async def test_lsst_dds_partition_prefix_required(self) -> None:
# Delete LSST_DDS_PARTITION_PREFIX. This should prevent
# constructing a Domain
with utils.modify_environ(LSST_DDS_PARTITION_PREFIX=None):
async with salobj.Domain() as domain:
with pytest.raises(RuntimeError):
salobj.SalInfo(domain=domain, name="Test", index=1)
def run(self, result: typing.Any) -> None:
"""Override `run` to set a random LSST_DDS_PARTITION_PREFIX
and set LSST_SITE=test for every test.
https://stackoverflow.com/a/11180583
"""
salobj.set_random_lsst_dds_partition_prefix()
with utils.modify_environ(LSST_SITE="test"):
super().run(result)
async def test_bad_site(self) -> None:
config_dir = TEST_CONFIGS_ROOT / "good_with_site_file"
with utils.modify_environ(LSST_SITE="no_such_site"):
async with self.make_csc(
initial_state=salobj.State.STANDBY,
config_dir=config_dir,
):
await self.assert_next_summary_state(salobj.State.STANDBY)
with salobj.assertRaisesAckError():
await self.remote.cmd_start.start(timeout=STD_TIMEOUT)
def test_env_var_secrets(self) -> None:
"""Check that moto.mock ovewrites authorization env vars."""
env_names = (
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
)
env_dict = {name: f"arbitrary value for {name}" for name in env_names}
with utils.modify_environ(**env_dict):
with moto.mock_s3():
for name, my_value in env_dict.items():
assert os.environ[name] != my_value
for name, my_value in env_dict.items():
assert os.environ[name] == my_value
async def test_default_authorize(self) -> None:
"""Test that LSST_DDS_ENABLE_AUTHLIST correctly sets the
default_authorize attribute.
"""
async with salobj.Domain() as domain:
for env_var_value in ("0", "1", None, "2", "", "00"):
expected_default_authorize = True if env_var_value == "1" else False
index = next(index_gen)
with utils.modify_environ(
LSST_DDS_ENABLE_AUTHLIST=env_var_value):
salinfo = salobj.SalInfo(domain=domain,
name="Test",
index=index)
assert salinfo.default_authorize == expected_default_authorize
async def test_script_environ(self) -> None:
"""Test that creating a script does not modify os.environ.
I would like to also test that a script has master priority 0
(which is done by temporarily setting env var
salobj.MASTER_PRIORITY_ENV_VAR to "0"),
but that information is not available.
"""
for master_priority in ("21", None):
with utils.modify_environ(
**{salobj.MASTER_PRIORITY_ENV_VAR: master_priority}):
initial_environ = os.environ.copy()
async with NonConfigurableScript(index=self.index):
assert os.environ == initial_environ
# Test again when script is closed, just to be sure;
# closing a script should not modify the environment.
assert os.environ == initial_environ
async def test_authorization(self) -> None:
"""Test authorization.
For simplicity this test calls setAuthList without a +/- prefix.
The prefix is tested elsewhere.
"""
# TODO DM-36605 remove use of utils.modify_environ
# once authlist support is enabled by default
with utils.modify_environ(LSST_DDS_ENABLE_AUTHLIST="1"):
async with self.make_csc(initial_state=salobj.State.ENABLED):
await self.assert_next_sample(
self.remote.evt_authList,
authorizedUsers="",
nonAuthorizedCSCs="",
)
domain = self.csc.salinfo.domain
# Note that self.csc and self.remote have the same user_host.
csc_user_host = domain.user_host
# Make a remote that pretends to be from a different CSC
# and test non-authorized CSCs
other_name_index = "Script:5"
async with self.make_remote(
identity=other_name_index) as other_csc_remote:
all_csc_names = ["ATDome", "Hexapod:1", other_name_index]
for csc_names in all_permutations(all_csc_names):
csc_names_str = ", ".join(csc_names)
with self.subTest(csc_names_str=csc_names_str):
await self.remote.cmd_setAuthList.set_start(
nonAuthorizedCSCs=csc_names_str,
timeout=STD_TIMEOUT)
await self.assert_next_sample(
self.remote.evt_authList,
authorizedUsers="",
nonAuthorizedCSCs=", ".join(sorted(csc_names)),
)
if other_name_index in csc_names:
# A blocked CSC; this should fail.
with salobj.assertRaisesAckError(
ack=salobj.SalRetCode.CMD_NOPERM):
await other_csc_remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
else:
# Not a blocked CSC; this should work.
await other_csc_remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
# My user_host should work regardless of
# non-authorized CSCs.
await self.remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
# Disabling authorization should always work
self.csc.cmd_wait.authorize = False
try:
await other_csc_remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
finally:
self.csc.cmd_wait.authorize = True
# Test authorized users that are not me.
# Reported auth users should always be in alphabetical order;
# test this by sending users NOT in alphabetical order.
all_other_user_hosts = [
f"notme{i}{csc_user_host}" for i in (3, 2, 1)
]
other_user_host = all_other_user_hosts[1]
async with self.make_remote(
identity=other_user_host) as other_user_remote:
for auth_user_hosts in all_permutations(
all_other_user_hosts):
users_str = ", ".join(auth_user_hosts)
with self.subTest(users_str=users_str):
await self.remote.cmd_setAuthList.set_start(
authorizedUsers=users_str,
nonAuthorizedCSCs="",
timeout=STD_TIMEOUT,
)
await self.assert_next_sample(
self.remote.evt_authList,
authorizedUsers=", ".join(
sorted(auth_user_hosts)),
nonAuthorizedCSCs="",
)
if other_user_host in auth_user_hosts:
# An allowed user; this should work.
await other_user_remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
else:
# Not an allowed user; this should fail.
with salobj.assertRaisesAckError(
ack=salobj.SalRetCode.CMD_NOPERM):
await other_user_remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
# Temporarily disable authorization and try again;
# this should always work.
self.csc.cmd_wait.authorize = False
try:
await other_user_remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
finally:
self.csc.cmd_wait.authorize = True
# My user_host should work regardless of
# authorized users.
self.remote.salinfo.domain.identity = csc_user_host
await self.remote.cmd_wait.set_start(
duration=0, timeout=STD_TIMEOUT)
async def test_specified_s3_endpoint_url(self) -> None:
endpoint_url = "http://foo.bar.edu:9000"
with utils.modify_environ(S3_ENDPOINT_URL=endpoint_url):
bucket = salobj.AsyncS3Bucket(self.bucket_name)
assert bucket.service_resource.meta.client.meta.endpoint_url == endpoint_url
async def test_no_s3_endpoint_url(self) -> None:
# Clear "S3_ENDPOINT_URL" if it exists.
with utils.modify_environ(S3_ENDPOINT_URL=None):
bucket = salobj.AsyncS3Bucket(self.bucket_name)
assert "amazon" in bucket.service_resource.meta.client.meta.endpoint_url
async def test_blank_s3_endpoint_url(self) -> None:
with utils.modify_environ(S3_ENDPOINT_URL=""):
bucket = salobj.AsyncS3Bucket(self.bucket_name)
assert "amazon" in bucket.service_resource.meta.client.meta.endpoint_url