1284672998

Committed 09 May 2024 01:19PM UTC coverage: 81.658% (-1.1%) from 82.796%

Build # 1284672998

Build Type

Pull #715

gitlab-ci

Committed by

alfrunes

Commit Message

test(acceptance/os): :broom: Remove unused fixtures

Signed-off-by: Alf-Rune Siqveland <alf.rune@northern.tech>

Pull Request Pull Request #715: Acceptance test fixup

Run Details

4808 of 5888 relevant lines covered (81.66%)

51.13 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.0

/access/addons.go

// Copyright 2021 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package access

import (
        "context"
        "regexp"

        "github.com/mendersoftware/go-lib-micro/addons"
        hdr "github.com/mendersoftware/go-lib-micro/context/httpheader"
        "github.com/mendersoftware/go-lib-micro/identity"
        "github.com/pkg/errors"
)

const (
        hdrForwardedMethod = "X-Forwarded-Method"
        hdrForwardedURI    = "X-Forwarded-Uri"

        regexDeviceconfigURI  = "^/api/devices/v[1-9]/deviceconfig"
        regexDevicemonitorURI = "^/api/devices/v[1-9]/devicemonitor"
)

type addonRule struct {
        // URI regex for the restricted resource
        URI *regexp.Regexp
        // Methods to which the rule applies (nil means ALL)
        Methods []string
        // Name gives the name of the addon the feature belongs to
        Name string
}

// the only addon that impose restrictions to the devices API is
// the configure addon
var addonRules = []addonRule{{
        Name: addons.MenderConfigure,
        URI:  regexp.MustCompile(regexDeviceconfigURI),
}, {
        Name: addons.MenderMonitor,
        URI:  regexp.MustCompile(regexDevicemonitorURI),
}}

type addonChecker struct{}

func NewAddonChecker() Checker {
        return new(addonChecker)
}

func (c addonChecker) ValidateWithContext(ctx context.Context) error {
        method := hdr.FromContext(ctx, hdrForwardedMethod)
        URI := hdr.FromContext(ctx, hdrForwardedURI)
        id := identity.FromContext(ctx)
        if id == nil {
                return errors.New("missing tenant context")
        }

        // sidestep addon validation if the device is in trial mode
        if id.Trial {
                return nil
        }

        for _, rule := range addonRules {
                if rule.Methods != nil {
                        var applies bool = false
                        for _, m := range rule.Methods {
                                if m == method {
                                        applies = true
                                        break
                                }
                        }
                        if !applies {
                                continue
                        }
                }
                if !rule.URI.MatchString(URI) {
                        continue
                }
                // The rule matches, check if the addon permits it
                var enabled bool = false
                for _, addon := range id.Addons {
                        if addon.Name == rule.Name {
                                if addon.Enabled {
                                        enabled = true
                                }
                                break
                        }
                }
                if !enabled {
                        return PermissionError{
                                error: errors.Errorf(
                                        "operation requires addon: %s",
                                        rule.Name,
                                ),
                        }
                }
        }
        return nil
}

1	// Copyright 2021 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package access
16
17	import (
18	"context"
19	"regexp"
20
21	"github.com/mendersoftware/go-lib-micro/addons"
22	hdr "github.com/mendersoftware/go-lib-micro/context/httpheader"
23	"github.com/mendersoftware/go-lib-micro/identity"
24	"github.com/pkg/errors"
25	)
26
27	const (
28	hdrForwardedMethod = "X-Forwarded-Method"
29	hdrForwardedURI = "X-Forwarded-Uri"
30
31	regexDeviceconfigURI = "^/api/devices/v[1-9]/deviceconfig"
32	regexDevicemonitorURI = "^/api/devices/v[1-9]/devicemonitor"
33	)
34
35	type addonRule struct {
36	// URI regex for the restricted resource
37	URI *regexp.Regexp
38	// Methods to which the rule applies (nil means ALL)
39	Methods []string
40	// Name gives the name of the addon the feature belongs to
41	Name string
42	}
43
44	// the only addon that impose restrictions to the devices API is
45	// the configure addon
46	var addonRules = []addonRule{{
47	Name: addons.MenderConfigure,
48	URI: regexp.MustCompile(regexDeviceconfigURI),
49	}, {
50	Name: addons.MenderMonitor,
51	URI: regexp.MustCompile(regexDevicemonitorURI),
52	}}
53
54	type addonChecker struct{}
55
56	func NewAddonChecker() Checker {	5✔
57	return new(addonChecker)	5✔
58	}	5✔
59
60	func (c addonChecker) ValidateWithContext(ctx context.Context) error {	5✔
61	method := hdr.FromContext(ctx, hdrForwardedMethod)	5✔
62	URI := hdr.FromContext(ctx, hdrForwardedURI)	5✔
63	id := identity.FromContext(ctx)	5✔
64	if id == nil {	6✔
65	return errors.New("missing tenant context")	1✔
66	}	1✔
67
68	// sidestep addon validation if the device is in trial mode
69	if id.Trial {	5✔
70	return nil	1✔
71	}	1✔
72
73	for _, rule := range addonRules {	10✔
74	if rule.Methods != nil {	9✔
75	var applies bool = false	2✔
76	for _, m := range rule.Methods {	6✔
77	if m == method {	5✔
78	applies = true	1✔
79	break	1✔
80	}
81	}
82	if !applies {	3✔
83	continue	1✔
84	}
85	}
86	if !rule.URI.MatchString(URI) {	10✔
87	continue	4✔
88	}
89	// The rule matches, check if the addon permits it
90	var enabled bool = false	2✔
91	for _, addon := range id.Addons {	3✔
92	if addon.Name == rule.Name {	2✔
93	if addon.Enabled {	1✔
94	enabled = true	×
95	}	×
96	break	1✔
97	}
98	}
99	if !enabled {	4✔
100	return PermissionError{	2✔
101	error: errors.Errorf(	2✔
102	"operation requires addon: %s",	2✔
103	rule.Name,	2✔
104	),	2✔
105	}	2✔
106	}	2✔
107	}
108	return nil	1✔
109	}

mendersoftware / deviceauth / 1284672998

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous