def test_token_authentication(self): auth_header = SecurityTestBase.create_auth_header( username='******', password='******') client = self.create_client(headers=auth_header) token = client.tokens.get() client = self.create_client( headers=SecurityTestBase.create_auth_header(token=token.value)) client.blueprints.list()
def test_bypass_and_incorrect_password(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT) client.blueprints.list()
def test_bypass_not_bypass_port_and_correct_credentials(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.NOT_BYPASS_PORT) client.blueprints.list()
def test_token_authentication(self): auth_header = SecurityTestBase.create_auth_header( username='******', password='******') client = self.create_client(headers=auth_header) token = client.tokens.get() client = self.create_client(headers=SecurityTestBase. create_auth_header(token=token.value)) client.blueprints.list()
def test_manager_access(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) # deployment_managers should be able to do deploy and un-deploy # to list blueprints, deployment and executions # deployment_manager should not be able to assign roles client.deployments.list()
def test_viewer_access(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) # viewers should be able to do viewer all resources but not create # or delete resources client.deployments.list() self.assertRaises(UserUnauthorizedError, client.blueprints.delete, 'dummy_blueprint_id')
def test_password_auth_success_log(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) client.deployments.list() expected_text = '[INFO] [flask-securest] user "alice" authenticated ' \ 'successfully' self.assert_log_contains(expected_text) expected_text = 'authentication provider: password' self.assert_log_contains(expected_text)
def test_bypass_not_bypass_port_and_nonexisting_user(self): client = self.create_client(SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.NOT_BYPASS_PORT) try: client.blueprints.list() self.fail('Call to blueprints list was successful despite using' 'nonexisting user and not using the bypass port') except CloudifyClientError, e: self.assertEquals(401, e.status_code)
def test_bypass_not_bypass_port_and_nonexisting_user(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.NOT_BYPASS_PORT) try: client.blueprints.list() self.fail('Call to blueprints list was successful despite using' 'nonexisting user and not using the bypass port') except CloudifyClientError, e: self.assertEquals(401, e.status_code)
def test_bypass_not_bypass_port_and_incorrect_password(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.NOT_BYPASS_PORT) try: client.blueprints.list() self.fail('Call to blueprints list was successful despite using' 'incorrect password and not using the bypass port') except CloudifyClientError, e: self.assertEquals(401, e.status_code)
def test_wrong_password_auth_failure_log(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self.assertRaises(CloudifyClientError, client.deployments.list) self.assert_log_contains('[ERROR] [flask-securest] User unauthorized') expected_text = 'all authentication methods failed:' \ '\npassword authenticator: authentication of user' \ ' "alice" failed' \ '\ntoken authenticator: Request authentication ' \ 'header "Authentication-Token" is empty or missing' self.assert_log_contains(expected_text)
def test_wrong_credentials(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_bypass_and_nonexisting_user(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT) client.blueprints.list()
def test_missing_user(self): auth_header = SecurityTestBase.create_auth_header( username=None, password='******') client = self.create_client(auth_header) self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_secured_client(self): client = self.create_client( headers=SecurityTestBase.create_auth_header( username='******', password='******')) client.deployments.list()
def test_secured_manager_blueprints_upload(self): auth_header = SecurityTestBase.create_auth_header( username='******', password='******') client = self.create_client(headers=auth_header) client.blueprints.upload(self.get_mock_blueprint_path(), 'bp-id')
def test_bypass_and_correct_credentials(self): client = self.create_client(SecurityTestBase.create_auth_header( username='******', password='******')) self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT) client.blueprints.list()
def _get_client_by_password(self, username, password): auth_header = SecurityTestBase.create_auth_header(username=username, password=password) return self.create_client(headers=auth_header)
def test_token_authentication(self): client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******")) token = client.tokens.get() client = self.create_client(headers=SecurityTestBase.create_auth_header(token=token.value)) client.blueprints.list()
def test_wrong_credentials(self): client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******")) self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_secured_client(self): client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******")) client.deployments.list()
def test_missing_credentials(self): client = self.create_client( headers=SecurityTestBase.create_auth_header(username=None, password=None)) self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_missing_password(self): client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password=None)) self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_missing_password(self): auth_header = SecurityTestBase.create_auth_header(username='******', password=None) client = self.create_client(headers=auth_header) self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_secured_manager_blueprints_upload(self): client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******")) client.blueprints.upload(self.get_mock_blueprint_path(), "bp-id")
def _get_client_by_token(self, token): token_header = SecurityTestBase.create_auth_header(token=token) return self.create_client(headers=token_header)
def _create_secured_client(self): auth_header = SecurityTestBase.create_auth_header(username="******", password="******") client = self.create_client(headers=auth_header) return client