def test_cli_simple_login_logout_flow_netrc(self, keystore_disable_mock): utils.setup_cli(self) assert os.path.isfile(DEFAULT_NETRC_FILE) self.invoke_cli(self.cli_auth_params, ['logout']) with open(DEFAULT_NETRC_FILE) as netrc_file: assert netrc_file.read().strip() == "", 'netrc file is not empty!' self.invoke_cli(self.cli_auth_params, ['list'], exit_code=1)
def test_https_netrc_is_created_with_host_netrc(self, keystore_disable_mock): utils.setup_cli(self) # Setup for fetching the API key of a host. To fetch we need to login credentials = CredentialsData(self.client_params.hostname, "admin", self.client_params.env_api_key) utils.save_credentials(credentials) self.invoke_cli(self.cli_auth_params, [ 'policy', 'replace', '-b', 'root', '-f', self.environment.path_provider.get_policy_path('conjur') ]) host_api_key = self.invoke_cli( self.cli_auth_params, ['host', 'rotate-api-key', '-i', 'somehost']) extract_api_key_from_message = host_api_key.split(":")[1].strip() self.invoke_cli(self.cli_auth_params, ['logout']) output = self.invoke_cli(self.cli_auth_params, [ 'login', '-i', 'host/somehost', '-p', f'{extract_api_key_from_message}' ]) self.validate_netrc(f"{self.client_params.hostname}", "host/somehost", extract_api_key_from_message) self.assertIn("Successfully logged in to Conjur", output.strip())
def setUp(self): self.setup_cli_params({}) utils.setup_cli(self) return self.invoke_cli(self.cli_auth_params, [ 'policy', 'replace', '-b', 'root', '-f', self.environment.path_provider.get_policy_path("initial") ])
def test_cli_simple_login_logout_flow_keyring(self): utils.setup_cli(self) creds = utils.get_credentials() assert creds.machine == self.client_params.hostname self.invoke_cli(self.cli_auth_params, ['logout']) assert not utils.is_credentials_exist(creds.machine) self.invoke_cli(self.cli_auth_params, ['list'], exit_code=1)
def test_https_can_load_policy_keyring(self): self.setup_cli_params({}) utils.setup_cli(self) policy, variables = utils.generate_policy_string() utils.load_policy_from_string(self, policy) for variable in variables: utils.assert_set_and_get(self, variable)
def setUp(self): self.setup_cli_params({}) # Used to configure the CLI and login to run tests utils.setup_cli(self) return self.invoke_cli(self.cli_auth_params, [ 'policy', 'replace', '-b', 'root', '-f', self.environment.path_provider.get_policy_path("initial") ])
def test_https_can_load_policy_netrc(self, keystore_disable_mock): utils.setup_cli(self) self.setup_cli_params({}) policy, variables = utils.generate_policy_string() utils.load_policy_from_string(self, policy) for variable in variables: utils.assert_set_and_get(self, variable)
def setUp(self): self.setup_cli_params({}) utils.delete_credentials() # Need to configure the CLI and login to perform further commands utils.setup_cli(self) self.invoke_cli(self.cli_auth_params, [ 'policy', 'replace', '-b', 'root', '-f', self.environment.path_provider.get_policy_path("resource") ])
def test_https_logout_successful_keyring(self): utils.setup_cli(self) self.invoke_cli(self.cli_auth_params, ['login', '-i', 'admin', '-p', self.client_params.env_api_key]) output = self.invoke_cli(self.cli_auth_params, ['logout']) self.assertIn('Successfully logged out from Conjur', output.strip())
def test_https_netrc_raises_error_with_wrong_user_netrc( self, mock_pass, keystore_disable_mock): utils.setup_cli(self) with patch('getpass.getpass', return_value=self.client_params.env_api_key): output = self.invoke_cli(self.cli_auth_params, ['login'], exit_code=1) self.assertRegex(output, "Reason: 401")
def test_https_credentials_created_with_all_parameters_given_netrc( self, keystore_disable_mock): utils.setup_cli(self) self.invoke_cli( self.cli_auth_params, ['login', '-i', 'admin', '-p', self.client_params.env_api_key]) utils.get_credentials() self.validate_netrc(f"{self.client_params.hostname}", "admin", self.client_params.env_api_key)
def test_no_netrc_and_logout_returns_successful_logout_message_netrc( self, keystore_disable_mock): utils.setup_cli(self) try: os.remove(DEFAULT_NETRC_FILE) except OSError: pass logout = self.invoke_cli(self.cli_auth_params, ['logout'], exit_code=1) self.assertIn("You are already logged out", logout.strip())
def test_https_netrc_is_created_with_all_parameters_given_interactively_netrc( self, mock_pass, keystore_disable_mock): utils.setup_cli(self) with patch('getpass.getpass', return_value=self.client_params.env_api_key): output = self.invoke_cli(self.cli_auth_params, ['login']) assert utils.get_credentials() is not None self.assertIn("Successfully logged in to Conjur", output.strip()) self.validate_netrc(f"{self.client_params.hostname}", "admin", self.client_params.env_api_key)
def test_cli_configured_in_insecure_mode_and_run_in_insecure_mode_passes_netrc( self, mock_input, keystore_disable_mock): utils.setup_cli(self) self.invoke_cli(self.cli_auth_params, [ '--insecure', 'init', '--url', self.client_params.hostname, '--account', self.client_params.account ]) output = self.invoke_cli(self.cli_auth_params, [ '--insecure', 'login', '-i', 'admin', '-p', self.client_params.env_api_key ]) self.assertIn('Successfully logged in to Conjur', output)
def test_https_logout_successful_netrc(self, keystore_disable_mock): utils.setup_cli(self) self.invoke_cli( self.cli_auth_params, ['login', '-i', 'admin', '-p', self.client_params.env_api_key]) assert os.path.exists( DEFAULT_NETRC_FILE) and os.path.getsize(DEFAULT_NETRC_FILE) != 0 output = self.invoke_cli(self.cli_auth_params, ['logout']) self.assertIn('Successfully logged out from Conjur', output.strip()) with open(DEFAULT_NETRC_FILE) as netrc_file: assert netrc_file.read().strip() == "", 'netrc file is not empty!'
def test_https_netrc_does_not_remove_irrelevant_entry_netrc( self, keystore_disable_mock): utils.setup_cli(self) creds = CredentialsData(self.client_params.hostname, "admin", self.client_params.env_api_key) utils.save_credentials(creds) creds = CredentialsData("somemachine", "somelogin", "somepass") utils.save_credentials(creds) self.invoke_cli(self.cli_auth_params, ['logout']) cred_store = utils.create_cred_store() assert cred_store.is_exists("somemachine") assert not cred_store.is_exists(self.client_params.hostname)
def test_https_logout_twice_returns_could_not_logout_message_netrc( self, keystore_disable_mock): utils.setup_cli(self) self.invoke_cli( self.cli_auth_params, ['login', '-i', 'admin', '-p', self.client_params.env_api_key]) self.invoke_cli(self.cli_auth_params, ['logout']) unsuccessful_logout = self.invoke_cli(self.cli_auth_params, ['logout'], exit_code=1) self.assertIn("Failed to log out. You are already logged out", unsuccessful_logout.strip()) with open(DEFAULT_NETRC_FILE) as netrc_file: assert netrc_file.read().strip() == "", 'netrc file is not empty!'
def test_https_netrc_was_not_overwritten_when_login_failed_but_already_logged_in( self, keystore_disable_mock): utils.setup_cli(self) successful_run = self.invoke_cli( self.cli_auth_params, ['login', '-i', 'admin', '-p', self.client_params.env_api_key]) self.assertIn("Successfully logged in to Conjur", successful_run.strip()) unsuccessful_run = self.invoke_cli( self.cli_auth_params, ['login', '-i', 'someinvaliduser', '-p', 'somewrongpassword'], exit_code=1) self.assertIn("Reason: 401 (Unauthorized) for url:", unsuccessful_run) self.validate_netrc(f"{self.client_params.hostname}", "admin", self.client_params.env_api_key)
def test_basic_secret_retrieval_with_keyring(self): """ Note about version tests, the Conjur server only keeps a certain number of versions. With each run of the integration tests, version tests are resetting variable values making, after a certain number of runs, version=1 not valid and fail Therefore, the variable name needs to be a random string so that the version will still be accessible """ utils.setup_cli(self) variable_name = "someversionedvar" + uuid.uuid4().hex policy = f"- !variable {variable_name}" utils.load_policy_from_string(self, policy) expected_value = "anothersecret" utils.set_variable(self, variable_name, expected_value) output = self.invoke_cli(self.cli_auth_params, ['variable', 'get', '-i', variable_name, '--version', '1']) self.assertIn(expected_value, output.strip())
def test_https_credentials_user_can_login_successfully_when_another_user_is_already_logged_in( self, mock_input, keystore_disable_mock): utils.setup_cli(self) self.invoke_cli( self.cli_auth_params, ['login', '-i', 'admin', '-p', self.client_params.env_api_key]) # Load in new user self.invoke_cli(self.cli_auth_params, [ 'policy', 'replace', '-b', 'root', '-f', self.environment.path_provider.get_policy_path('conjur') ]) # Rotate the new user's API key user_api_key = self.invoke_cli( self.cli_auth_params, ['user', 'rotate-api-key', '-i', 'someuser']) extract_api_key_from_message = user_api_key.split(":")[1].strip() # Login to change personal password self.invoke_cli( self.cli_auth_params, ['login', '-i', 'someuser', '-p', extract_api_key_from_message]) # Creates a password that meets Conjur password complexity standards password = string.hexdigits + "$!@" self.invoke_cli(self.cli_auth_params, ['user', 'change-password', '-p', password]) self.invoke_cli(self.cli_auth_params, ['logout']) # Attempt to login with newly created password output = self.invoke_cli(self.cli_auth_params, ['login', '-i', 'someuser', '-p', password]) self.assertIn("Successfully logged in to Conjur", output.strip()) utils.get_credentials() self.validate_netrc(f"{self.client_params.hostname}", "someuser", extract_api_key_from_message)
def test_keyring_locked_after_login_will_raise_error_keyring(self): utils.setup_cli(self) with patch('conjur.wrapper.keystore_wrapper.KeystoreWrapper.is_keyring_accessible', return_value=False): self.invoke_cli(self.cli_auth_params, ['list'], exit_code=1)
def test_https_netrc_with_wrong_password_netrc(self, mock_pass, mock_input, keystore_disable_mock): utils.setup_cli(self) output = self.invoke_cli(self.cli_auth_params, ['login'], exit_code=1) self.assertRegex(output, "Reason: 401")
def test_https_can_get_whoami_insecure(self): utils.setup_cli(self) output = self.invoke_cli(self.cli_auth_params, ['whoami']) response = json.loads(output) self.assertIn(f'{self.client_params.account}', response.get('account')) self.assertIn('admin', response.get('username'))
def test_provider_can_return_file_provider_netrc(self, keystore_disable_mock): utils.setup_cli(self) cred_store = utils.create_cred_store() self.assertEquals(type(cred_store), type(FileCredentialsProvider()))