Remove concept of sensitivity from Actuator's endpoints

Closes gh-9924
This commit is contained in:
Andy Wilkinson
2017-08-01 10:05:09 +01:00
parent 847f6d1b2c
commit bb55f49396
55 changed files with 173 additions and 606 deletions

View File

@@ -50,14 +50,14 @@ public class CorsSampleActuatorApplicationTests {
}
@Test
public void sensitiveEndpointShouldReturnUnauthorized() throws Exception {
public void endpointShouldReturnUnauthorized() throws Exception {
ResponseEntity<?> entity = this.testRestTemplate.getForEntity("/application/env",
Map.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
@Test
public void preflightRequestForInsensitiveShouldReturnOk() throws Exception {
public void preflightRequestToEndpointShouldReturnOk() throws Exception {
RequestEntity<?> healthRequest = RequestEntity
.options(new URI("/application/health"))
.header("Origin", "http://localhost:8080")
@@ -67,15 +67,6 @@ public class CorsSampleActuatorApplicationTests {
assertThat(exchange.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
public void preflightRequestForSensitiveEndpointShouldReturnOk() throws Exception {
RequestEntity<?> entity = RequestEntity.options(new URI("/application/env"))
.header("Origin", "http://localhost:8080")
.header("Access-Control-Request-Method", "GET").build();
ResponseEntity<?> env = this.testRestTemplate.exchange(entity, Map.class);
assertThat(env.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
public void preflightRequestWhenCorsConfigInvalidShouldReturnForbidden()
throws Exception {

View File

@@ -21,7 +21,9 @@ import java.util.Map;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.LocalManagementPort;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.client.TestRestTemplate;
@@ -45,6 +47,9 @@ import static org.assertj.core.api.Assertions.assertThat;
@DirtiesContext
public class ManagementAddressActuatorApplicationTests {
@Autowired
private SecurityProperties security;
@LocalServerPort
private int port = 9010;
@@ -61,11 +66,16 @@ public class ManagementAddressActuatorApplicationTests {
@Test
public void testHealth() throws Exception {
ResponseEntity<String> entity = new TestRestTemplate().getForEntity(
"http://localhost:" + this.managementPort + "/admin/health",
String.class);
ResponseEntity<String> entity = new TestRestTemplate()
.withBasicAuth("user", getPassword())
.getForEntity("http://localhost:" + this.managementPort + "/admin/health",
String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
}
private String getPassword() {
return this.security.getUser().getPassword();
}
}

View File

@@ -22,6 +22,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.client.TestRestTemplate;
@@ -46,10 +47,14 @@ public class ManagementPathSampleActuatorApplicationTests {
@Autowired
private TestRestTemplate restTemplate;
@Autowired
private SecurityProperties securityProperties;
@Test
public void testHealth() throws Exception {
ResponseEntity<String> entity = this.restTemplate.getForEntity("/admin/health",
String.class);
ResponseEntity<String> entity = this.restTemplate
.withBasicAuth("user", getPassword())
.getForEntity("/admin/health", String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
}
@@ -65,4 +70,8 @@ public class ManagementPathSampleActuatorApplicationTests {
assertThat(entity.getHeaders()).doesNotContainKey("Set-Cookie");
}
private String getPassword() {
return this.securityProperties.getUser().getPassword();
}
}

View File

@@ -77,9 +77,10 @@ public class ManagementPortAndPathSampleActuatorApplicationTests {
@Test
public void testHealth() throws Exception {
ResponseEntity<String> entity = new TestRestTemplate().getForEntity(
"http://localhost:" + this.managementPort + "/admin/health",
String.class);
ResponseEntity<String> entity = new TestRestTemplate()
.withBasicAuth("user", getPassword())
.getForEntity("http://localhost:" + this.managementPort + "/admin/health",
String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
}

View File

@@ -71,14 +71,17 @@ public class ManagementPortSampleActuatorApplicationTests {
testHome(); // makes sure some requests have been made
@SuppressWarnings("rawtypes")
ResponseEntity<Map> entity = new TestRestTemplate().getForEntity(
"http://localhost:" + this.managementPort + "/application/metrics", Map.class);
"http://localhost:" + this.managementPort + "/application/metrics",
Map.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
@Test
public void testHealth() throws Exception {
ResponseEntity<String> entity = new TestRestTemplate().getForEntity(
"http://localhost:" + this.managementPort + "/application/health", String.class);
ResponseEntity<String> entity = new TestRestTemplate()
.withBasicAuth("user", getPassword()).getForEntity(
"http://localhost:" + this.managementPort + "/application/health",
String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
}

View File

@@ -1,55 +0,0 @@
/*
* Copyright 2012-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.actuator;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.junit4.SpringRunner;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Tests for /health with {@code endpoints.health.sensitive=false}.
*
* @author Phillip Webb
*/
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, properties = {
"endpoints.health.sensitive=false" })
@DirtiesContext
public class NonSensitiveHealthTests {
@Autowired
private TestRestTemplate restTemplate;
@Test
public void testSecureHealth() throws Exception {
ResponseEntity<String> entity = this.restTemplate.getForEntity("/application/health",
String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).doesNotContain("\"hello\":1");
}
}

View File

@@ -121,24 +121,17 @@ public class SampleActuatorApplicationTests {
@Test
public void testHealth() throws Exception {
ResponseEntity<String> entity = this.restTemplate
.withBasicAuth("user", getPassword())
.getForEntity("/application/health", String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
assertThat(entity.getBody()).doesNotContain("\"hello\":\"1\"");
}
@Test
public void testSecureHealth() throws Exception {
ResponseEntity<String> entity = this.restTemplate
.withBasicAuth("user", getPassword())
.getForEntity("/application/health", String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"hello\":1");
}
@Test
public void testInfo() throws Exception {
ResponseEntity<String> entity = this.restTemplate
.withBasicAuth("user", getPassword())
.getForEntity("/application/info", String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody())

View File

@@ -22,6 +22,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.client.TestRestTemplate;
@@ -46,6 +47,9 @@ public class ServletPathSampleActuatorApplicationTests {
@Autowired
private TestRestTemplate restTemplate;
@Autowired
private SecurityProperties security;
@Test
public void testErrorPath() throws Exception {
@SuppressWarnings("rawtypes")
@@ -60,8 +64,9 @@ public class ServletPathSampleActuatorApplicationTests {
@Test
public void testHealth() throws Exception {
ResponseEntity<String> entity = this.restTemplate.getForEntity("/spring//application/health",
String.class);
ResponseEntity<String> entity = this.restTemplate
.withBasicAuth("user", getPassword())
.getForEntity("/spring/application/health", String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
}
@@ -78,4 +83,8 @@ public class ServletPathSampleActuatorApplicationTests {
assertThat(entity.getHeaders()).doesNotContainKey("Set-Cookie");
}
private String getPassword() {
return this.security.getUser().getPassword();
}
}