def test_team_syncing(client): with mock_ldap() as ldap: with patch("endpoints.api.team.authentication", ldap): with client_with_identity("devtable", client) as cl: config = { "group_dn": "cn=AwesomeFolk", } conduct_api_call(cl, OrganizationTeamSyncing, "POST", UNSYNCED_TEAM_PARAMS, config) # Ensure the team is now synced. sync_info = model.team.get_team_sync_information( UNSYNCED_TEAM_PARAMS["orgname"], UNSYNCED_TEAM_PARAMS["teamname"]) assert sync_info is not None assert json.loads(sync_info.config) == config # Remove the syncing. conduct_api_call(cl, OrganizationTeamSyncing, "DELETE", UNSYNCED_TEAM_PARAMS, None) # Ensure the team is no longer synced. sync_info = model.team.get_team_sync_information( UNSYNCED_TEAM_PARAMS["orgname"], UNSYNCED_TEAM_PARAMS["teamname"]) assert sync_info is None
def test_change_tag_expiration(expiration, expected_code, client): with client_with_identity('devtable', client) as cl: conduct_api_call(cl, Organization, 'PUT', {'orgname': 'buynlarge'}, body={'tag_expiration_s': expiration}, expected_code=expected_code)
def test_get_security_info_with_pull_secret(endpoint, anonymous_allowed, auth_headers, expected_code, client): with patch("features.ANONYMOUS_ACCESS", anonymous_allowed): repository_ref = registry_model.lookup_repository("devtable", "simple") tag = registry_model.get_repo_tag(repository_ref, "latest") manifest = registry_model.get_manifest_for_tag(tag) params = { "repository": "devtable/simple", "imageid": tag.manifest.legacy_image_root_id, "manifestref": manifest.digest, } headers = {} if auth_headers is not None: headers["Authorization"] = auth_headers conduct_api_call(client, endpoint, "GET", params, None, headers=headers, expected_code=expected_code)
def test_enabled_disabled_trigger(app, client): trigger = model.build.list_build_triggers("devtable", "building")[0] trigger.config = json.dumps({"hook_id": "someid"}) trigger.save() params = { "repository": "devtable/building", "trigger_uuid": trigger.uuid, } body = { "enabled": False, } with client_with_identity("devtable", client) as cl: result = conduct_api_call(cl, BuildTrigger, "PUT", params, body, 200).json assert not result["enabled"] body = { "enabled": True, } with client_with_identity("devtable", client) as cl: result = conduct_api_call(cl, BuildTrigger, "PUT", params, body, 200).json assert result["enabled"]
def test_list_starred_repos(client): with client_with_identity("devtable", client) as cl: params = { "starred": "true", } response = conduct_api_call(cl, RepositoryList, "GET", params).json repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]} assert "devtable/simple" in repos assert "public/publicrepo" not in repos # Add a star on publicrepo. publicrepo = model.repository.get_repository("public", "publicrepo") model.repository.star_repository(model.user.get_user("devtable"), publicrepo) # Ensure publicrepo shows up. response = conduct_api_call(cl, RepositoryList, "GET", params).json repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]} assert "devtable/simple" in repos assert "public/publicrepo" in repos # Make publicrepo private and ensure it disappears. model.repository.set_repository_visibility(publicrepo, "private") response = conduct_api_call(cl, RepositoryList, "GET", params).json repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]} assert "devtable/simple" in repos assert "public/publicrepo" not in repos
def test_create_mirror_sets_permissions(existing_robot_permission, expected_permission, client): mirror_bot, _ = model.user.create_robot( 'newmirrorbot', model.user.get_namespace_user('devtable')) if existing_robot_permission: model.permission.set_user_repo_permission(mirror_bot.username, 'devtable', 'simple', existing_robot_permission) with client_with_identity('devtable', client) as cl: params = {'repository': 'devtable/simple'} request_body = { 'external_reference': 'quay.io/foobar/barbaz', 'sync_interval': 100, 'sync_start_date': '2019-08-20T17:51:00Z', 'root_rule': { 'rule_type': 'TAG_GLOB_CSV', 'rule_value': ['latest', 'foo', 'bar'] }, 'robot_username': '******', } conduct_api_call(cl, RepoMirrorResource, 'POST', params, request_body, 201) # Check the status of the robot. permissions = model.permission.get_user_repository_permissions( mirror_bot, 'devtable', 'simple') assert permissions[0].role.name == expected_permission config = model.repo_mirror.get_mirror( model.repository.get_repository('devtable', 'simple')) assert config.root_rule.rule_value == ['latest', 'foo', 'bar']
def test_create_mirror_sets_permissions(existing_robot_permission, expected_permission, client): mirror_bot, _ = model.user.create_robot( "newmirrorbot", model.user.get_namespace_user("devtable") ) if existing_robot_permission: model.permission.set_user_repo_permission( mirror_bot.username, "devtable", "simple", existing_robot_permission ) with client_with_identity("devtable", client) as cl: params = {"repository": "devtable/simple"} request_body = { "external_reference": "quay.io/foobar/barbaz", "sync_interval": 100, "sync_start_date": "2019-08-20T17:51:00Z", "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": ["latest", "foo", "bar"]}, "robot_username": "******", } conduct_api_call(cl, RepoMirrorResource, "POST", params, request_body, 201) # Check the status of the robot. permissions = model.permission.get_user_repository_permissions(mirror_bot, "devtable", "simple") assert permissions[0].role.name == expected_permission config = model.repo_mirror.get_mirror(model.repository.get_repository("devtable", "simple")) assert config.root_rule.rule_value == ["latest", "foo", "bar"]
def test_create_robot_with_metadata(endpoint, body, client): with client_with_identity("devtable", client) as cl: # Create the robot with the specified body. conduct_api_call( cl, endpoint, "PUT", { "orgname": "buynlarge", "robot_shortname": "somebot" }, body, expected_code=201, ) # Ensure the create succeeded. resp = conduct_api_call( cl, endpoint, "GET", { "orgname": "buynlarge", "robot_shortname": "somebot", }, ) body = body or {} assert resp.json["description"] == (body.get("description") or "") assert resp.json["unstructured_metadata"] == ( body.get("unstructured_metadata") or {})
def test_get_security_info_with_pull_secret(endpoint, client): repository_ref = registry_model.lookup_repository("devtable", "simple") tag = registry_model.get_repo_tag(repository_ref, "latest", include_legacy_image=True) manifest = registry_model.get_manifest_for_tag(tag, backfill_if_necessary=True) params = { "repository": "devtable/simple", "imageid": tag.legacy_image.docker_image_id, "manifestref": manifest.digest, } headers = { "Authorization": "Basic %s" % base64.b64encode("devtable:password"), } conduct_api_call(client, endpoint, "GET", params, None, headers=headers, expected_code=200)
def test_get_security_info_with_pull_secret(endpoint, client): repository_ref = registry_model.lookup_repository('devtable', 'simple') tag = registry_model.get_repo_tag(repository_ref, 'latest', include_legacy_image=True) manifest = registry_model.get_manifest_for_tag(tag, backfill_if_necessary=True) params = { 'repository': 'devtable/simple', 'imageid': tag.legacy_image.docker_image_id, 'manifestref': manifest.digest, } headers = { 'Authorization': 'Basic %s' % base64.b64encode('devtable:password'), } conduct_api_call(client, endpoint, 'GET', params, None, headers=headers, expected_code=200)
def test_enabled_disabled_trigger(app, client): trigger = model.build.list_build_triggers('devtable', 'building')[0] trigger.config = json.dumps({'hook_id': 'someid'}) trigger.save() params = { 'repository': 'devtable/building', 'trigger_uuid': trigger.uuid, } body = { 'enabled': False, } with client_with_identity('devtable', client) as cl: result = conduct_api_call(cl, BuildTrigger, 'PUT', params, body, 200).json assert not result['enabled'] body = { 'enabled': True, } with client_with_identity('devtable', client) as cl: result = conduct_api_call(cl, BuildTrigger, 'PUT', params, body, 200).json assert result['enabled']
def test_change_credentials(request_body, expected_status, client): """ Verify credentials can only be modified as a pair. """ mirror = _setup_mirror() with client_with_identity("devtable", client) as cl: params = {"repository": "devtable/simple"} conduct_api_call(cl, RepoMirrorResource, "PUT", params, request_body, expected_status)
def test_create_repo_notification(namespace, repository, body, expected_code, authd_client): params = {'repository': namespace + '/' + repository} conduct_api_call(authd_client, RepositoryNotificationList, 'POST', params, body, expected_code=expected_code)
def test_delete_expired_app_token(app, client): user = model.user.get_user("devtable") expiration = datetime.now() - timedelta(seconds=10) token = model.appspecifictoken.create_token(user, "some token", expiration) with client_with_identity("devtable", client) as cl: # Delete the token. conduct_api_call(cl, AppToken, "DELETE", {"token_uuid": token.uuid}, None, 204)
def test_create_repo_notification(namespace, repository, body, expected_code, authd_client): params = {"repository": namespace + "/" + repository} conduct_api_call(authd_client, RepositoryNotificationList, "POST", params, body, expected_code=expected_code)
def test_change_tag_expiration(expiration, expected_code, client): with client_with_identity("devtable", client) as cl: conduct_api_call( cl, Organization, "PUT", {"orgname": "buynlarge"}, body={"tag_expiration_s": expiration}, expected_code=expected_code, )
def test_post_changetrust(trust_enabled, repo_found, expected_status, client): with patch("endpoints.api.repository.tuf_metadata_api") as mock_tuf: with patch( "endpoints.api.repository_models_pre_oci.model.repository.get_repository" ) as mock_model: mock_model.return_value = MagicMock() if repo_found else None mock_tuf.get_default_tags_with_expiration.return_value = ["tags", "expiration"] with client_with_identity("devtable", client) as cl: params = {"repository": "devtable/repo"} request_body = {"trust_enabled": trust_enabled} conduct_api_call(cl, RepositoryTrust, "POST", params, request_body, expected_status)
def test_get_repo_notification(namespace, repository, uuid, expected_code, authd_client, monkeypatch): monkeypatch.setattr( 'endpoints.api.repositorynotification.model.get_repo_notification', mock_get_notification(uuid)) params = {'repository': namespace + '/' + repository, 'uuid': uuid} conduct_api_call(authd_client, RepositoryNotification, 'GET', params, expected_code=expected_code)
def test_disallowed_for_apps(resource, method, params, client): namespace = 'devtable' repository = 'someapprepo' devtable = model.user.get_user('devtable') model.repository.create_repository(namespace, repository, devtable, repo_kind='application') params = params or {} params['repository'] = '%s/%s' % (namespace, repository) with client_with_identity('devtable', client) as cl: conduct_api_call(cl, resource, method, params, None, 501)
def test_robot_permission(repository, username, expected_code, client): with client_with_identity('devtable', client) as cl: conduct_api_call(cl, RepositoryUserPermission, 'PUT', { 'repository': repository, 'username': username }, body={ 'role': 'read', }, expected_code=expected_code)
def test_test_repo_notification(namespace, repository, uuid, expected_code, authd_client, monkeypatch): monkeypatch.setattr( "endpoints.api.repositorynotification.model.queue_test_notification", mock_get_notification(uuid), ) params = {"repository": namespace + "/" + repository, "uuid": uuid} conduct_api_call(authd_client, TestRepositoryNotification, "POST", params, expected_code=expected_code)
def test_post_changetrust(trust_enabled, repo_found, expected_status, client): with patch('endpoints.api.repository.tuf_metadata_api') as mock_tuf: with patch( 'endpoints.api.repository_models_pre_oci.model.repository.get_repository' ) as mock_model: mock_model.return_value = MagicMock() if repo_found else None mock_tuf.get_default_tags_with_expiration.return_value = [ 'tags', 'expiration' ] with client_with_identity('devtable', client) as cl: params = {'repository': 'devtable/repo'} request_body = {'trust_enabled': trust_enabled} conduct_api_call(cl, RepositoryTrust, 'POST', params, request_body, expected_status)
def test_disallowed_for_nonnormal(state, resource, method, params, client): namespace = 'devtable' repository = 'somenewstaterepo' devtable = model.user.get_user('devtable') repo = model.repository.create_repository(namespace, repository, devtable) repo.state = state repo.save() params = params or {} params['repository'] = '%s/%s' % (namespace, repository) with client_with_identity('devtable', client) as cl: conduct_api_call(cl, resource, method, params, None, 503)
def test_get_repo_state_can_write(state, can_write, client, initialized_db): with client_with_identity('devtable', client) as cl: params = {'repository': 'devtable/simple'} response = conduct_api_call(cl, Repository, 'GET', params).json assert response['can_write'] repo = model.repository.get_repository('devtable', 'simple') repo.state = state repo.save() with client_with_identity('devtable', client) as cl: params = {'repository': 'devtable/simple'} response = conduct_api_call(cl, Repository, 'GET', params).json assert response['can_write'] == can_write
def test_get_repo_state_can_write(state, can_write, client, initialized_db): with client_with_identity("devtable", client) as cl: params = {"repository": "devtable/simple"} response = conduct_api_call(cl, Repository, "GET", params).json assert response["can_write"] repo = model.repository.get_repository("devtable", "simple") repo.state = state repo.save() with client_with_identity("devtable", client) as cl: params = {"repository": "devtable/simple"} response = conduct_api_call(cl, Repository, "GET", params).json assert response["can_write"] == can_write
def test_change_tag_expiration_default(expiration_time, expected_status, client, app): with client_with_identity("devtable", client) as cl: params = { "repository": "devtable/simple", "tag": "latest", } request_body = { "expiration": expiration_time, } conduct_api_call(cl, RepositoryTag, "put", params, request_body, expected_status)
def test_change_tag_expiration_default(expiration_time, expected_status, client, app): with client_with_identity('devtable', client) as cl: params = { 'repository': 'devtable/simple', 'tag': 'latest', } request_body = { 'expiration': expiration_time, } conduct_api_call(cl, RepositoryTag, 'put', params, request_body, expected_status)
def test_disallowed_for_nonnormal(state, resource, method, params, client): namespace = "devtable" repository = "somenewstaterepo" devtable = model.user.get_user("devtable") repo = model.repository.create_repository(namespace, repository, devtable) repo.state = state repo.save() params = params or {} params["repository"] = "%s/%s" % (namespace, repository) with client_with_identity("devtable", client) as cl: conduct_api_call(cl, resource, method, params, {}, 503)
def test_robot_permission(repository, username, expected_code, client): with client_with_identity("devtable", client) as cl: conduct_api_call( cl, RepositoryUserPermission, "PUT", { "repository": repository, "username": username }, body={ "role": "read", }, expected_code=expected_code, )
def test_disallowed_for_apps(resource, method, params, client): namespace = "devtable" repository = "someapprepo" devtable = model.user.get_user("devtable") model.repository.create_repository(namespace, repository, devtable, repo_kind="application") params = params or {} params["repository"] = "%s/%s" % (namespace, repository) with client_with_identity("devtable", client) as cl: conduct_api_call(cl, resource, method, params, None, 501)