Allow Internal Auth for SyncTriggers

mathewc · mathewc · commit fe9017ba51f9 · 2019-05-17T10:02:34.000-07:00
diff --git a/src/WebJobs.Script.WebHost/Controllers/HostController.cs b/src/WebJobs.Script.WebHost/Controllers/HostController.cs
@@ -151,7 +151,7 @@ public IActionResult LaunchDebugger()
 
         [HttpPost]
         [Route("admin/host/synctriggers")]
-        [Authorize(Policy = PolicyNames.AdminAuthLevel)]
+        [Authorize(Policy = PolicyNames.AdminAuthLevelOrInternal)]
         public async Task<IActionResult> SyncTriggers()
         {
             var result = await _functionsSyncManager.TrySyncTriggersAsync();
diff --git a/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/EndToEndTestFixture.cs b/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/EndToEndTestFixture.cs
@@ -21,6 +21,8 @@
 using Microsoft.WindowsAzure.Storage.Queue;
 using Microsoft.WindowsAzure.Storage.Table;
 using Xunit;
+using Microsoft.Azure.WebJobs.Script.WebHost.Management;
+using Moq;
 
 namespace Microsoft.Azure.WebJobs.Script.Tests
 {
@@ -60,6 +62,8 @@ protected EndToEndTestFixture(string rootPath, string testId, string functionsWo
 
         public TestMetricsLogger MetricsLogger { get; private set; } = new TestMetricsLogger();
 
+        public Mock<IFunctionsSyncManager> FunctionsSyncManagerMock { get; private set; }
+
         protected virtual ExtensionPackageReference[] GetExtensionsToInstall()
         {
             return null;
@@ -89,9 +93,13 @@ public async Task InitializeAsync()
                 Environment.SetEnvironmentVariable(LanguageWorkerConstants.FunctionWorkerRuntimeSettingName, _functionsWorkerRuntime);
             }
 
+            FunctionsSyncManagerMock = new Mock<IFunctionsSyncManager>(MockBehavior.Strict);
+            FunctionsSyncManagerMock.Setup(p => p.TrySyncTriggersAsync(It.IsAny<bool>())).ReturnsAsync(new SyncTriggersResult { Success = true });
+
             Host = new TestFunctionHost(_copiedRootPath, logPath, webJobsBuilder =>
             {
                 webJobsBuilder.Services.AddSingleton<IMetricsLogger>(_ => MetricsLogger);
+                webJobsBuilder.Services.AddSingleton<IFunctionsSyncManager>(_ => FunctionsSyncManagerMock.Object);
                 ConfigureJobHost(webJobsBuilder);
             });
 
diff --git a/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs b/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs
@@ -98,6 +98,37 @@ public async Task HostPing_Succeeds(string method)
             Assert.Equal("no-store, no-cache", cacheHeader);
         }
 
+        [Fact]
+        public async Task SyncTriggers_InternalAuth_Succeeds()
+        {
+            using (new TestScopedSettings(_settingsManager, EnvironmentSettingNames.AzureWebsiteInstanceId, "testinstance"))
+            {
+                string uri = "admin/host/synctriggers";
+                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri);
+                HttpResponseMessage response = await _fixture.Host.HttpClient.SendAsync(request);
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            }
+        }
+
+        [Fact]
+        public async Task SyncTriggers_ExternalUnauthorized_ReturnsUnauthorized()
+        {
+            string uri = "admin/host/synctriggers";
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri);
+            HttpResponseMessage response = await _fixture.Host.HttpClient.SendAsync(request);
+            Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+        }
+
+        [Fact]
+        public async Task SyncTriggers_AdminLevel_Succeeds()
+        {
+            string uri = "admin/host/synctriggers";
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri);
+            request.Headers.Add(AuthenticationLevelHandler.FunctionsKeyHeaderName, await _fixture.Host.GetMasterKeyAsync());
+            HttpResponseMessage response = await _fixture.Host.HttpClient.SendAsync(request);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        }
+
         [Fact]
         public async Task HostLog_Anonymous_Fails()
         {
diff --git a/test/WebJobs.Script.Tests/Controllers/Admin/FunctionsControllerTests.cs b/test/WebJobs.Script.Tests/Controllers/Admin/FunctionsControllerTests.cs
@@ -27,7 +27,7 @@
 
 namespace Microsoft.Azure.WebJobs.Script.Tests
 {
-    public class AdminControllerTests : IDisposable
+    public class FunctionsControllerTests : IDisposable
     {
         private readonly TempDirectory _secretsDirectory = new TempDirectory();
 

Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,7 @@ public IActionResult LaunchDebugger()`
`151`	`151`
`152`	`152`	`[HttpPost]`
`153`	`153`	`[Route("admin/host/synctriggers")]`
`154`		`- [Authorize(Policy = PolicyNames.AdminAuthLevel)]`
	`154`	`+ [Authorize(Policy = PolicyNames.AdminAuthLevelOrInternal)]`
`155`	`155`	`public async Task<IActionResult> SyncTriggers()`
`156`	`156`	`{`
`157`	`157`	`var result = await _functionsSyncManager.TrySyncTriggersAsync();`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`
`28`	`28`	`namespace Microsoft.Azure.WebJobs.Script.Tests`
`29`	`29`	`{`
`30`		`- public class AdminControllerTests : IDisposable`
	`30`	`+ public class FunctionsControllerTests : IDisposable`
`31`	`31`	`{`
`32`	`32`	`private readonly TempDirectory _secretsDirectory = new TempDirectory();`
`33`	`33`