def as_extended_exception():
api_ex = ApiException(
http_resp=ServerProxyHasServiceDisabledResponse())
api_ex.api_call = {
'method': 'PUT',
'resource_path': '/clients/{id}/register',
'path_params': 'GOV:9876:SUB1',
'query_params': '',
'header_params': '',
'controller_func': 'client.py#remote_register_client',
'module_func': 'clients_api.py#register_client'
}
return api_ex
def test_client_add_already_existing(self):
class AlreadyExistingResponse:
status = 409
data = '{"status":409,"error":{"code":"certificate_already_exists"}}'
reason = None
def getheaders(self):
return None
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.clients_api.ClientsApi.add_client',
side_effect=ApiException(
http_resp=AlreadyExistingResponse())):
client_controller = ClientController()
client_controller.app = app
client_controller.load_config = (lambda: self.ss_config)
client_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
client_controller.add()
out, err = self.capsys.readouterr()
assert out.count("already exists") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_service_description_add_client_not_found(self):
class ClientNotFound:
status = 404
data = '{"status":404,"error":{"code":"service_description_client_not_found"}}'
reason = None
def getheaders(self):
return None
with XRDSSTTest() as app:
with mock.patch(
'xrdsst.api.clients_api.ClientsApi.find_clients',
side_effect=ApiException(http_resp=ClientNotFound())):
service_controller = ServiceController()
service_controller.app = app
service_controller.load_config = (lambda: self.ss_config)
service_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
service_controller.add_description()
out, err = self.capsys.readouterr()
assert err.count("service_description_client_not_found") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_endpoint_add_access_already_added(self):
class AlreadyEnabledResponse:
status = 409
data = '{"status":409,"error":{"code":"service_endpoint_already_enabled"}}'
reason = None
def getheaders(self):
return None
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.clients_api.ClientsApi.find_clients',
return_value=[
Client(id='DEV:GOV:9876:SUB1',
instance_id='DEV',
member_class='GOV',
member_code='9876',
subsystem_code='SUB1',
connection_type=ConnectionType.HTTP,
status=ClientStatus.REGISTERED,
owner=True,
has_valid_local_sign_cert=True)
]):
with mock.patch(
'xrdsst.api.clients_api.ClientsApi.get_client_service_descriptions',
return_value=[
EndpointTestData.add_description_response
]):
with mock.patch(
'xrdsst.api.clients_api.ClientsApi.find_service_client_candidates',
return_value=[
ServiceClient(
id='DEV:security-server-owners',
name='Security server owners',
local_group_code=None,
service_client_type=ServiceClientType.
GLOBALGROUP,
rights_given_at=datetime.now().isoformat())
]):
with mock.patch(
'xrdsst.api.endpoints_api.EndpointsApi.add_endpoint_service_clients',
side_effect=ApiException(
http_resp=AlreadyEnabledResponse())):
endpoint_controller = EndpointController()
endpoint_controller.app = app
endpoint_controller.load_config = (
lambda: self.ss_config)
endpoint_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
endpoint_controller.add_access()
out, err = self.capsys.readouterr()
assert out.count("already added") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_service_description_enable_already_enabled(self):
class AlreadyEnabledResponse:
status = 409
data = '{"status":409,"error":{"code":"service_description_already_enabled"}}'
reason = None
def getheaders(self):
return None
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.clients_api.ClientsApi.find_clients',
return_value=[
Client(id='DEV:GOV:9876:SUB1',
instance_id='DEV',
member_class='GOV',
member_code='9876',
subsystem_code='SUB1',
connection_type=ConnectionType.HTTP,
status=ClientStatus.REGISTERED,
owner=True,
has_valid_local_sign_cert=True)
]):
with mock.patch(
'xrdsst.api.clients_api.ClientsApi.get_client_service_descriptions',
return_value=[
ServiceTestData.add_description_response
]):
with mock.patch(
'xrdsst.api.service_descriptions_api.ServiceDescriptionsApi.enable_service_description',
side_effect=ApiException(
http_resp=AlreadyEnabledResponse())):
service_controller = ServiceController()
service_controller.app = app
service_controller.load_config = (
lambda: self.ss_config)
service_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
service_controller.enable_description()
out, err = self.capsys.readouterr()
assert out.count("already enabled") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_cert_import_permission_denied(self):
class PermissionDeniedResponse:
status = 403
data = '{"status":403,"error":{"code":"permission_denied"}}'
reason = None
def getheaders(self): return None
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
return_value=CertTestData.single_auth_key_with_cert_token_response):
with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.import_certificate',
side_effect=ApiException(http_resp=PermissionDeniedResponse())):
cert_controller = CertController()
cert_controller.app = app
cert_controller.load_config = (lambda: self.ss_config_with_authcert())
cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
cert_controller.import_()
out, err = self.capsys.readouterr()
assert err.count("permission") > 0
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
class TestStatus(unittest.TestCase):
authcert_existing = os.path.join(ROOT_DIR, "tests/resources/authcert.pem")
ss_config = {
'admin_credentials':
'TOOLKIT_ADMIN_CREDENTIALS',
'logging': {
'file': '/tmp/xrdsst_test_token_log',
'level': 'INFO'
},
'ssh_access': {
'user': '******',
'private_key': 'TOOLKIT_SSH_PRIVATE_KEY'
},
'security_server': [{
'name':
'longServerName',
'url':
'https://unrealz5BAlxpy9yo0XpplIQbPC.com:443',
'certificates': [
'/some/where/authcert',
'/some/where/signcert',
],
'api_key':
'TOOLKIT_SS1_API_KEY',
'api_key_url':
'https://localhost:4000/api/v1/api-keys',
'owner_dn_country':
'FI',
'owner_dn_org':
'UNSERE',
'owner_member_class':
'VOG',
'owner_member_code':
'4321',
'security_server_code':
'SS3',
'software_token_id':
'0',
'software_token_pin':
'1122'
}, {
'name':
'longServerName2',
'url':
'https://unrealz5BAlxpy9yo0XpplIQbPC.com:443',
'certificates': [
'/some/where/authcert',
'/some/where/signcert',
],
'api_key':
'TOOLKIT_SS2_API_KEY',
'api_key_url':
'https://localhost:4000/api/v1/api-keys',
'owner_dn_country':
'FI',
'owner_dn_org':
'UNSERE',
'owner_member_class':
'VOG',
'owner_member_code':
'4321',
'security_server_code':
'SS3',
'software_token_id':
'0',
'software_token_pin':
'1122'
}]
}
def serverless_config(self):
config = copy.deepcopy(self.ss_config)
config.pop('security_server')
return config
@pytest.fixture(autouse=True)
def capsys(self, capsys):
self.capsys = capsys
def test_status_no_security_servers(self):
with XRDSSTTest() as app:
status_controller = StatusController()
status_controller.app = app
status_controller.load_config = (lambda: self.serverless_config())
status_controller._default()
out, err = self.capsys.readouterr()
assert out.count("No security servers defined") > 0
for header in [
'GLOBAL', 'SERVER', 'ROLES', 'INIT', 'TSAS', 'TOKEN',
'KEYS', 'CSRS', 'CERTS'
]:
assert header in status_controller.app._last_rendered[0][0]
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
@mock.patch('xrdsst.core.api_util.is_ss_connectable', lambda x:
(True, 'good connectivity (test injected)'))
@mock.patch.object(UserApi,
'get_user',
side_effect=ApiException(
http_resp=ObjectStruct(status=401,
reason=None,
data='{"status":401}',
getheaders=(lambda: None))))
def test_status_api_key_not_accepted(self, userapi_mock):
with XRDSSTTest() as app:
status_controller = StatusController()
status_controller.app = app
status_controller.load_config = (lambda: self.ss_config)
status_controller._default()
out, err = self.capsys.readouterr()
assert status_controller.app._last_rendered[0][1].count(
'longServerName'
) == 1 # Still must report server name in config
assert status_controller.app._last_rendered[0][1].count(
'NO ACCESS') > 0 # ... and inform of access error
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
@mock.patch('xrdsst.core.api_util.is_ss_connectable', lambda x:
(True, 'good connectivity (test injected)'))
@mock.patch.object(UserApi, 'get_user', sysadm_secoff)
@mock.patch.object(SystemApi, 'system_version',
(lambda x: Version(info="6.25.0")))
@mock.patch.object(
DiagnosticsApi, 'get_global_conf_diagnostics',
(lambda x: GlobalConfDiagnostics(status_class="FAIL",
status_code="INTERNAL",
prev_update_at=datetime.now(),
next_update_at=datetime.now() +
timedelta(minutes=5))))
@mock.patch.object(InitializationApi, 'get_initialization_status',
(lambda x: InitializationStatus(
False, False, False, TokenStatus.NOT_INITIALIZED)))
def test_status_uninitialized_server(self):
with XRDSSTTest() as app:
status_controller = StatusController()
status_controller.app = app
status_controller.load_config = (lambda: self.ss_config)
status_controller._default()
# Global status
assert status_controller.app._last_rendered[0][1][0].count(
'FAIL') == 1
assert status_controller.app._last_rendered[0][1][0].count(
'INTERNAL') == 1
assert status_controller.app._last_rendered[0][1][0].count(
'LAST') == 1
assert status_controller.app._last_rendered[0][1][0].count(
'NEXT') == 1
# Security server and its version
assert status_controller.app._last_rendered[0][1][1].count(
'longServerName') == 1
assert status_controller.app._last_rendered[0][1][1].count(
'6.25.0') == 1
# Roles granted to API user
assert status_controller.app._last_rendered[0][1][2].upper().count(
'ADMINISTRATOR') == 1
assert status_controller.app._last_rendered[0][1][2].upper().count(
'OFFICER') == 1
# Token status
assert status_controller.app._last_rendered[0][1][3].upper().count(
'TOKEN NOT_INITIALIZED') == 1
# Other columns not available
for col in range(4, 9):
assert '' == status_controller.app._last_rendered[0][1][
col].strip()
@mock.patch('xrdsst.core.api_util.is_ss_connectable', lambda x:
(True, 'good connectivity (test injected)'))
@mock.patch.object(UserApi, 'get_user', sysadm_secoff)
@mock.patch.object(SystemApi, 'system_version',
(lambda x: Version(info="6.25.0")))
@mock.patch.object(DiagnosticsApi, 'get_global_conf_diagnostics',
(lambda x: DiagnosticsTestData.global_ok_success))
@mock.patch.object(InitializationApi, 'get_initialization_status',
(lambda x: InitTestData.all_initialized))
@mock.patch.object(SecurityServersApi, 'get_security_servers',
(lambda x, **kwargs: [
SecurityServer(id="TEST:GOV:8672:SSLONG",
instance_id="TEST",
member_class="GOV",
server_address="4.2.2.1",
server_code="SSLONG")
]))
@mock.patch.object(
SystemApi, 'get_configured_timestamping_services', (lambda x: [
TimestampingService(name="one tsa", url="https://one.tsa"),
TimestampingService(name="two tsa", url="https://two.tsa"),
]))
@mock.patch.object(TokensApi, 'get_token', (lambda x, y: Token(
available=True,
id="0",
keys=[],
logged_in=False,
name="softToken-0",
possible_actions=
[PossibleAction.LOGIN, PossibleAction.EDIT_FRIENDLY_NAME],
read_only=False,
saved_to_configuration=True,
status=TokenStatus.OK,
type=TokenType.SOFTWARE)))
def test_status_initialized_server(self):
with XRDSSTTest() as app:
status_controller = StatusController()
status_controller.app = app
status_controller.load_config = (lambda: self.ss_config)
status_controller._default()
out, err = self.capsys.readouterr()
# Global status
assert status_controller.app._last_rendered[0][1][0].count(
'OK') == 1
assert status_controller.app._last_rendered[0][1][0].count(
'SUCCESS') == 1
assert status_controller.app._last_rendered[0][1][0].count(
'LAST') == 1
assert status_controller.app._last_rendered[0][1][0].count(
'NEXT') == 1
# Security server and its version
assert status_controller.app._last_rendered[0][1][1].count(
'longServerName') == 1
assert status_controller.app._last_rendered[0][1][1].count(
'6.25.0') == 1
# Roles granted to API user
assert status_controller.app._last_rendered[0][1][2].upper().count(
'ADMINISTRATOR') == 1
assert status_controller.app._last_rendered[0][1][2].upper().count(
'OFFICER') == 1
# Initialization statuses
assert status_controller.app._last_rendered[0][1][3].count(
'ANCHOR INITIALIZED') == 1
assert status_controller.app._last_rendered[0][1][3].count(
'CODE INITIALIZED') == 1
assert status_controller.app._last_rendered[0][1][3].count(
'OWNER INITIALIZED') == 1
assert status_controller.app._last_rendered[0][1][3].count(
'TOKEN INITIALIZED') == 1
# TSA list
assert status_controller.app._last_rendered[0][1][4].count(
'one tsa') == 1
assert status_controller.app._last_rendered[0][1][4].count(
'two tsa') == 1
# Token data
assert status_controller.app._last_rendered[0][1][5].count(
'ID 0') == 1
assert status_controller.app._last_rendered[0][1][5].count(
'softToken-0') == 1
assert status_controller.app._last_rendered[0][1][5].count(
'STATUS OK') == 1
assert status_controller.app._last_rendered[0][1][5].count(
'LOGIN NO') == 1
# Other columns not filled with given data
for col in range(6, 9):
assert '' == status_controller.app._last_rendered[0][1][
col].strip()
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
class TestToken(unittest.TestCase):
configuration_anchor = os.path.join(
ROOT_DIR, "tests/resources/configuration-anchor.xml")
ss_config = {
'admin_credentials':
'TOOLKIT_ADMIN_CREDENTIALS',
'logging': {
'file': '/tmp/xrdsst_test_token_log',
'level': 'INFO'
},
'ssh_access': {
'user': '******',
'private_key': 'TOOLKIT_SSH_PRIVATE_KEY'
},
'security_server': [{
'name': 'ssX',
'url': 'https://non.existing.url.blah:8999/api/v1',
'fqdn': 'client_only',
'api_key': 'TOOLKIT_SS1_API_KEY',
'api_key_url': 'https://localhost:4000/api/v1/api-keys',
'configuration_anchor': configuration_anchor,
'owner_dn_country': 'FI',
'owner_dn_org': 'UNSERE',
'owner_member_class': 'VOG',
'owner_member_code': '4321',
'security_server_code': 'SS3',
'software_token_id': '0',
'software_token_pin': '1122'
}, {
'name': 'ssY',
'url': 'https://non.existing.url.blah:8999/api/v1',
'fqdn': 'client_only',
'api_key': 'TOOLKIT_SS2_API_KEY',
'api_key_url': 'https://localhost:4000/api/v1/api-keys',
'configuration_anchor': configuration_anchor,
'owner_dn_country': 'FI',
'owner_dn_org': 'UNSERE',
'owner_member_class': 'VOG',
'owner_member_code': '4321',
'security_server_code': 'SS4',
'software_token_id': '0',
'software_token_pin': '1122'
}]
}
@pytest.fixture(autouse=True)
def capsys(self, capsys):
self.capsys = capsys
def test_token_list(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_tokens',
return_value=TokenTestData.token_list_response):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
token_controller.list()
def test_get_tokens(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_tokens',
return_value=TokenTestData.token_list_response):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
for security_server in self.ss_config["security_server"]:
configuration = token_controller.create_api_config(
security_server, self.ss_config)
response = token_controller.remote_get_tokens(
configuration)
assert response == TokenTestData.token_list_response
def test_get_tokens_exception(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.get_tokens',
side_effect=ApiException):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
for security_server in self.ss_config["security_server"]:
configuration = token_controller.create_api_config(
security_server, self.ss_config)
token_controller.remote_get_tokens(configuration)
self.assertRaises(ApiException)
def test_token_login(self):
with XRDSSTTest() as app:
with mock.patch('xrdsst.api.tokens_api.TokensApi.login_token',
return_value=TokenTestData.token_login_response):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
token_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
token_controller.login()
out, err = self.capsys.readouterr()
assert 1 == out.count(
"Security server 'ssX' token 0 logged in.")
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
@mock.patch.object(
TokensApi,
'login_token',
side_effect=ApiException(http_resp=ObjectStruct(
status=409,
reason=None,
data='{"status":409,"error":{"code":"action_not_possible"}}',
getheaders=(lambda: None))))
def test_token_login_already_logged_in(self, tokens_api_mock):
with XRDSSTTest() as app:
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
token_controller.get_server_status = (
lambda x, y: StatusTestData.server_status_essentials_complete)
token_controller.login()
out, err = self.capsys.readouterr()
assert 1 == out.count("Token 0 already logged in for 'ssX'")
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
@staticmethod
def mock_add_key_and_csr_test_token_init_keys(id_, **kwargs):
if kwargs[
'body'].csr_generate_request.key_usage_type == KeyUsageType.AUTHENTICATION:
return TokenTestData.add_auth_key_with_csr_response
return TokenTestData.add_sign_key_with_csr_response
@mock.patch.object(TokensApi, 'get_token',
(lambda x, y: TokenTestData.token_login_response))
@mock.patch.object(TokensApi, 'add_key_and_csr',
mock_add_key_and_csr_test_token_init_keys)
def test_token_init_keys(self):
with XRDSSTTest() as app:
with mock.patch(
'xrdsst.api.certificate_authorities_api.CertificateAuthoritiesApi.get_approved_certificate_authorities'
) as mock_get_cas:
mock_get_cas.return_value.__enter__.return_value = TokenTestData.ca_list_response
with mock.patch(
'xrdsst.api.security_servers_api.SecurityServersApi.get_security_servers',
return_value=TokenTestData.
security_servers_current_server_response):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
token_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
token_controller.init_keys()
out, err = self.capsys.readouterr()
assert 2 == out.count("Created AUTHENTICATION CSR")
assert 2 == out.count("Created SIGNING CSR")
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_token_init_keys_without_token_logged_in(self):
with XRDSSTTest() as app:
with mock.patch(
'xrdsst.api.certificate_authorities_api.CertificateAuthoritiesApi.get_approved_certificate_authorities'
) as mock_get_cas:
mock_get_cas.return_value.__enter__.return_value = TokenTestData.ca_list_response
with mock.patch(
'xrdsst.api.security_servers_api.SecurityServersApi.get_security_servers',
return_value=TokenTestData.
security_servers_current_server_response):
with mock.patch(
'xrdsst.api.tokens_api.TokensApi.get_token',
return_value=TokenTestData.token_login_response):
with mock.patch(
'xrdsst.api.tokens_api.TokensApi.add_key_and_csr',
return_value=TokenTestData.
add_auth_key_with_csr_response):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (
lambda: self.ss_config)
token_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete_token_logged_out(
))
token_controller.init_keys()
out, err = self.capsys.readouterr()
assert 1 == out.count(
"SKIPPED 'ssX': has ['init', 'client add'] performed but also needs ['token login'] completion before continuing with requested ['token init-keys']"
)
with self.capsys.disabled():
sys.stdout.write(out)
sys.stderr.write(err)
def test_token_init_keys_without_cas_available(self):
with XRDSSTTest() as app:
with mock.patch(
'xrdsst.api.certificate_authorities_api.CertificateAuthoritiesApi.get_approved_certificate_authorities'
) as mock_get_cas:
mock_get_cas.return_value.__enter__.return_value = []
with mock.patch(
'xrdsst.api.security_servers_api.SecurityServersApi.get_security_servers',
return_value=TokenTestData.
security_servers_current_server_response):
token_controller = TokenController()
token_controller.app = app
token_controller.load_config = (lambda: self.ss_config)
token_controller.get_server_status = (
lambda x, y: StatusTestData.
server_status_essentials_complete)
self.assertRaises(IndexError,
lambda: token_controller.init_keys())
def test_token_list_nonresolving_url(self):
urllib3.util.retry.Retry.DEFAULT = urllib3.util.retry.Retry(0)
token_controller = TokenController()
token_controller.load_config = (lambda: self.ss_config)
self.assertRaises(urllib3.exceptions.MaxRetryError,
lambda: token_controller.list())