tasker-orchestration 0.1.4

Orchestration system for tasker workflow coordination
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

//! API key authentication and permission enforcement tests.

use super::super::auth_test_helpers::*;
use super::super::test_infrastructure::create_test_task_request_json;
use reqwest::StatusCode;

// =============================================================================
// Full Access API Key
// =============================================================================

#[tokio::test]
async fn full_access_granted() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(TEST_API_KEY_FULL);

    let response = client.get("/v1/tasks").await.expect("request failed");
    assert_ne!(
        response.status(),
        StatusCode::UNAUTHORIZED,
        "GET /v1/tasks with full-access API key should not return 401"
    );
    assert_ne!(
        response.status(),
        StatusCode::FORBIDDEN,
        "GET /v1/tasks with full-access API key should not return 403"
    );

    let task_body = create_test_task_request_json();
    let response = client
        .post_json("/v1/tasks", &task_body)
        .await
        .expect("request failed");
    assert_ne!(
        response.status(),
        StatusCode::UNAUTHORIZED,
        "POST /v1/tasks with full-access API key should not return 401"
    );
    assert_ne!(
        response.status(),
        StatusCode::FORBIDDEN,
        "POST /v1/tasks with full-access API key should not return 403"
    );

    server.shutdown().await.expect("shutdown failed");
}

// =============================================================================
// Read-Only API Key
// =============================================================================

#[tokio::test]
async fn read_only_list_allowed() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(TEST_API_KEY_READ_ONLY);

    let response = client.get("/v1/tasks").await.expect("request failed");
    assert_ne!(
        response.status(),
        StatusCode::UNAUTHORIZED,
        "GET /v1/tasks with read-only API key should not return 401"
    );
    assert_ne!(
        response.status(),
        StatusCode::FORBIDDEN,
        "GET /v1/tasks with read-only API key should not return 403"
    );

    server.shutdown().await.expect("shutdown failed");
}

#[tokio::test]
async fn read_only_create_denied() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(TEST_API_KEY_READ_ONLY);

    let task_body = create_test_task_request_json();
    let response = client
        .post_json("/v1/tasks", &task_body)
        .await
        .expect("request failed");
    assert_eq!(
        response.status(),
        StatusCode::FORBIDDEN,
        "POST /v1/tasks with read-only API key should return 403 (got {})",
        response.status()
    );

    server.shutdown().await.expect("shutdown failed");
}

// =============================================================================
// Tasks-Only API Key
// =============================================================================

#[tokio::test]
async fn tasks_only_list_allowed() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(TEST_API_KEY_TASKS_ONLY);

    let response = client.get("/v1/tasks").await.expect("request failed");
    assert_ne!(
        response.status(),
        StatusCode::FORBIDDEN,
        "GET /v1/tasks with tasks-only API key should not return 403"
    );

    server.shutdown().await.expect("shutdown failed");
}

#[tokio::test]
async fn tasks_only_dlq_denied() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(TEST_API_KEY_TASKS_ONLY);

    let response = client.get("/v1/dlq").await.expect("request failed");
    assert_eq!(
        response.status(),
        StatusCode::FORBIDDEN,
        "GET /v1/dlq with tasks-only API key should return 403 (got {})",
        response.status()
    );

    server.shutdown().await.expect("shutdown failed");
}

// =============================================================================
// No Permissions API Key
// =============================================================================

#[tokio::test]
async fn no_permissions_denied() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(TEST_API_KEY_NO_PERMS);

    let response = client.get("/v1/tasks").await.expect("request failed");
    assert_eq!(
        response.status(),
        StatusCode::FORBIDDEN,
        "GET /v1/tasks with no-perms API key should return 403 (got {})",
        response.status()
    );

    server.shutdown().await.expect("shutdown failed");
}

// =============================================================================
// Invalid API Key
// =============================================================================

#[tokio::test]
async fn invalid_api_key_returns_401() {
    let server = AuthTestServer::start()
        .await
        .expect("Failed to start auth test server");
    let mut client = AuthWebTestClient::for_server(&server);
    client.with_api_key(INVALID_API_KEY);

    let response = client.get("/v1/tasks").await.expect("request failed");
    assert_eq!(
        response.status(),
        StatusCode::UNAUTHORIZED,
        "GET /v1/tasks with invalid API key should return 401 (got {})",
        response.status()
    );

    server.shutdown().await.expect("shutdown failed");
}