From 6e024c45b50d31c20eb0d509263d3e0f888847de Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 1 Mar 2018 00:12:11 +0100 Subject: [PLT-8186] add support for ec2 instance profile authentication (#8243) --- api4/system.go | 31 ++++++++++++++++++++++++++ api4/system_test.go | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+) (limited to 'api4') diff --git a/api4/system.go b/api4/system.go index 2355cb476..aab65bf20 100644 --- a/api4/system.go +++ b/api4/system.go @@ -29,6 +29,7 @@ func (api *API) InitSystem() { api.BaseRoutes.ApiRoot.Handle("/audits", api.ApiSessionRequired(getAudits)).Methods("GET") api.BaseRoutes.ApiRoot.Handle("/email/test", api.ApiSessionRequired(testEmail)).Methods("POST") + api.BaseRoutes.ApiRoot.Handle("/file/s3_test", api.ApiSessionRequired(testS3)).Methods("POST") api.BaseRoutes.ApiRoot.Handle("/database/recycle", api.ApiSessionRequired(databaseRecycle)).Methods("POST") api.BaseRoutes.ApiRoot.Handle("/caches/invalidate", api.ApiSessionRequired(invalidateCaches)).Methods("POST") @@ -384,3 +385,33 @@ func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(rows.ToJson())) } + +func testS3(c *Context, w http.ResponseWriter, r *http.Request) { + cfg := model.ConfigFromJson(r.Body) + if cfg == nil { + cfg = c.App.Config() + } + + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + err := utils.CheckMandatoryS3Fields(&cfg.FileSettings) + if err != nil { + c.Err = err + return + } + + license := c.App.License() + backend, appErr := utils.NewFileBackend(&cfg.FileSettings, license != nil && *license.Features.Compliance) + if appErr == nil { + appErr = backend.TestConnection() + } + if appErr != nil { + c.Err = appErr + return + } + + ReturnStatusOK(w) +} diff --git a/api4/system_test.go b/api4/system_test.go index 01b4934ae..e39486b77 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -1,7 +1,9 @@ package api4 import ( + "fmt" "net/http" + "os" "strings" "testing" @@ -466,3 +468,65 @@ func TestGetAnalyticsOld(t *testing.T) { _, resp = Client.GetAnalyticsOld("", th.BasicTeam.Id) CheckUnauthorizedStatus(t, resp) } + +func TestS3TestConnection(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer th.TearDown() + Client := th.Client + + s3Host := os.Getenv("CI_HOST") + if s3Host == "" { + s3Host = "dockerhost" + } + + s3Port := os.Getenv("CI_MINIO_PORT") + if s3Port == "" { + s3Port = "9001" + } + + s3Endpoint := fmt.Sprintf("%s:%s", s3Host, s3Port) + config := model.Config{ + FileSettings: model.FileSettings{ + DriverName: model.NewString(model.IMAGE_DRIVER_S3), + AmazonS3AccessKeyId: model.MINIO_ACCESS_KEY, + AmazonS3SecretAccessKey: model.MINIO_SECRET_KEY, + AmazonS3Bucket: "", + AmazonS3Endpoint: "", + AmazonS3SSL: model.NewBool(false), + }, + } + + _, resp := Client.TestS3Connection(&config) + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.TestS3Connection(&config) + CheckBadRequestStatus(t, resp) + if resp.Error.Message != "S3 Bucket is required" { + t.Fatal("should return error - missing s3 bucket") + } + + config.FileSettings.AmazonS3Bucket = model.MINIO_BUCKET + _, resp = th.SystemAdminClient.TestS3Connection(&config) + CheckBadRequestStatus(t, resp) + if resp.Error.Message != "S3 Endpoint is required" { + t.Fatal("should return error - missing s3 endpoint") + } + + config.FileSettings.AmazonS3Endpoint = s3Endpoint + _, resp = th.SystemAdminClient.TestS3Connection(&config) + CheckBadRequestStatus(t, resp) + if resp.Error.Message != "S3 Region is required" { + t.Fatal("should return error - missing s3 region") + } + + config.FileSettings.AmazonS3Region = "us-east-1" + _, resp = th.SystemAdminClient.TestS3Connection(&config) + CheckOKStatus(t, resp) + + config.FileSettings.AmazonS3Bucket = "Wrong_bucket" + _, resp = th.SystemAdminClient.TestS3Connection(&config) + CheckInternalErrorStatus(t, resp) + if resp.Error.Message != "Error checking if bucket exists." { + t.Fatal("should return error ") + } +} -- cgit v1.2.3-1-g7c22