def test_https_accept_with_verify_and_client_certs(self):
self.conf.set_override('remote_ssl_verify_server_crt',
True,
group='oslo_policy')
self.conf.set_override('remote_ssl_ca_crt_file',
"ca.crt",
group='oslo_policy')
self.conf.set_override('remote_ssl_client_key_file',
"client.key",
group='oslo_policy')
self.conf.set_override('remote_ssl_client_crt_file',
"client.crt",
group='oslo_policy')
self.requests_mock.post('https://example.com/target', text='True')
check = _external.HttpsCheck('https', '//example.com/%(name)s')
target_dict = dict(name='target', spam='spammer')
cred_dict = dict(user='******', roles=['a', 'b', 'c'])
with mock.patch('os.path.exists') as path_exists:
with mock.patch('os.access') as os_access:
path_exists.return_value = True
os_access.return_value = True
self.assertTrue(check(target_dict, cred_dict, self.enforcer))
last_request = self.requests_mock.last_request
self.assertEqual('ca.crt', last_request.verify)
self.assertEqual(('client.crt', 'client.key'), last_request.cert)
self.assertEqual('POST', last_request.method)
self.assertEqual(
dict(rule=None, target=target_dict, credentials=cred_dict),
self.decode_post_data(last_request.body))
def test_https_with_strings_in_target(self):
self.requests_mock.post("https://example.com/target", text='True')
check = _external.HttpsCheck('https', '//example.com/%(name)s')
target = {'a': 'some_string', 'name': 'target', 'b': 'test data'}
self.assertTrue(
check(target, dict(user='******', roles=['a', 'b', 'c']),
self.enforcer))
def test_https_reject(self):
self.requests_mock.post("https://example.com/target", text='other')
check = _external.HttpsCheck('https', '//example.com/%(name)s')
target_dict = dict(name='target', spam='spammer')
cred_dict = dict(user='******', roles=['a', 'b', 'c'])
self.assertFalse(check(target_dict, cred_dict, self.enforcer))
last_request = self.requests_mock.last_request
self.assertEqual('POST', last_request.method)
self.assertEqual(
dict(rule=None, target=target_dict, credentials=cred_dict),
self.decode_post_data(last_request.body))
def test_https_accept(self):
self.requests_mock.post('https://example.com/target', text='True')
check = _external.HttpsCheck('https', '//example.com/%(name)s')
target_dict = dict(name='target', spam='spammer')
cred_dict = dict(user='******', roles=['a', 'b', 'c'])
self.assertTrue(check(target_dict, cred_dict, self.enforcer))
last_request = self.requests_mock.last_request
self.assertEqual('application/x-www-form-urlencoded',
last_request.headers['Content-Type'])
self.assertEqual('POST', last_request.method)
self.assertEqual(
dict(rule=None, target=target_dict, credentials=cred_dict),
self.decode_post_data(last_request.body))
def test_https_accept_with_verify(self):
self.conf.set_override('remote_ssl_verify_server_crt', True,
group='oslo_policy')
self.requests_mock.post('https://example.com/target', text='True')
check = _external.HttpsCheck('https', '//example.com/%(name)s')
target_dict = dict(name='target', spam='spammer')
cred_dict = dict(user='******', roles=['a', 'b', 'c'])
self.assertTrue(check(target_dict, cred_dict, self.enforcer))
last_request = self.requests_mock.last_request
self.assertEqual(True, last_request.verify)
self.assertEqual('POST', last_request.method)
self.assertEqual(dict(rule=None,
target=target_dict,
credentials=cred_dict),
self.decode_post_data(last_request.body))
def test_https_accept_json(self):
self.conf.set_override('remote_content_type',
'application/json',
group='oslo_policy')
self.requests_mock.post('https://example.com/target', text='True')
check = _external.HttpsCheck('https', '//example.com/%(name)s')
target_dict = dict(name='target', spam='spammer')
cred_dict = dict(user='******', roles=['a', 'b', 'c'])
self.assertTrue(check(target_dict, cred_dict, self.enforcer))
last_request = self.requests_mock.last_request
self.assertEqual('application/json',
last_request.headers['Content-Type'])
self.assertEqual('POST', last_request.method)
self.assertEqual(
dict(rule=None, target=target_dict, credentials=cred_dict),
json.loads(last_request.body.decode('utf-8')))
