Skip to content

Draft: Add integration tests for the masking proxy

With the introduction of the masking proxy, we need to differentiate when services need access to the full archive or if they only need the view aimed at the general public.

To materialize the latter, we introduce a new container swh-storage-public, exposed from Nginx at /rpc/storage-public/. swh-vault and swh-web now use these new endpoints.

This new storage is configured with a masking proxy using data from yet another PostgreSQL container named swh-masking-db. Commands to configure the masking proxy (swh storage masking) can be run from swh-storage-public.

The tests will create a new mask for a given Content SWHID. First with the “visible” status, then with the restricted status. In each cases, it will call the API and browse to see if the object is available and later restricted. Checks are done on the error to see if the request opaque identifier is properly sent to allow for inquiries.

Depends swh-web!1261

Edited by Jérémy Bobbio (Lunar)

Merge request reports