def test_get_token(self):
"""An identity token can be gotten from a OTPPrincipal.
The token returned is that of the stored credentials, not
the serialized one time password principal.
"""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_get_token(self):
"""An identity token can be gotten from a OTPPrincipal.
The token returned is that of the stored credentials, not
the serialized one time password principal.
"""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
self.assertEqual(principal.get_token(),
make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_serialize(self):
"""The principal can be serialized to just the OTP data."""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
otp_data = principal.serialize()
path, user, password = base64.b64decode(otp_data).split(":")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_serialize(self):
"""The principal can be serialized to just the OTP data."""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
otp_data = principal.serialize()
path, user, password = base64.b64decode(otp_data).split(":")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(principal.get_token(),
make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_consume(self):
"""The OTP serialization can be used to retrievethe actual credentials.
"""
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
otp_data = principal.serialize()
path, _ = base64.b64decode(otp_data).split(":", 1)
acl, stat = yield self.client.get_acl(path)
# Verify that the OTP data is secure
yield self.assertFailure(
self.client.get(path), zookeeper.NoAuthException)
name, password = yield OTPPrincipal.consume(self.client, otp_data)
self.assertEqual(name, "foobar")
self.assertEqual(password, "secret")
children = yield self.client.get_children("/otp")
self.assertFalse(children)
def test_consume(self):
"""The OTP serialization can be used to retrievethe actual credentials.
"""
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
otp_data = principal.serialize()
path, _ = base64.b64decode(otp_data).split(":", 1)
acl, stat = yield self.client.get_acl(path)
# Verify that the OTP data is secure
yield self.assertFailure(self.client.get(path),
zookeeper.NoAuthException)
name, password = yield OTPPrincipal.consume(self.client, otp_data)
self.assertEqual(name, "foobar")
self.assertEqual(password, "secret")
children = yield self.client.get_children("/otp")
self.assertFalse(children)
def test_using_uncreated_raises(self):
"""Principals have names."""
principal = OTPPrincipal(self.client)
try:
principal.name
except RuntimeError:
pass
else:
self.fail("Use of an uncreated OTP principal should raise error.")
def test_create(self):
"""A principal can be used with a client connection."""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
children = yield self.client.get_children("/otp")
self.assertEqual(len(children), 1)
otp_path = "/otp/%s" % (children.pop())
data, stat = yield self.client.get(otp_path)
credentials = yaml.load(data)
self.assertEqual(credentials["name"], "foobar")
self.assertEqual(credentials["password"], "secret")
acl, stat = yield self.client.get_acl(otp_path)
self.assertEqual(len(acl), 2)
def test_create(self):
"""A principal can be used with a client connection."""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
children = yield self.client.get_children("/otp")
self.assertEqual(len(children), 1)
otp_path = "/otp/%s" % (children.pop())
data, stat = yield self.client.get(otp_path)
credentials = yaml.load(data)
self.assertEqual(credentials["name"], "foobar")
self.assertEqual(credentials["password"], "secret")
acl, stat = yield self.client.get_acl(otp_path)
self.assertEqual(len(acl), 2)
def set_otp_test_ace(self, test_ace=ZOO_OPEN_ACL_UNSAFE):
"""Set an additional OTP ACL entry for test cleanup."""
OTPPrincipal.set_additional_otp_ace(test_ace)
self.addCleanup(lambda: OTPPrincipal.set_additional_otp_ace(None))
def set_otp_test_ace(self, test_ace=ZOO_OPEN_ACL_UNSAFE):
"""Set an additional OTP ACL entry for test cleanup."""
OTPPrincipal.set_additional_otp_ace(test_ace)
self.addCleanup(lambda: OTPPrincipal.set_additional_otp_ace(None))
