def test_get_required_scope_not_set_in_cfg(self, get_user_info,
get_token_info):
base_dir = path.abspath(path.dirname(__file__))
client_secrets = path.join(base_dir, "client_secrets.json")
with patch.dict("module_build_service.app.config",
{"OIDC_CLIENT_SECRETS": client_secrets}):
# https://www.youtube.com/watch?v=G-LtddOgUCE
name = "Joey Jo Jo Junior Shabadoo"
mocked_get_token_info = {
"active": True,
"username": name,
"scope": "openid https://id.fedoraproject.org/scope/groups",
}
get_token_info.return_value = mocked_get_token_info
get_user_info.return_value = {"groups": ["group"]}
headers = {"authorization": "Bearer foobar"}
request = mock.MagicMock()
request.headers.return_value = mock.MagicMock(spec_set=dict)
request.headers.__getitem__.side_effect = headers.__getitem__
request.headers.__setitem__.side_effect = headers.__setitem__
request.headers.__contains__.side_effect = headers.__contains__
with pytest.raises(
module_build_service.common.errors.Forbidden) as cm:
with app.app_context():
module_build_service.web.auth.get_user(request)
assert str(
cm.value
) == "OIDC_REQUIRED_SCOPE must be set in server config."
def test_misconfiguring_oidc_client_secrets_should_be_failed(self):
request = mock.MagicMock()
with pytest.raises(module_build_service.common.errors.Forbidden) as cm:
with app.app_context():
module_build_service.web.auth.get_user(request)
assert str(cm.value
) == "OIDC_CLIENT_SECRETS must be set in server config."
def upgradedb():
""" Upgrades the database schema to the latest revision
"""
app.config["SERVER_NAME"] = "localhost"
# TODO: configurable?
migrations_dir = os.path.join(os.path.abspath(os.path.dirname(__file__)),
"migrations")
with app.app_context():
flask_migrate.upgrade(directory=migrations_dir)
def test_get_user_good(self, get_user_info, get_token_info,
m_allowed_users, allowed_users):
m_allowed_users.return_value = allowed_users
base_dir = path.abspath(path.dirname(__file__))
client_secrets = path.join(base_dir, "client_secrets.json")
with patch.dict(
"module_build_service.app.config",
{
"OIDC_CLIENT_SECRETS": client_secrets,
"OIDC_REQUIRED_SCOPE": "mbs-scope"
},
):
# https://www.youtube.com/watch?v=G-LtddOgUCE
name = "Joey Jo Jo Junior Shabadoo"
mocked_get_token_info = {
"active":
True,
"username":
name,
"scope":
("openid https://id.fedoraproject.org/scope/groups mbs-scope"),
}
get_token_info.return_value = mocked_get_token_info
get_user_info.return_value = {"groups": ["group"]}
headers = {"authorization": "Bearer foobar"}
request = mock.MagicMock()
request.headers.return_value = mock.MagicMock(spec_set=dict)
request.headers.__getitem__.side_effect = headers.__getitem__
request.headers.__setitem__.side_effect = headers.__setitem__
request.headers.__contains__.side_effect = headers.__contains__
with app.app_context():
username, groups = module_build_service.web.auth.get_user(
request)
username_second_call, groups_second_call = module_build_service.web.auth.get_user(
request)
assert username == name
if allowed_users:
assert groups == set()
else:
assert groups == set(get_user_info.return_value["groups"])
# Test the real auth method has been called just once.
get_user_info.assert_called_once()
assert username_second_call == username
assert groups_second_call == groups
def test_get_buildrequired_modulemds_local_builds(self, local_builds,
conf_system,
require_empty_database):
with app.app_context():
load_local_builds(["testmodule"])
resolver = mbs_resolver.GenericResolver.create(db_session,
conf,
backend="mbs")
result = resolver.get_buildrequired_modulemds(
"testmodule", "master", "platform:f28:1:00000000")
assert 1 == len(result)
mmd = result[0]
assert "testmodule" == mmd.get_module_name()
assert "master" == mmd.get_stream_name()
assert 20170816080816 == mmd.get_version()
assert "321" == mmd.get_context()
def test_get_user_no_token(self):
base_dir = path.abspath(path.dirname(__file__))
client_secrets = path.join(base_dir, "client_secrets.json")
with patch.dict(
"module_build_service.app.config",
{
"OIDC_CLIENT_SECRETS": client_secrets,
"OIDC_REQUIRED_SCOPE": "mbs-scope"
},
):
request = mock.MagicMock()
request.cookies.return_value = {}
with pytest.raises(
module_build_service.common.errors.Unauthorized) as cm:
with app.app_context():
module_build_service.web.auth.get_user(request)
assert str(cm.value) == "No 'authorization' header found."
def test_get_user_not_in_groups(self, get_user_info, get_token_info):
base_dir = path.abspath(path.dirname(__file__))
client_secrets = path.join(base_dir, "client_secrets.json")
with patch.dict(
"module_build_service.app.config",
{
"OIDC_CLIENT_SECRETS": client_secrets,
"OIDC_REQUIRED_SCOPE": "mbs-scope"
},
):
# https://www.youtube.com/watch?v=G-LtddOgUCE
name = "Joey Jo Jo Junior Shabadoo"
mocked_get_token_info = {
"active":
True,
"username":
name,
"scope":
"openid https://id.fedoraproject.org/scope/groups mbs-scope"
}
get_token_info.return_value = mocked_get_token_info
get_user_info.side_effect = requests.Timeout("It happens...")
headers = {"authorization": "Bearer foobar"}
request = mock.MagicMock()
request.headers.return_value = mock.MagicMock(spec_set=dict)
request.headers.__getitem__.side_effect = headers.__getitem__
request.headers.__setitem__.side_effect = headers.__setitem__
request.headers.__contains__.side_effect = headers.__contains__
with pytest.raises(
module_build_service.common.errors.Unauthorized) as cm:
with app.app_context():
module_build_service.web.auth.get_user(request)
assert str(
cm.value
) == "OpenIDC auth error: Cannot determine the user's groups"
def test_format_mmd_arches(self, mocked_scm):
with app.app_context():
clean_database()
mocked_scm.return_value.commit = "620ec77321b2ea7b0d67d82992dda3e1d67055b4"
mocked_scm.return_value.get_latest.side_effect = [
"4ceea43add2366d8b8c5a622a2fb563b625b9abf",
"fbed359411a1baa08d4a88e0d12d426fbf8f602c",
"dbed259411a1baa08d4a88e0d12d426fbf8f6037",
"4ceea43add2366d8b8c5a622a2fb563b625b9abf",
"fbed359411a1baa08d4a88e0d12d426fbf8f602c",
"dbed259411a1baa08d4a88e0d12d426fbf8f6037",
]
testmodule_mmd_path = staged_data_filename("testmodule.yaml")
test_archs = ["powerpc", "i486"]
mmd1 = load_mmd_file(testmodule_mmd_path)
format_mmd(mmd1, None)
for pkg_name in mmd1.get_rpm_component_names():
pkg = mmd1.get_rpm_component(pkg_name)
assert set(pkg.get_arches()) == set(conf.arches)
mmd2 = load_mmd_file(testmodule_mmd_path)
for pkg_name in mmd2.get_rpm_component_names():
pkg = mmd2.get_rpm_component(pkg_name)
pkg.reset_arches()
for arch in test_archs:
pkg.add_restricted_arch(arch)
format_mmd(mmd2, None)
for pkg_name in mmd2.get_rpm_component_names():
pkg = mmd2.get_rpm_component(pkg_name)
assert set(pkg.get_arches()) == set(test_archs)