diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3d11d66d..188b4572 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -75,11 +75,11 @@ jobs: env: API_ABOUT_PAGE: "localhost:8080/api/server/about" run: | - docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml up -d + docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml -f components/analytics/docker-compose.analytics.yml up -d /bin/bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${API_ABOUT_PAGE})" != "401" ]]; do sleep 5; done' pip3 install --user -r tests/rest_api/requirements.txt pytest tests/rest_api/ - docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml down -v + docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml -f components/analytics/docker-compose.analytics.yml down -v - name: Running unit tests env: HOST_COVERAGE_DATA_DIR: ${{ github.workspace }} diff --git a/components/analytics/kibana_conf.yml b/components/analytics/kibana_conf.yml index c2eb5a95..347d5611 100644 --- a/components/analytics/kibana_conf.yml +++ b/components/analytics/kibana_conf.yml @@ -13,6 +13,10 @@ http: analytics-auth: forwardauth: address: http://cvat:8080/analytics + authRequestHeaders: + - "Cookie" + - "Authorization" + strip-prefix: stripprefix: prefixes: diff --git a/tests/rest_api/test_0004_analytics.py b/tests/rest_api/test_0004_analytics.py new file mode 100644 index 00000000..a5e76cc3 --- /dev/null +++ b/tests/rest_api/test_0004_analytics.py @@ -0,0 +1,31 @@ +# Copyright (C) 2022 Intel Corporation +# +# SPDX-License-Identifier: MIT + +import pytest +from http import HTTPStatus +from .utils.config import server_get + +class TestGetAnalytics: + endpoint = 'analytics/app/kibana' + def _test_can_see(self, user): + response = server_get(user, self.endpoint) + + assert response.status_code == HTTPStatus.OK + + def _test_cannot_see(self, user): + response = server_get(user, self.endpoint) + + assert response.status_code == HTTPStatus.FORBIDDEN + + @pytest.mark.parametrize('privilege, is_allow', [ + ('admin', True), ('business', True), + ('worker', False), ('user', False) + ]) + def test_can_see(self, privilege, is_allow, find_users): + user = find_users(privilege=privilege)[0]['username'] + + if is_allow: + self._test_can_see(user) + else: + self._test_cannot_see(user) diff --git a/tests/rest_api/utils/config.py b/tests/rest_api/utils/config.py index ff47733d..29f86305 100644 --- a/tests/rest_api/utils/config.py +++ b/tests/rest_api/utils/config.py @@ -9,10 +9,17 @@ ROOT_DIR = osp.dirname(__file__) ASSETS_DIR = osp.abspath(osp.join(ROOT_DIR, '..', 'assets')) # Suppress the warning from Bandit about hardcoded passwords USER_PASS = '!Q@W#E$R' # nosec -BASE_URL = 'http://localhost:8080/api/' +BASE_URL = 'http://localhost:8080/' +API_URL = BASE_URL + 'api/' + +def _to_query_params(**kwargs): + return '&'.join([f'{k}={v}' for k,v in kwargs.items()]) + +def get_server_url(endpoint, **kwargs): + return BASE_URL + endpoint + '?' + _to_query_params(**kwargs) def get_api_url(endpoint, **kwargs): - return BASE_URL + endpoint + '?' + '&'.join([f'{k}={v}' for k,v in kwargs.items()]) + return API_URL + endpoint + '?' + _to_query_params(**kwargs) def get_method(username, endpoint, **kwargs): return requests.get(get_api_url(endpoint, **kwargs), auth=(username, USER_PASS)) @@ -24,4 +31,7 @@ def patch_method(username, endpoint, data, **kwargs): return requests.patch(get_api_url(endpoint, **kwargs), json=data, auth=(username, USER_PASS)) def post_method(username, endpoint, data, **kwargs): - return requests.post(get_api_url(endpoint, **kwargs), json=data, auth=(username, USER_PASS)) \ No newline at end of file + return requests.post(get_api_url(endpoint, **kwargs), json=data, auth=(username, USER_PASS)) + +def server_get(username, endpoint, **kwargs): + return requests.get(get_server_url(endpoint, **kwargs), auth=(username, USER_PASS))