def test_token_authentication(self):
auth_header = SecurityTestBase.create_auth_header(
username='******', password='******')
client = self.create_client(headers=auth_header)
token = client.tokens.get()
client = self.create_client(
headers=SecurityTestBase.create_auth_header(token=token.value))
client.blueprints.list()
def test_bypass_and_incorrect_password(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT)
client.blueprints.list()
def test_bypass_not_bypass_port_and_correct_credentials(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client,
self.NOT_BYPASS_PORT)
client.blueprints.list()
def test_bypass_and_incorrect_password(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT)
client.blueprints.list()
def test_token_authentication(self):
auth_header = SecurityTestBase.create_auth_header(
username='******', password='******')
client = self.create_client(headers=auth_header)
token = client.tokens.get()
client = self.create_client(headers=SecurityTestBase.
create_auth_header(token=token.value))
client.blueprints.list()
def test_manager_access(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
# deployment_managers should be able to do deploy and un-deploy
# to list blueprints, deployment and executions
# deployment_manager should not be able to assign roles
client.deployments.list()
def test_viewer_access(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
# viewers should be able to do viewer all resources but not create
# or delete resources
client.deployments.list()
self.assertRaises(UserUnauthorizedError, client.blueprints.delete,
'dummy_blueprint_id')
def test_password_auth_success_log(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
client.deployments.list()
expected_text = '[INFO] [flask-securest] user "alice" authenticated ' \
'successfully'
self.assert_log_contains(expected_text)
expected_text = 'authentication provider: password'
self.assert_log_contains(expected_text)
def test_bypass_not_bypass_port_and_nonexisting_user(self):
client = self.create_client(SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client,
self.NOT_BYPASS_PORT)
try:
client.blueprints.list()
self.fail('Call to blueprints list was successful despite using'
'nonexisting user and not using the bypass port')
except CloudifyClientError, e:
self.assertEquals(401, e.status_code)
def test_bypass_not_bypass_port_and_nonexisting_user(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.NOT_BYPASS_PORT)
try:
client.blueprints.list()
self.fail('Call to blueprints list was successful despite using'
'nonexisting user and not using the bypass port')
except CloudifyClientError, e:
self.assertEquals(401, e.status_code)
def test_bypass_not_bypass_port_and_incorrect_password(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client,
self.NOT_BYPASS_PORT)
try:
client.blueprints.list()
self.fail('Call to blueprints list was successful despite using'
'incorrect password and not using the bypass port')
except CloudifyClientError, e:
self.assertEquals(401, e.status_code)
def test_wrong_password_auth_failure_log(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self.assertRaises(CloudifyClientError, client.deployments.list)
self.assert_log_contains('[ERROR] [flask-securest] User unauthorized')
expected_text = 'all authentication methods failed:' \
'\npassword authenticator: authentication of user' \
' "alice" failed' \
'\ntoken authenticator: Request authentication ' \
'header "Authentication-Token" is empty or missing'
self.assert_log_contains(expected_text)
def test_wrong_credentials(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_bypass_and_nonexisting_user(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT)
client.blueprints.list()
def test_bypass_not_bypass_port_and_correct_credentials(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.NOT_BYPASS_PORT)
client.blueprints.list()
def test_missing_user(self):
auth_header = SecurityTestBase.create_auth_header(
username=None, password='******')
client = self.create_client(auth_header)
self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_secured_client(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
client.deployments.list()
def test_secured_manager_blueprints_upload(self):
auth_header = SecurityTestBase.create_auth_header(
username='******', password='******')
client = self.create_client(headers=auth_header)
client.blueprints.upload(self.get_mock_blueprint_path(), 'bp-id')
def test_bypass_and_correct_credentials(self):
client = self.create_client(SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT)
client.blueprints.list()
def _get_client_by_password(self, username, password):
auth_header = SecurityTestBase.create_auth_header(username=username,
password=password)
return self.create_client(headers=auth_header)
def test_token_authentication(self):
client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******"))
token = client.tokens.get()
client = self.create_client(headers=SecurityTestBase.create_auth_header(token=token.value))
client.blueprints.list()
def test_wrong_credentials(self):
client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******"))
self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_bypass_and_nonexisting_user(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
self._modify_client_to_pass_bypass_header(client, self.BYPASS_PORT)
client.blueprints.list()
def test_secured_client(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(
username='******', password='******'))
client.deployments.list()
def test_secured_client(self):
client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******"))
client.deployments.list()
def test_missing_credentials(self):
client = self.create_client(
headers=SecurityTestBase.create_auth_header(username=None,
password=None))
self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_missing_password(self):
client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password=None))
self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_missing_password(self):
auth_header = SecurityTestBase.create_auth_header(username='******',
password=None)
client = self.create_client(headers=auth_header)
self.assertRaises(UserUnauthorizedError, client.deployments.list)
def test_secured_manager_blueprints_upload(self):
client = self.create_client(headers=SecurityTestBase.create_auth_header(username="******", password="******"))
client.blueprints.upload(self.get_mock_blueprint_path(), "bp-id")
def test_secured_manager_blueprints_upload(self):
auth_header = SecurityTestBase.create_auth_header(
username='******', password='******')
client = self.create_client(headers=auth_header)
client.blueprints.upload(self.get_mock_blueprint_path(), 'bp-id')
def _get_client_by_token(self, token):
token_header = SecurityTestBase.create_auth_header(token=token)
return self.create_client(headers=token_header)
def _create_secured_client(self):
auth_header = SecurityTestBase.create_auth_header(username="******", password="******")
client = self.create_client(headers=auth_header)
return client
