From de974c05d56b7af2d42f433e8e96ca33e5345462 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Sun, 15 Feb 2026 14:45:28 -0800 Subject: [PATCH] test(volume_server/http): cover jwt ui access override behavior --- test/volume_server/framework/cluster.go | 7 +++++++ test/volume_server/http/admin_test.go | 20 ++++++++++++++++++++ test/volume_server/matrix/config_profiles.go | 1 + 3 files changed, 28 insertions(+) diff --git a/test/volume_server/framework/cluster.go b/test/volume_server/framework/cluster.go index 66bd79d5e..c213580b8 100644 --- a/test/volume_server/framework/cluster.go +++ b/test/volume_server/framework/cluster.go @@ -328,6 +328,13 @@ func writeSecurityConfig(configDir string, profile matrix.Profile) error { b.WriteString("\"\n") b.WriteString("expires_after_seconds = 60\n") } + if profile.AccessUI { + if b.Len() > 0 { + b.WriteString("\n") + } + b.WriteString("[access]\n") + b.WriteString("ui = true\n") + } if b.Len() == 0 { b.WriteString("# optional security config generated for integration tests\n") } diff --git a/test/volume_server/http/admin_test.go b/test/volume_server/http/admin_test.go index be4445ebc..2b6784a17 100644 --- a/test/volume_server/http/admin_test.go +++ b/test/volume_server/http/admin_test.go @@ -164,6 +164,26 @@ func TestUiIndexNotExposedWhenJwtSigningEnabled(t *testing.T) { } } +func TestUiIndexExposedWhenJwtSigningEnabledAndAccessUITrue(t *testing.T) { + if testing.Short() { + t.Skip("skipping integration test in short mode") + } + + profile := matrix.P3() + profile.AccessUI = true + cluster := framework.StartSingleVolumeCluster(t, profile) + client := framework.NewHTTPClient() + + resp := framework.DoRequest(t, client, mustNewRequest(t, http.MethodGet, cluster.VolumeAdminURL()+"/ui/index.html")) + body := framework.ReadAllAndClose(t, resp) + if resp.StatusCode != http.StatusOK { + t.Fatalf("expected /ui/index.html to be exposed when access.ui=true under JWT profile, got %d body=%s", resp.StatusCode, string(body)) + } + if !strings.Contains(strings.ToLower(string(body)), "volume") { + t.Fatalf("ui page does not look like volume status page") + } +} + func mustNewRequest(t testing.TB, method, url string) *http.Request { t.Helper() req, err := http.NewRequest(method, url, nil) diff --git a/test/volume_server/matrix/config_profiles.go b/test/volume_server/matrix/config_profiles.go index c359eb029..d72750062 100644 --- a/test/volume_server/matrix/config_profiles.go +++ b/test/volume_server/matrix/config_profiles.go @@ -12,6 +12,7 @@ type Profile struct { EnableJWT bool JWTSigningKey string JWTReadKey string + AccessUI bool EnableMaintain bool ConcurrentUploadLimitMB int