コード例 #1
0
def test_user(api_client, admin_user_with_k8s_system):
    webapp1 = WebApplication(name="webapp1", link_show=True)
    webapp1.save()
    group1 = PortalGroup(name="group1")
    group1.save()
    group1.can_web_applications.add(webapp1)
    group1.save()
    admin_user_with_k8s_system.portal_groups.add(group1)

    user_attr_expected = [
        'firstname', 'name', 'username', 'user_id', 'primary_email',
        'all_emails', 'admin', 'serviceaccount_urls', 'k8s_token',
        'webapp_urls', 'group_urls'
    ]

    response = api_client.get(
        f'/api/{settings.API_VERSION}/users/{admin_user_with_k8s_system.pk}/')
    assert response.status_code == 200
    data = response.json()

    assert True is data['admin']

    for key in user_attr_expected:
        assert key in data

    assert len(data["group_urls"]) > 0  # all users group, at least
    assert len(data["serviceaccount_urls"]) > 0
    assert data['all_emails'] == ['*****@*****.**']
    assert data['serviceaccount_urls'][0].startswith("http://testserver")
    assert data['group_urls'][0].startswith("http://testserver")
コード例 #2
0
    def test_webapp_user_not_in_group(self):
        app1 = WebApplication(name="app1",
                              link_show=True,
                              link_name="app1",
                              link_url="http://www.heise.de")
        app1.save()

        response = self.get(f'/api/{API_VERSION}/webapps/{app1.pk}/')
        self.assertEqual(response.status_code, 403)
コード例 #3
0
ファイル: test_front.py プロジェクト: kubeportal/kubeportal 
def test_webapp_user_not_in_group(admin_client):
    app1 = WebApplication(name="app1",
                          link_show=True,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()
    response = admin_client.get('/welcome/')
    # User is not in a group that has this web app enabled
    assert not contains(response, "http://www.heise.de")
コード例 #4
0
def test_webapp_user_not_in_group(api_client):
    app1 = WebApplication(name="app1",
                          link_show=True,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()

    response = api_client.get(
        f'/api/{settings.API_VERSION}/webapps/{app1.pk}/')
    assert response.status_code == 404
コード例 #5
0
    def test_webapp_invisible(self):
        app1 = WebApplication(name="app1",
                              link_show=False,
                              link_name="app1",
                              link_url="http://www.heise.de")
        app1.save()
        self.admin_group.can_web_applications.add(app1)

        response = self.get(f'/api/{API_VERSION}/webapps/{app1.pk}/')
        self.assertEqual(response.status_code, 403)
コード例 #6
0
    def test_user_webapps_denied(self):
        app1 = WebApplication(name="app1",
                              link_show=True,
                              link_name="app1",
                              link_url="http://www.heise.de")
        app1.save()
        self.admin_group.can_web_applications.add(app1)

        response = self.get(
            f'/api/{API_VERSION}/users/{self.admin.pk}/webapps/')
        self.assertEqual(response.status_code, 401)
コード例 #7
0
def test_single_webapp_denied(api_client_anon, admin_group):
    app1 = WebApplication(name="app1",
                          link_show=True,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()
    admin_group.can_web_applications.add(app1)

    response = api_client_anon.get(
        f'/api/{settings.API_VERSION}/webapps/{app1.pk}/')
    assert response.status_code == 401
コード例 #8
0
def test_webapp_invisible(api_client, admin_group):
    app1 = WebApplication(name="app1",
                          link_show=False,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()
    admin_group.can_web_applications.add(app1)

    response = api_client.get(
        f'/api/{settings.API_VERSION}/webapps/{app1.pk}/')
    assert response.status_code == 404
コード例 #9
0
    def test_subauth_view(self):
        group1 = PortalGroup()
        group1.save()
        self.admin.portal_groups.add(group1)

        app1 = WebApplication(name="app1", can_subauth=True)
        app1.save()

        response = self.client.get('/subauthreq/{}/'.format(app1.pk))

        self.assertEqual(response.status_code, 401)
コード例 #10
0
def test_multiple_groups_one_allowed(rf, admin_user):
    client = create_oidc_client()

    with pytest.raises(PermissionDenied):
        oidc_authenticate(client, rf, admin_user)

    app = WebApplication(name="Test Web App", oidc_client=client)
    app.save()
    create_group(member=admin_user, app=app)
    create_group(member=admin_user, app=None)

    response = oidc_authenticate(client, rf, admin_user)
    assert response.status_code == 302
コード例 #11
0
    def test_webapp(self):
        app1 = WebApplication(name="app1",
                              link_show=True,
                              link_name="app1",
                              link_url="http://www.heise.de")
        app1.save()
        self.admin_group.can_web_applications.add(app1)

        response = self.get(f'/api/{API_VERSION}/webapps/{app1.pk}/')
        self.assertEqual(response.status_code, 200)

        data = response.json()
        self.assertEqual(data['link_name'], 'app1')
        self.assertEqual(data['link_url'], 'http://www.heise.de')
コード例 #12
0
def test_webapp(api_client, admin_group):
    app1 = WebApplication(name="app1",
                          link_show=True,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()
    admin_group.can_web_applications.add(app1)

    response = api_client.get(
        f'/api/{settings.API_VERSION}/webapps/{app1.pk}/')
    assert response.status_code == 200

    data = response.json()
    assert data['link_name'] == 'app1'
    assert data['link_url'] == 'http://www.heise.de'
    assert data['category'] == "GENERIC"
コード例 #13
0
ファイル: test_models.py プロジェクト: kubeportal/kubeportal 
def test_user_web_applications(admin_user):
    app1 = WebApplication(name="Test Web App 1", link_show=True)
    app1.save()
    app2 = WebApplication(name="Test Web App 2", link_show=False)
    app2.save()

    group = create_group(member=admin_user)
    group.can_web_applications.add(app1)
    group.can_web_applications.add(app2)
    group.save()

    admin_user.portal_groups.add(group)
    admin_user.save()

    assert len(admin_user.web_applications(include_invisible=True)) == 2
    assert len(admin_user.web_applications(include_invisible=False)) == 1
コード例 #14
0
 def test_webapp_user_in_multiple_groups(self):
     app1 = WebApplication(name="app1",
                           link_show=True,
                           link_name="app1",
                           link_url="http://www.heise.de")
     app1.save()
     group1 = PortalGroup()
     group1.save()
     group1.can_web_applications.add(app1)
     group2 = PortalGroup()
     group2.save()
     group2.can_web_applications.add(app1)
     self.admin.portal_groups.add(group1)
     self.admin.portal_groups.add(group2)
     response = self.client.get('/welcome/')
     self.assertContains(response, "http://www.heise.de")
     self.assertEqual(1, str(response.content).count("http://www.heise.de"))
コード例 #15
0
def test_webapp_placeholders(api_client, admin_group,
                             admin_user_with_k8s_system):
    app1 = WebApplication(
        name="app1",
        link_show=True,
        link_name="app1",
        link_url="http://www.heise.de/{{{{namespace}}}}/{{{{serviceaccount}}}}"
    )
    app1.save()
    admin_group.can_web_applications.add(app1)

    response = api_client.get(
        f'/api/{settings.API_VERSION}/webapps/{app1.pk}/')
    assert response.status_code == 200

    data = response.json()
    assert data['link_url'] == 'http://www.heise.de/kube-system/default'
コード例 #16
0
ファイル: test_front.py プロジェクト: kubeportal/kubeportal 
def test_webapp_user_in_multiple_groups(admin_client, admin_user):
    app1 = WebApplication(name="app1",
                          link_show=True,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()
    group1 = PortalGroup()
    group1.save()
    group1.can_web_applications.add(app1)
    group2 = PortalGroup()
    group2.save()
    group2.can_web_applications.add(app1)
    admin_user.portal_groups.add(group1)
    admin_user.portal_groups.add(group2)
    response = admin_client.get('/welcome/')
    assert contains(response, "http://www.heise.de")
    assert 1 == str(response.content).count("http://www.heise.de")
コード例 #17
0
    def _prepare_subauth_test(self, user_in_group1, user_in_group2, app_in_group1, app_in_group2, app_enabled):
        group1 = PortalGroup()
        group1.save()
        if user_in_group1:
            self.admin.portal_groups.add(group1)

        group2 = PortalGroup()
        group2.save()
        if user_in_group2:
            self.admin.portal_groups.add(group2)

        app1 = WebApplication(name="app1", can_subauth=app_enabled)
        app1.save()

        if app_in_group1:
            group1.can_web_applications.add(app1)

        if app_in_group2:
            group2.can_web_applications.add(app1)

        return self.client.get('/subauthreq/{}/'.format(app1.pk))
コード例 #18
0
    def test_user_webapps(self):
        test_values = [
            ('app1', True, "http://www.heise.de"),
            ("app2", True, "http://www.spiegel.de"),
            ("app3", False, "http://www.crappydemo.de"),
            ("app4", True, "http://www.unrelatedapp.de"),
        ]

        for name, link_show, link_url in test_values:
            app = WebApplication(name=name,
                                 link_show=link_show,
                                 link_name=name,
                                 link_url=link_url)
            app.save()
            if name != 'app4':
                self.admin_group.can_web_applications.add(app)

        response = self.get(
            f'/api/{API_VERSION}/users/{self.admin.pk}/webapps/')
        self.assertEqual(response.status_code, 200)
        data = response.json()
        self.assertIn({
            'link_name': 'app1',
            'link_url': 'http://www.heise.de'
        }, data)
        self.assertIn(
            {
                'link_name': 'app2',
                'link_url': 'http://www.spiegel.de'
            }, data)
        self.assertNotIn(
            {
                'link_name': 'app3',
                'link_url': 'http://www.crappydemo.de'
            }, data)
        self.assertNotIn(
            {
                'link_name': 'app4',
                'link_url': 'http://www.unrelatedapp.de'
            }, data)
コード例 #19
0
ファイル: test_subauth.py プロジェクト: kubeportal/kubeportal 
def test_subauth_caching(admin_user_with_k8s, admin_client, mocker):

    spy = mocker.spy(SubAuthRequestView, 'get')

    # Create new user group, add admin
    group1 = PortalGroup()
    group1.save()
    admin_user_with_k8s.portal_groups.add(group1)

    # Create new web application
    app1 = WebApplication(name="app1", can_subauth=True)
    app1.save()
    webapp = app1.pk

    # allow web application for group
    group1.can_web_applications.add(app1)

    # Second call should be answered from cache
    response = admin_client.get('/subauthreq/{}/'.format(webapp))
    assert response.status_code == 200
    response = admin_client.get('/subauthreq/{}/'.format(webapp))
    assert response.status_code == 200
    spy.assert_called_once()
コード例 #20
0
ファイル: test_front.py プロジェクト: kubeportal/kubeportal 
def test_webapp_user_in_group(admin_client, admin_user):
    app1 = WebApplication(name="app1",
                          link_show=True,
                          link_name="app1",
                          link_url="http://www.heise.de")
    app1.save()
    group = PortalGroup()
    group.save()
    admin_user.portal_groups.add(group)
    response = admin_client.get('/welcome/')
    # User is in group, but this group has the web app not enabled
    assert not contains(response, "http://www.heise.de")

    group.can_web_applications.add(app1)
    response = admin_client.get('/welcome/')
    # User is now in a group that has this web app enabled
    assert contains(response, "http://www.heise.de")
    assert 1 == str(response.content).count("http://www.heise.de")

    app1.link_show = False
    app1.save()
    response = admin_client.get('/welcome/')
    # User is now in a group that has this web app, but disabled
    assert not contains(response, "http://www.heise.de")
コード例 #21
0
 def test_subauth_view_existent_app(self):
     app1 = WebApplication(name="app1")
     app1.save()
     response = self.client.get('/subauthreq/{}/'.format(app1.pk))
     self.assertEqual(response.status_code, 401)
コード例 #22
0
ファイル: test_subauth.py プロジェクト: kubeportal/kubeportal 
    ((True, True, False, True, False), 401),
    ((True, True, True, True, False), 401),
    ((True, False, False, False, False), 401),
    ((True, False, True, False, False), 401),
    ((True, False, False, True, False), 401),
    ((True, False, True, True, False), 401),
    ((False, False, False, False, False), 401),
    ((False, False, True, False, False), 401),
    ((False, False, False, True, False), 401),
    ((False, False, True, True, False), 401)])
def test_subauth_k8s_user(case, expected, admin_user_with_k8s, admin_client):

    user_in_group1, user_in_group2, app_in_group1, app_in_group2, app_can_subauth = case

    webapp = WebApplication(name="Test Web App", can_subauth=app_can_subauth)
    webapp.save()
    create_group(admin_user_with_k8s if user_in_group1 else None,
                 webapp if app_in_group1 else None)
    create_group(admin_user_with_k8s if user_in_group2 else None,
                 webapp if app_in_group2 else None)

    response = admin_client.get(f'/subauthreq/{webapp.pk}/')

    assert response.status_code == expected


@pytest.mark.skipif(minikube_unavailable(), reason="Minikube is unavailable")
@pytest.mark.django_db
@pytest.mark.skip(reason="Subauth caching disabled, since broken")
def test_subauth_caching(admin_user_with_k8s, admin_client, mocker):
コード例 #23
0
ファイル: test_subauth.py プロジェクト: kubeportal/kubeportal 
def test_subauth_view_existent_app(client):
    app1 = WebApplication(name="app1")
    app1.save()
    response = client.get('/subauthreq/{}/'.format(app1.pk))
    assert response.status_code == 401