def test_fetch_x509_bundles_success(mocker):
bundles = dict()
bundles['example.org'] = _BUNDLE
bundles['domain.test'] = _FEDERATED_BUNDLE
WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509Bundles = mocker.Mock(
return_value=iter(
[
workload_pb2.X509BundlesResponse(
bundles=bundles,
)
]
)
)
bundle_set = WORKLOAD_API_CLIENT.fetch_x509_bundles()
bundle = bundle_set.get_x509_bundle_for_trust_domain(TrustDomain('example.org'))
assert bundle
assert len(bundle.x509_authorities()) == 1
federated_bundle = bundle_set.get_x509_bundle_for_trust_domain(
TrustDomain('domain.test')
)
assert federated_bundle
assert len(federated_bundle.x509_authorities()) == 1
def test_fetch_x509_bundles_empty_response(mocker):
WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509Bundles = mocker.Mock(
return_value=iter([workload_pb2.X509BundlesResponse(bundles=[])]))
with (pytest.raises(FetchX509BundleError)) as exception:
WORKLOAD_API_CLIENT.fetch_x509_bundles()
assert (str(exception.value) ==
'Error fetching X.509 Bundles: X.509 Bundles response is empty.')
def test_fetch_x509_bundles_corrupted_federated_bundle(mocker):
bundles = {'example.org': BUNDLE, 'domain.test': CORRUPTED}
WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509Bundles = mocker.Mock(
return_value=iter(
[workload_pb2.X509BundlesResponse(bundles=bundles, )]))
with (pytest.raises(FetchX509BundleError)) as exception:
WORKLOAD_API_CLIENT.fetch_x509_bundles()
assert (
str(exception.value) ==
'Error fetching X.509 Bundles: Error parsing X.509 bundle: Unable to parse DER X.509 certificate.'
)