def test_verify_false_invoke_endpoint_and_passes_false(self):
with patch('conjur_api.Client.login',
return_value=MockClientResponse()) as mock_endpoint:
ssl_verification_metadata = SslVerificationMetadata(
SslVerificationMode.TRUST_STORE)
LoginLogic.get_api_key(ssl_verification_metadata,
MockCredentialsData, 'somepass',
MockConjurrc)
def get_ssl_verification_meta_data_from_cli_params(
ca_path, is_self_signed, ssl_verify) -> SslVerificationMetadata:
"""
Create SslVerificationMetadata according to input
@param ca_path:
@param is_self_signed:
@param ssl_verify:
@return: SslVerificationMetadata
"""
if ca_path:
return SslVerificationMetadata(SslVerificationMode.CA_BUNDLE, ca_path)
if is_self_signed:
return SslVerificationMetadata(SslVerificationMode.SELF_SIGN,
DEFAULT_CERTIFICATE_FILE)
if not ssl_verify:
return SslVerificationMetadata(SslVerificationMode.INSECURE)
return SslVerificationMetadata(SslVerificationMode.TRUST_STORE)
def get_ssl_verification_meta_data_from_conjurrc(
ssl_verify: bool,
conjur_data: ConjurrcData = None) -> SslVerificationMetadata:
"""
Determine SslVerificationMetaData from conjurrc file
"""
if not conjur_data:
conjur_data = ConjurrcData.load_from_file()
cert_path = conjur_data.cert_file
if not ssl_verify:
return SslVerificationMetadata(SslVerificationMode.INSECURE)
if not cert_path:
return SslVerificationMetadata(SslVerificationMode.TRUST_STORE)
if cert_path and cert_path != DEFAULT_CERTIFICATE_FILE:
return SslVerificationMetadata(SslVerificationMode.CA_BUNDLE,
cert_path)
return SslVerificationMetadata(SslVerificationMode.SELF_SIGN, cert_path)
def test_return_enpoint_text(self, mock_invoke_endpoint):
mock_credential_store = FileCredentialsProvider
mock_login_logic = LoginLogic(mock_credential_store)
ssl_verification_metadata = SslVerificationMetadata(
SslVerificationMode.SELF_SIGN, MockConjurrc.cert_file)
ret = mock_login_logic.get_api_key(ssl_verification_metadata,
MockCredentialsData, 'somepass',
MockConjurrc)
self.assertEquals(ret.text, mock_invoke_endpoint.return_value.text)
def test_init_constructor(self):
mock_conjurrc_data = None
mock_init_logic = None
mock_force = False
mock_ssl_verification_data = SslVerificationMetadata(
SslVerificationMode.INSECURE)
InitController(mock_conjurrc_data, mock_init_logic, mock_force,
mock_ssl_verification_data)
assert InitController.conjurrc_data == mock_conjurrc_data
assert InitController.init_logic == mock_init_logic
assert InitController.force_overwrite == mock_force
def test_raise_CertificateVerificationException_on_HttpSslError(self):
with self.assertRaises(CertificateVerificationException):
with patch('conjur_api.Client.login',
side_effect=HttpSslError) as mock:
mock_credential_store = FileCredentialsProvider()
mock_login_logic = LoginLogic(mock_credential_store)
ssl_verification_metadata = SslVerificationMetadata(
SslVerificationMode.TRUST_STORE)
mock_login_logic.get_api_key(ssl_verification_metadata,
MockCredentialsData, 'somepass',
ConjurrcData())
def test_user_supplied_certificate_returns_none(self, mock_input):
cert_file = "/some/path/somepem.pem"
self.conjurrc_data.cert_file = cert_file
ssl_verification_data = SslVerificationMetadata(
SslVerificationMode.CA_BUNDLE, cert_file)
init_controller = InitController(self.conjurrc_data, self.init_logic,
self.force_overwrite,
ssl_verification_data)
fetched_certificate = init_controller._get_server_certificate(
MOCK_FORMATTED_URL)
assert self.conjurrc_data.cert_file == "/some/path/somepem.pem"
self.assertEquals(fetched_certificate, None)
class InitControllerTest(unittest.TestCase):
capture_stream = io.StringIO()
conjurrc_data = ConjurrcData()
ssl_service = SSLClient
init_logic = InitLogic(ssl_service)
force_overwrite = False
ssl_verification_metadata = SslVerificationMetadata(
SslVerificationMode.TRUST_STORE)
def test_init_constructor(self):
mock_conjurrc_data = None
mock_init_logic = None
mock_force = False
mock_ssl_verification_data = SslVerificationMetadata(
SslVerificationMode.INSECURE)
InitController(mock_conjurrc_data, mock_init_logic, mock_force,
mock_ssl_verification_data)
assert InitController.conjurrc_data == mock_conjurrc_data
assert InitController.init_logic == mock_init_logic
assert InitController.force_overwrite == mock_force
'''
When user does not supply an account a Runtime error should be raised
'''
@patch('builtins.input', return_value='')
@patch('conjur.logic.init_logic')
def test_init_without_host_raises_error(self, mock_init_logic, mock_input):
mock_init_logic.fetch_account_from_server = MagicMock(
side_effect=HttpStatusError(status=401))
mock_conjurrc_data = ConjurrcData()
with self.assertRaises(MissingRequiredParameterException):
mock_conjurrc_data.conjur_url = 'https://someurl'
mock_init_controller = InitController(
mock_conjurrc_data, mock_init_logic, False,
self.ssl_verification_metadata)
mock_init_controller._get_account_info_if_not_exist()
@patch('builtins.input', return_value='someaccount')
@patch('conjur.logic.init_logic')
def test_init_host_is_added_to_conjurrc_object(self, mock_init_logic,
mock_input):
mock_init_logic.fetch_account_from_server = MagicMock(
side_effect=HttpStatusError(status=401))
mock_conjurrc_data = ConjurrcData()
mock_conjurrc_data.conjur_url = "https://someaccount"
mock_init_controller = InitController(mock_conjurrc_data,
mock_init_logic, False,
self.ssl_verification_metadata)
mock_init_controller._get_account_info_if_not_exist()
self.assertEquals(mock_conjurrc_data.conjur_account, 'someaccount')
'''
When user does not trust the certificate, an exception will be raised
'''
@patch('builtins.input', side_effect=['no'])
def test_init_not_trusting_cert_raises_error(self, mock_input):
self.conjurrc_data.conjur_url = 'https://someurl'
ctx = SSL.Context(method=SSL.TLSv1_2_METHOD)
sock = OpenSSL.SSL.Connection(ctx)
self.init_logic.connect = MagicMock(return_value=sock)
self.init_logic.get_certificate = MagicMock(
return_value=["12:AB", "somecertchain"])
with self.assertRaises(CertificateNotTrustedException):
init_controller = InitController(self.conjurrc_data,
self.init_logic,
self.force_overwrite,
self.ssl_verification_metadata)
init_controller._get_server_certificate(MOCK_FORMATTED_URL)
'''
When user trusts the certificate, the certificate should be returned
'''
@patch('builtins.input', side_effect=['yes'])
def test_init_user_trusts_cert_returns_cert(self, mock_input):
mock_certificate = "cert"
self.conjurrc_data.conjur_url = "https://someurl"
self.init_logic.get_certificate = MagicMock(
return_value=["12:AB", mock_certificate])
init_controller = InitController(self.conjurrc_data, self.init_logic,
self.force_overwrite,
self.ssl_verification_metadata)
fetched_certificate = init_controller._get_server_certificate(
MOCK_FORMATTED_URL)
self.assertEquals(fetched_certificate, mock_certificate)
@patch('builtins.input', side_effect=['http://someurl'])
def test_user_supplied_certificate_returns_none(self, mock_input):
cert_file = "/some/path/somepem.pem"
self.conjurrc_data.cert_file = cert_file
ssl_verification_data = SslVerificationMetadata(
SslVerificationMode.CA_BUNDLE, cert_file)
init_controller = InitController(self.conjurrc_data, self.init_logic,
self.force_overwrite,
ssl_verification_data)
fetched_certificate = init_controller._get_server_certificate(
MOCK_FORMATTED_URL)
assert self.conjurrc_data.cert_file == "/some/path/somepem.pem"
self.assertEquals(fetched_certificate, None)
@patch('conjur.logic.init_logic')
def test_user_supplies_cert_writes_to_file_not_called(
self, mock_init_logic):
InitController._write_certificate(self, "https://some/cert/path")
mock_init_logic.write_certificate_to_file.assert_not_called()
'''
Validates that when the user wants to overwrite the certificate file,
We attempt to write the certificate twice (initial attempt
and user after confirmation)
'''
# The certificate file exists and the CLI prompts
# if the user wants to overwrite
@patch('conjur.logic.init_logic')
@patch('builtins.input', return_value='yes')
def test_user_confirms_force_overwrites_writes_cert_to_file(
self, mock_input, mock_init_logic):
with redirect_stdout(self.capture_stream):
self.conjurrc_data.conjur_url = "https://someurl"
init_controller = InitController(self.conjurrc_data,
mock_init_logic, False,
self.ssl_verification_metadata)
# Mock that a certificate file already exists
mock_init_logic.write_certificate_to_file.return_value = False
init_controller._write_certificate('some_cert')
self.assertRegex(self.capture_stream.getvalue(),
"Certificate written to")
mock_init_logic.write_certificate_to_file.assert_called_with(
'some_cert', '/root/conjur-server.pem', True)
self.assertEquals(mock_init_logic.write_certificate_to_file.call_count,
2)
'''
Validates that when the user wants to overwrite the conjurrc file,
We attempt to write the conjurrc twice (initial attempt
and user after confirmation)
'''
# The conjurrc file exists and the CLI prompts
# if the user wants to overwrite
@patch('conjur.logic.init_logic')
@patch('builtins.input', return_value='yes')
def test_user_confirms_force_overwrites_writes_conjurrc_to_file(
self, mock_input, mock_init_logic):
with redirect_stdout(self.capture_stream):
self.conjurrc_data.conjur_url = "https://someurl"
init_controller = InitController(self.conjurrc_data,
mock_init_logic, False,
self.ssl_verification_metadata)
# Mock that a conjurrc file already exists
mock_init_logic.write_conjurrc.return_value = False
init_controller.write_conjurrc()
self.assertRegex(self.capture_stream.getvalue(),
"Configuration written to")
mock_init_logic.write_conjurrc.assert_called_with(
'/root/.conjurrc', self.conjurrc_data, True)
self.assertEquals(mock_init_logic.write_conjurrc.call_count, 2)
@patch('builtins.input', return_value='')
def test_user_does_not_input_url_raises_error(self, mock_input):
mock_conjurrc_data = ConjurrcData(conjur_url=None)
with self.assertRaises(InvalidURLFormatException) as context:
init_controller = InitController(mock_conjurrc_data,
self.init_logic,
self.force_overwrite,
self.ssl_verification_metadata)
init_controller._prompt_for_conjur_url()
self.assertRegex(str(context.exception), 'Error: URL is required')
@patch('builtins.input', return_value=MockConjurrcData.conjur_url)
def test_user_does_not_input_https_will_raises_error(self, mock_input):
mock_conjurrc_data = ConjurrcData(conjur_url='somehost')
with self.assertRaises(InvalidURLFormatException) as context:
init_controller = InitController(mock_conjurrc_data,
self.init_logic,
self.force_overwrite,
self.ssl_verification_metadata)
init_controller._validate_conjur_url(MOCK_FORMATTED_URL)
self.assertRegex(str(context.exception), 'Error: undefined behavior')
@patch('builtins.input', return_value='no')
def test_user_does_not_overwrite_raises_error(self, mock_input):
init_controller = InitController(ConjurrcData, InitLogic, False,
self.ssl_verification_metadata)
with self.assertRaises(Exception):
init_controller.ensure_overwrite_file('someconfig')
@patch('conjur.logic.init_logic')
def test_user_raises_certificate_hostname_mismatch_error(
self, mock_init_logic):
mock_init_logic.fetch_account_from_server = MagicMock(
side_effect=CertificateHostnameMismatchException)
init_controller = InitController(ConjurrcData(account=None),
mock_init_logic, False,
self.ssl_verification_metadata)
with self.assertRaises(CertificateHostnameMismatchException):
init_controller._get_account_info_if_not_exist()
def test_login_controller_constructor_with_ssl_verify_false_calls_warning_message(
self):
mock_ssl_verify = SslVerificationMetadata(SslVerificationMode.INSECURE)
util_functions.get_insecure_warning_in_debug = MagicMock()
LoginController(mock_ssl_verify, None, None, None)
util_functions.get_insecure_warning_in_debug.assert_called_once()
class LoginControllerTest(unittest.TestCase):
mock_ssl_verify = SslVerificationMetadata(SslVerificationMode.SELF_SIGN,
'path/to/cert')
def test_login_controller_constructor(self):
mock_user_password = None
mock_credential_data = None
mock_login_logic = None
mock_login_controller = LoginController(self.mock_ssl_verify,
mock_user_password,
mock_credential_data,
mock_login_logic)
self.assertEquals(mock_login_controller.user_password,
mock_user_password)
self.assertEquals(mock_login_controller.credential_data,
mock_credential_data)
self.assertEquals(mock_login_controller.login_logic, mock_login_logic)
def test_login_controller_constructor_with_ssl_verify_false_calls_warning_message(
self):
mock_ssl_verify = SslVerificationMetadata(SslVerificationMode.INSECURE)
util_functions.get_insecure_warning_in_debug = MagicMock()
LoginController(mock_ssl_verify, None, None, None)
util_functions.get_insecure_warning_in_debug.assert_called_once()
def test_login_load_calls_all_functions_correctly(self):
mock_credential_data = CredentialsData
mock_login_logic = LoginLogic
mock_login_controller = LoginController(self.mock_ssl_verify,
'someuserpass',
mock_credential_data,
mock_login_logic)
mock_login_controller.get_username = MagicMock()
mock_login_controller.get_password = MagicMock()
mock_login_controller.get_api_key = MagicMock()
mock_login_controller.load_conjurrc_data = MagicMock()
mock_login_logic.save = MagicMock()
mock_login_controller.load()
mock_login_controller.get_username.assert_called_once()
mock_login_controller.get_password.assert_called_once()
mock_login_logic.save.assert_called_once_with(mock_credential_data)
@patch('builtins.input', return_value='')
def test_login_raises_error_when_not_provided_username(self, mock_input):
mock_credential_data = CredentialsData('somemachine', None, 'somepass')
mock_login_controller = LoginController(self.mock_ssl_verify,
'someuserpass',
mock_credential_data,
LoginLogic)
with self.assertRaises(MissingRequiredParameterException):
mock_login_controller.get_username()
@patch('getpass.getpass', side_effect=['', 'somepass'])
def test_login_user_does_not_provide_password_prompts_for_one(
self, mock_input):
mock_credential_data = CredentialsData('somemachine', None, 'somepass')
mock_login_controller = LoginController(self.mock_ssl_verify, None,
mock_credential_data,
LoginLogic)
mock_login_controller.get_password()
@patch('conjur.data_object.conjurrc_data.ConjurrcData.load_from_file',
return_value=MockConjurrc)
def test_login_conjurrc_is_loaded(self, mock_conjurrc_data):
mock_login_controller = LoginController(self.mock_ssl_verify, None,
MockCredentialsData,
LoginLogic)
self.assertEquals(MockConjurrc,
mock_login_controller.load_conjurrc_data())
def test_login_get_api_key_is_called(self):
with patch('conjur.logic.login_logic') as mock_logic:
mock_logic.get_api_key = MagicMock()
mock_login_controller = LoginController(self.mock_ssl_verify, None,
MockCredentialsData,
mock_logic)
mock_login_controller.user_password = '******'
mock_login_controller.get_api_key(MockConjurrc)
mock_logic.get_api_key.assert_called_once_with(
mock_login_controller.ssl_verification_metadata,
MockCredentialsData, mock_login_controller.user_password,
MockConjurrc)
@patch('conjur.logic.login_logic')
def test_login_get_api_can_raise_operation_invalid_operation_exception(
self, mock_logic):
mock_logic.get_api_key = MagicMock(
side_effect=CertificateVerificationException)
mock_login_controller = LoginController(self.mock_ssl_verify, None,
MockCredentialsData,
mock_logic)
with self.assertRaises(CertificateVerificationException):
mock_login_controller.get_api_key('someconjurrc')
def test_login_raises_error_when_error_occurred_while_getting_api_key(
self):
mock_response = MagicMock()
mock_response.status_code = 401
with patch('conjur.logic.login_logic') as mock_logic:
mock_logic.get_api_key = MagicMock(side_effect=HttpError(
response=mock_response))
mock_login_controller = LoginController(self.mock_ssl_verify, None,
MockCredentialsData,
mock_logic)
with self.assertRaises(HttpError):
mock_login_controller.get_api_key(MockCredentialsData)