def test_todo_not_found(self, mock_model):
mock_model.get.side_effect = DoesNotExist()
response = handle({'pathParameters': {'todo_id': '1'}}, self.context_mock)
body_json = json.loads(response['body'])
self.assertEquals('NOT_FOUND', body_json['error_code'])
self.assertEquals('TODO was not found', body_json['error_message'])
self.assertEqual(response['statusCode'], 404)
def test_get_latest_credential_revision(mocker):
get = mocker.patch(
'confidant.models.credential.Credential.get'
)
get.side_effect = DoesNotExist()
res = credentialmanager.get_latest_credential_revision('123', 1)
assert res == 2
def execute(self, data):
message = self.repository.get(data['id'], data['user_id'])
if isinstance(message, DoesNotExist):
return DoesNotExist()
res = self.repository.delete(message)
return res
def test_get_when_item_exists(self, model_get_mock, init_mock, appId_mock):
app_id = "test appId"
init_mock.return_value = None
appId_mock.return_value = app_id
model_get_mock.side_effect = DoesNotExist()
JobModel.get(self.config)
model_get_mock.assert_called_once_with(app_id)
init_mock.assert_called_once_with(app_id)
def test_base_update_pynamo_command_raises_404(self):
template = {'table_state': DalConfig.table_state_new, 'kind': 'abcd'}
mock_parent = get_persitence_model_mock(template, template)
mock_parent._get_keys()
mock_parent.db_model.get = MagicMock(
side_effect=DoesNotExist('No Datas'))
command = BaseUpdatePynamoCommand(mock_parent,
post_filter=always_filter_out)
with self.assertRaises(Base404Exception) as err:
command._execute()
self.assertEqual(str(err.exception), 'Model does not exist')
def should_log_warning_if_dataset_does_not_exist(self, datasets_model_mock: MagicMock) -> None:
# given
dataset_id = any_dataset_id()
metadata_url = any_s3_url()
error_message = any_error_message()
datasets_model_mock.return_value.get.side_effect = DoesNotExist(error_message)
payload = {METADATA_URL_KEY: metadata_url, DATASET_ID_SHORT_KEY: dataset_id}
expected_log = dumps({ERROR_KEY: error_message})
with patch.object(self.logger, "warning") as logger_mock:
# when
create_dataset_version(payload)
# then
logger_mock.assert_any_call(expected_log)
def get(self, pk, sk):
res = [e for e in self.model.query(pk, self.model.user_id == sk)]
if len(res) == 0:
return DoesNotExist()
return res[0]
def get_first(items):
items = [i.dict() for i in items]
if not items:
raise DoesNotExist()
return items[0]
def test_revise_credential(mocker, credential, archive_credential):
app = create_app()
mocker.patch('confidant.settings.USE_AUTH', False)
mocker.patch(
'confidant.routes.credentials.authnz.get_logged_in_user',
return_value='*****@*****.**',
)
# Bad ACL check
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=False,
)
ret = app.test_client().put(
'/v1/credentials/123/10',
headers={"Content-Type": 'application/json'},
data='{}',
)
assert ret.status_code == 403
# Credential not found
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=True,
)
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=DoesNotExist(),
)
ret = app.test_client().put(
'/v1/credentials/123/10',
headers={"Content-Type": 'application/json'},
data=json.dumps({
'enabled': 123,
}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 404
assert 'Credential not found.' == json_data['error']
# Revert revision not an archive credential
mocker.patch(
'confidant.routes.credentials.Credential.get',
return_value=credential,
)
mocker.patch(
('confidant.routes.credentials.credentialmanager'
'.get_latest_credential_revision'),
return_value=12,
)
ret = app.test_client().put(
'/v1/credentials/123/10',
headers={"Content-Type": 'application/json'},
data=json.dumps({
'enabled': 123,
}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 400
assert 'id provided is not a credential.' == json_data['error']
# Revert conflicts with another service
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=[credential, archive_credential],
)
mocker.patch(
'confidant.routes.credentials.keymanager.create_datakey',
return_value={
'plaintext': '123',
'ciphertext': '888'
},
)
mocker.patch(
('confidant.routes.credentials.Credential'
'._get_decrypted_credential_pairs'),
return_value={'test': 'me'},
)
mocker.patch(
('confidant.routes.credentials.servicemanager'
'.get_services_for_credential'),
return_value=[],
)
mocker.patch(
('confidant.routes.credentials.servicemanager'
'.pair_key_conflicts_for_services'),
return_value={'123': {
'services': ['service1']
}},
)
ret = app.test_client().put(
'/v1/credentials/123/10',
headers={"Content-Type": 'application/json'},
data=json.dumps({}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 400
assert 'Conflicting key pairs in mapped service.' == json_data['error']
# All good
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=[credential, archive_credential],
)
mocker.patch(
('confidant.routes.credentials.servicemanager'
'.pair_key_conflicts_for_services'),
return_value={},
)
mock_save = mocker.patch('confidant.routes.credentials.Credential.save')
mocker.patch('confidant.routes.credentials.graphite.send_event')
mocker.patch('confidant.routes.credentials.webhook.send_event')
mocker.patch('confidant.routes.credentials.CipherManager.encrypt',
return_value={'foo': 'baz'})
ret = app.test_client().put(
'/v1/credentials/123/10',
headers={"Content-Type": 'application/json'},
data=json.dumps({}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert ['OLD TAG'] == json_data['tags']
assert 'Archive credential' == json_data['name']
assert mock_save.call_count == 2
def test_update_credential(mocker, credential):
credential.last_rotation_date = datetime(2020, 1, 1, tzinfo=pytz.UTC)
app = create_app()
mocker.patch('confidant.settings.USE_AUTH', False)
mocker.patch(
'confidant.routes.credentials.authnz.get_logged_in_user',
return_value='*****@*****.**',
)
# Bad ACL check
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=False,
)
ret = app.test_client().put(
'/v1/credentials/123',
headers={"Content-Type": 'application/json'},
data='{}',
)
assert ret.status_code == 403
# Credential not found
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=True,
)
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=DoesNotExist(),
)
ret = app.test_client().put(
'/v1/credentials/123',
headers={"Content-Type": 'application/json'},
data=json.dumps({
'enabled': 123,
}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 404
assert 'Credential not found.' == json_data['error']
# Bad Request
mocker.patch(
'confidant.routes.credentials.Credential.get',
return_value=credential,
)
mocker.patch(
('confidant.routes.credentials.credentialmanager'
'.get_latest_credential_revision'),
return_value=12,
)
ret = app.test_client().put(
'/v1/credentials/123',
headers={"Content-Type": 'application/json'},
data=json.dumps({
'enabled': 123,
}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 400
assert 'Enabled must be a boolean.' == json_data['error']
# Credential conflicts with another service
mocker.patch(
'confidant.routes.credentials.keymanager.create_datakey',
return_value={
'plaintext': '123',
'ciphertext': '888'
},
)
mocker.patch(
('confidant.routes.credentials.Credential'
'._get_decrypted_credential_pairs'),
return_value={'test': 'me'},
)
mocker.patch(
('confidant.routes.credentials.servicemanager'
'.get_services_for_credential'),
return_value=[],
)
mocker.patch(
('confidant.routes.credentials.servicemanager'
'.pair_key_conflicts_for_services'),
return_value={'123': {
'services': ['service1']
}},
)
ret = app.test_client().put(
'/v1/credentials/123',
headers={"Content-Type": 'application/json'},
data=json.dumps({
'credential_pairs': {
'foo': 'baz'
},
'enabled': True,
}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 400
assert 'Conflicting key pairs in mapped service.' == json_data['error']
# All good
mocker.patch(
('confidant.routes.credentials.servicemanager'
'.pair_key_conflicts_for_services'),
return_value={},
)
mock_save = mocker.patch('confidant.routes.credentials.Credential.save')
mocker.patch('confidant.routes.credentials.graphite.send_event')
mocker.patch('confidant.routes.credentials.webhook.send_event')
mocker.patch('confidant.routes.credentials.CipherManager.encrypt',
return_value={'foo': 'baz'})
ret = app.test_client().put(
'/v1/credentials/123',
headers={"Content-Type": 'application/json'},
data=json.dumps({
'enabled': True,
'credential_pairs': {
'key': 'value'
},
'name': 'shiny new name',
'documentation': 'doc',
'tags': ['NEW SPECIAL TAG', 'DB_AUTH'],
}),
)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert ['NEW SPECIAL TAG', 'DB_AUTH'] == json_data['tags']
assert 'shiny new name' == json_data['name']
assert mock_save.call_count == 2
assert 'last_rotation_date' in json_data
assert 'next_rotation_date' in json_data
def test_diff_credential(mocker, credential):
app = create_app()
mocker.patch('confidant.settings.USE_AUTH', False)
mocker.patch(
'confidant.routes.credentials.authnz.get_logged_in_user',
return_value='*****@*****.**',
)
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=False,
)
ret = app.test_client().get(
'/v1/credentials/1234/1/2',
follow_redirects=False,
)
assert ret.status_code == 403
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=True,
)
mocker.patch(
'confidant.routes.credentials.Credential.get',
return_value=credential,
)
mocker.patch(
('confidant.routes.credentials.Credential'
'._get_decrypted_credential_pairs'),
return_value={'test': 'me'},
)
ret = app.test_client().get(
'/v1/credentials/1234/1/2',
follow_redirects=False,
)
assert ret.status_code == 400
credential.data_type = 'archive-credential'
ret = app.test_client().get(
'/v1/credentials/1234/1/2',
follow_redirects=False,
)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert json_data == {}
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=DoesNotExist(),
)
ret = app.test_client().get(
'/v1/credentials/1234/1/2',
follow_redirects=False,
)
assert ret.status_code == 404
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=[credential, DoesNotExist()],
)
ret = app.test_client().get(
'/v1/credentials/1234/1/2',
follow_redirects=False,
)
assert ret.status_code == 404
def test_get_credential(mocker, credential):
app = create_app()
mocker.patch('confidant.settings.USE_AUTH', False)
mocker.patch('confidant.settings.ENABLE_SAVE_LAST_DECRYPTION_TIME', True)
mocker.patch.object(Credential, 'save', return_value=None)
mocker.patch(
'confidant.routes.credentials.authnz.get_logged_in_user',
return_value='*****@*****.**',
)
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=False,
)
ret = app.test_client().get('/v1/credentials/1234', follow_redirects=False)
assert ret.status_code == 403
def acl_module_check(resource_type, action, resource_id):
if action == 'metadata':
if resource_id == '5678':
return False
else:
return True
elif action == 'get':
if resource_id == '9012':
return False
else:
return True
elif action == 'update':
if resource_id == '3456':
return True
else:
return False
mocker.patch(
'confidant.routes.credentials.acl_module_check',
acl_module_check,
)
mocker.patch(
'confidant.routes.credentials.Credential.get',
return_value=credential,
)
mocker.patch(
('confidant.routes.credentials.Credential'
'._get_decrypted_credential_pairs'),
return_value={'test': 'me'},
)
ret = app.test_client().get('/v1/credentials/1234', follow_redirects=False)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert json_data['permissions']['update'] is False
credential.data_type = 'service'
ret = app.test_client().get('/v1/credentials/1234', follow_redirects=False)
assert ret.status_code == 404
credential.data_type = 'credential'
credential.id = '5678'
ret = app.test_client().get('/v1/credentials/5678', follow_redirects=False)
assert ret.status_code == 403
credential.data_type = 'credential'
credential.id = '9012'
ret = app.test_client().get('/v1/credentials/5678', follow_redirects=False)
assert ret.status_code == 403
# Make sure credential is saved when ENABLE_SAVE_LAST_DECRYPTION_TIME=True
# and metadata_only=False
credential.last_rotation_date = datetime(2020, 1, 1, tzinfo=pytz.UTC)
mock_save = mocker.patch.object(Credential, 'save', return_value=None)
credential.id = '9012'
ret = app.test_client().get('/v1/credentials/3456?metadata_only=false',
follow_redirects=False)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert json_data['permissions']['update'] is True
assert 'next_rotation_date' in json_data
assert mock_save.call_count == 2 # Once for credential, once for archive
# Make sure credential is NOT saved when
# ENABLE_SAVE_LAST_DECRYPTION_TIME=True and metadata_only=True
mock_save = mocker.patch.object(Credential, 'save', return_value=None)
ret = app.test_client().get('/v1/credentials/3456?metadata_only=true',
follow_redirects=False)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert json_data['permissions']['update'] is True
assert mock_save.call_count == 0
# Archive credential not found
# Fail open - still return a 200
mocker.patch('confidant.routes.credentials.Credential.get',
side_effect=[credential, DoesNotExist()])
ret = app.test_client().get('/v1/credentials/3456?metadata_only=false',
follow_redirects=False)
json_data = json.loads(ret.data)
assert ret.status_code == 200
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=DoesNotExist(),
)
ret = app.test_client().get(
'/v1/credentials/1234',
follow_redirects=False,
)
assert ret.status_code == 404
def test_get_latest_service_revision(mocker):
get = mocker.patch('confidant.models.service.Service.get')
get.side_effect = DoesNotExist()
res = servicemanager.get_latest_service_revision('123', 1)
assert res == 2
def test_get_credential(mocker, credential):
app = create_app()
mocker.patch('confidant.settings.USE_AUTH', False)
mocker.patch(
'confidant.routes.credentials.authnz.get_logged_in_user',
return_value='*****@*****.**',
)
mocker.patch(
'confidant.routes.credentials.acl_module_check',
return_value=False,
)
ret = app.test_client().get('/v1/credentials/1234', follow_redirects=False)
assert ret.status_code == 403
def acl_module_check(resource_type, action, resource_id):
if action == 'metadata':
if resource_id == '5678':
return False
else:
return True
elif action == 'get':
if resource_id == '9012':
return False
else:
return True
elif action == 'update':
if resource_id == '3456':
return True
else:
return False
mocker.patch(
'confidant.routes.credentials.acl_module_check',
acl_module_check,
)
mocker.patch(
'confidant.routes.credentials.Credential.get',
return_value=credential,
)
mocker.patch(
('confidant.routes.credentials.Credential'
'._get_decrypted_credential_pairs'),
return_value={'test': 'me'},
)
ret = app.test_client().get('/v1/credentials/1234', follow_redirects=False)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert json_data['permissions']['update'] is False
credential.data_type = 'service'
ret = app.test_client().get('/v1/credentials/1234', follow_redirects=False)
assert ret.status_code == 404
credential.data_type = 'credential'
credential.id = '5678'
ret = app.test_client().get('/v1/credentials/5678', follow_redirects=False)
assert ret.status_code == 403
credential.data_type = 'credential'
credential.id = '9012'
ret = app.test_client().get('/v1/credentials/5678', follow_redirects=False)
assert ret.status_code == 403
credential.id = '9012'
ret = app.test_client().get('/v1/credentials/3456', follow_redirects=False)
json_data = json.loads(ret.data)
assert ret.status_code == 200
assert json_data['permissions']['update'] is True
mocker.patch(
'confidant.routes.credentials.Credential.get',
side_effect=DoesNotExist(),
)
ret = app.test_client().get(
'/v1/credentials/1234',
follow_redirects=False,
)
assert ret.status_code == 404