def test_stress_post_token_and_host(client): my_auth_id = random_uuid() test_post_authority(client, my_auth_id) # Generate a single RSA key pair and reuse it - it takes a few seconds. key = RSA.generate(2048) pub_key = key.publickey().exportKey('OpenSSH') fingerprint = sshpubkeys.SSHKey(pub_key).hash_md5() # Should do about 15 iterations/second, so only do 4 seconds worth. start = time.time() for i in range(60): hid = random_uuid() token = token_request(auth=my_auth_id, host=hid) response = client.simulate_post('/hosttokens', body=json.dumps(token)) assert response.status == falcon.HTTP_CREATED assert 'location' in response.headers location_path = response.headers['location'].split('/') assert location_path[1] == 'hosttokens' token_id = location_path[-1] # Verify that it's a valid UUID uuid.UUID(token_id, version=4) host = host_request(token_id, host=hid, pub_key=pub_key) response = client.simulate_post('/hostcerts', body=json.dumps(host)) assert response.status == falcon.HTTP_CREATED assert 'location' in response.headers location = response.headers['location'].split('/') assert location[1] == 'hostcerts' assert location[2] == hid assert location[3] == fingerprint assert time.time() - start < 5
def test_post_host_with_wrong_host_id(client): # Get a new token for the same host_id as the base test. token = token_request(host=random_uuid()) response = client.simulate_post('/hosttokens', body=json.dumps(token)) assert response.status == falcon.HTTP_CREATED assert 'location' in response.headers location_path = response.headers['location'].split('/') assert location_path[1] == 'hosttokens' # Use the token with a different host_id than it was created for. # Use a different public key to avoid other error conditions. key = RSA.generate(2048) pub_key = key.publickey().exportKey('OpenSSH') host = host_request(location_path[-1], random_uuid(), pub_key) response = client.simulate_post('/hostcerts', body=json.dumps(host)) assert response.status == falcon.HTTP_CONFLICT
def test_post_novavendordata(client): req = vendordata_request(auth_id, random_uuid()) response = client.simulate_post('/novavendordata', body=json.dumps(req)) assert response.status == falcon.HTTP_CREATED assert 'location' in response.headers location_path = response.headers['location'].split('/') assert location_path[1] == 'hosttokens' vendordata = json.loads(response.content) assert 'token' in vendordata assert vendordata['token'] == location_path[-1] assert 'auth_pub_key_user' in vendordata assert vendordata['auth_pub_key_user'] == auth_user_pub_key assert 'principals' in vendordata assert vendordata['principals'] == 'admin'
def test_post_host_with_bogus_token(client): host = host_request(random_uuid(), random_uuid()) response = client.simulate_post('/hostcerts', body=json.dumps(host)) assert response.status == falcon.HTTP_NOT_FOUND
def test_post_token_unknown_auth(client): token = token_request(auth=random_uuid()) response = client.simulate_post('/hosttokens', body=json.dumps(token)) assert response.status == falcon.HTTP_NOT_FOUND
def test_get_host_doesnt_exist(client): response = client.simulate_get('/hostcerts/' + random_uuid() + '/' + host_fingerprint) assert response.status == falcon.HTTP_NOT_FOUND
def test_post_host_bad_uuid(client): for key in ['token_id', 'host_id']: body = host_request(random_uuid()) body[key] = 'foobar' response = client.simulate_post('/hosttokens', body=json.dumps(body)) assert response.status == falcon.HTTP_BAD_REQUEST
def test_post_user_unknown_auth(client): body = user_request(auth=random_uuid()) response = client.simulate_post('/usercerts', body=json.dumps(body)) assert response.status == falcon.HTTP_NOT_FOUND
def test_get_authority_doesnt_exist(client): response = client.simulate_get('/authorities/' + random_uuid()) assert response.status == falcon.HTTP_NOT_FOUND
@pytest.fixture def db(): return SQLAlchemySessionManager() @pytest.fixture def client(db): api = create_app(db) return testing.TestClient(api) token_id = '' host_id = random_uuid() host_key = RSA.generate(2048) host_pub_key = host_key.publickey().exportKey('OpenSSH') host_fingerprint = sshpubkeys.SSHKey(host_pub_key).hash_md5() user_id = random_uuid() user_key = RSA.generate(2048) user_pub_key = user_key.publickey().exportKey('OpenSSH') user_fingerprint = sshpubkeys.SSHKey(user_pub_key).hash_md5() auth_id = random_uuid() auth_user_pub_key = None @pytest.mark.dependency() def test_post_authority(client, auth_id=auth_id):
def test_host_certificate_generation(): project_id = random_uuid() response = requests.post( server + '/authorities', data=json.dumps({'auth_id': project_id}) ) assert response.status_code == 201 assert 'location' in response.headers assert response.headers['location'] == '/authorities/' + project_id response = requests.get(server + response.headers['location']) assert response.status_code == 200 auth = json.loads(response.content) assert 'auth_id' in auth assert auth['auth_id'] == project_id assert 'user_pub_key' in auth assert 'host_pub_key' in auth ca_user = auth['user_pub_key'] key = RSA.generate(2048) pub_key = key.publickey().exportKey('OpenSSH') fingerprint = sshpubkeys.SSHKey(pub_key).hash_md5() for i in range(1): instance_id = random_uuid() hostname = 'host{}'.format(i) # Simulate Nova's separate requests for each version of metadata API vendordata = None token = None for j in range(3): response = requests.post( server + '/novavendordata', data=json.dumps( vendordata_request(instance_id, project_id, hostname)) ) assert response.status_code == 201 assert 'location' in response.headers location_path = response.headers['location'].split('/') assert location_path[1] == 'hosttokens' vendordata = json.loads(response.content) assert 'token' in vendordata tok = vendordata['token'] if token is None: token = tok else: assert token == tok assert token == location_path[-1] assert 'auth_pub_key_user' in vendordata assert vendordata['auth_pub_key_user'] == ca_user assert 'principals' in vendordata assert vendordata['principals'] == 'admin' response = requests.post( server + '/noauth/hostcerts', data=json.dumps(host_request(token, instance_id, pub_key)) ) assert response.status_code == 201 assert 'location' in response.headers location = response.headers['location'] location_path = location.split('/') assert location_path[1] == 'hostcerts' assert location_path[2] == instance_id assert location_path[3] == fingerprint response = requests.get(server + location) assert response.status_code == 200 hostcert = json.loads(response.content) assert 'host_id' in hostcert assert hostcert['host_id'] == instance_id assert 'fingerprint' in hostcert assert hostcert['fingerprint'] assert 'auth_id' in hostcert auth_id = str(uuid.UUID(hostcert['auth_id'], version=4)) assert auth_id == project_id assert 'cert' in hostcert