def test_authorize_fs_no_auth_header(self): os.environ[MLP_MLSERVICE_NAME] = 'test_fs_name' data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]} resp = self.app.get('/fs', data=data) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('No auth header given', b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_authorize_invalid_xs_app_name(self): headers = {'Authorization': xs_token} data = {'scopes': 'read,write', 'xs_app_name': 'invalid-xs-app-name'} resp = self.app.get('/authorize', headers=headers, data=data) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('Invalid scope', b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_authorize_fs_invalid_fs_name(self): os.environ[MLP_MLSERVICE_NAME] = 'invalid_test_fs_name' headers = {'Authorization': fs_token} data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]} resp = self.app.get('/fs', headers=headers, data=data) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('Invalid scope', b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_authorize_svc_no_global_tenant_name(self): os.environ[CLEA_UAA_USE_GLOBAL_TENANT] = 'true' headers = { 'tenantName': 'mlptestclient', 'Authorization': token_expired_in_2085 } resp = self.app.get('/svc', headers=headers) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('No globalTenantName header given', b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_authorize_success_with_default_xsappname(self): headers = {'Authorization': xs_token} resp = self.app.get('/authorize', headers=headers, data={'scopes': 'read,write'}) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_authorize_success(self): headers = {'Authorization': xs_token} resp = self.app.get('/authorize', headers=headers, data=self._valid_data) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_authorize_fs_success(self): os.environ[MLP_MLSERVICE_NAME] = 'test_fs_name' headers = {'Authorization': fs_token} data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]} resp = self.app.get('/fs', headers=headers, data=data) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_raise_SecurityError_if_scopes_are_invalid(self): headers = {'Authorization': xs_token} data = {'scopes': 'invalid', 'xs_app_name': 'myxsappname!b53'} resp = self.app.get('/authorize', headers=headers, data=data) self.assertIn( "Unable to authorize the request.\nError code 401: Invalid scope: ['myxsappname!b53.invalid']", b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_authorize_success_with_default_scopes(self): headers = {'Authorization': xs_token} # no scopes passed in. use default scopes defined in the ML services resp = self.app.get('/authorize', headers=headers, data={'xs_app_name': 'myxsappname!b53'}) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_authorize_svc_success(self): headers = { 'tenantName': 'mlptestclient', 'Authorization': token_expired_in_2085 } resp = self.app.get('/svc', headers=headers) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_authorize_bs_success_use_default_bs_name_if_not_specified(self): os.environ[MLP_MLSERVICE_NAME] = 'test_bs_name' os.environ[MLP_UAA_BASE_URL] = 'https://some-token-retrieval-url.com' headers = {'Authorization': bs_token} data = {'training_name': 'train'} resp = self.app.get('/bs', headers=headers, data=data) self.assertIn('Bearer some_token', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_authorize_fs_success_MLP_UAA_NEW_TOKEN_CLIENT_SECRET_is_not_mandatory_for_fs( self): del os.environ[MLP_UAA_NEW_TOKEN_CLIENT_SECRET] os.environ[MLP_MLSERVICE_NAME] = 'test_fs_name' headers = {'Authorization': fs_token} data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]} resp = self.app.get('/fs', headers=headers, data=data) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_raise_SecurityError_if_MLP_UAA_BASE_URL_not_set(self): del os.environ[MLP_UAA_BASE_URL] headers = {'Authorization': fs_token} data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]} resp = self.app.get('/fs', headers=headers, data=data) self.assertIn( 'MLP_UAA_BASE_URL is not found in environment to work with XSUAA', b2s(resp.data)) self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_MLP_UAA_NEW_TOKEN_CLIENT_ID_not_set(self): del os.environ[MLP_UAA_NEW_TOKEN_CLIENT_ID] headers = {'Authorization': bs_token} data = {'training_name': 'train'} resp = self.app.get('/bs', headers=headers, data=data) self.assertIn( 'MLP_UAA_NEW_TOKEN_CLIENT_ID is not found in environment to work with XSUAA.', b2s(resp.data)) self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_MLP_MLSERVICE_NAME_not_set(self): del os.environ[MLP_MLSERVICE_NAME] os.environ[MLP_UAA_BASE_URL] = 'https://some-token-retrieval-url.com' headers = {'Authorization': bs_token} data = {'training_name': 'train'} resp = self.app.get('/bs', headers=headers, data=data) self.assertIn( 'MLP_MLSERVICE_NAME is not found in environment to work with XSUAA', b2s(resp.data)) self.assertEqual(500, resp.status_code)
def test_authorize_svc_success_with_global_tenant_name(self): os.environ[CLEA_UAA_USE_GLOBAL_TENANT] = 'true' headers = { 'tenantName': 'mlptestclient', 'globalTenantName': 'mlptestclient', 'Authorization': token_expired_in_2085 } resp = self.app.get('/svc', headers=headers) self.assertIn('authorized!', b2s(resp.data)) self.assertEqual(200, resp.status_code)
def test_raise_SecurityError_if_API_is_CF_UAA_URL_is_not_configured(self): del os.environ[CLEA_UAA_SERVER_BASE_URL] headers = { 'tenantName': 'mlptestclient', 'Authorization': token_expired_in_2085 } resp = self.app.get('/svc', headers=headers) self.assertIn( 'CLEA_UAA_SERVER_BASE_URL is not found in environment to work with CFUAA', b2s(resp.data)) self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_API_is_configured_to_use_XS_UAA(self): os.environ[MLP_USE_XSUAA] = 'true' headers = { 'tenantName': 'mlptestclient', 'Authorization': token_expired_in_2085 } resp = self.app.get('/svc', headers=headers) self.assertIn( 'Application is expected to configure for CFUAA but configured for XSUAA', b2s(resp.data)) self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_bs_not_config_for_xsuaa(self): del os.environ[MLP_USE_XSUAA] headers = {'Authorization': bs_token} data = { 'training_name': 'train', 'bs_name': os.environ[MLP_MLSERVICE_NAME] } resp = self.app.get('/bs', headers=headers, data=data) self.assertIn( 'Application is expected to configure for XSUAA but configured for CFUAA.', b2s(resp.data)) self.assertEqual(500, resp.status_code)
def retrieve_token_str(self, token_retrieval_cred, *, scopes=None, use_cache=False): if use_cache: tkn_key = 'mlp::' + str(token_retrieval_cred) if scopes: tkn_key += TokenManager.get_scope_str(scopes) try: tkn = TokenCache().get_token(tkn_key) except TokenError: resp = self.retrieve(token_retrieval_cred, scopes=scopes) ttl = max(1, json.loads(b2s(resp))['expires_in'] - 5) tkn = JWTTokenManager.parse_retrieve_response(resp) TokenCache().set_token(tkn_key, token=tkn, ttl=ttl) else: resp = self.retrieve(token_retrieval_cred, scopes=scopes) tkn = JWTTokenManager.parse_retrieve_response(resp) return '{} {}'.format(self.token_type, tkn)
def load_decoded_content_as_json(encoded_content): return json.loads(b2s(TokenManager.b64decode(encoded_content)))
def parse_retrieve_response(retrieve_resp): return json.loads(b2s(retrieve_resp))['access_token']
def get_public_key(self): """Retrieve public key from UAA base url.""" req = Request(urljoin(self.base_url, 'token_keys')) with urlopen(req) as f: return json.loads(b2s(f.read()))['keys'][0]['value']
def test_authorize_svc_no_tenant_name(self): headers = {'Authorization': token_expired_in_2085} resp = self.app.get('/svc', headers=headers) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('No tenantName header given', b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_authorize_svc_no_auth_header(self): headers = {'tenantName': 'mlptestclient'} resp = self.app.get('/svc', headers=headers) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('No auth header given', b2s(resp.data)) self.assertEqual(401, resp.status_code)
def test_b2s(self): self.assertEqual(b2s('str'), 'str') self.assertEqual(b2s(b'bytes'), 'bytes') self.assertRaises(TypeError, b2s, [])
def test_authorize_no_auth_header(self): resp = self.app.get('/authorize', data=self._valid_data) self.assertIn('Unable to authorize the request', b2s(resp.data)) self.assertIn('No auth header given', b2s(resp.data)) self.assertEqual(401, resp.status_code)