def test_http_403(self): res = ndb.Future() res.set_result(self.Response(403, 'Not authorized')) self.mock(delegation, '_urlfetch_async', lambda **_k: res) with self.assertRaises(delegation.DelegationAuthorizationError): delegation.delegate(auth_service_url='https://example.com')
def test_http_500(self): res = ndb.Future() res.set_result(self.Response(500, 'Server internal error')) self.mock(delegation, '_urlfetch_async', lambda **_k: res) with self.assertRaises(delegation.DelegationTokenCreationError): delegation.delegate(auth_service_url='https://example.com')
def test_http_403(self): res = ndb.Future() res.set_result(self.Response(403, 'Not authorized')) self.mock(delegation, '_urlfetch_async', lambda **_k: res) with self.assertRaises(delegation.DelegationAuthorizationError): delegation.delegate(auth_service_url='https://example.com')
def test_http_500(self): res = ndb.Future() res.set_result(self.Response(500, 'Server internal error')) self.mock(delegation, '_urlfetch_async', lambda **_k: res) with self.assertRaises(delegation.DelegationTokenCreationError): delegation.delegate(auth_service_url='https://example.com')
def test_http_403(self): res = ndb.Future() res.set_result(self.Response(403, 'Not authorized')) self.mock(service_account, '_urlfetch_async', lambda **_k: res) with self.assertRaises(exceptions.TokenAuthorizationError): delegation.delegate(audience=['*'], services=['*'], token_server_url='https://example.com')
def test_http_500(self): res = ndb.Future() res.set_result(self.Response(500, 'Server internal error')) self.mock(service_account, '_urlfetch_async', lambda **_k: res) with self.assertRaises(exceptions.TokenCreationError): delegation.delegate(audience=['*'], services=['*'], token_server_url='https://example.com')
def test_success(self): self.mock_now(datetime.datetime(2015, 1, 1)) @ndb.tasklet def urlfetch(url, payload, **_rest): urlfetch.called = True self.assertEqual( url, 'https://tokens.example.com/prpc/tokenserver.minter.TokenMinter/' 'MintDelegationToken') payload = json.loads(payload) self.assertEqual(payload, urlfetch.expected_payload) res = { 'token': 'deadbeef', 'serviceVersion': 'app-id/version-id', 'delegationSubtoken': { 'kind': 'BEARER_DELEGATION_TOKEN', 'validityDuration': payload['validityDuration'], 'subtokenId': '12345', }, } raise ndb.Return( self.Response(200, ")]}'\n" + json.dumps(res, sort_keys=True))) urlfetch.expected_payload = { u'audience': [ u'REQUESTOR', u'group:g', u'user:[email protected]', u'user:[email protected]', ], u'services': [u'https://example.com', u'service:1', u'service:2'], u'delegatedIdentity': u'user:[email protected]', u'tags': [u'a:b', u'c:d'], u'validityDuration': 3000, } urlfetch.called = False self.mock(delegation, '_urlfetch_async', urlfetch) model.AuthReplicationState( key=model.replication_state_key(), primary_url='https://auth.example.com', primary_id='example-app-id', ).put() model.AuthGlobalConfig( key=model.root_key(), token_server_url='https://tokens.example.com', ).put() args = { 'audience': [ 'user:[email protected]', model.Identity('user', '*****@*****.**'), 'group:g', 'REQUESTOR', ], 'services': [ 'service:1', model.Identity('service', '2'), 'https://example.com', ], 'max_validity_duration_sec': 3000, 'impersonate': model.Identity('user', '*****@*****.**'), 'tags': ['c:d', 'a:b'], } result = delegation.delegate(**args) self.assertTrue(urlfetch.called) self.assertEqual(result.token, 'deadbeef') self.assertEqual(result.expiry, utils.utcnow() + datetime.timedelta(seconds=3000)) # Get from cache. urlfetch.called = False delegation.delegate(**args) self.assertFalse(urlfetch.called) # Get from cache with larger validity duration. urlfetch.called = False args['min_validity_duration_sec'] = 5000 args['max_validity_duration_sec'] = 5000 urlfetch.expected_payload['validityDuration'] = 5000 result = delegation.delegate(**args) self.assertTrue(urlfetch.called) self.assertEqual(result.token, 'deadbeef') self.assertEqual(result.expiry, utils.utcnow() + datetime.timedelta(seconds=5000)) self.assertTrue(urlfetch.called)
def test_success(self): self.mock_now(datetime.datetime(2015, 1, 1)) @ndb.tasklet def urlfetch(url, payload, **_rest): urlfetch.called = True self.assertEqual( url, 'https://example.com/auth_service/api/v1/delegation/token/create' ) payload = json.loads(payload) self.assertEqual(payload, urlfetch.expected_payload) res = { 'delegation_token': 'deadbeef', 'validity_duration': payload['validity_duration'], } raise ndb.Return( self.Response(200, json.dumps(res, sort_keys=True))) urlfetch.expected_payload = { 'audience': [ 'group:g', 'user:[email protected]', 'user:[email protected]', ], 'services': ['service:1', 'service:2'], 'validity_duration': 3000, 'impersonate': 'user:[email protected]', } urlfetch.called = False self.mock(delegation, '_urlfetch_async', urlfetch) model.AuthReplicationState( key=model.replication_state_key(), primary_url='https://example.com', primary_id='example-app-id', ).put() args = { 'audience': [ 'user:[email protected]', model.Identity('user', '*****@*****.**'), 'group:g', ], 'services': ['service:1', model.Identity('service', '2')], 'max_validity_duration_sec': 3000, 'impersonate': model.Identity('user', '*****@*****.**'), } result = delegation.delegate(**args) self.assertTrue(urlfetch.called) self.assertEqual(result.token, 'deadbeef') self.assertEqual(result.expiry, utils.utcnow() + datetime.timedelta(seconds=3000)) # Get from cache. urlfetch.called = False delegation.delegate(**args) # must not increase urlfetch.call_count self.assertFalse(urlfetch.called) # Get from cache with larger validity duration. urlfetch.called = False args['min_validity_duration_sec'] = 5000 args['max_validity_duration_sec'] = 5000 urlfetch.expected_payload['validity_duration'] = 5000 result = delegation.delegate(**args) self.assertTrue(urlfetch.called) self.assertEqual(result.token, 'deadbeef') self.assertEqual(result.expiry, utils.utcnow() + datetime.timedelta(seconds=5000)) self.assertTrue(urlfetch.called)
def test_success(self): self.mock_now(datetime.datetime(2015, 1, 1)) @ndb.tasklet def urlfetch(url, payload, **_rest): urlfetch.called = True self.assertEqual( url, 'https://example.com/auth_service/api/v1/delegation/token/create') payload = json.loads(payload) self.assertEqual(payload, urlfetch.expected_payload) res = { 'delegation_token': 'deadbeef', 'validity_duration': payload['validity_duration'], } raise ndb.Return(self.Response(200, json.dumps(res, sort_keys=True))) urlfetch.expected_payload = { 'audience': [ 'user:[email protected]', 'user:[email protected]', 'group:g' ], 'services': ['service:1', 'service:2'], 'validity_duration': 3000, 'impersonate': 'user:[email protected]', } urlfetch.called = False self.mock(delegation, '_urlfetch_async', urlfetch) model.AuthReplicationState( key=model.replication_state_key(), primary_url='https://example.com' ).put() args = { 'audience': [ 'user:[email protected]', model.Identity('user', '*****@*****.**'), 'group:g', ], 'services': [ 'service:1', model.Identity('service', '2') ], 'max_validity_duration_sec': 3000, 'impersonate': model.Identity('user', '*****@*****.**'), } result = delegation.delegate(**args) self.assertTrue(urlfetch.called) self.assertEqual(result.token, 'deadbeef') self.assertEqual( result.expiry, utils.utcnow() + datetime.timedelta(seconds=3000)) # Get from cache. urlfetch.called = False delegation.delegate(**args) # must not increase urlfetch.call_count self.assertFalse(urlfetch.called) # Get from cache with larger validity duration. urlfetch.called = False args['min_validity_duration_sec'] = 5000 args['max_validity_duration_sec'] = 5000 urlfetch.expected_payload['validity_duration'] = 5000 result = delegation.delegate(**args) self.assertTrue(urlfetch.called) self.assertEqual(result.token, 'deadbeef') self.assertEqual( result.expiry, utils.utcnow() + datetime.timedelta(seconds=5000)) self.assertTrue(urlfetch.called)