Exemplo n.º 1
0
    def test_set_variable_passes_down_ssl_verify_param(self, mock_http_client):
        api = Api(url='http://localhost',
                  login_id='mylogin',
                  api_key='apikey',
                  ssl_verify='verify')

        def mock_auth():
            return 'apitoken'

        api.authenticate = mock_auth

        api.set_variable('myvar', 'myvalue')

        self.verify_http_call(mock_http_client,
                              HttpVerb.POST,
                              ConjurEndpoint.SECRETS,
                              'myvalue',
                              kind='variable',
                              identifier='myvar',
                              ssl_verify='verify')
Exemplo n.º 2
0
    def test_get_variables_invokes_http_client_correctly(
            self, mock_http_client):
        api = Api(url='http://localhost', login_id='mylogin', api_key='apikey')

        def mock_auth():
            return 'apitoken'

        api.authenticate = mock_auth

        api.get_variables('myvar', 'myvar2')

        self.verify_http_call(
            mock_http_client,
            HttpVerb.GET,
            ConjurEndpoint.BATCH_SECRETS,
            query={
                'variable_ids':
                'default:variable:myvar,default:variable:myvar2'
            },
            ssl_verify=True)
Exemplo n.º 3
0
    def test_delete_policy_invokes_http_client_correctly(
            self, mock_http_client):
        api = Api(url='http://localhost', login_id='mylogin', api_key='apikey')

        def mock_auth():
            return 'apitoken'

        api.authenticate = mock_auth

        api.delete_policy_file('mypolicyname', self.POLICY_FILE)

        policy_data = None
        with open(self.POLICY_FILE, 'r') as content_file:
            policy_data = content_file.read()

        self.verify_http_call(mock_http_client,
                              HttpVerb.PATCH,
                              ConjurEndpoint.POLICIES,
                              policy_data,
                              identifier='mypolicyname',
                              ssl_verify=True)
Exemplo n.º 4
0
    def test_authenticate_invokes_http_client_correctly(
            self, mock_http_client):
        Api(url='http://localhost', login_id='mylogin',
            api_key='apikey').authenticate()

        self.verify_http_call(mock_http_client,
                              HttpVerb.POST,
                              ConjurEndpoint.AUTHENTICATE,
                              'apikey',
                              login='******',
                              api_token=False,
                              ssl_verify=True)
Exemplo n.º 5
0
    def test_account_info_is_passed_down_to_http_call(self, mock_http_client):
        Api(url='http://localhost',
            account='myacct',
            login_id='mylogin',
            api_key='apikey').authenticate()

        self.verify_http_call(mock_http_client, HttpVerb.POST, ConjurEndpoint.AUTHENTICATE,
                              'apikey',
                              login='******',
                              account='myacct',
                              api_token=False,
                              ssl_verify=True)
Exemplo n.º 6
0
    def test_authenticate_passes_down_ssl_verify_param(self, mock_http_client):
        Api(url='http://localhost',
            login_id='mylogin',
            api_key='apikey',
            ssl_verify='verify').authenticate()

        self.verify_http_call(mock_http_client,
                              HttpVerb.POST,
                              ConjurEndpoint.AUTHENTICATE,
                              'apikey',
                              api_token=False,
                              login='******',
                              ssl_verify='verify')
Exemplo n.º 7
0
    def test_replace_policy_passes_down_ssl_verify_parameter(
            self, mock_http_client):
        api = Api(url='http://localhost',
                  login_id='mylogin',
                  api_key='apikey',
                  ssl_verify='ssl_verify')

        def mock_auth():
            return 'apitoken'

        api.authenticate = mock_auth

        api.replace_policy_file('mypolicyname', self.POLICY_FILE)

        policy_data = None
        with open(self.POLICY_FILE, 'r') as content_file:
            policy_data = content_file.read()

        self.verify_http_call(mock_http_client,
                              HttpVerb.PUT,
                              ConjurEndpoint.POLICIES,
                              policy_data,
                              identifier='mypolicyname',
                              ssl_verify='ssl_verify')
Exemplo n.º 8
0
    def test_new_client_shows_warning_when_ssl_verify_is_false(
            self, mock_http_client, logging_warn_func):
        Api(url='http://localhost',
            login_id='mylogin',
            api_key='apikey',
            ssl_verify=False)

        calls = [
            call("************************************************************"
                 ),
            call(
                "'ssl_verify' is False - YOU ARE VULNERABLE TO MITM ATTACKS!"),
            call("************************************************************"
                 ),
        ]
        logging_warn_func.assert_has_calls(calls)
Exemplo n.º 9
0
 def test_authenticate_throws_error_without_api_key_specified(self):
     with self.assertRaises(RuntimeError):
         Api(url='http://localhost', login_id='mylogin').authenticate()
Exemplo n.º 10
0
 def test_if_account_is_empty_throw_an_error(self, mock_http_client):
     empty_values = [ None, "" ]
     for empty_value in empty_values:
         with self.subTest(account=empty_value):
             with self.assertRaises(RuntimeError):
                 api = Api(url='http://localhost', account=empty_value)
Exemplo n.º 11
0
    def test_if_api_token_is_missing_fetch_a_new_one(self, mock_http_client):
        api = Api(url='http://localhost')
        api.authenticate = MagicMock(return_value='mytoken')

        self.assertEquals(api.api_token, 'mytoken')
        api.authenticate.assert_called_once_with()
Exemplo n.º 12
0
    def test_new_client_disables_insecure_warnings_in_urllib_when_sslverify_is_false(self,
            mock_http_client, logging_warn_func, disable_warning_func):
        Api(url='http://localhost', login_id='mylogin', api_key='apikey',
                ssl_verify=False)

        disable_warning_func.assert_called_once_with(urllib3.exceptions.InsecureRequestWarning)
Exemplo n.º 13
0
    def test_login_saves_login_id(self, _):
        api = Api(url='http://localhost')

        api.login('myuser', 'mypass')

        self.assertEquals(api.login_id, 'myuser')
Exemplo n.º 14
0
    if not os.path.exists(token_file):
        sleep(5)
        continue

    with open(token_file, 'r') as f:
        api_token = f.read()
        # if there is no token wait for 5 seconds and run new cycle
        if api_token == '':
            sleep(5)
            continue

    # Small hack
    # We don't use Client here, because it requires login_id and
    # tries to authenticate by itself (what already done by k8s
    # authenticator)
    # Instead, we use the API library directly
    # But it also tries to authenticate by itself, so we put token
    # inside _api_token variable, and renew api_token_expiration time
    # to avoid unnecessary authentication
    client = Api(url=url, account=account, ca_bundle=cert_path)
    client._api_token = api_token
    client.api_token_expiration = datetime.now() + timedelta(
        minutes=client.API_TOKEN_DURATION)

    for secret in secrets:
        value = client.get_variable(secret)
        with open(secrets[secret], 'w') as f:
            f.write(value.decode("utf-8"))
        print("Value %s has written" % secrets[secret])

    sleep(timeout)
Exemplo n.º 15
0
 def test_new_client_delegates_ssl_verify_flag(self, mock_http_client):
     Api(url='http://localhost', ssl_verify=True).login('myuser', 'mypass')
     self.verify_http_call(mock_http_client, HttpVerb.GET, ConjurEndpoint.LOGIN,
                           auth=('myuser', 'mypass'),
                           api_token=False,
                           ssl_verify=True)
Exemplo n.º 16
0
 def test_new_client_throws_error_when_no_url(self):
     with self.assertRaises(Exception):
         Api(login_id='mylogin', api_key='apikey', ssl_verify=False)
Exemplo n.º 17
0
 def test_login_throws_error_when_username_not_provided(self):
     with self.assertRaises(RuntimeError):
         Api(url='http://localhost').login(None, 'mypass')
Exemplo n.º 18
0
 def test_login_invokes_http_client_correctly(self, mock_http_client):
     Api(url='http://localhost').login('myuser', 'mypass')
     self.verify_http_call(mock_http_client, HttpVerb.GET, ConjurEndpoint.LOGIN,
                           auth=('myuser', 'mypass'),
                           api_token=False,
                           ssl_verify=True)
Exemplo n.º 19
0
 def test_login_throws_error_when_password_not_provided(self):
     with self.assertRaises(RuntimeError):
         Api(url='http://localhost').login('myuser', None)