def test_create_rsa_name(self, name):
"""Covers creating rsa containers with various names."""
test_model = container_models.ContainerModel(**self.default_data)
test_model.name = name
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 201)
def test_container_get_rsa(self):
"""Covers getting an rsa container."""
test_model = container_models.ContainerModel(
**create_container_rsa_data)
secret_refs = []
for secret_ref in test_model.secret_refs:
secret_refs.append(secret_ref['secret_ref'])
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
get_resp = self.behaviors.get_container(container_ref)
# Verify the response data
self.assertEqual(200, get_resp.status_code)
self.assertEqual("rsacontainer", get_resp.model.name)
self.assertEqual(container_ref, get_resp.model.container_ref)
self.assertEqual("rsa", get_resp.model.type)
# Verify the secret refs in the response
self.assertEqual(3, len(get_resp.model.secret_refs))
self.assertIn(get_resp.model.secret_refs[0].secret_ref, secret_refs)
self.assertIn(get_resp.model.secret_refs[1].secret_ref, secret_refs)
self.assertIn(get_resp.model.secret_refs[2].secret_ref, secret_refs)
def test_create_defaults_invalid_type(self):
"""Container creating should fail with an invalid container type."""
test_model = container_models.ContainerModel(**self.default_data)
test_model.type = 'bad_type'
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 400)
def setUp(self):
super(ConsumersTestCase, self).setUp()
self.secret_behaviors = secret_behaviors.SecretBehaviors(self.client)
self.container_behaviors = container_behaviors.ContainerBehaviors(
self.client)
self.consumer_behaviors = consumer_behaviors.ConsumerBehaviors(
self.client)
self.consumer_data = copy.deepcopy(self.default_data)
# Set up two secrets
secret_ref_1 = self._create_a_secret()
secret_ref_2 = self._create_a_secret()
# Create a container with our secrets
create_container_data['secret_refs'][0]['secret_ref'] = secret_ref_1
create_container_data['secret_refs'][1]['secret_ref'] = secret_ref_2
container_model = container_models.ContainerModel(
**create_container_data)
resp, container_ref = self.container_behaviors.create_container(
container_model)
self.assertEqual(resp.status_code, 201)
self.assertIsNotNone(container_ref)
self.container_ref = container_ref
def test_container_get_defaults_w_valid_name(self, name):
"""Covers getting a generic container with a three secrets."""
test_model = container_models.ContainerModel(
**create_container_defaults_data)
overrides = {'name': name}
test_model.override_values(**overrides)
secret_refs = []
for secret_ref in test_model.secret_refs:
secret_refs.append(secret_ref['secret_ref'])
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
get_resp = self.behaviors.get_container(container_ref)
# Verify the response data
self.assertEqual(200, get_resp.status_code)
self.assertEqual(test_model.name, get_resp.model.name)
self.assertEqual(container_ref, get_resp.model.container_ref)
self.assertEqual(test_model.type, get_resp.model.type)
# Verify the secret refs in the response
self.assertEqual(3, len(get_resp.model.secret_refs))
self.assertIn(get_resp.model.secret_refs[0].secret_ref, secret_refs)
self.assertIn(get_resp.model.secret_refs[1].secret_ref, secret_refs)
self.assertIn(get_resp.model.secret_refs[2].secret_ref, secret_refs)
def _create_cert_container(self, private_key_ref, tls_certificate_ref,
passphrase_ref=None, intermediates_ref=None):
container_data = copy.deepcopy(self.container_default_data)
self._add_secret_ref_to_container(container_data, "certificate",
tls_certificate_ref)
self._add_secret_ref_to_container(container_data, "private_key",
private_key_ref)
if passphrase_ref:
self._add_secret_ref_to_container(container_data,
"private_key_passphrase",
passphrase_ref)
if intermediates_ref:
self._add_secret_ref_to_container(container_data, "intermediates",
intermediates_ref)
test_model = container_models.ContainerModel(
**container_data)
resp, container_ref = self.container_behaviors.create_container(
test_model)
self.assertEqual(201, resp.status_code)
self.assertIsNotNone(container_ref)
return container_ref
def test_create_defaults_none_secret_name(self):
"""Covers creating a container with None as a secret name."""
test_model = container_models.ContainerModel(**self.default_data)
test_model.name = None
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 201)
def _create_populated_generic_container(self):
# Set up two secrets
secret_ref_1 = self._create_a_secret()
secret_ref_2 = self._create_a_secret()
# Create a generic container with our secrets
generic_container_data = copy.deepcopy(create_generic_container_data)
self._add_secret_ref_to_container(generic_container_data,
'secret_ref_1', secret_ref_1)
self._add_secret_ref_to_container(generic_container_data,
'secret_ref_2', secret_ref_2)
container_model = container_models.ContainerModel(
**generic_container_data
)
resp, container_ref = self.container_behaviors.create_container(
container_model
)
self.assertEqual(201, resp.status_code)
self.assertIsNotNone(container_ref)
return container_ref
def test_container_create_rsa(self):
"""Create an RSA container with expected secret refs."""
test_model = container_models.ContainerModel(
**create_container_rsa_data)
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
def test_container_create_defaults(self):
"""Covers creating a container with three secret refs."""
test_model = container_models.ContainerModel(
**create_container_defaults_data)
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
def test_container_create_empty(self):
"""Covers creating an empty generic container."""
test_model = container_models.ContainerModel(
**create_container_empty_data)
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
def store_container(self, user_name=creator_a, admin=admin_a):
secret_ref = self.store_secret(user_name=user_name, admin=admin)
test_model = container_models.ContainerModel(
**get_container_req(secret_ref))
resp, container_ref = self.container_behaviors.create_container(
test_model, user_name=user_name, admin=admin)
self.assertEqual(201, resp.status_code)
return container_ref
def test_create_defaults_duplicate_secret_refs(self):
"""Covers creating a container with a duplicated secret ref."""
test_model = container_models.ContainerModel(**self.default_data)
test_model.secret_refs[0]['secret_ref'] = self.secret_ref_1
test_model.secret_refs[1]['secret_ref'] = self.secret_ref_1
test_model.secret_refs[2]['secret_ref'] = self.secret_ref_1
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 400)
def test_create_rsa_no_passphrase(self):
"""Covers creating an rsa container without a passphrase."""
pub_key_ref = {'name': 'public_key', 'secret_ref': self.secret_ref_1}
priv_key_ref = {'name': 'private_key', 'secret_ref': self.secret_ref_2}
test_model = container_models.ContainerModel(**self.default_data)
test_model.secret_refs = [pub_key_ref, priv_key_ref]
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 201)
def test_create_rsa_no_private_key(self):
"""Creating an rsa container without a private key should fail.
RSA containers must have at least a public key and private key.
"""
test_model = container_models.ContainerModel(**self.default_data)
test_model.secret_refs[1]['name'] = 'secret_1'
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 400)
def test_unauthed_create_no_proj_id(self):
"""Attempt to create a container without a token or project id
Should return 401
"""
model = container_models.ContainerModel(**create_container_data)
resp = self.client.post('containers',
request_model=model,
use_auth=False)
self.assertEqual(401, resp.status_code)
def create_containers(self, count=1, expected_return=201):
"""Utility function to create containers"""
container_ref = None
for _ in range(count):
secret_ref = self.create_secrets()
test_model = container_models.ContainerModel(
**self.get_container_req(secret_ref))
resp, container_ref = self.container_behaviors.create_container(
test_model, user_name=admin_b)
self.assertEqual(expected_return, resp.status_code)
return container_ref
def store_container(self,
public_key_secret_ref,
private_key_secret_ref,
passphrase_secret_ref=None):
test_model = container_models.ContainerModel(
**get_container_req(public_key_secret_ref, private_key_secret_ref,
passphrase_secret_ref))
resp, container_ref = self.container_behaviors.create_container(
test_model)
self.assertEqual(201, resp.status_code)
return container_ref
def test_create_defaults_size(self, num_secrets):
"""Covers creating containers of various sizes."""
test_model = container_models.ContainerModel(**self.default_data)
for i in range(0, num_secrets):
secret_ref = self._create_a_secret()
test_model.secret_refs.append({
'name': 'other_secret{0}'.format(i),
'secret_ref': secret_ref
})
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 201)
def test_container_delete_defaults(self):
"""Covers deleting a container."""
test_model = container_models.ContainerModel(
**create_container_defaults_data)
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
del_resp = self.behaviors.delete_container(container_ref)
self.assertEqual(204, del_resp.status_code)
self.assertEqual(0, len(del_resp.content))
def test_unauthed_create_with_proj_id(self):
"""Attempt to create a container with a project id, but not a token
Should return 401
"""
model = container_models.ContainerModel(**create_container_data)
headers = {'X-Project-Id': self.dummy_project_id}
resp = self.client.post('containers',
request_model=model,
use_auth=False,
extra_headers=headers)
self.assertEqual(401, resp.status_code)
def test_unauthed_create_huge_dummy_token_no_proj_id(self):
"""Attempt to create a container with a dummy token, and no project id
Should return 401
"""
model = container_models.ContainerModel(**create_container_data)
headers = {'X-Auth-Token': 'a' * 3500}
resp = self.client.post('containers',
request_model=model,
use_auth=False,
extra_headers=headers)
self.assertEqual(401, resp.status_code)
def create_generic_container(self):
secret_model = secret_models.SecretModel(**get_private_key_req())
secret_model.secret_type = s.SecretType.PRIVATE
resp, secret_ref = self.secret_behaviors.create_secret(secret_model)
self.assertEqual(201, resp.status_code)
test_model = container_models.ContainerModel(**create_generic_container_data)
test_model.secret_refs = [{
'name': 'my_secret',
'secret_ref': secret_ref
}]
resp, container_ref = self.container_behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
return container_ref
def test_create_defaults_secret_name(self, name=None):
"""Covers creating containers with various secret ref names."""
test_model = container_models.ContainerModel(**self.default_data)
test_model.secret_refs = [{
'name': name,
'secret_ref': self.secret_ref_1
}]
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 201)
get_resp = self.behaviors.get_container(container_ref)
self.assertEqual(get_resp.status_code, 200)
self.assertEqual(get_resp.model.secret_refs[0].name, name)
def test_create_rsa_invalid_key_names(self):
"""Covers creating an RSA container with incorrect names."""
test_model = container_models.ContainerModel(**self.default_data)
test_model.secret_refs = [{
"name": "secret1",
"secret_ref": self.secret_ref_1
}, {
"name": "secret2",
"secret_ref": self.secret_ref_2
}, {
"name": "secret3",
"secret_ref": self.secret_ref_3
}]
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(resp.status_code, 400)
def test_create_rsa_change_host_header(self, **kwargs):
"""Create a container with a (possibly) malicious host name header."""
test_model = container_models.ContainerModel(**self.default_data)
malicious_hostname = 'some.bad.server.com'
changed_host_header = {'Host': malicious_hostname}
resp, container_ref = self.behaviors.create_container(
test_model, extra_headers=changed_host_header)
self.assertEqual(resp.status_code, 201)
# get Location field from result and assert that it is NOT the
# malicious one.
regex = '.*{0}.*'.format(malicious_hostname)
self.assertNotRegexpMatches(resp.headers['location'], regex)
def test_containers_get_defaults(self):
"""Covers getting a list of containers."""
limit = 10
offset = 0
test_model = container_models.ContainerModel(
**create_container_defaults_data)
for i in range(11):
resp, container_ref = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
self.assertGreater(len(container_ref), 0)
resp, containers, next_ref, prev_ref = self.behaviors.get_containers(
limit=limit, offset=offset)
self.assertEqual(200, resp.status_code)
self.assertEqual(limit, len(containers))
self.assertIsNone(prev_ref)
self.assertIsNotNone(next_ref)
def test_get_rsa_change_host_with_header_allowed(self, **kwargs):
"""Get a container with a alternative proxy host name header."""
test_model = container_models.ContainerModel(**self.default_data)
another_proxy_hostname = 'proxy2.server.com'
changed_host_header = {'Host': another_proxy_hostname}
# In test, cannot pass different host header during create as returned
# container_href in response contains that host in url. That url is
# used in deleting that container during cleanup step.
resp, container_href = self.behaviors.create_container(test_model)
self.assertEqual(201, resp.status_code)
resp = self.behaviors.get_container(container_href,
extra_headers=changed_host_header)
# Assert that returned href has provided proxy hostname
regex = '.*{0}.*'.format(another_proxy_hostname)
self.assertRegex(resp.model.container_ref, regex)
def test_rbac_store_container(self, user, admin, expected_return):
"""Test RBAC for container store
Issue a container store and verify that the correct
http return code comes back for the specified user.
:param user: the user who will attempt to do the store
:param admin: the admin of the group containing the user
:param expected_return: the expected http return code
"""
test_model = secret_models.SecretModel(**get_default_secret_data())
resp, secret_ref = self.secret_behaviors.create_secret(test_model,
user_name=admin,
admin=admin)
self.assertEqual(201, resp.status_code)
test_model = container_models.ContainerModel(
**get_container_req(secret_ref))
resp, container_ref = self.container_behaviors.create_container(
test_model, user_name=user, admin=admin)
self.assertEqual(expected_return, resp.status_code)
def create_asymmetric_key_container(self):
secret_model = secret_models.SecretModel(**get_private_key_req())
secret_model.secret_type = s.SecretType.PRIVATE
resp, secret_ref_priv = self.secret_behaviors.create_secret(
secret_model)
self.assertEqual(201, resp.status_code)
secret_model = secret_models.SecretModel(**get_public_key_req())
secret_model.secret_type = s.SecretType.PUBLIC
resp, secret_ref_pub = self.secret_behaviors.create_secret(
secret_model)
self.assertEqual(201, resp.status_code)
pub_key_ref = {'name': 'public_key', 'secret_ref': secret_ref_pub}
priv_key_ref = {'name': 'private_key', 'secret_ref': secret_ref_priv}
test_model = container_models.ContainerModel(
**create_container_rsa_data)
test_model.secret_refs = [pub_key_ref, priv_key_ref]
resp, container_ref = self.container_behaviors.create_container(
test_model)
self.assertEqual(201, resp.status_code)
return container_ref
