test that credentials are added to registry reqs

Add the missing set in lookupModuleLocation
2017-10-27 15:44:00 -04:00 · 2017-10-27 15:44:00 -04:00 · ee56e3226b
parent 5203c66116
commit ee56e3226b
3 changed files with 62 additions and 0 deletions
--- a/config/module/get_test.go
+++ b/config/module/get_test.go
@ -25,6 +25,10 @@ type testMod struct {
 	version  string
 }

+const (
+	testCredentials = "a9564ebc3289b7a14551baf8ad5ec60a"
+)
+
 // All the locationes from the mockRegistry start with a file:// scheme. If
 // the the location string here doesn't have a scheme, the mockRegistry will
 // find the absolute path and return a complete URL.
@ -51,6 +55,9 @@ var testMods = map[string][]testMod{
 		{version: "1.2.2"},
 		{version: "1.2.1"},
 	},
+	"private/name/provider": {
+		{version: "1.0.0"},
+	},
 }

 func latestVersion(versions []string) string {
@ -81,6 +88,13 @@ func mockRegHandler() http.Handler {
 			return
 		}

+		// check for auth
+		if strings.Contains(matches[0], "private/") {
+			if !strings.Contains(r.Header.Get("Authorization"), testCredentials) {
+				http.Error(w, "", http.StatusForbidden)
+			}
+		}
+
 		versions, ok := testMods[matches[1]]
 		if !ok {
 			http.NotFound(w, r)
@ -110,6 +124,13 @@ func mockRegHandler() http.Handler {
 			return
 		}

+		// check for auth
+		if strings.Contains(matches[1], "private/") {
+			if !strings.Contains(r.Header.Get("Authorization"), testCredentials) {
+				http.Error(w, "", http.StatusForbidden)
+			}
+		}
+
 		name := matches[1]
 		versions, ok := testMods[name]
 		if !ok {
--- a/config/module/registry.go
+++ b/config/module/registry.go
@ -155,6 +155,7 @@ func (s *Storage) lookupModuleLocation(module *regsrc.Module, version string) (s
 		return "", err
 	}

+	s.addRequestCreds(svchost.Hostname(module.RawHost.Normalized()), req)
 	req.Header.Set(xTerraformVersion, tfVersion)

 	resp, err := httpClient.Do(req)
--- a/config/module/registry_test.go
+++ b/config/module/registry_test.go
@ -6,6 +6,8 @@ import (

 	version "github.com/hashicorp/go-version"
 	"github.com/hashicorp/terraform/registry/regsrc"
+	"github.com/hashicorp/terraform/svchost"
+	"github.com/hashicorp/terraform/svchost/auth"
 	"github.com/hashicorp/terraform/svchost/disco"
 )

@ -54,6 +56,44 @@ func TestLookupModuleVersions(t *testing.T) {
 	}
 }

+func TestRegistryAuth(t *testing.T) {
+	server := mockRegistry()
+	defer server.Close()
+
+	regDisco := testDisco(server)
+	storage := testStorage(t, regDisco)
+
+	src := "private/name/provider"
+	mod, err := regsrc.ParseModuleSource(src)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// both should fail without auth
+	_, err = storage.lookupModuleVersions(mod)
+	if err == nil {
+		t.Fatal("expected error")
+	}
+	_, err = storage.lookupModuleLocation(mod, "1.0.0")
+	if err == nil {
+		t.Fatal("expected error")
+	}
+
+	storage.Creds = auth.StaticCredentialsSource(map[svchost.Hostname]map[string]interface{}{
+		svchost.Hostname(defaultRegistry): {"token": testCredentials},
+	})
+
+	_, err = storage.lookupModuleVersions(mod)
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = storage.lookupModuleLocation(mod, "1.0.0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+}
+
 func TestAccLookupModuleVersions(t *testing.T) {
 	if os.Getenv("TF_ACC") == "" {
 		t.Skip()