class TestPutSecret(object):
update_data = [{
"secret_name":
"{}-ares-opaque-secret".format(settings.RESOURCE_PREFIX),
"secret_type":
"Opaque",
"opaque_key":
"new_opaque_key",
"opaque_value":
str(base64.b64encode("new_opaque_value".encode('utf-8')), 'utf8')
}, {
"secret_name":
"{}-ares-ssh-secret".format(settings.RESOURCE_PREFIX),
"secret_type":
"kubernetes.io/ssh-auth",
"ssh_privatevalue":
str(base64.b64encode("new_value".encode('utf-8')), 'utf8'),
}, {
"secret_name":
"{}-ares-base-secret".format(settings.RESOURCE_PREFIX),
"secret_type":
"kubernetes.io/basic-auth",
"username":
str(base64.b64encode("new_username".encode('utf-8')), 'utf8'),
"password":
str(base64.b64encode("new_password".encode('utf-8')), 'utf8')
}, {
"secret_name":
"{}-ares-docker-secret".format(settings.RESOURCE_PREFIX),
"secret_type":
"kubernetes.io/dockerconfigjson",
"dockerconfigjson":
dockerjson("new.index.alauda.cn", "new_alauda", "new_alauda",
"*****@*****.**"),
}]
casename_list = ["Opaque类型", "SSH类型", "用户名-密码类型", "镜像服务类型"]
def setup_class(self):
self.secret_tool = Secret()
self.verify_template = Common.generate_jinja_template(
self, './verify_data/secret/create_response.jinja2')
@pytest.mark.parametrize("data", update_data, ids=casename_list)
def 测试更新各种类型保密字典的数据(self, data):
data.update({
"K8S_NAMESPACE": settings.K8S_NAMESPACE,
"description": "update secret"
})
ret = self.secret_tool.update_secret(
data['secret_name'],
'./test_data/secret/create_secret.jinja2',
data=data)
assert ret.status_code == 200, "更新{}类型保密字典失败:{}".format(
data["secret_type"], ret.text)
value = self.verify_template.render(data)
assert self.secret_tool.is_sub_dict(json.loads(value), ret.json()), \
"更新保密字典比对数据失败,返回数据:{},期望数据:{}".format(ret.json(), json.loads(value))
@pytest.mark.skipif(settings.AUDIT_UNABLED, reason="do not have audit")
def 测试保密字典更新审计(self):
payload = {
"user_name": settings.USERNAME,
"operation_type": "update",
"resource_type": "secrets",
"resource_name": self.update_data[0]['secret_name']
}
result = self.secret_tool.search_audit(payload)
payload.update({
"namespace": settings.K8S_NAMESPACE,
"region_name": settings.REGION_NAME
})
values = self.secret_tool.generate_jinja_data(
"./verify_data/audit/audit.jinja2", payload)
assert self.secret_tool.is_sub_dict(values, result.json()), "审计数据不符合预期"
class TestDeleteSecret(object):
data = {
"secret_name":
"{}-ares-opaque-secret-2".format(settings.RESOURCE_PREFIX),
"secret_type":
"Opaque",
"opaque_key":
"opaque_key",
"opaque_value":
str(base64.b64encode("opaque_value".encode('utf-8')), 'utf8'),
"description":
"多组数据"
}
data_list = Secret.data_list
def setup_class(self):
self.secret_tool = Secret()
self.verify_delete_template = Common.generate_jinja_template(
self, './verify_data/secret/delete_response.jinja2')
def 测试删除含有多组数据的保密字典(self):
ret = self.secret_tool.delete_secret(self.data["secret_name"])
assert ret.status_code == 200, "删除{}类型的保密字典失败:{}".format(
self.data["secret_type", ret.text])
assert self.secret_tool.check_exists(
self.secret_tool.get_secret_url(
secret_name=self.data["secret_name"]), 404), "删除失败"
value = self.verify_delete_template.render(self.data)
assert self.secret_tool.is_sub_dict(json.loads(value), ret.json()), \
"删除包含多组数据的保密字典比对数据失败,返回数据:{},期望数据:{}".format(ret.json(), json.loads(value))
@pytest.mark.parametrize("data", data_list, ids=Secret.casename_list)
def 测试删除保密字典(self, data):
ret = self.secret_tool.delete_secret(data["secret_name"])
assert ret.status_code == 200, "删除{}类型的保密字典失败:{}".format(
data["secret_type", ret.text])
assert self.secret_tool.check_exists(
self.secret_tool.get_secret_url(secret_name=data["secret_name"]),
404), "删除失败"
value = self.verify_delete_template.render(data)
assert self.secret_tool.is_sub_dict(json.loads(value), ret.json()), \
"删除保密字典比对数据失败,返回数据:{},期望数据:{}".format(ret.json(), json.loads(value))
@pytest.mark.skipif(settings.AUDIT_UNABLED, reason="do not have audit")
def 测试保密字典删除审计(self):
payload = {
"user_name": settings.USERNAME,
"operation_type": "delete",
"resource_type": "secrets",
"resource_name": self.data['secret_name']
}
result = self.secret_tool.search_audit(payload)
payload.update({
"namespace": settings.K8S_NAMESPACE,
"region_name": settings.REGION_NAME
})
values = self.secret_tool.generate_jinja_data(
"./verify_data/audit/audit.jinja2", payload)
assert self.secret_tool.is_sub_dict(values, result.json()), "审计数据不符合预期"
class TestPostSecret(object):
data = {
"secret_name":
"{}-ares-opaque-secret-2".format(settings.RESOURCE_PREFIX),
"secret_type":
"Opaque",
"opaque_key":
"opaque_key",
"opaque_value":
str(base64.b64encode("opaque_value".encode('utf-8')), 'utf8'),
"description":
"多组数据"
}
data_list = Secret.data_list
def setup_class(self):
self.secret_tool = Secret()
self.verify_template = Common.generate_jinja_template(
self, './verify_data/secret/create_response.jinja2')
@pytest.mark.parametrize("data", data_list, ids=Secret.casename_list)
def 测试创建各种保密字典(self, data):
data.update({"K8S_NAMESPACE": settings.K8S_NAMESPACE})
# create manager_secret_basic_auth
ret = self.secret_tool.create_secret(
'./test_data/secret/create_secret.jinja2', data=data)
assert ret.status_code == 201, "创建{}类型保密字典失败:{}".format(
data['secret_type'], ret.text)
value = self.verify_template.render(data)
assert self.secret_tool.is_sub_dict(json.loads(value), ret.json()), \
"创建保密字典比对数据失败,返回数据:{},期望数据:{}".format(ret.json(), json.loads(value))
def 测试创建包含多组数据的保密字典(self, data=data):
data.update({"K8S_NAMESPACE": settings.K8S_NAMESPACE})
ret = self.secret_tool.create_secret(
'./test_data/secret/create_secret.jinja2', data=data)
assert ret.status_code == 201, "创建包含多组数据的{}类型的保密字典失败:{}".format(
data['secret_type'], ret.text)
value = self.verify_template.render(data)
assert self.secret_tool.is_sub_dict(json.loads(value), ret.json()), \
"创建保密字典比对数据失败,返回数据:{},期望数据:{}".format(ret.json(), json.loads(value))
@pytest.mark.skipif(settings.AUDIT_UNABLED, reason="do not have audit")
def 不测试保密字典创建审计(self):
payload = {
"user_name": settings.USERNAME,
"operation_type": "create",
"resource_type": "secrets",
"resource_name": self.data['secret_name']
}
result = self.secret_tool.search_audit(payload)
payload.update({
"namespace": settings.K8S_NAMESPACE,
"region_name": settings.REGION_NAME,
"code": 201
})
values = self.secret_tool.generate_jinja_data(
"./verify_data/audit/audit.jinja2", payload)
assert self.secret_tool.is_sub_dict(values, result.json()), "审计数据不符合预期"