testnode: disallow frontend access to all folders, avoiding publishing private repositories

bc6581c2 · Sebastien Robin · 7ea66035 · bc6581c2 · bc6581c2
Commit bc6581c2 authored Nov 08, 2016 by Sebastien Robin
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 0 deletions

erp5/tests/testERP5TestNode.py erp5/tests/testERP5TestNode.py +6 -0

erp5/util/testnode/NodeTestSuite.py erp5/util/testnode/NodeTestSuite.py +18 -0

No files found.
--- a/erp5/tests/testERP5TestNode.py
+++ b/erp5/tests/testERP5TestNode.py
@@ -204,6 +204,12 @@ class ERP5TestNode(TestCase):
                      node_test_suite.working_directory)
    self.assertEquals("%s/foo/test_suite" % self.working_directory,
                      node_test_suite.test_suite_directory)
+    access_path = "%s/foo/.htaccess" % self.working_directory
+    with open(access_path, 'r') as access_file:
+      self.assertEqual("""Require all denied""",
+                     access_file.read())
+    node_test_suite.edit(cluster_configuration={'test-url': 'https://something.com'})
+    self.assertEqual(False, os.path.exists(access_path))

  def test_03_NodeTestSuiteCheckDataAfterEdit(self):
    """

--- a/erp5/util/testnode/NodeTestSuite.py
+++ b/erp5/util/testnode/NodeTestSuite.py
@@ -70,12 +70,30 @@ class NodeTestSuite(SlapOSInstance):
  def edit(self, **kw):
    super(NodeTestSuite, self).edit(**kw)

+  def _disallowFrontendIfNeeded(self):
+    """
+    Some test suite need to expose some code through a frontend to launch remote
+    tests on remote web browsers. For now, it is not clearly defined how to give
+    access to just needed parts of the code. Until this is reworked, disallow
+    access by default, and enable access only on test suite using remote web
+    browsers.
+    """
+    access_path = os.path.join(self.working_directory, '.htaccess')
+    # the way to identify a test suite launching remote browsers will change
+    # in the future, when we will have Browser Test Suite on master side
+    if getattr(self, 'cluster_configuration', {}).get('test-url') is None:
+      with open(access_path, 'w') as access_file:
+        access_file.write("""Require all denied""")
+    elif os.path.exists(access_path):
+      os.unlink(access_path)
+
  def _checkData(self):
    if getattr(self, "working_directory", None) is not None:
      if not(self.working_directory.endswith(os.path.sep + self.reference)):
        self.working_directory = os.path.join(self.working_directory,
                                             self.reference)
      SlapOSControler.createFolder(self.working_directory)
+      self._disallowFrontendIfNeeded()
      self.test_suite_directory = os.path.join(
                                   self.working_directory, "test_suite")
      self.custom_profile_path = os.path.join(self.working_directory,