def test_help_command_line_arg_works_for_supported_commands(self):
shell = Shell()
for command in self.COMMANDS:
# First test longhang notation
argv = command + ['--help']
try:
result = shell.run(argv)
except SystemExit as e:
self.assertEqual(e.code, 0)
else:
self.assertEqual(result, 0)
stdout = self.stdout.getvalue()
self.assertTrue('usage:' in stdout)
self.assertTrue(' '.join(command) in stdout)
# self.assertTrue('positional arguments:' in stdout)
self.assertTrue('optional arguments:' in stdout)
# Reset stdout and stderr after each iteration
self._reset_output_streams()
# Then shorthand notation
argv = command + ['-h']
try:
result = shell.run(argv)
except SystemExit as e:
self.assertEqual(e.code, 0)
else:
self.assertEqual(result, 0)
stdout = self.stdout.getvalue()
self.assertTrue('usage:' in stdout)
self.assertTrue(' '.join(command) in stdout)
# self.assertTrue('positional arguments:' in stdout)
self.assertTrue('optional arguments:' in stdout)
# Verify that the actual help usage string was triggered and not the invalid
# "too few arguments" which would indicate command doesn't actually correctly handle
# --help flag
self.assertTrue('too few arguments' not in stdout)
self._reset_output_streams()
def test_cache_auth_token_invalid_permissions(self):
shell = Shell()
username = '******'
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=30)
token_db = TokenDB(user=username, token='fyeah', expiry=expiry)
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user has no write access to the parent directory
os.chmod(self._mock_config_directory_path, 0o000)
shell.LOG = mock.Mock()
shell._cache_auth_token(token_obj=token_db)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Unable to write token to .*? doesn\'t have write access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Current user has no write access to the cached token file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o000)
shell.LOG = mock.Mock()
shell._cache_auth_token(token_obj=token_db)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Unable to write token to .*? doesn\'t have write access to this file'
)
self.assertRegexpMatches(log_message, expected_msg)
def test_cache_auth_token_success(self):
client = Client()
shell = Shell()
username = '******'
password = '******'
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=30)
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
token_db = TokenDB(user=username, token='fyeah', expiry=expiry)
shell._cache_auth_token(token_obj=token_db)
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, 'fyeah')
def test_get_cached_auth_token_valid_token_in_cache_file(self):
client = Client()
shell = Shell()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, 'yayvalid')
def test_get_cached_auth_token_corrupted_token_cache_file(self):
client = Client()
shell = Shell()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
with open(cached_token_path, 'w') as fp:
fp.write('CORRRRRUPTED!')
expected_msg = 'File (.+) with cached token is corrupted or invalid'
self.assertRaisesRegexp(ValueError,
expected_msg,
shell._get_cached_auth_token,
client=client,
username=username,
password=password)
def test_get_cached_auth_token_valid_token_in_cache_file(self):
client = Client()
shell = Shell()
username = "******"
password = "******"
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
data = {
"token": "yayvalid",
"expire_timestamp": (int(time.time()) + 20)
}
with open(cached_token_path, "w") as fp:
fp.write(json.dumps(data))
result = shell._get_cached_auth_token(client=client,
username=username,
password=password)
self.assertEqual(result, "yayvalid")
def test_get_cached_auth_token_corrupted_token_cache_file(self):
client = Client()
shell = Shell()
username = "******"
password = "******"
cached_token_path = shell._get_cached_token_path_for_user(username=username)
with open(cached_token_path, "w") as fp:
fp.write("CORRRRRUPTED!")
expected_msg = "File (.+) with cached token is corrupted or invalid"
self.assertRaisesRegexp(
ValueError,
expected_msg,
shell._get_cached_auth_token,
client=client,
username=username,
password=password,
)
def test_dont_warn_multiple_times(self):
mock_temp_dir_path = tempfile.mkdtemp()
mock_config_dir_path = os.path.join(mock_temp_dir_path, "testconfig")
mock_config_path = os.path.join(mock_config_dir_path, "config")
# Make the temporary config directory
os.makedirs(mock_config_dir_path)
old_perms = os.stat(mock_config_dir_path).st_mode
new_perms = old_perms | 0o7
os.chmod(mock_config_dir_path, new_perms)
# Make the temporary config file
shutil.copyfile(CONFIG_FILE_PATH_FULL, mock_config_path)
os.chmod(mock_config_path, 0o777) # nosec
shell = Shell()
shell.LOG = mock.Mock()
# Test without token.
shell.run(["--config-file", mock_config_path, "action", "list"])
self.assertEqual(shell.LOG.warn.call_count, 2)
self.assertEqual(
shell.LOG.warn.call_args_list[0][0][0][:63],
"The StackStorm configuration directory permissions are insecure",
)
self.assertEqual(
shell.LOG.warn.call_args_list[1][0][0][:58],
"The StackStorm configuration file permissions are insecure",
)
self.assertEqual(shell.LOG.info.call_count, 2)
self.assertEqual(
shell.LOG.info.call_args_list[0][0][0],
"The SGID bit is not "
"set on the StackStorm configuration directory.",
)
self.assertEqual(shell.LOG.info.call_args_list[1][0][0],
"Skipping parsing CLI config")
def __init__(self, *args, **kwargs):
super(TestShell, self).__init__(*args, **kwargs)
self.shell = Shell()
def __init__(self, *args, **kwargs):
super(ShellTestCase, self).__init__(*args, **kwargs)
self.shell = Shell()
def test_get_cached_auth_token_invalid_permissions(self):
shell = Shell()
client = Client()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user doesn't have read access to the config directory
os.chmod(self._mock_config_directory_path, 0o000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client,
username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Unable to retrieve cached token from .*? read access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Read access on the directory, but not on the cached token file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client,
username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Unable to retrieve cached token from .*? read access to this file'
)
self.assertRegexpMatches(log_message, expected_msg)
# 3. Other users also have read access to the file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o444)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client,
username=username,
password=password)
self.assertEqual(result, 'yayvalid')
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Permissions .*? for cached token file .*? are too permissive.*')
self.assertRegexpMatches(log_message, expected_msg)
def __init__(self, *args, **kwargs):
super(ActionExecutionTailCommandTestCase,
self).__init__(*args, **kwargs)
self.shell = Shell()
def test_non_unicode_encoding_locale_warning_is_printed(self, mock_logger):
shell = Shell()
shell.run(argv=['trigger', 'list'])
call_args = mock_logger.warn.call_args[0][0]
self.assertTrue('Locale en_US with encoding iso which is not UTF-8 is used.' in call_args)
