_workspace", @@ -902,14 +898,14 @@ Trigger both projects. ... } THEN result has status code 201 - WHEN asterix makes request GET /work/asterix + WHEN asterix makes request GET /work THEN result is step ... { ... "shell": "something", ... "where": "host" ... } - WHEN obelix makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "action": "create_workspace", @@ -929,7 +925,7 @@ Trigger both projects. ... } THEN result has status code 201 - WHEN obelix makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result is step ... { ... "shell": "something", @@ -948,7 +944,7 @@ Trigger both projects. ... } THEN result has status code 201 - WHEN asterix makes request GET /work/asterix + WHEN asterix makes request GET /work THEN body matches {} WHEN obelix makes request POST /work with a valid token and body @@ -963,7 +959,7 @@ Trigger both projects. ... } THEN result has status code 201 - WHEN obelix makes request GET /work/obelix + WHEN obelix makes request GET /work THEN body matches {} WHEN user requests list of builds diff --git a/yarns/500-build-fail.yarn b/yarns/500-build-fail.yarn index 3b29499..79d4be6 100644 --- a/yarns/500-build-fail.yarn +++ b/yarns/500-build-fail.yarn @@ -62,13 +62,12 @@ Add up a project and its pipelines. Register a worker. - GIVEN an access token for worker-manager with scopes + GIVEN an access token for obelix with scopes ... uapi_workers_post ... uapi_work_post - ... uapi_work_id_get - WHEN worker-manager makes request POST /workers with a valid token and body + ... uapi_work_get + WHEN obelix makes request POST /workers with a valid token and body ... { - ... "worker": "obelix" ... } THEN result has status code 201 @@ -80,7 +79,7 @@ Trigger build. Worker wants work and gets the first step to run. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches ... { @@ -99,7 +98,7 @@ Worker wants work and gets the first step to run. Worker reports some build output. Note the exit code indicating failure. - WHEN worker-manager makes request POST /work with a valid token and body + WHEN obelix makes request POST /work with a valid token and body ... { ... "build_id": "rome/1", ... "worker": "obelix", @@ -114,7 +113,7 @@ failure. A build step failed, so now the build has ended, and there's no more work to do. - WHEN worker-manager makes request GET /work/obelix + WHEN obelix makes request GET /work THEN result has status code 200 AND body matches {} diff --git a/yarns/600-unauthz.yarn b/yarns/600-unauthz.yarn index 176ac49..55cac30 100644 --- a/yarns/600-unauthz.yarn +++ b/yarns/600-unauthz.yarn @@ -79,11 +79,11 @@ Set up the controller. THEN result has status code 401 WHEN outsider makes request - ... GET /work/obelix with an invalid token + ... GET /work with an invalid token THEN result has status code 401 WHEN outsider makes request - ... GET /workers/obelix with an invalid token + ... GET /workers with an invalid token THEN result has status code 401 WHEN outsider makes request diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn index 9ec0dcb..b8b6695 100644 --- a/yarns/900-local.yarn +++ b/yarns/900-local.yarn @@ -35,11 +35,12 @@ along with this program. If not, see . argv = [ os.path.join(srcdir, 'create-token'), scopes, + user, ] token = cliapp.runcmd(argv, feed_stdin=key) store_token(user, token) vars['issuer'] = 'localhost' - vars['audience'] = 'localhost' + vars['audience'] = user ## Controller configuration -- cgit v1.2.1