def test_get_non_existing_trust_domain():
jwt_bundle = JwtBundle(trust_domain_1, authorities)
jwt_bundle_set = JwtBundleSet({trust_domain_1: jwt_bundle})
res = jwt_bundle_set.get(trust_domain_2)
assert res is None
def test_get():
jwt_bundle = JwtBundle(trust_domain_1, authorities)
jwt_bundle_set = JwtBundleSet({trust_domain_1: jwt_bundle})
res = jwt_bundle_set.get(trust_domain_1)
assert res == jwt_bundle
assert res.trust_domain() == jwt_bundle.trust_domain()
def test_put_bundle_on_empty_set():
jwt_bundle_set = JwtBundleSet({})
assert len(jwt_bundle_set._bundles) == 0
jwt_bundle = JwtBundle(trust_domain_1, authorities)
jwt_bundle_set.put(jwt_bundle)
assert len(jwt_bundle_set._bundles) == 1
assert list(jwt_bundle_set._bundles.keys())[0].name() == trust_domain_1.name()
def test_put_replace_bundle_for_trust_domain():
jwt_bundle = JwtBundle(trust_domain_1, authorities)
jwt_bundle_set = JwtBundleSet({trust_domain_1: jwt_bundle})
assert len(jwt_bundle_set._bundles) == 1
assert jwt_bundle_set._bundles[trust_domain_1] == jwt_bundle
new_jwt_bundle = JwtBundle(trust_domain_1, authorities)
jwt_bundle_set.put(new_jwt_bundle)
assert len(jwt_bundle_set._bundles) == 1
assert jwt_bundle_set._bundles[trust_domain_1] == new_jwt_bundle
def _call_watch_jwt_bundles(
self,
cancel_handler: CancelHandler,
retry_handler: Optional[RetryHandler],
on_success: Callable[[JwtBundleSet], None],
on_error: Callable[[Exception], None],
) -> None:
try:
response_iterator = self._spiffe_workload_api_stub.FetchJWTBundles(
workload_pb2.JWTBundlesRequest())
# register the cancel function on the cancel handler returned to the user
cancel_handler.set_handler(lambda: response_iterator.cancel())
for item in response_iterator:
jwt_bundles = self._create_td_jwt_bundle_dict(item)
if retry_handler:
retry_handler.reset()
on_success(JwtBundleSet(jwt_bundles))
except grpc.RpcError as rpc_error:
if isinstance(rpc_error, grpc.Call):
on_error(FetchJwtBundleError(str(rpc_error.details())))
if retry_handler and rpc_error.code(
) not in _NON_RETRYABLE_CODES:
retry_handler.do_retry(
self._call_watch_jwt_bundles,
[cancel_handler, retry_handler, on_success, on_error],
)
else:
on_error(
FetchJwtBundleError(
'Cannot process response from Workload API'))
except Exception as error:
on_error(FetchJwtBundleError(str(error)))
def test_create_jwt_bundle_set():
jwt_bundle_1 = JwtBundle(trust_domain_1, authorities)
jwt_bundle_2 = JwtBundle(trust_domain_2, authorities)
fake_bundles = {trust_domain_1: jwt_bundle_1, trust_domain_2: jwt_bundle_2}
jwt_bundle_set = JwtBundleSet(fake_bundles)
# check that the bundle was copied
assert jwt_bundle_set._bundles is not fake_bundles
assert len(jwt_bundle_set._bundles) == len(fake_bundles.keys())
assert list(jwt_bundle_set._bundles.keys())[0].name() == trust_domain_1.name()
assert jwt_bundle_set._bundles[trust_domain_1] == jwt_bundle_1
assert list(jwt_bundle_set._bundles.keys())[1].name() == trust_domain_2.name()
assert jwt_bundle_set._bundles[trust_domain_2] == jwt_bundle_2
def fetch_jwt_bundles(self) -> JwtBundleSet:
"""Fetches the JWT bundles for JWT-SVID validation, keyed by trust domain.
Returns:
JwtBundleSet: Set of JwtBundle objects.
Raises:
FetchJwtBundleError: In case there is an error in fetching the JWT-Bundle from the Workload API or
in case the set of jwt_authorities cannot be parsed from the Workload API Response.
"""
responses = self._spiffe_workload_api_stub.FetchJWTBundles(
workload_pb2.JWTBundlesRequest(), timeout=10)
res = next(responses)
jwt_bundles: Dict[TrustDomain,
JwtBundle] = self._create_td_jwt_bundle_dict(res)
if not jwt_bundles:
raise FetchJwtBundleError('JWT Bundles response is empty')
return JwtBundleSet(jwt_bundles)
def test_create_jwt_bundle_set_no_bundle():
jwt_bundle_set = JwtBundleSet(None)
assert isinstance(jwt_bundle_set._bundles, dict)
assert len(jwt_bundle_set._bundles) == 0
def test_get_empty_set():
jwt_bundle_set = JwtBundleSet({})
res = jwt_bundle_set.get(trust_domain_1)
assert res is None
