Merge pull request #3096 from jglick/JnlpAccessWithSecuredHudsonTest

Updating JnlpAccessWithSecuredHudsonTest to JenkinsRule

Merge pull request #3096 from jglick/JnlpAccessWithSecuredHudsonTest
Updating JnlpAccessWithSecuredHudsonTest to JenkinsRule
80294c42 · Oleg Nenashev · GitHub · 5d565cce · 815b97a9 · 80294c42
隐藏空白更改
内联并排

Showing with 48 addition and 38 deletion

test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java ...est/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java +48 -38

未找到文件。
--- a/test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java
+++ b/test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java
@@ -26,22 +26,22 @@ package hudson.bugs;
 import com.gargoylesoftware.htmlunit.Page;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.xml.XmlPage;
+import hudson.Functions;
+import hudson.Proc;
 import hudson.cli.util.ScriptLoader;
 import hudson.model.Node.Mode;
 import hudson.model.Slave;
 import hudson.remoting.Channel;
-import hudson.remoting.Launcher;
-import hudson.remoting.Which;
 import hudson.slaves.JNLPLauncher;
 import hudson.slaves.RetentionStrategy;
 import hudson.slaves.DumbSlave;
+import hudson.util.StreamTaskListener;
 import jenkins.security.MasterToSlaveCallable;
 import jenkins.security.s2m.AdminWhitelistRule;
 import org.dom4j.Document;
 import org.dom4j.Element;
 import org.dom4j.io.DOMReader;
 import org.jvnet.hudson.test.Email;
-import org.jvnet.hudson.test.HudsonTestCase;
 import org.jvnet.hudson.test.recipes.PresetData;
 import org.jvnet.hudson.test.recipes.PresetData.DataSet;

@@ -51,14 +51,27 @@ import java.net.URL;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
+import org.apache.commons.io.FileUtils;
 import org.apache.tools.ant.util.JavaEnvUtils;
+import static org.hamcrest.Matchers.*;
+import static org.junit.Assert.*;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.jvnet.hudson.test.JenkinsRule;

 /**
 * Makes sure that the jars that web start needs are readable, even when the anonymous user doesn't have any read access. 
 *
 * @author Kohsuke Kawaguchi
 */
-public class JnlpAccessWithSecuredHudsonTest extends HudsonTestCase {
+public class JnlpAccessWithSecuredHudsonTest {
+
+    @Rule
+    public JenkinsRule r = new JenkinsRule();
+
+    @Rule
+    public TemporaryFolder tmp = new TemporaryFolder();

    /**
     * Creates a new slave that needs to be launched via JNLP.
@@ -69,13 +82,14 @@ public class JnlpAccessWithSecuredHudsonTest extends HudsonTestCase {

    @PresetData(DataSet.NO_ANONYMOUS_READACCESS)
    @Email("http://markmail.org/message/on4wkjdaldwi2atx")
-    public void testAnonymousCanAlwaysLoadJARs() throws Exception {
-        jenkins.setNodes(Collections.singletonList(createNewJnlpSlave("test")));
-        HudsonTestCase.WebClient wc = new WebClient();
+    @Test
+    public void anonymousCanAlwaysLoadJARs() throws Exception {
+        r.jenkins.setNodes(Collections.singletonList(createNewJnlpSlave("test")));
+        JenkinsRule.WebClient wc = r.createWebClient();
        HtmlPage p = wc.login("alice").goTo("computer/test/");

        // this fresh WebClient doesn't have a login cookie and represent JNLP launcher
-        HudsonTestCase.WebClient jnlpAgent = new WebClient();
+        JenkinsRule.WebClient jnlpAgent = r.createWebClient();

        // parse the JNLP page into DOM to list up the jars.
        XmlPage jnlp = (XmlPage) wc.goTo("computer/test/slave-agent.jnlp","application/x-java-jnlp-file");
@@ -92,47 +106,43 @@ public class JnlpAccessWithSecuredHudsonTest extends HudsonTestCase {
    }

    @PresetData(DataSet.ANONYMOUS_READONLY)
-    public void testAnonymousCannotGetSecrets() throws Exception {
-        jenkins.setNodes(Collections.singletonList(createNewJnlpSlave("test")));
-        new WebClient().assertFails("computer/test/slave-agent.jnlp", HttpURLConnection.HTTP_FORBIDDEN);
+    @Test
+    public void anonymousCannotGetSecrets() throws Exception {
+        r.jenkins.setNodes(Collections.singletonList(createNewJnlpSlave("test")));
+        r.createWebClient().assertFails("computer/test/slave-agent.jnlp", HttpURLConnection.HTTP_FORBIDDEN);
    }

    @PresetData(DataSet.NO_ANONYMOUS_READACCESS)
    @SuppressWarnings("SleepWhileInLoop")
-    public void testServiceUsingDirectSecret() throws Exception {
+    @Test
+    public void serviceUsingDirectSecret() throws Exception {
        Slave slave = createNewJnlpSlave("test");
-        jenkins.setNodes(Collections.singletonList(slave));
-        new WebClient().goTo("computer/test/slave-agent.jnlp?encrypt=true", "application/octet-stream");
+        r.jenkins.setNodes(Collections.singletonList(slave));
+        r.createWebClient().goTo("computer/test/slave-agent.jnlp?encrypt=true", "application/octet-stream");
        String secret = slave.getComputer().getJnlpMac();
        // To watch it fail: secret = secret.replace('1', '2');
-        ProcessBuilder pb = new ProcessBuilder(JavaEnvUtils.getJreExecutable("java"), "-jar", Which.jarFile(Launcher.class).getAbsolutePath(), "-jnlpUrl", getURL() + "computer/test/slave-agent.jnlp", "-secret", secret);
-
-        pb = pb.inheritIO();
-
-        System.err.println("Running: " + pb.command());
-        Process p = pb.start();
+        File slaveJar = tmp.newFile();
+        FileUtils.copyURLToFile(new Slave.JnlpJar("slave.jar").getURL(), slaveJar);
+        Proc p = new hudson.Launcher.LocalLauncher(StreamTaskListener.fromStderr()).launch().
+            stdout(System.out).stderr(System.err).
+            cmds(JavaEnvUtils.getJreExecutable("java"), "-jar", slaveJar.getAbsolutePath(), "-jnlpUrl", r.getURL() + "computer/test/slave-agent.jnlp", "-secret", secret).
+            start();
        try {
-            for (int i = 0; i < /* one minute */600; i++) {
-                if (slave.getComputer().isOnline()) {
-                    System.err.println("JNLP slave successfully connected");
-                    Channel channel = slave.getComputer().getChannel();
-                    assertFalse("SECURITY-206", channel.isRemoteClassLoadingAllowed());
-                    jenkins.getExtensionList(AdminWhitelistRule.class).get(AdminWhitelistRule.class).setMasterKillSwitch(false);
-                    final File f = new File(jenkins.getRootDir(), "config.xml");
-                    assertTrue(f.exists());
-                    try {
-                        fail("SECURITY-206: " + channel.call(new Attack(f.getAbsolutePath())));
-                    } catch (SecurityException x) {
-                        System.out.println("expected: " + x);
-                        assertTrue(x.getMessage().contains("https://jenkins.io/redirect/security-144"));
-                    }
-                    return;
-                }
+            while (!slave.toComputer().isOnline()) { // TODO can use r.waitOnline(slave) after https://github.com/jenkinsci/jenkins-test-harness/pull/80
                Thread.sleep(100);
            }
-            fail("JNLP slave agent failed to connect");
+            Channel channel = slave.getComputer().getChannel();
+            assertFalse("SECURITY-206", channel.isRemoteClassLoadingAllowed());
+            r.jenkins.getExtensionList(AdminWhitelistRule.class).get(AdminWhitelistRule.class).setMasterKillSwitch(false);
+            final File f = new File(r.jenkins.getRootDir(), "config.xml");
+            assertTrue(f.exists());
+            try {
+                fail("SECURITY-206: " + channel.call(new Attack(f.getAbsolutePath())));
+            } catch (SecurityException x) {
+                assertThat(Functions.printThrowable(x), containsString("https://jenkins.io/redirect/security-144"));
+            }
        } finally {
-            p.destroy();
+            p.kill();
        }
    }