def test_user_cert(tmpdir):
tmpdir = Path(tmpdir)
cfg = single_conf(user=models.User(client_cert="a.crt",
client_key="a.key"),
fname=tmpdir.joinpath("conf"))
certs = client_adapter.user_cert(cfg.user, cfg.abs_file)
assert certs == (tmpdir.joinpath("a.crt"), tmpdir.joinpath("a.key"))
def test_user_auth_basic():
auth = client_adapter.user_auth(
models.User(username="******", password="******"))
assert isinstance(auth, httpx.BasicAuth)
m = Mock(headers={})
next(auth.auth_flow(m))
assert m.headers["Authorization"] == "Basic dXNlcjpwc3c="
async def test_user_auth_exec_async():
auth_script = str(Path(__file__).parent.joinpath('data', 'auth_script.sh'))
auth = client_adapter.user_auth(
models.User(exec=models.UserExec(
apiVersion="client.authentication.k8s.io/v1beta1",
command=auth_script,
)))
assert isinstance(auth, client_adapter.ExecAuth)
m = Mock(headers={})
await auth.async_auth_flow(m).__anext__()
assert m.headers["Authorization"] == "Bearer my-bearer-token"
# call again should cache
m = Mock(headers={})
flow = auth.async_auth_flow(m)
await flow.__anext__()
assert m.headers["Authorization"] == "Bearer my-bearer-token"
m.headers["Authorization"] = None
# we pretend the cache is old
await flow.asend(httpx.Response(status_code=401, request=m))
assert m.headers["Authorization"] == "Bearer my-bearer-token"
with pytest.raises(StopAsyncIteration):
await flow.__anext__()
def test_user_auth_exec_sync_with_args():
auth = client_adapter.user_auth(
models.User(exec=models.UserExec(
apiVersion="client.authentication.k8s.io/v1beta1",
args=[
'{"apiVersion":"client.authentication.k8s.io/v1beta1",'
'"kind":"ExecCredential","status":{"token":"my-bearer-token"}}'
],
command='echo',
)))
assert isinstance(auth, client_adapter.ExecAuth)
m = Mock(headers={})
next(auth.sync_auth_flow(m))
assert m.headers["Authorization"] == "Bearer my-bearer-token"
def test_user_auth_bearer():
auth = client_adapter.user_auth(models.User(token="abcd"))
assert isinstance(auth, client_adapter.BearerAuth)
m = Mock(headers={})
next(auth.auth_flow(m))
assert m.headers["Authorization"] == "Bearer abcd"
def test_user_auth_empty():
assert client_adapter.user_auth(models.User()) is None
def test_user_cert_data():
cfg = single_conf(
user=models.User(client_cert_data="Y2VydA==", client_key_data="a2V5"))
certs = client_adapter.user_cert(cfg.user, cfg.abs_file)
assert Path(certs[0]).read_text() == "cert"
assert Path(certs[1]).read_text() == "key"
def test_user_cert_missing():
cfg = single_conf(user=models.User())
assert client_adapter.user_cert(cfg.user, cfg.abs_file) is None
async def test_user_auth_exec_async_fail():
auth = client_adapter.user_auth(
models.User(exec=models.UserExec(
apiVersion="client.authentication.k8s.io/v1beta1", command="cp")))
with pytest.raises(ConfigError, match="cp"):
await auth.async_auth_flow(Mock(headers={})).__anext__()
def test_user_auth_provider():
"""Auth provider not supported"""
with pytest.raises(ConfigError):
client_adapter.user_auth(models.User(auth_provider={'x': 1}))