def test_authorizer_remove_timeout(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["read"]) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) ticket.add_context(1, Context()) assert ticket.info()["connections"] == 1 # Use short timeout to keep the tests fast. cfg.control.remove_timeout = 0.001 # Ticket cannot be removed since it is used by connection 1. with pytest.raises(errors.TicketCancelTimeout): auth.remove(ticket.uuid) # Ticket was not removed. assert auth.get(ticket.uuid) is ticket # The connection was closed, the ticket can be removed now. ticket.remove_context(1) assert ticket.info()["connections"] == 0 auth.remove(ticket.uuid) # Ticket was removed. with pytest.raises(KeyError): auth.get(ticket.uuid)
def test_tls(daemon, tmpfile, conf_files): size = daemon.config.backend_file.buffer_size data = b"x" * size with open(tmpfile, "wb") as f: f.write(data) # Add daemon ticket serving tmpfile. ticket = testutil.create_ticket(url="file://{}".format(tmpfile), size=size) daemon.auth.add(ticket) proxy = server.Server(config.load(conf_files)) proxy.start() try: # Add proxy ticket, proxying request to daemon. proxy.auth.add(proxy_ticket(daemon, ticket)) # Download complete image. with http.RemoteClient(proxy.config) as c: res = c.request("GET", "/images/{}".format(ticket["uuid"])) client_data = res.read() finally: proxy.stop() assert res.status == 200 assert client_data == data
def srv(request): path = "test/conf/{}.conf".format(request.param) cfg = config.load(path) s = server.Server(cfg) s.start() yield s s.stop()
def test_authorizer_remove_async(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["read"]) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) ticket.add_context(1, Context()) assert ticket.info()["connections"] == 1 # Disable the timeout, so removing a ticket cancel the ticket without # waiting, and requiring polling the ticket status. cfg.control.remove_timeout = 0 # Ticket is canceled, but not removed. auth.remove(ticket.uuid) assert ticket.canceled assert ticket.info()["connections"] == 1 # Ticket was not removed. assert auth.get(ticket.uuid) is ticket # The connection was closed, the ticket can be removed now. ticket.remove_context(1) assert ticket.info()["connections"] == 0 auth.remove(ticket.uuid) # Ticket was removed. with pytest.raises(KeyError): auth.get(ticket.uuid)
def srv(): cfg = config.load(["test/conf/daemon.conf"]) s = server.Server(cfg) s.start() try: yield s finally: s.stop()
def test_authorizer_add(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["read"]) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) assert ticket.uuid == ticket_info["uuid"]
def test_authorizer_remove_unused(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["read"]) auth.add(ticket_info) # Ticket is unused so it will be removed. auth.remove(ticket_info["uuid"]) with pytest.raises(KeyError): auth.get(ticket_info["uuid"])
def remote_service(config_file): path = os.path.join("test/conf", config_file) cfg = config.load([path]) authorizer = auth.Authorizer(cfg) s = services.RemoteService(cfg, authorizer) s.start() try: yield s finally: s.stop()
def test_authorize_read(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["read"]) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) assert auth.authorize(ticket.uuid, "read") == ticket with pytest.raises(errors.AuthorizationError): auth.authorize(ticket.uuid, "write")
def test_authorize_write(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["write"]) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) assert auth.authorize(ticket.uuid, "write") == ticket # "write" implies also "read". assert auth.authorize(ticket.uuid, "read") == ticket
def test_authorizer_expired(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=["write"]) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) # Extending with zero timeout expire the ticket. ticket.extend(0) for op in ("read", "write"): with pytest.raises(errors.AuthorizationError): auth.authorize(ticket.uuid, op)
def test_authorizer_canceled(ops, allowed): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) ticket_info = testutil.create_ticket(ops=ops) auth.add(ticket_info) ticket = auth.get(ticket_info["uuid"]) # Cancelling the ticket disables any operation. ticket.cancel() for op in allowed: with pytest.raises(errors.AuthorizationError): auth.authorize(ticket.uuid, op)
def started_imageio(tmpdir, drop_privileges="true"): prepare_config(tmpdir, drop_privileges=drop_privileges) conf_dir = tmpdir.join("conf") cmd = ["./ovirt-imageio", "--conf-dir", str(conf_dir)] proc = subprocess.Popen(cmd) try: socket = sockutil.UnixAddress(str(tmpdir.join("run", "sock"))) if not sockutil.wait_for_socket(socket, 10): raise RuntimeError("Timeout waiting for {}".format(socket)) # Wait until server is listening - at this point it already dropped # privileges. if drop_privileges: cfg = config.load(str(conf_dir.join("conf.d", "daemon.conf"))) with http.ControlClient(cfg) as c: r = c.get("/tickets/no-such-ticket") r.read() assert r.status == 404 yield proc finally: proc.terminate()
def test_show_config(): cfg = config.load(["test/conf.d/daemon.conf"]) out = subprocess.check_output( ["./ovirt-imageio", "--conf-dir", "./test", "--show-config"]) assert json.loads(out) == config.to_dict(cfg)
def cfg(): return config.load(["test/conf.d/daemon.conf"])
def test_authorizer_no_ticket(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) with pytest.raises(errors.AuthorizationError): auth.authorize("no-such-ticket", "read")
def daemon(): daemon = server.Server(config.load(["test/conf/daemon.conf"])) daemon.start() yield daemon daemon.stop()
def test_authorizer_remove_mising(): cfg = config.load(["test/conf.d/daemon.conf"]) auth = Authorizer(cfg) # Removing missing ticket does not raise. auth.remove("no-such-ticket")
def proxy(): proxy = server.Server(config.load(["test/conf/proxy.conf"])) proxy.start() yield proxy proxy.stop()
def cfg(): return config.load([])
def test_invalid_control_port(port): cfg = config.load(["test/conf/proxy.conf"]) authorizer = auth.Authorizer(cfg) cfg.control.port = port with pytest.raises(errors.InvalidConfig): services.ControlService(cfg, authorizer)
def srv(): cfg = config.load(["test/conf/daemon.conf"]) s = server.Server(cfg) s.start() yield s s.stop()
def test_invalid_remote_port(port): cfg = config.load(["test/conf/daemon.conf"]) authorizer = auth.Authorizer(cfg) cfg.remote.port = port with pytest.raises(errors.InvalidConfig): services.RemoteService(cfg, authorizer)