test(volume_server/http): cover jwt ui access override behavior

test/volume_server/framework/cluster.go

@@ -328,6 +328,13 @@ func writeSecurityConfig(configDir string, profile matrix.Profile) error {
 		b.WriteString("\"\n")
 		b.WriteString("expires_after_seconds = 60\n")
 	}
+	if profile.AccessUI {
+		if b.Len() > 0 {
+			b.WriteString("\n")
+		}
+		b.WriteString("[access]\n")
+		b.WriteString("ui = true\n")
+	}
 	if b.Len() == 0 {
 		b.WriteString("# optional security config generated for integration tests\n")
 	}

test/volume_server/http/admin_test.go

@@ -164,6 +164,26 @@ func TestUiIndexNotExposedWhenJwtSigningEnabled(t *testing.T) {
 	}
 }
 
+func TestUiIndexExposedWhenJwtSigningEnabledAndAccessUITrue(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping integration test in short mode")
+	}
+
+	profile := matrix.P3()
+	profile.AccessUI = true
+	cluster := framework.StartSingleVolumeCluster(t, profile)
+	client := framework.NewHTTPClient()
+
+	resp := framework.DoRequest(t, client, mustNewRequest(t, http.MethodGet, cluster.VolumeAdminURL()+"/ui/index.html"))
+	body := framework.ReadAllAndClose(t, resp)
+	if resp.StatusCode != http.StatusOK {
+		t.Fatalf("expected /ui/index.html to be exposed when access.ui=true under JWT profile, got %d body=%s", resp.StatusCode, string(body))
+	}
+	if !strings.Contains(strings.ToLower(string(body)), "volume") {
+		t.Fatalf("ui page does not look like volume status page")
+	}
+}
+
 func mustNewRequest(t testing.TB, method, url string) *http.Request {
 	t.Helper()
 	req, err := http.NewRequest(method, url, nil)

test/volume_server/matrix/config_profiles.go

@@ -12,6 +12,7 @@ type Profile struct {
 	EnableJWT      bool
 	JWTSigningKey  string
 	JWTReadKey     string
+	AccessUI       bool
 	EnableMaintain bool
 
 	ConcurrentUploadLimitMB   int