def test_user_status(self): try: User.provision_user(service_accounts['user']['client_email']) except FusilladeHTTPException: pass user_id = service_accounts['user']['client_email'] user_headers = {'Content-Type': "application/json"} user_headers.update(get_auth_header(service_accounts['user'])) admin_headers = {'Content-Type': "application/json"} admin_headers.update(get_auth_header(service_accounts['admin'])) disable_url = furl(f"/v1/user/{user_id}", query_params={'user_id': user_id, 'status': 'disabled'}) enable_url = furl(f"/v1/user/{user_id}", query_params={'user_id': user_id, 'status': 'enabled'}) test_user_url = furl(f"/v1/user/{user_id}/") # check user can get info resp = self.app.get(test_user_url.url, headers=user_headers) self.assertEqual(200, resp.status_code) # disable the user resp = self.app.put(disable_url.url, headers=admin_headers) self.assertEqual(200, resp.status_code) # verify that user cannot access things resp = self.app.get(test_user_url.url, headers=user_headers) self.assertEqual(403, resp.status_code) # enable user resp = self.app.put(enable_url.url, headers=admin_headers) self.assertEqual(200, resp.status_code) # verify that user has access resp = self.app.get(test_user_url.url, headers=user_headers) self.assertEqual(200, resp.status_code)
def test_get_role_id(self): role_id = 'test_get_role_id' admin_auth_header = get_auth_header(service_accounts['admin']) tests = [{ 'name': '401 return when no auth headers.', 'headers': {}, 'role_id': role_id, 'expected_resp': 401 }, { 'name': '403 return when unauthorized user.', 'headers': get_auth_header(service_accounts['user']), 'role_id': role_id, 'expected_resp': 403 }, { 'name': '200 returned when user is authorized.', 'headers': admin_auth_header, 'role_id': role_id, 'expected_resp': 200 }, { 'name': 'error returned when role does not exist.', 'headers': admin_auth_header, 'role_id': 'ghost_role', 'expected_resp': 404 }] tests.extend([{ 'name': f'200 returned when getting a role when name is {description}', 'role_id': role_id, 'headers': admin_auth_header, 'expected_resp': 200 } for name, description in TEST_NAMES_POS]) tests.extend([{ 'name': f'400 returned when getting a role when name is {description}', 'role_id': role_id, 'headers': admin_auth_header, 'expected_resp': 400 } for role_id, description in TEST_NAMES_NEG if role_id is not '']) policy = create_test_IAMPolicy("test_role") role = Role.create(role_id, policy) expected_policy = policy [Role.create(role_id, policy) for role_id, _ in TEST_NAMES_POS] for test in tests: with self.subTest(test['name']): url = furl('/v1/role/{}'.format(test['role_id'])) headers = {'Content-Type': "application/json"} headers.update(test['headers']) resp = self.app.get(url.url, headers=headers) self.assertEqual(test['expected_resp'], resp.status_code) if test['expected_resp'] == 200: expected_body = { 'role_id': test['role_id'], 'policies': { 'IAMPolicy': expected_policy } } self.assertEqual(expected_body, json.loads(resp.body))
def test_put_role_id_policy(self): role_id = 'test_put_role_id_policy' policy_1 = create_test_IAMPolicy(role_id) policy_2 = create_test_IAMPolicy('ABCD') policy_invalid = "invalid policy" Role.create(role_id, policy_1) admin_auth_header = get_auth_header(service_accounts['admin']) tests = [{ 'name': '401 return when no auth headers.', 'headers': {}, 'role_id': role_id, 'data': { 'policy': policy_2 }, 'expected_resp': 401 }, { 'name': '403 return when unauthorized user.', 'headers': get_auth_header(service_accounts['user']), 'role_id': role_id, 'data': { 'policy': policy_2 }, 'expected_resp': 403 }, { 'name': '200 returned when user is authorized.', 'headers': admin_auth_header, 'role_id': role_id, 'data': { 'policy': policy_2 }, 'expected_resp': 200 }, { 'name': '400 returned when an invalid policy is used.', 'headers': admin_auth_header, 'role_id': role_id, 'data': { 'policy': policy_invalid }, 'expected_resp': 400 }, { 'name': '404 returned when role does not exist.', 'headers': admin_auth_header, 'role_id': 'ghost_role', 'data': { 'policy': policy_2 }, 'expected_resp': 404 }] for test in tests: with self.subTest(test['name']): headers = {'Content-Type': "application/json"} headers.update(test['headers']) url = furl(f"/v1/role/{test['role_id']}/policy") data = json.dumps(test['data']) resp = self.app.put(url.url, data=data, headers=headers) self.assertEqual(test['expected_resp'], resp.status_code)
def test_lookup_roles(self): # this looks at how lookup policy scales as roles attached to users increases roles = [2, 4, 8, 16, 32] start = 0 repeat = 10 headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) role_url = furl('/v1/role') user_url = furl('/v1/user') role_ids = [] for role in roles: user = f"roles_{role}" resp = self.app.post(user_url.url, data=json.dumps({"user_id": user}), headers=headers) self.assertEqual(201, resp.status_code) for i in range(start, role): role_id = f'test_{i}' policy = create_test_IAMPolicy(role_id) data = json.dumps({'role_id': role_id, 'policy': policy}) resp = self.app.post(role_url.url, data=data, headers=headers) self.assertEqual(201, resp.status_code) role_ids.append(role_id) add_roles_url = furl(f'/v1/user/{user}/roles', query_params={'action': 'add'}) resp = self.app.put(add_roles_url.url, headers=headers, data=json.dumps({'roles': role_ids})) resp.raise_for_status() self._run_test(user, headers, repeat) start = role
def test_delete_group(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) role = Role.create("test_delete_group_role").name user = User.provision_user("test_delete_group_user").name policy = create_test_IAMPolicy("test_delete_group_policy") group_id = "test_delete_group_group" with self.subTest("Group delete with users and roles."): resp = self.app.post(f'/v1/group', headers=headers, data=json.dumps({ "group_id": group_id, "roles": [role], "policy": policy })) resp.raise_for_status() resp = self.app.put(f'/v1/user/{user}/groups?action=add', headers=headers, data=json.dumps({"groups": [group_id]})) resp.raise_for_status() resp = self.app.delete(f'/v1/group/{group_id}', headers=headers) self.assertEqual(resp.status_code, 200) resp = self.app.get(f'/v1/user/{user}/groups', headers=headers) groups = json.loads(resp.body)['groups'] self.assertNotIn(group_id, groups) with self.subTest("delete a group that does not exist."): resp = self.app.delete(f'/v1/group/{group_id}', headers=headers) self.assertEqual(resp.status_code, 404)
def test_put_user_id(self): tests = [ { 'name': "*****@*****.**", 'status': 'enabled', 'response': { 'code': 200 } }, { 'name': "*****@*****.**", 'status': 'disabled', 'response': { 'code': 200 } } ] for test in tests: with self.subTest(test["name"]): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) url = furl(f'/v1/user/{test["name"]}') query_params = { 'user_id': test['name'], 'status': test['status'] } url.add(query_params=query_params) user = User.provision_user(test['name']) if test['status'] == 'disabled': user.enable() resp = self.app.put(url.url, headers=headers) self.assertEqual(test['response']['code'], resp.status_code)
def _test_custom_claim(self, func: callable, url: str, headers: dict, body: str): _headers = headers.copy() _headers.update(get_auth_header(service_accounts['admin'], email=False)) with self.subTest("Missing Custom Claim"): resp = func(url, headers=_headers, data=body) self.assertEqual(403, resp.status_code)
def test_get_group(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) name = "test_get_group_Groupx" resp = self.app.get(f'/v1/group/{name}/', headers=headers) self.assertEqual(404, resp.status_code) Group.create(name) resp = self.app.get(f'/v1/group/{name}/', headers=headers) self.assertEqual(name, json.loads(resp.body)['group_id']) self.assertTrue(json.loads(resp.body)['policies'])
def test_get_username_groups(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) name = "*****@*****.**" key = 'groups' user = User.provision_user(name) resp = self.app.get(f'/v1/user/{name}/groups', headers=headers) self.assertEqual(1, len(json.loads(resp.body)[key])) groups = [Group.create(f"test_get_username_groups_{i}").name for i in range(8)] user.add_groups(groups) self._test_paging(f'/v1/user/{name}/groups', headers, 5, key)
def test_evaluate_policy(self): email = "*****@*****.**" tests = [ { 'json_request_body': { "action": ["dss:CreateSubscription"], "resource": [f"arn:hca:dss:*:*:subscriptions/{email}/*"], "principal": "*****@*****.**" }, 'response': { 'code': 200, 'result': False } }, { 'json_request_body': { "action": ["fus:GetUser"], "resource": [f"arn:hca:fus:*:*:user/{email}/policy"], "principal": email }, 'response': { 'code': 200, 'result': True } } ] headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) @eventually(5, 0.5) def _run_test(test): data = json.dumps(test['json_request_body']) resp = self.app.post('/v1/policies/evaluate', headers=headers, data=data) self.assertEqual(test['response']['code'], resp.status_code, test['response']) self.assertEqual(test['response']['result'], json.loads(resp.body)['result'], msg=json.loads(resp.body)) self._test_custom_claim(self.app.post, '/v1/policies/evaluate', headers, json.dumps(tests[1]['json_request_body'])) for test in tests: with self.subTest(test['json_request_body']): _run_test(test) with self.subTest("User disabled"): resp = self.app.put(furl(f"/v1/user/{email}", query_params={'user_id': email, 'status': 'disabled'}).url, headers=headers) self.assertEqual(200, resp.status_code) resp = self.app.post('/v1/policies/evaluate', headers=headers, data=json.dumps(tests[1]['json_request_body'])) self.assertEqual(200, resp.status_code) self.assertEqual(False, json.loads(resp.body)['result'], msg=json.loads(resp.body))
def test_get_group_users(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) name = "test_get_group_users_group" key = 'users' group = Group.create(name) resp = self.app.get(f'/v1/group/{name}/users', headers=headers) group_user_names = [User(user).name for user in group.get_users_iter()] self.assertEqual(0, len(json.loads(resp.body)[key])) users = [User.provision_user(f"test_get_group_user_{i}", groups=[name]).name for i in range(10)] self._test_paging(f'/v1/group/{name}/users', headers, 5, key)
def test_get_users(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) for i in range(10): resp = self.app.post( '/v1/user', headers=headers, data=json.dumps({"user_id": f"test_post_user{i}@email.com"}) ) self.assertEqual(201, resp.status_code) self._test_paging(f'/v1/users', headers, 7, 'users')
def test_get_group_roles(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) name = "test_get_group_roles_group" key = 'roles' group = Group.create(name) resp = self.app.get(f'/v1/group/{name}/roles', headers=headers) group_role_names = [Role(None, role).name for role in group.roles] self.assertEqual(0, len(json.loads(resp.body)[key])) roles = [Role.create(f"test_get_group_roles_role_{i}").name for i in range(10)] group.add_roles(roles) self._test_paging(f'/v1/group/{name}/roles', headers, 5, key)
def test_get_username_roles(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) name = "*****@*****.**" key = 'roles' user = User.provision_user(name) resp = self.app.get(f'/v1/user/{name}/roles', headers=headers) user_role_names = [Role(None, role).name for role in user.roles] self.assertEqual(0, len(json.loads(resp.body)[key])) roles = [Role.create(f"test_get_username_role_{i}").name for i in range(11)] user.add_roles(roles) self._test_paging(f'/v1/user/{name}/roles', headers, 6, key)
def test_get_groups(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) for i in range(10): resp = self.app.post( '/v1/group', headers=headers, data=json.dumps({"group_id": f"test_get_groups_{i}", 'policy': create_test_IAMPolicy("test_group")}) ) self.assertEqual(201, resp.status_code) self._test_paging('/v1/groups', headers, 6, 'groups')
def test_get_user(self): try: User.provision_user(service_accounts['user']['client_email']) except FusilladeHTTPException: pass headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['user'])) name = service_accounts['user']['client_email'] resp = self.app.get(f'/v1/user/[email protected]', headers=headers) self.assertEqual(403, resp.status_code) resp = self.app.get(f'/v1/user/{name}/', headers=headers) resp.raise_for_status() self.assertEqual(name, json.loads(resp.body)['user_id'])
def test_default_group(self): headers = {'Content-Type': "application/json"} users = ['admin', 'user'] for user in users: with self.subTest(f"{user} has permission to access default_user group."): headers.update(get_auth_header(service_accounts[user])) resp = self.app.get(f'/v1/group/user_default', headers=headers) resp.raise_for_status() resp = self.app.get(f'/v1/group/user_default/roles', headers=headers) resp.raise_for_status() if user == 'admin': resp = self.app.get(f'/v1/group/user_default/users', headers=headers) resp.raise_for_status()
def test_user_owned(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) name = "*****@*****.**" key = 'roles' user = User.provision_user(name) url = furl(f"/v1/user/{name}/owns", query_params={'resource_type': 'role'}).url resp = self.app.request(url, headers=headers) self.assertEqual('False', resp.headers['X-OpenAPI-Pagination']) user_role_names = [Role(object_ref=role).name for role in user.roles] roles = [Role.create(f"test_user_owned_role_{i}") for i in range(11)] user.add_roles([role.name for role in roles]) [user.add_ownership(role) for role in roles] self._test_paging(url, headers, 6, key)
def test_lookup_groups(self): # this looks at how lookup policy scales as user groups membership increases groups = [2, 4, 8, 16, 32] start = 0 repeat = 100 headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) role_url = furl('/v1/role') user_url = furl('/v1/user') group_url = furl('/v1/group') group_ids = [] for group in groups: user = f"group_{group}" resp = self.app.post(user_url.url, data=json.dumps({"user_id": user}), headers=headers) self.assertEqual(201, resp.status_code) for i in range(start, group): # create the roles role_id = f'rtest_{i}' policy = create_test_IAMPolicy(role_id) data = json.dumps({'role_id': role_id, 'policy': policy}) resp = self.app.post(role_url.url, data=data, headers=headers) self.assertEqual(201, resp.status_code) # create the group group_id = f'gtest_{i}' data = json.dumps({ 'group_id': group_id, }) resp = self.app.post(group_url.url, data=data, headers=headers) self.assertEqual(201, resp.status_code) group_ids.append(group_id) # add roles to group add_roles_url = furl(f'/v1/group/{group_id}/roles', query_params={'action': 'add'}) resp = self.app.put(add_roles_url.url, headers=headers, data=json.dumps({'roles': [role_id]})) resp.raise_for_status() add_groups_url = furl(f'/v1/user/{user}/groups', query_params={'action': 'add'}) resp = self.app.put(add_groups_url.url, headers=headers, data=json.dumps({'groups': group_ids})) resp.raise_for_status() self._run_test(user, headers, repeat) start = group
def test_delete_role(self): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) role_id = "role_1" with self.subTest("Role delete with users and groups."): group = "group_test_delete_role" user = "******" policy = create_test_IAMPolicy("policy_04") resp = self.app.post(f'/v1/role', headers=headers, data=json.dumps({ "role_id": role_id, "policy": policy })) resp.raise_for_status() resp = self.app.post(f'/v1/group', headers=headers, data=json.dumps({ "group_id": group, "roles": [role_id] })) resp.raise_for_status() resp = self.app.post(f'/v1/user', headers=headers, data=json.dumps({ "user_id": user, "roles": [role_id] })) resp.raise_for_status() resp = self.app.delete(f'/v1/role/{role_id}', headers=headers) self.assertEqual(resp.status_code, 200) resp = self.app.get(f'/v1/user/{user}/roles', headers=headers) roles = json.loads(resp.body)['roles'] self.assertNotIn(role_id, roles) resp = self.app.get(f'/v1/group/{group}/roles', headers=headers) roles = json.loads(resp.body)['roles'] self.assertNotIn(role_id, roles) with self.subTest("delete a role that does not exist."): resp = self.app.delete(f'/v1/role/ghost', headers=headers) self.assertEqual(resp.status_code, 404)
def test_put_group_roles(self): tests = [ { 'group_id': "test_put_group_roles_Group1", 'action': 'add', 'json_request_body': { "roles": [Role.create("role_0").name] }, 'responses': [ {'code': 200}, {'code': 304} ] }, { 'group_id': "test_put_group_roles_Group2", 'action': 'remove', 'json_request_body': { "roles": [Role.create("role_1").name] }, 'responses': [ {'code': 200}, {'code': 304} ] } ] for test in tests: with self.subTest(test['json_request_body']): data = json.dumps(test['json_request_body']) headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) url = furl(f'/v1/group/{test["group_id"]}/roles/') query_params = { 'group_id': test['group_id'], 'action': test['action'] } url.add(query_params=query_params) group = Group.create(test['group_id']) if test['action'] == 'remove': group.add_roles(test['json_request_body']['roles']) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['responses'][0]['code'], resp.status_code) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['responses'][1]['code'], resp.status_code)
def test_put_username_roles(self): tests = [ { 'name': "*****@*****.**", 'action': 'add', 'json_request_body': { "roles": [Role.create("test_put_username_roles_role_0").name] }, 'responses': [ {'code': 200}, {'code': 304} ] }, { 'name': "*****@*****.**", 'action': 'remove', 'json_request_body': { "roles": [Role.create("test_put_username_roles_role_1").name] }, 'responses': [ {'code': 200}, {'code': 304} ] } ] for test in tests: with self.subTest(test['json_request_body']): data = json.dumps(test['json_request_body']) headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) url = furl(f'/v1/user/{test["name"]}/roles/') query_params = { 'user_id': test['name'], 'action': test['action'] } url.add(query_params=query_params) user = User.provision_user(test['name']) if test['action'] == 'remove': user.add_roles(test['json_request_body']['roles']) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['responses'][0]['code'], resp.status_code) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['responses'][1]['code'], resp.status_code)
def _save_state(cls): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) def _iterator(url, key): url = furl(url) url.add(query_params={'per_page': 30}) resp = cls.app.get(url.url, headers=headers) results = json.loads(resp.body).get(key, []) while "Link" in resp.headers: next_url = resp.headers['Link'].split(';')[0][1:-1] resp = cls.app.get(next_url, headers=headers) results.extend(json.loads(resp.body)[key]) return results cls.saved_groups = _iterator('/v1/groups', 'groups') cls.saved_users = _iterator('/v1/users', 'users') cls.saved_roles = _iterator('/v1/roles', 'roles') cls.saved_resources = _iterator('/v1/resources', 'resources')
def test_user_group_limit(self): groups = [Group.create(f"test_user_group_limit{i}").name for i in range(10)] name = "*****@*****.**" user = User.provision_user(name) tests = [ { 'action': 'add', 'json_request_body': { "groups": groups[:8] }, 'response': { 'code': 200 } }, { 'action': 'add', 'json_request_body': { "groups": [groups[9]] }, 'response': { 'code': 409 } } ] for test in tests: with self.subTest(test['json_request_body']): data = json.dumps(test['json_request_body']) headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) url = furl(f'/v1/user/{name}/groups/') query_params = { 'user_id': name, 'action': test['action'] } url.add(query_params=query_params) if test['action'] == 'remove': user.add_groups(test['json_request_body']['groups']) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['response']['code'], resp.status_code)
def test_positive(self): """ Test Create Retrieve and Update 1. Create a role 2. retrieve that role 3. modify that role 4. retrieve modified role """ role_id = 'test_positive' policy = create_test_IAMPolicy(role_id) headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) url = furl('/v1/role') data = json.dumps({'role_id': role_id, 'policy': policy}) resp = self.app.post(url.url, data=data, headers=headers) self.assertEqual(201, resp.status_code) url = furl(f'/v1/role/{role_id}') resp = self.app.get(url.url, headers=headers) self.assertEqual(200, resp.status_code) expected_body = {'role_id': role_id, 'policies': {"IAMPolicy": policy}} self.assertEqual(expected_body, json.loads(resp.body)) url = furl(f'/v1/role/{role_id}/policy') policy = create_test_IAMPolicy('ABCD') data = json.dumps({'policy': policy}) resp = self.app.put(url.url, data=data, headers=headers) self.assertEqual(200, resp.status_code) url = furl(f'/v1/role/{role_id}') resp = self.app.get(url.url, headers=headers) self.assertEqual(200, resp.status_code) expected_body = {'role_id': role_id, 'policies': {"IAMPolicy": policy}} self.assertEqual(expected_body, json.loads(resp.body))
""" import json import os import sys import unittest pkg_root = os.path.abspath(os.path.join(os.path.dirname(__file__), '..')) # noqa sys.path.insert(0, pkg_root) # noqa from tests.json_mixin import AssertJSONMixin from tests.base_api_test import BaseAPITest from tests.common import get_auth_header, service_accounts, create_test_ResourcePolicy admin_headers = {'Content-Type': "application/json"} admin_headers.update(get_auth_header(service_accounts['admin'])) user_header = {'Content-Type': "application/json"} user_header.update(get_auth_header(service_accounts['user'])) class ResourceTypeName: rt_count = 0 @classmethod def get(self): self.rt_count += 1 return f'sample_rt_{self.rt_count}' class TestResourceApi(BaseAPITest, AssertJSONMixin, unittest.TestCase):
def test_post_group(self): tests = [ { 'name': f'201 returned when creating a group', 'json_request_body': { "group_id": "test_post_group_Group0" }, 'response': { 'code': 201 } }, { 'name': f'201 returned when creating a group with role only', 'json_request_body': { "group_id": "test_post_group_Group1", "roles": [Role.create("test_post_group_role_02").name] }, 'response': { 'code': 201 } }, { 'name': f'201 returned when creating a group with policy only', 'json_request_body': { "group_id": "test_post_group_Group2", "policy": create_test_IAMPolicy("policy_03") }, 'response': { 'code': 201 } }, { 'name': f'201 returned when creating a group with role and policy', 'json_request_body': { "group_id": "test_post_group_Group3", "roles": [Role.create("test_post_group_role_04").name], "policy": create_test_IAMPolicy("policy_04") }, 'response': { 'code': 201 } }, { 'name': f'400 returned when creating a group without group_id', 'json_request_body': { "roles": [Role.create("test_post_group_role_05").name], "policy": create_test_IAMPolicy("policy_05") }, 'response': { 'code': 400 } }, { 'name': f'409 returned when creating a group that already exists', 'json_request_body': { "group_id": "test_post_group_Group3" }, 'response': { 'code': 409 } } ] tests.extend([{ 'name': f'201 returned when creating a role when name is {description}', 'json_request_body': { "group_id": name }, 'response': { 'code': 201 } } for name, description in TEST_NAMES_POS ]) tests.extend([{ 'name': f'400 returned when creating a role when name is {description}', 'json_request_body': { "group_id": name }, 'response': { 'code': 400 } } for name, description in TEST_NAMES_NEG ]) for test in tests: with self.subTest(test['name']): headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) if test['name'] == "400 returned when creating a group that already exists": self.app.post('/v1/group', headers=headers, data=json.dumps(test['json_request_body'])) resp = self.app.post('/v1/group', headers=headers, data=json.dumps(test['json_request_body'])) self.assertEqual(test['response']['code'], resp.status_code) if resp.status_code == 201: resp = self.app.get(f'/v1/group/{test["json_request_body"]["group_id"]}/', headers=headers) self.assertEqual(test["json_request_body"]["group_id"], json.loads(resp.body)['group_id'])
def test_put_users(self): users = [User.provision_user(f"test_put_user_{i}").name for i in range(11)] tests = [ { 'action': 'add', 'json_request_body': { "users": [users[0]] }, 'responses': [ {'code': 200}, {'code': 304} ] }, { 'action': 'remove', 'json_request_body': { "users": [users[0]] }, 'responses': [ {'code': 200}, {'code': 304} ] }, { 'action': 'add', 'json_request_body': { "users": users[:-1] }, 'responses': [ {'code': 200}, {'code': 304} ] }, { 'action': 'remove', 'json_request_body': { "users": users[:-1] }, 'responses': [ {'code': 200}, {'code': 304} ] }, { 'action': 'add', 'json_request_body': { "users": users }, 'responses': [ {'code': 400}, {'code': 400} ] }, { 'action': 'remove', 'json_request_body': { "users": users }, 'responses': [ {'code': 400}, {'code': 400} ] } ] for i, test in enumerate(tests): group_id = Group.create(f"Group{i}").name with self.subTest(test['json_request_body']): data = json.dumps(test['json_request_body']) headers = {'Content-Type': "application/json"} headers.update(get_auth_header(service_accounts['admin'])) if test['action'] == 'remove': url = furl(f'/v1/group/{group_id}/users', query_params={'action': 'add'}) resp = self.app.put(url.url, headers=headers, data=data) url = furl(f'/v1/group/{group_id}/users', query_params={'action': test['action']}) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['responses'][0]['code'], resp.status_code) resp = self.app.put(url.url, headers=headers, data=data) self.assertEqual(test['responses'][1]['code'], resp.status_code)
def test_post_role(self): url = furl('/v1/role') data = json.dumps({ 'role_id': 'test_put_role', 'policy': create_test_IAMPolicy("test_role") }) admin_auth_header = get_auth_header(service_accounts['admin']) tests = [{ 'name': '401 return when no auth headers.', 'data': data, 'headers': {}, 'expected_resp': 401 }, { 'name': '403 return when unauthorized user.', 'data': data, 'headers': get_auth_header(service_accounts['user']), 'expected_resp': 403 }, { 'name': '201 returned when user is authorized.', 'data': data, 'headers': admin_auth_header, 'expected_resp': 201 }, { 'name': '409 returned when role already exists.', 'data': data, 'headers': admin_auth_header, 'expected_resp': 409 }, { 'name': '400 returned when an invalid policy is used', 'data': json.dumps({ 'role_id': 'test_role2', 'policy': 'garbage statement' }), 'headers': admin_auth_header, 'expected_resp': 400 }, { 'name': '400 returned when creating a role with no name.', 'data': json.dumps({'policy': create_test_IAMPolicy("test_role")}), 'headers': admin_auth_header, 'expected_resp': 400 }, { 'name': '400 returned when creating a role with no policy.', 'data': json.dumps({ 'role_id': 'abcd', }), 'headers': admin_auth_header, 'expected_resp': 400 }] tests.extend([{ 'name': f'201 returned when creating a role when name is {description}', 'data': json.dumps({ 'role_id': name, 'policy': create_test_IAMPolicy("test_role") }), 'headers': admin_auth_header, 'expected_resp': 201 } for name, description in TEST_NAMES_POS]) tests.extend([{ 'name': f'400 returned when creating a role when name is {description}', 'data': json.dumps({ 'role_id': name, 'policy': create_test_IAMPolicy("test_role") }), 'headers': admin_auth_header, 'expected_resp': 400 } for name, description in TEST_NAMES_NEG]) for test in tests: with self.subTest(test['name']): headers = {'Content-Type': "application/json"} headers.update(test['headers']) resp = self.app.post(url.url, data=test['data'], headers=headers) self.assertEqual(test['expected_resp'], resp.status_code)