def test_get_non_existing_trust_domain(): jwt_bundle = JwtBundle(trust_domain_1, authorities) jwt_bundle_set = JwtBundleSet({trust_domain_1: jwt_bundle}) res = jwt_bundle_set.get(trust_domain_2) assert res is None
def test_get(): jwt_bundle = JwtBundle(trust_domain_1, authorities) jwt_bundle_set = JwtBundleSet({trust_domain_1: jwt_bundle}) res = jwt_bundle_set.get(trust_domain_1) assert res == jwt_bundle assert res.trust_domain() == jwt_bundle.trust_domain()
def test_put_bundle_on_empty_set(): jwt_bundle_set = JwtBundleSet({}) assert len(jwt_bundle_set._bundles) == 0 jwt_bundle = JwtBundle(trust_domain_1, authorities) jwt_bundle_set.put(jwt_bundle) assert len(jwt_bundle_set._bundles) == 1 assert list(jwt_bundle_set._bundles.keys())[0].name() == trust_domain_1.name()
def test_put_replace_bundle_for_trust_domain(): jwt_bundle = JwtBundle(trust_domain_1, authorities) jwt_bundle_set = JwtBundleSet({trust_domain_1: jwt_bundle}) assert len(jwt_bundle_set._bundles) == 1 assert jwt_bundle_set._bundles[trust_domain_1] == jwt_bundle new_jwt_bundle = JwtBundle(trust_domain_1, authorities) jwt_bundle_set.put(new_jwt_bundle) assert len(jwt_bundle_set._bundles) == 1 assert jwt_bundle_set._bundles[trust_domain_1] == new_jwt_bundle
def _call_watch_jwt_bundles( self, cancel_handler: CancelHandler, retry_handler: Optional[RetryHandler], on_success: Callable[[JwtBundleSet], None], on_error: Callable[[Exception], None], ) -> None: try: response_iterator = self._spiffe_workload_api_stub.FetchJWTBundles( workload_pb2.JWTBundlesRequest()) # register the cancel function on the cancel handler returned to the user cancel_handler.set_handler(lambda: response_iterator.cancel()) for item in response_iterator: jwt_bundles = self._create_td_jwt_bundle_dict(item) if retry_handler: retry_handler.reset() on_success(JwtBundleSet(jwt_bundles)) except grpc.RpcError as rpc_error: if isinstance(rpc_error, grpc.Call): on_error(FetchJwtBundleError(str(rpc_error.details()))) if retry_handler and rpc_error.code( ) not in _NON_RETRYABLE_CODES: retry_handler.do_retry( self._call_watch_jwt_bundles, [cancel_handler, retry_handler, on_success, on_error], ) else: on_error( FetchJwtBundleError( 'Cannot process response from Workload API')) except Exception as error: on_error(FetchJwtBundleError(str(error)))
def test_create_jwt_bundle_set(): jwt_bundle_1 = JwtBundle(trust_domain_1, authorities) jwt_bundle_2 = JwtBundle(trust_domain_2, authorities) fake_bundles = {trust_domain_1: jwt_bundle_1, trust_domain_2: jwt_bundle_2} jwt_bundle_set = JwtBundleSet(fake_bundles) # check that the bundle was copied assert jwt_bundle_set._bundles is not fake_bundles assert len(jwt_bundle_set._bundles) == len(fake_bundles.keys()) assert list(jwt_bundle_set._bundles.keys())[0].name() == trust_domain_1.name() assert jwt_bundle_set._bundles[trust_domain_1] == jwt_bundle_1 assert list(jwt_bundle_set._bundles.keys())[1].name() == trust_domain_2.name() assert jwt_bundle_set._bundles[trust_domain_2] == jwt_bundle_2
def fetch_jwt_bundles(self) -> JwtBundleSet: """Fetches the JWT bundles for JWT-SVID validation, keyed by trust domain. Returns: JwtBundleSet: Set of JwtBundle objects. Raises: FetchJwtBundleError: In case there is an error in fetching the JWT-Bundle from the Workload API or in case the set of jwt_authorities cannot be parsed from the Workload API Response. """ responses = self._spiffe_workload_api_stub.FetchJWTBundles( workload_pb2.JWTBundlesRequest(), timeout=10) res = next(responses) jwt_bundles: Dict[TrustDomain, JwtBundle] = self._create_td_jwt_bundle_dict(res) if not jwt_bundles: raise FetchJwtBundleError('JWT Bundles response is empty') return JwtBundleSet(jwt_bundles)
def test_create_jwt_bundle_set_no_bundle(): jwt_bundle_set = JwtBundleSet(None) assert isinstance(jwt_bundle_set._bundles, dict) assert len(jwt_bundle_set._bundles) == 0
def test_get_empty_set(): jwt_bundle_set = JwtBundleSet({}) res = jwt_bundle_set.get(trust_domain_1) assert res is None