def test_authorize_fs_no_auth_header(self):
os.environ[MLP_MLSERVICE_NAME] = 'test_fs_name'
data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]}
resp = self.app.get('/fs', data=data)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('No auth header given', b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_authorize_invalid_xs_app_name(self):
headers = {'Authorization': xs_token}
data = {'scopes': 'read,write', 'xs_app_name': 'invalid-xs-app-name'}
resp = self.app.get('/authorize', headers=headers, data=data)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('Invalid scope', b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_authorize_fs_invalid_fs_name(self):
os.environ[MLP_MLSERVICE_NAME] = 'invalid_test_fs_name'
headers = {'Authorization': fs_token}
data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]}
resp = self.app.get('/fs', headers=headers, data=data)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('Invalid scope', b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_authorize_svc_no_global_tenant_name(self):
os.environ[CLEA_UAA_USE_GLOBAL_TENANT] = 'true'
headers = {
'tenantName': 'mlptestclient',
'Authorization': token_expired_in_2085
}
resp = self.app.get('/svc', headers=headers)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('No globalTenantName header given', b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_authorize_success_with_default_xsappname(self):
headers = {'Authorization': xs_token}
resp = self.app.get('/authorize',
headers=headers,
data={'scopes': 'read,write'})
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_authorize_success(self):
headers = {'Authorization': xs_token}
resp = self.app.get('/authorize',
headers=headers,
data=self._valid_data)
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_authorize_fs_success(self):
os.environ[MLP_MLSERVICE_NAME] = 'test_fs_name'
headers = {'Authorization': fs_token}
data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]}
resp = self.app.get('/fs', headers=headers, data=data)
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_raise_SecurityError_if_scopes_are_invalid(self):
headers = {'Authorization': xs_token}
data = {'scopes': 'invalid', 'xs_app_name': 'myxsappname!b53'}
resp = self.app.get('/authorize', headers=headers, data=data)
self.assertIn(
"Unable to authorize the request.\nError code 401: Invalid scope: ['myxsappname!b53.invalid']",
b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_authorize_success_with_default_scopes(self):
headers = {'Authorization': xs_token}
# no scopes passed in. use default scopes defined in the ML services
resp = self.app.get('/authorize',
headers=headers,
data={'xs_app_name': 'myxsappname!b53'})
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_authorize_svc_success(self):
headers = {
'tenantName': 'mlptestclient',
'Authorization': token_expired_in_2085
}
resp = self.app.get('/svc', headers=headers)
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_authorize_bs_success_use_default_bs_name_if_not_specified(self):
os.environ[MLP_MLSERVICE_NAME] = 'test_bs_name'
os.environ[MLP_UAA_BASE_URL] = 'https://some-token-retrieval-url.com'
headers = {'Authorization': bs_token}
data = {'training_name': 'train'}
resp = self.app.get('/bs', headers=headers, data=data)
self.assertIn('Bearer some_token', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_authorize_fs_success_MLP_UAA_NEW_TOKEN_CLIENT_SECRET_is_not_mandatory_for_fs(
self):
del os.environ[MLP_UAA_NEW_TOKEN_CLIENT_SECRET]
os.environ[MLP_MLSERVICE_NAME] = 'test_fs_name'
headers = {'Authorization': fs_token}
data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]}
resp = self.app.get('/fs', headers=headers, data=data)
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_raise_SecurityError_if_MLP_UAA_BASE_URL_not_set(self):
del os.environ[MLP_UAA_BASE_URL]
headers = {'Authorization': fs_token}
data = {'fs_name': os.environ[MLP_MLSERVICE_NAME]}
resp = self.app.get('/fs', headers=headers, data=data)
self.assertIn(
'MLP_UAA_BASE_URL is not found in environment to work with XSUAA',
b2s(resp.data))
self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_MLP_UAA_NEW_TOKEN_CLIENT_ID_not_set(self):
del os.environ[MLP_UAA_NEW_TOKEN_CLIENT_ID]
headers = {'Authorization': bs_token}
data = {'training_name': 'train'}
resp = self.app.get('/bs', headers=headers, data=data)
self.assertIn(
'MLP_UAA_NEW_TOKEN_CLIENT_ID is not found in environment to work with XSUAA.',
b2s(resp.data))
self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_MLP_MLSERVICE_NAME_not_set(self):
del os.environ[MLP_MLSERVICE_NAME]
os.environ[MLP_UAA_BASE_URL] = 'https://some-token-retrieval-url.com'
headers = {'Authorization': bs_token}
data = {'training_name': 'train'}
resp = self.app.get('/bs', headers=headers, data=data)
self.assertIn(
'MLP_MLSERVICE_NAME is not found in environment to work with XSUAA',
b2s(resp.data))
self.assertEqual(500, resp.status_code)
def test_authorize_svc_success_with_global_tenant_name(self):
os.environ[CLEA_UAA_USE_GLOBAL_TENANT] = 'true'
headers = {
'tenantName': 'mlptestclient',
'globalTenantName': 'mlptestclient',
'Authorization': token_expired_in_2085
}
resp = self.app.get('/svc', headers=headers)
self.assertIn('authorized!', b2s(resp.data))
self.assertEqual(200, resp.status_code)
def test_raise_SecurityError_if_API_is_CF_UAA_URL_is_not_configured(self):
del os.environ[CLEA_UAA_SERVER_BASE_URL]
headers = {
'tenantName': 'mlptestclient',
'Authorization': token_expired_in_2085
}
resp = self.app.get('/svc', headers=headers)
self.assertIn(
'CLEA_UAA_SERVER_BASE_URL is not found in environment to work with CFUAA',
b2s(resp.data))
self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_API_is_configured_to_use_XS_UAA(self):
os.environ[MLP_USE_XSUAA] = 'true'
headers = {
'tenantName': 'mlptestclient',
'Authorization': token_expired_in_2085
}
resp = self.app.get('/svc', headers=headers)
self.assertIn(
'Application is expected to configure for CFUAA but configured for XSUAA',
b2s(resp.data))
self.assertEqual(500, resp.status_code)
def test_raise_SecurityError_if_bs_not_config_for_xsuaa(self):
del os.environ[MLP_USE_XSUAA]
headers = {'Authorization': bs_token}
data = {
'training_name': 'train',
'bs_name': os.environ[MLP_MLSERVICE_NAME]
}
resp = self.app.get('/bs', headers=headers, data=data)
self.assertIn(
'Application is expected to configure for XSUAA but configured for CFUAA.',
b2s(resp.data))
self.assertEqual(500, resp.status_code)
def retrieve_token_str(self,
token_retrieval_cred,
*,
scopes=None,
use_cache=False):
if use_cache:
tkn_key = 'mlp::' + str(token_retrieval_cred)
if scopes:
tkn_key += TokenManager.get_scope_str(scopes)
try:
tkn = TokenCache().get_token(tkn_key)
except TokenError:
resp = self.retrieve(token_retrieval_cred, scopes=scopes)
ttl = max(1, json.loads(b2s(resp))['expires_in'] - 5)
tkn = JWTTokenManager.parse_retrieve_response(resp)
TokenCache().set_token(tkn_key, token=tkn, ttl=ttl)
else:
resp = self.retrieve(token_retrieval_cred, scopes=scopes)
tkn = JWTTokenManager.parse_retrieve_response(resp)
return '{} {}'.format(self.token_type, tkn)
def load_decoded_content_as_json(encoded_content):
return json.loads(b2s(TokenManager.b64decode(encoded_content)))
def parse_retrieve_response(retrieve_resp):
return json.loads(b2s(retrieve_resp))['access_token']
def get_public_key(self):
"""Retrieve public key from UAA base url."""
req = Request(urljoin(self.base_url, 'token_keys'))
with urlopen(req) as f:
return json.loads(b2s(f.read()))['keys'][0]['value']
def test_authorize_svc_no_tenant_name(self):
headers = {'Authorization': token_expired_in_2085}
resp = self.app.get('/svc', headers=headers)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('No tenantName header given', b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_authorize_svc_no_auth_header(self):
headers = {'tenantName': 'mlptestclient'}
resp = self.app.get('/svc', headers=headers)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('No auth header given', b2s(resp.data))
self.assertEqual(401, resp.status_code)
def test_b2s(self):
self.assertEqual(b2s('str'), 'str')
self.assertEqual(b2s(b'bytes'), 'bytes')
self.assertRaises(TypeError, b2s, [])
def test_authorize_no_auth_header(self):
resp = self.app.get('/authorize', data=self._valid_data)
self.assertIn('Unable to authorize the request', b2s(resp.data))
self.assertIn('No auth header given', b2s(resp.data))
self.assertEqual(401, resp.status_code)
