def test_get_token(self): """An identity token can be gotten from a OTPPrincipal. The token returned is that of the stored credentials, not the serialized one time password principal. """ self.set_otp_test_ace() principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") self.assertEqual(principal.get_token(), make_identity("foobar:secret")) self.assertEqual(principal.name, "foobar")
def test_serialize(self): """The principal can be serialized to just the OTP data.""" self.set_otp_test_ace() principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") otp_data = principal.serialize() path, user, password = base64.b64decode(otp_data).split(":") acl, stat = yield self.client.get_acl(path) self.assertEqual(principal.get_token(), make_identity("foobar:secret")) self.assertEqual(principal.name, "foobar")
def test_consume(self): """The OTP serialization can be used to retrievethe actual credentials. """ principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") otp_data = principal.serialize() path, _ = base64.b64decode(otp_data).split(":", 1) acl, stat = yield self.client.get_acl(path) # Verify that the OTP data is secure yield self.assertFailure( self.client.get(path), zookeeper.NoAuthException) name, password = yield OTPPrincipal.consume(self.client, otp_data) self.assertEqual(name, "foobar") self.assertEqual(password, "secret") children = yield self.client.get_children("/otp") self.assertFalse(children)
def test_consume(self): """The OTP serialization can be used to retrievethe actual credentials. """ principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") otp_data = principal.serialize() path, _ = base64.b64decode(otp_data).split(":", 1) acl, stat = yield self.client.get_acl(path) # Verify that the OTP data is secure yield self.assertFailure(self.client.get(path), zookeeper.NoAuthException) name, password = yield OTPPrincipal.consume(self.client, otp_data) self.assertEqual(name, "foobar") self.assertEqual(password, "secret") children = yield self.client.get_children("/otp") self.assertFalse(children)
def test_using_uncreated_raises(self): """Principals have names.""" principal = OTPPrincipal(self.client) try: principal.name except RuntimeError: pass else: self.fail("Use of an uncreated OTP principal should raise error.")
def test_create(self): """A principal can be used with a client connection.""" self.set_otp_test_ace() principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") children = yield self.client.get_children("/otp") self.assertEqual(len(children), 1) otp_path = "/otp/%s" % (children.pop()) data, stat = yield self.client.get(otp_path) credentials = yaml.load(data) self.assertEqual(credentials["name"], "foobar") self.assertEqual(credentials["password"], "secret") acl, stat = yield self.client.get_acl(otp_path) self.assertEqual(len(acl), 2)
def set_otp_test_ace(self, test_ace=ZOO_OPEN_ACL_UNSAFE): """Set an additional OTP ACL entry for test cleanup.""" OTPPrincipal.set_additional_otp_ace(test_ace) self.addCleanup(lambda: OTPPrincipal.set_additional_otp_ace(None))