From 78881a321d1acf389e20dd07cd32833f3844f1c5 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 16 Sep 2020 10:36:03 -0400
Subject: [PATCH] Account for the authorization requirement now imposed by our
 plugin

---
 nixos/modules/tests/get-passes.py       | 25 ++++++++++++++++++++-----
 nixos/modules/tests/private-storage.nix | 10 ++++++++--
 nixos/modules/tests/run-client.py       |  4 ++--
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/nixos/modules/tests/get-passes.py b/nixos/modules/tests/get-passes.py
index 39690ad8..691a3d26 100755
--- a/nixos/modules/tests/get-passes.py
+++ b/nixos/modules/tests/get-passes.py
@@ -12,11 +12,11 @@ from json import dumps
 from time import sleep
 
 def main():
-    if len(argv) != 4:
+    if len(argv) != 5:
         raise SystemExit(
-            "usage: %s <client api root> <issuer api root> <voucher>",
+            "usage: %s <client api root> <client api token path> <issuer api root> <voucher>",
         )
-    clientAPIRoot, issuerAPIRoot, voucher = argv[1:]
+    clientAPIRoot, clientAPITokenPath, issuerAPIRoot, voucher = argv[1:]
     if not clientAPIRoot.endswith("/"):
         clientAPIRoot += "/"
     if not issuerAPIRoot.endswith("/"):
@@ -24,11 +24,16 @@ def main():
 
     zkapauthz = clientAPIRoot + "storage-plugins/privatestorageio-zkapauthz-v1"
 
+    with open(clientAPITokenPath) as p:
+        clientAPIToken = p.read().strip()
+
     # Submit a charge to the issuer (which is also the PaymentServer).
     charge_response = post(
         issuerAPIRoot + "v1/stripe/charge",
         dumps(charge_json(voucher)),
-        headers={"content-type": "application/json"},
+        headers={
+            "content-type": "application/json",
+        },
     )
     charge_response.raise_for_status()
 
@@ -36,6 +41,11 @@ def main():
     response = put(
         zkapauthz + "/voucher",
         dumps({"voucher": voucher}),
+        headers={
+            "content-type": "application/json",
+            "authorization": "tahoe-lafs " + clientAPIToken,
+        }
+
     )
     if response.status_code // 100 != 2:
         print("Unexpected response: {}".format(response.content))
@@ -43,7 +53,12 @@ def main():
 
     # Poll the vouchers list for a while to see it get redeemed.
     def find_redeemed_voucher():
-        response = get(zkapauthz + "/voucher/" + voucher)
+        response = get(
+            zkapauthz + "/voucher/" + voucher,
+            headers={
+                "authorization": "tahoe-lafs " + clientAPIToken,
+            },
+        )
         response.raise_for_status()
         actual = response.json()
         print("Actual response: {}".format(actual))
diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix
index cc4a61fc..ff771bc1 100644
--- a/nixos/modules/tests/private-storage.nix
+++ b/nixos/modules/tests/private-storage.nix
@@ -230,7 +230,7 @@ in {
       #
       # Storage appears to be working so try to get a client to speak with it.
       #
-      ${runOnNode "client"  [ run-client introducerFURL issuerURL ]}
+      ${runOnNode "client" [ run-client "/tmp/client" introducerFURL issuerURL ]}
       $client->waitForOpenPort(3456);
 
       # Make sure the fake Stripe API server is ready for requests.
@@ -245,7 +245,13 @@ in {
 
       # Get some ZKAPs from the issuer.
       eval {
-        ${runOnNode "client" [ get-passes "http://127.0.0.1:3456" issuerURL voucher ]}
+        ${runOnNode "client" [
+          get-passes
+          "http://127.0.0.1:3456"
+          "/tmp/client/private/api_auth_token"
+          issuerURL
+          voucher
+        ]}
       } or do {
         my ($code, $log) = $client->execute('cat /tmp/stdout /tmp/stderr');
         $client->log($log);
diff --git a/nixos/modules/tests/run-client.py b/nixos/modules/tests/run-client.py
index e2829398..bcd01e1b 100755
--- a/nixos/modules/tests/run-client.py
+++ b/nixos/modules/tests/run-client.py
@@ -12,7 +12,7 @@ from subprocess import check_output
 from configparser import ConfigParser
 
 def main():
-    (introducerFURL, issuerURL) = argv[1:]
+    (nodePath, introducerFURL, issuerURL) = argv[1:]
 
     run(["tahoe", "--version"])
     run([
@@ -21,7 +21,7 @@ def main():
         "--shares-happy", "1",
         "--shares-total", "1",
         "--introducer", introducerFURL,
-        "/tmp/client",
+        nodePath,
     ])
 
     # Add necessary ZKAPAuthorizer configuration bits.
-- 
GitLab