def test_create_rsa_name(self, name): """Covers creating rsa containers with various names.""" test_model = container_models.ContainerModel(**self.default_data) test_model.name = name resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 201)
def test_container_get_rsa(self): """Covers getting an rsa container.""" test_model = container_models.ContainerModel( **create_container_rsa_data) secret_refs = [] for secret_ref in test_model.secret_refs: secret_refs.append(secret_ref['secret_ref']) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0) get_resp = self.behaviors.get_container(container_ref) # Verify the response data self.assertEqual(200, get_resp.status_code) self.assertEqual("rsacontainer", get_resp.model.name) self.assertEqual(container_ref, get_resp.model.container_ref) self.assertEqual("rsa", get_resp.model.type) # Verify the secret refs in the response self.assertEqual(3, len(get_resp.model.secret_refs)) self.assertIn(get_resp.model.secret_refs[0].secret_ref, secret_refs) self.assertIn(get_resp.model.secret_refs[1].secret_ref, secret_refs) self.assertIn(get_resp.model.secret_refs[2].secret_ref, secret_refs)
def test_create_defaults_invalid_type(self): """Container creating should fail with an invalid container type.""" test_model = container_models.ContainerModel(**self.default_data) test_model.type = 'bad_type' resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 400)
def setUp(self): super(ConsumersTestCase, self).setUp() self.secret_behaviors = secret_behaviors.SecretBehaviors(self.client) self.container_behaviors = container_behaviors.ContainerBehaviors( self.client) self.consumer_behaviors = consumer_behaviors.ConsumerBehaviors( self.client) self.consumer_data = copy.deepcopy(self.default_data) # Set up two secrets secret_ref_1 = self._create_a_secret() secret_ref_2 = self._create_a_secret() # Create a container with our secrets create_container_data['secret_refs'][0]['secret_ref'] = secret_ref_1 create_container_data['secret_refs'][1]['secret_ref'] = secret_ref_2 container_model = container_models.ContainerModel( **create_container_data) resp, container_ref = self.container_behaviors.create_container( container_model) self.assertEqual(resp.status_code, 201) self.assertIsNotNone(container_ref) self.container_ref = container_ref
def test_container_get_defaults_w_valid_name(self, name): """Covers getting a generic container with a three secrets.""" test_model = container_models.ContainerModel( **create_container_defaults_data) overrides = {'name': name} test_model.override_values(**overrides) secret_refs = [] for secret_ref in test_model.secret_refs: secret_refs.append(secret_ref['secret_ref']) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0) get_resp = self.behaviors.get_container(container_ref) # Verify the response data self.assertEqual(200, get_resp.status_code) self.assertEqual(test_model.name, get_resp.model.name) self.assertEqual(container_ref, get_resp.model.container_ref) self.assertEqual(test_model.type, get_resp.model.type) # Verify the secret refs in the response self.assertEqual(3, len(get_resp.model.secret_refs)) self.assertIn(get_resp.model.secret_refs[0].secret_ref, secret_refs) self.assertIn(get_resp.model.secret_refs[1].secret_ref, secret_refs) self.assertIn(get_resp.model.secret_refs[2].secret_ref, secret_refs)
def _create_cert_container(self, private_key_ref, tls_certificate_ref, passphrase_ref=None, intermediates_ref=None): container_data = copy.deepcopy(self.container_default_data) self._add_secret_ref_to_container(container_data, "certificate", tls_certificate_ref) self._add_secret_ref_to_container(container_data, "private_key", private_key_ref) if passphrase_ref: self._add_secret_ref_to_container(container_data, "private_key_passphrase", passphrase_ref) if intermediates_ref: self._add_secret_ref_to_container(container_data, "intermediates", intermediates_ref) test_model = container_models.ContainerModel( **container_data) resp, container_ref = self.container_behaviors.create_container( test_model) self.assertEqual(201, resp.status_code) self.assertIsNotNone(container_ref) return container_ref
def test_create_defaults_none_secret_name(self): """Covers creating a container with None as a secret name.""" test_model = container_models.ContainerModel(**self.default_data) test_model.name = None resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 201)
def _create_populated_generic_container(self): # Set up two secrets secret_ref_1 = self._create_a_secret() secret_ref_2 = self._create_a_secret() # Create a generic container with our secrets generic_container_data = copy.deepcopy(create_generic_container_data) self._add_secret_ref_to_container(generic_container_data, 'secret_ref_1', secret_ref_1) self._add_secret_ref_to_container(generic_container_data, 'secret_ref_2', secret_ref_2) container_model = container_models.ContainerModel( **generic_container_data ) resp, container_ref = self.container_behaviors.create_container( container_model ) self.assertEqual(201, resp.status_code) self.assertIsNotNone(container_ref) return container_ref
def test_container_create_rsa(self): """Create an RSA container with expected secret refs.""" test_model = container_models.ContainerModel( **create_container_rsa_data) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0)
def test_container_create_defaults(self): """Covers creating a container with three secret refs.""" test_model = container_models.ContainerModel( **create_container_defaults_data) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0)
def test_container_create_empty(self): """Covers creating an empty generic container.""" test_model = container_models.ContainerModel( **create_container_empty_data) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0)
def store_container(self, user_name=creator_a, admin=admin_a): secret_ref = self.store_secret(user_name=user_name, admin=admin) test_model = container_models.ContainerModel( **get_container_req(secret_ref)) resp, container_ref = self.container_behaviors.create_container( test_model, user_name=user_name, admin=admin) self.assertEqual(201, resp.status_code) return container_ref
def test_create_defaults_duplicate_secret_refs(self): """Covers creating a container with a duplicated secret ref.""" test_model = container_models.ContainerModel(**self.default_data) test_model.secret_refs[0]['secret_ref'] = self.secret_ref_1 test_model.secret_refs[1]['secret_ref'] = self.secret_ref_1 test_model.secret_refs[2]['secret_ref'] = self.secret_ref_1 resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 400)
def test_create_rsa_no_passphrase(self): """Covers creating an rsa container without a passphrase.""" pub_key_ref = {'name': 'public_key', 'secret_ref': self.secret_ref_1} priv_key_ref = {'name': 'private_key', 'secret_ref': self.secret_ref_2} test_model = container_models.ContainerModel(**self.default_data) test_model.secret_refs = [pub_key_ref, priv_key_ref] resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 201)
def test_create_rsa_no_private_key(self): """Creating an rsa container without a private key should fail. RSA containers must have at least a public key and private key. """ test_model = container_models.ContainerModel(**self.default_data) test_model.secret_refs[1]['name'] = 'secret_1' resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 400)
def test_unauthed_create_no_proj_id(self): """Attempt to create a container without a token or project id Should return 401 """ model = container_models.ContainerModel(**create_container_data) resp = self.client.post('containers', request_model=model, use_auth=False) self.assertEqual(401, resp.status_code)
def create_containers(self, count=1, expected_return=201): """Utility function to create containers""" container_ref = None for _ in range(count): secret_ref = self.create_secrets() test_model = container_models.ContainerModel( **self.get_container_req(secret_ref)) resp, container_ref = self.container_behaviors.create_container( test_model, user_name=admin_b) self.assertEqual(expected_return, resp.status_code) return container_ref
def store_container(self, public_key_secret_ref, private_key_secret_ref, passphrase_secret_ref=None): test_model = container_models.ContainerModel( **get_container_req(public_key_secret_ref, private_key_secret_ref, passphrase_secret_ref)) resp, container_ref = self.container_behaviors.create_container( test_model) self.assertEqual(201, resp.status_code) return container_ref
def test_create_defaults_size(self, num_secrets): """Covers creating containers of various sizes.""" test_model = container_models.ContainerModel(**self.default_data) for i in range(0, num_secrets): secret_ref = self._create_a_secret() test_model.secret_refs.append({ 'name': 'other_secret{0}'.format(i), 'secret_ref': secret_ref }) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 201)
def test_container_delete_defaults(self): """Covers deleting a container.""" test_model = container_models.ContainerModel( **create_container_defaults_data) resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0) del_resp = self.behaviors.delete_container(container_ref) self.assertEqual(204, del_resp.status_code) self.assertEqual(0, len(del_resp.content))
def test_unauthed_create_with_proj_id(self): """Attempt to create a container with a project id, but not a token Should return 401 """ model = container_models.ContainerModel(**create_container_data) headers = {'X-Project-Id': self.dummy_project_id} resp = self.client.post('containers', request_model=model, use_auth=False, extra_headers=headers) self.assertEqual(401, resp.status_code)
def test_unauthed_create_huge_dummy_token_no_proj_id(self): """Attempt to create a container with a dummy token, and no project id Should return 401 """ model = container_models.ContainerModel(**create_container_data) headers = {'X-Auth-Token': 'a' * 3500} resp = self.client.post('containers', request_model=model, use_auth=False, extra_headers=headers) self.assertEqual(401, resp.status_code)
def create_generic_container(self): secret_model = secret_models.SecretModel(**get_private_key_req()) secret_model.secret_type = s.SecretType.PRIVATE resp, secret_ref = self.secret_behaviors.create_secret(secret_model) self.assertEqual(201, resp.status_code) test_model = container_models.ContainerModel(**create_generic_container_data) test_model.secret_refs = [{ 'name': 'my_secret', 'secret_ref': secret_ref }] resp, container_ref = self.container_behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) return container_ref
def test_create_defaults_secret_name(self, name=None): """Covers creating containers with various secret ref names.""" test_model = container_models.ContainerModel(**self.default_data) test_model.secret_refs = [{ 'name': name, 'secret_ref': self.secret_ref_1 }] resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 201) get_resp = self.behaviors.get_container(container_ref) self.assertEqual(get_resp.status_code, 200) self.assertEqual(get_resp.model.secret_refs[0].name, name)
def test_create_rsa_invalid_key_names(self): """Covers creating an RSA container with incorrect names.""" test_model = container_models.ContainerModel(**self.default_data) test_model.secret_refs = [{ "name": "secret1", "secret_ref": self.secret_ref_1 }, { "name": "secret2", "secret_ref": self.secret_ref_2 }, { "name": "secret3", "secret_ref": self.secret_ref_3 }] resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(resp.status_code, 400)
def test_create_rsa_change_host_header(self, **kwargs): """Create a container with a (possibly) malicious host name header.""" test_model = container_models.ContainerModel(**self.default_data) malicious_hostname = 'some.bad.server.com' changed_host_header = {'Host': malicious_hostname} resp, container_ref = self.behaviors.create_container( test_model, extra_headers=changed_host_header) self.assertEqual(resp.status_code, 201) # get Location field from result and assert that it is NOT the # malicious one. regex = '.*{0}.*'.format(malicious_hostname) self.assertNotRegexpMatches(resp.headers['location'], regex)
def test_containers_get_defaults(self): """Covers getting a list of containers.""" limit = 10 offset = 0 test_model = container_models.ContainerModel( **create_container_defaults_data) for i in range(11): resp, container_ref = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) self.assertGreater(len(container_ref), 0) resp, containers, next_ref, prev_ref = self.behaviors.get_containers( limit=limit, offset=offset) self.assertEqual(200, resp.status_code) self.assertEqual(limit, len(containers)) self.assertIsNone(prev_ref) self.assertIsNotNone(next_ref)
def test_get_rsa_change_host_with_header_allowed(self, **kwargs): """Get a container with a alternative proxy host name header.""" test_model = container_models.ContainerModel(**self.default_data) another_proxy_hostname = 'proxy2.server.com' changed_host_header = {'Host': another_proxy_hostname} # In test, cannot pass different host header during create as returned # container_href in response contains that host in url. That url is # used in deleting that container during cleanup step. resp, container_href = self.behaviors.create_container(test_model) self.assertEqual(201, resp.status_code) resp = self.behaviors.get_container(container_href, extra_headers=changed_host_header) # Assert that returned href has provided proxy hostname regex = '.*{0}.*'.format(another_proxy_hostname) self.assertRegex(resp.model.container_ref, regex)
def test_rbac_store_container(self, user, admin, expected_return): """Test RBAC for container store Issue a container store and verify that the correct http return code comes back for the specified user. :param user: the user who will attempt to do the store :param admin: the admin of the group containing the user :param expected_return: the expected http return code """ test_model = secret_models.SecretModel(**get_default_secret_data()) resp, secret_ref = self.secret_behaviors.create_secret(test_model, user_name=admin, admin=admin) self.assertEqual(201, resp.status_code) test_model = container_models.ContainerModel( **get_container_req(secret_ref)) resp, container_ref = self.container_behaviors.create_container( test_model, user_name=user, admin=admin) self.assertEqual(expected_return, resp.status_code)
def create_asymmetric_key_container(self): secret_model = secret_models.SecretModel(**get_private_key_req()) secret_model.secret_type = s.SecretType.PRIVATE resp, secret_ref_priv = self.secret_behaviors.create_secret( secret_model) self.assertEqual(201, resp.status_code) secret_model = secret_models.SecretModel(**get_public_key_req()) secret_model.secret_type = s.SecretType.PUBLIC resp, secret_ref_pub = self.secret_behaviors.create_secret( secret_model) self.assertEqual(201, resp.status_code) pub_key_ref = {'name': 'public_key', 'secret_ref': secret_ref_pub} priv_key_ref = {'name': 'private_key', 'secret_ref': secret_ref_priv} test_model = container_models.ContainerModel( **create_container_rsa_data) test_model.secret_refs = [pub_key_ref, priv_key_ref] resp, container_ref = self.container_behaviors.create_container( test_model) self.assertEqual(201, resp.status_code) return container_ref