33c3e3176f
adds an additional flag to return an additional TXT record that will enable TLS on custom domains with Linksharing. Closes #5623 Change-Id: I941616362d7dcd9aec20dfd10346e483021516a4
229 lines
7.5 KiB
Go
229 lines
7.5 KiB
Go
// Copyright (C) 2021 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"net"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"storj.io/common/grant"
|
|
"storj.io/common/macaroon"
|
|
"storj.io/common/pb"
|
|
"storj.io/common/storj"
|
|
"storj.io/common/testcontext"
|
|
"storj.io/drpc/drpcmux"
|
|
"storj.io/drpc/drpcserver"
|
|
"storj.io/storj/cmd/uplink/ultest"
|
|
)
|
|
|
|
const testAPIKey = "13Yqe3oHi5dcnGhMu2ru3cmePC9iEYv6nDrYMbLRh4wre1KtVA9SFwLNAuuvWwc43b9swRsrfsnrbuTHQ6TJKVt4LjGnaARN9PhxJEu"
|
|
|
|
func TestShare(t *testing.T) {
|
|
t.Run("share requires prefix", func(t *testing.T) {
|
|
ultest.Setup(commands).Fail(t, "share")
|
|
})
|
|
|
|
t.Run("share default access", func(t *testing.T) {
|
|
state := ultest.Setup(commands)
|
|
|
|
state.Succeed(t, "share", "sj://some/prefix").RequireStdoutGlob(t, `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Allowed
|
|
Upload : Disallowed
|
|
Lists : Allowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : No restriction
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
`)
|
|
})
|
|
|
|
t.Run("share access with --readonly", func(t *testing.T) {
|
|
state := ultest.Setup(commands)
|
|
|
|
state.Succeed(t, "share", "--readonly", "sj://some/prefix").RequireStdoutGlob(t, `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Allowed
|
|
Upload : Disallowed
|
|
Lists : Allowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : No restriction
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
`)
|
|
})
|
|
|
|
t.Run("share access with --disallow-lists", func(t *testing.T) {
|
|
state := ultest.Setup(commands)
|
|
|
|
state.Succeed(t, "share", "--disallow-lists", "sj://some/prefix").RequireStdoutGlob(t, `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Allowed
|
|
Upload : Disallowed
|
|
Lists : Disallowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : No restriction
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
`)
|
|
})
|
|
|
|
t.Run("share access with --disallow-reads", func(t *testing.T) {
|
|
state := ultest.Setup(commands)
|
|
|
|
state.Succeed(t, "share", "--disallow-reads", "sj://some/prefix").RequireStdoutGlob(t, `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Disallowed
|
|
Upload : Disallowed
|
|
Lists : Allowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : No restriction
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
`)
|
|
})
|
|
|
|
t.Run("share access with --writeonly", func(t *testing.T) {
|
|
state := ultest.Setup(commands)
|
|
|
|
result := state.Fail(t, "share", "--writeonly", "sj://some/prefix")
|
|
|
|
require.Equal(t, "permission is empty", result.Err.Error())
|
|
})
|
|
|
|
t.Run("share access with --public", func(t *testing.T) {
|
|
// Can't run this scenario because AuthService is not running in testplanet.
|
|
// If necessary we can mock AuthService like in https://github.com/storj/uplink/blob/main/testsuite/edge_test.go
|
|
t.Skip("No AuthService available in testplanet")
|
|
state := ultest.Setup(commands)
|
|
|
|
state.Succeed(t, "share", "--public", "--not-after=none", "sj://some/prefix").RequireStdoutGlob(t, `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Allowed
|
|
Upload : Disallowed
|
|
Lists : Allowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : No restriction
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
`)
|
|
})
|
|
|
|
t.Run("share access with --not-after time restriction parameter", func(t *testing.T) {
|
|
state := ultest.Setup(commands)
|
|
|
|
state.Succeed(t, "share", "--not-after", "2022-01-01T15:01:01-01:00", "sj://some/prefix").RequireStdoutGlob(t, `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Allowed
|
|
Upload : Disallowed
|
|
Lists : Allowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : 2022-01-01 16:01:01
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
`)
|
|
})
|
|
|
|
t.Run("share access with --dns and --tls", func(t *testing.T) {
|
|
ctx := testcontext.New(t)
|
|
defer ctx.Cleanup()
|
|
|
|
state := ultest.Setup(commands)
|
|
|
|
listener, err := net.Listen("tcp", "127.0.0.1:0")
|
|
require.NoError(t, err)
|
|
|
|
serverCtx, serverCancel := context.WithCancel(ctx)
|
|
defer serverCancel()
|
|
|
|
ctx.Go(func() error {
|
|
mux := drpcmux.New()
|
|
if err := pb.DRPCRegisterEdgeAuth(mux, &DRPCAuthMockServer{}); err != nil {
|
|
return err
|
|
}
|
|
return drpcserver.New(mux).Serve(serverCtx, listener)
|
|
})
|
|
|
|
authAddr := "insecure://" + listener.Addr().String()
|
|
|
|
apiKey, err := macaroon.ParseAPIKey(testAPIKey)
|
|
require.NoError(t, err)
|
|
|
|
encAccess := grant.NewEncryptionAccessWithDefaultKey(&storj.Key{})
|
|
grantAccess := grant.Access{
|
|
SatelliteAddress: "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777",
|
|
APIKey: apiKey,
|
|
EncAccess: encAccess,
|
|
}
|
|
|
|
access, err := grantAccess.Serialize()
|
|
require.NoError(t, err)
|
|
|
|
expected := `
|
|
Sharing access to satellite *
|
|
=========== ACCESS RESTRICTIONS ==========================================================
|
|
Download : Allowed
|
|
Upload : Disallowed
|
|
Lists : Allowed
|
|
Deletes : Disallowed
|
|
NotBefore : No restriction
|
|
NotAfter : No restriction
|
|
Paths : sj://some/prefix
|
|
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
|
|
Access : *
|
|
========== GATEWAY CREDENTIALS ===========================================================
|
|
Access Key ID: accesskeyid
|
|
Secret Key : secretkey
|
|
Endpoint : endpoint
|
|
Public Access: true
|
|
=========== DNS INFO =====================================================================
|
|
Remember to update the $ORIGIN with your domain name. You may also change the $TTL.
|
|
$ORIGIN example.com.
|
|
$TTL 3600
|
|
test.com IN CNAME link.storjshare.io.
|
|
txt-test.com IN TXT storj-root:some/prefix
|
|
txt-test.com IN TXT storj-access:accesskeyid
|
|
`
|
|
|
|
state.Succeed(t, "share", "--access", access, "--not-after=none", "--dns", "test.com", "--auth-service", authAddr, "sj://some/prefix").RequireStdoutGlob(t, expected)
|
|
|
|
expected += "\ntxt-test.com IN TXT storj-tls:true\n"
|
|
|
|
state.Succeed(t, "share", "--access", access, "--not-after=none", "--dns", "test.com", "--tls", "--auth-service", authAddr, "sj://some/prefix").RequireStdoutGlob(t, expected)
|
|
})
|
|
}
|
|
|
|
type DRPCAuthMockServer struct {
|
|
pb.DRPCEdgeAuthServer
|
|
}
|
|
|
|
func (g *DRPCAuthMockServer) RegisterAccess(context.Context, *pb.EdgeRegisterAccessRequest) (*pb.EdgeRegisterAccessResponse, error) {
|
|
return &pb.EdgeRegisterAccessResponse{
|
|
AccessKeyId: "accesskeyid",
|
|
SecretKey: "secretkey",
|
|
Endpoint: "endpoint",
|
|
}, nil
|
|
}
|