def as_extended_exception(): api_ex = ApiException( http_resp=ServerProxyHasServiceDisabledResponse()) api_ex.api_call = { 'method': 'PUT', 'resource_path': '/clients/{id}/register', 'path_params': 'GOV:9876:SUB1', 'query_params': '', 'header_params': '', 'controller_func': 'client.py#remote_register_client', 'module_func': 'clients_api.py#register_client' } return api_ex
def test_client_add_already_existing(self): class AlreadyExistingResponse: status = 409 data = '{"status":409,"error":{"code":"certificate_already_exists"}}' reason = None def getheaders(self): return None with XRDSSTTest() as app: with mock.patch('xrdsst.api.clients_api.ClientsApi.add_client', side_effect=ApiException( http_resp=AlreadyExistingResponse())): client_controller = ClientController() client_controller.app = app client_controller.load_config = (lambda: self.ss_config) client_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) client_controller.add() out, err = self.capsys.readouterr() assert out.count("already exists") > 0 with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err)
def test_service_description_add_client_not_found(self): class ClientNotFound: status = 404 data = '{"status":404,"error":{"code":"service_description_client_not_found"}}' reason = None def getheaders(self): return None with XRDSSTTest() as app: with mock.patch( 'xrdsst.api.clients_api.ClientsApi.find_clients', side_effect=ApiException(http_resp=ClientNotFound())): service_controller = ServiceController() service_controller.app = app service_controller.load_config = (lambda: self.ss_config) service_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) service_controller.add_description() out, err = self.capsys.readouterr() assert err.count("service_description_client_not_found") > 0 with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err)
def test_endpoint_add_access_already_added(self): class AlreadyEnabledResponse: status = 409 data = '{"status":409,"error":{"code":"service_endpoint_already_enabled"}}' reason = None def getheaders(self): return None with XRDSSTTest() as app: with mock.patch('xrdsst.api.clients_api.ClientsApi.find_clients', return_value=[ Client(id='DEV:GOV:9876:SUB1', instance_id='DEV', member_class='GOV', member_code='9876', subsystem_code='SUB1', connection_type=ConnectionType.HTTP, status=ClientStatus.REGISTERED, owner=True, has_valid_local_sign_cert=True) ]): with mock.patch( 'xrdsst.api.clients_api.ClientsApi.get_client_service_descriptions', return_value=[ EndpointTestData.add_description_response ]): with mock.patch( 'xrdsst.api.clients_api.ClientsApi.find_service_client_candidates', return_value=[ ServiceClient( id='DEV:security-server-owners', name='Security server owners', local_group_code=None, service_client_type=ServiceClientType. GLOBALGROUP, rights_given_at=datetime.now().isoformat()) ]): with mock.patch( 'xrdsst.api.endpoints_api.EndpointsApi.add_endpoint_service_clients', side_effect=ApiException( http_resp=AlreadyEnabledResponse())): endpoint_controller = EndpointController() endpoint_controller.app = app endpoint_controller.load_config = ( lambda: self.ss_config) endpoint_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) endpoint_controller.add_access() out, err = self.capsys.readouterr() assert out.count("already added") > 0 with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err)
def test_service_description_enable_already_enabled(self): class AlreadyEnabledResponse: status = 409 data = '{"status":409,"error":{"code":"service_description_already_enabled"}}' reason = None def getheaders(self): return None with XRDSSTTest() as app: with mock.patch('xrdsst.api.clients_api.ClientsApi.find_clients', return_value=[ Client(id='DEV:GOV:9876:SUB1', instance_id='DEV', member_class='GOV', member_code='9876', subsystem_code='SUB1', connection_type=ConnectionType.HTTP, status=ClientStatus.REGISTERED, owner=True, has_valid_local_sign_cert=True) ]): with mock.patch( 'xrdsst.api.clients_api.ClientsApi.get_client_service_descriptions', return_value=[ ServiceTestData.add_description_response ]): with mock.patch( 'xrdsst.api.service_descriptions_api.ServiceDescriptionsApi.enable_service_description', side_effect=ApiException( http_resp=AlreadyEnabledResponse())): service_controller = ServiceController() service_controller.app = app service_controller.load_config = ( lambda: self.ss_config) service_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) service_controller.enable_description() out, err = self.capsys.readouterr() assert out.count("already enabled") > 0 with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err)
def test_cert_import_permission_denied(self): class PermissionDeniedResponse: status = 403 data = '{"status":403,"error":{"code":"permission_denied"}}' reason = None def getheaders(self): return None with XRDSSTTest() as app: with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token', return_value=CertTestData.single_auth_key_with_cert_token_response): with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.import_certificate', side_effect=ApiException(http_resp=PermissionDeniedResponse())): cert_controller = CertController() cert_controller.app = app cert_controller.load_config = (lambda: self.ss_config_with_authcert()) cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete) cert_controller.import_() out, err = self.capsys.readouterr() assert err.count("permission") > 0 with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err)
class TestStatus(unittest.TestCase): authcert_existing = os.path.join(ROOT_DIR, "tests/resources/authcert.pem") ss_config = { 'admin_credentials': 'TOOLKIT_ADMIN_CREDENTIALS', 'logging': { 'file': '/tmp/xrdsst_test_token_log', 'level': 'INFO' }, 'ssh_access': { 'user': '******', 'private_key': 'TOOLKIT_SSH_PRIVATE_KEY' }, 'security_server': [{ 'name': 'longServerName', 'url': 'https://unrealz5BAlxpy9yo0XpplIQbPC.com:443', 'certificates': [ '/some/where/authcert', '/some/where/signcert', ], 'api_key': 'TOOLKIT_SS1_API_KEY', 'api_key_url': 'https://localhost:4000/api/v1/api-keys', 'owner_dn_country': 'FI', 'owner_dn_org': 'UNSERE', 'owner_member_class': 'VOG', 'owner_member_code': '4321', 'security_server_code': 'SS3', 'software_token_id': '0', 'software_token_pin': '1122' }, { 'name': 'longServerName2', 'url': 'https://unrealz5BAlxpy9yo0XpplIQbPC.com:443', 'certificates': [ '/some/where/authcert', '/some/where/signcert', ], 'api_key': 'TOOLKIT_SS2_API_KEY', 'api_key_url': 'https://localhost:4000/api/v1/api-keys', 'owner_dn_country': 'FI', 'owner_dn_org': 'UNSERE', 'owner_member_class': 'VOG', 'owner_member_code': '4321', 'security_server_code': 'SS3', 'software_token_id': '0', 'software_token_pin': '1122' }] } def serverless_config(self): config = copy.deepcopy(self.ss_config) config.pop('security_server') return config @pytest.fixture(autouse=True) def capsys(self, capsys): self.capsys = capsys def test_status_no_security_servers(self): with XRDSSTTest() as app: status_controller = StatusController() status_controller.app = app status_controller.load_config = (lambda: self.serverless_config()) status_controller._default() out, err = self.capsys.readouterr() assert out.count("No security servers defined") > 0 for header in [ 'GLOBAL', 'SERVER', 'ROLES', 'INIT', 'TSAS', 'TOKEN', 'KEYS', 'CSRS', 'CERTS' ]: assert header in status_controller.app._last_rendered[0][0] with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err) @mock.patch('xrdsst.core.api_util.is_ss_connectable', lambda x: (True, 'good connectivity (test injected)')) @mock.patch.object(UserApi, 'get_user', side_effect=ApiException( http_resp=ObjectStruct(status=401, reason=None, data='{"status":401}', getheaders=(lambda: None)))) def test_status_api_key_not_accepted(self, userapi_mock): with XRDSSTTest() as app: status_controller = StatusController() status_controller.app = app status_controller.load_config = (lambda: self.ss_config) status_controller._default() out, err = self.capsys.readouterr() assert status_controller.app._last_rendered[0][1].count( 'longServerName' ) == 1 # Still must report server name in config assert status_controller.app._last_rendered[0][1].count( 'NO ACCESS') > 0 # ... and inform of access error with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err) @mock.patch('xrdsst.core.api_util.is_ss_connectable', lambda x: (True, 'good connectivity (test injected)')) @mock.patch.object(UserApi, 'get_user', sysadm_secoff) @mock.patch.object(SystemApi, 'system_version', (lambda x: Version(info="6.25.0"))) @mock.patch.object( DiagnosticsApi, 'get_global_conf_diagnostics', (lambda x: GlobalConfDiagnostics(status_class="FAIL", status_code="INTERNAL", prev_update_at=datetime.now(), next_update_at=datetime.now() + timedelta(minutes=5)))) @mock.patch.object(InitializationApi, 'get_initialization_status', (lambda x: InitializationStatus( False, False, False, TokenStatus.NOT_INITIALIZED))) def test_status_uninitialized_server(self): with XRDSSTTest() as app: status_controller = StatusController() status_controller.app = app status_controller.load_config = (lambda: self.ss_config) status_controller._default() # Global status assert status_controller.app._last_rendered[0][1][0].count( 'FAIL') == 1 assert status_controller.app._last_rendered[0][1][0].count( 'INTERNAL') == 1 assert status_controller.app._last_rendered[0][1][0].count( 'LAST') == 1 assert status_controller.app._last_rendered[0][1][0].count( 'NEXT') == 1 # Security server and its version assert status_controller.app._last_rendered[0][1][1].count( 'longServerName') == 1 assert status_controller.app._last_rendered[0][1][1].count( '6.25.0') == 1 # Roles granted to API user assert status_controller.app._last_rendered[0][1][2].upper().count( 'ADMINISTRATOR') == 1 assert status_controller.app._last_rendered[0][1][2].upper().count( 'OFFICER') == 1 # Token status assert status_controller.app._last_rendered[0][1][3].upper().count( 'TOKEN NOT_INITIALIZED') == 1 # Other columns not available for col in range(4, 9): assert '' == status_controller.app._last_rendered[0][1][ col].strip() @mock.patch('xrdsst.core.api_util.is_ss_connectable', lambda x: (True, 'good connectivity (test injected)')) @mock.patch.object(UserApi, 'get_user', sysadm_secoff) @mock.patch.object(SystemApi, 'system_version', (lambda x: Version(info="6.25.0"))) @mock.patch.object(DiagnosticsApi, 'get_global_conf_diagnostics', (lambda x: DiagnosticsTestData.global_ok_success)) @mock.patch.object(InitializationApi, 'get_initialization_status', (lambda x: InitTestData.all_initialized)) @mock.patch.object(SecurityServersApi, 'get_security_servers', (lambda x, **kwargs: [ SecurityServer(id="TEST:GOV:8672:SSLONG", instance_id="TEST", member_class="GOV", server_address="4.2.2.1", server_code="SSLONG") ])) @mock.patch.object( SystemApi, 'get_configured_timestamping_services', (lambda x: [ TimestampingService(name="one tsa", url="https://one.tsa"), TimestampingService(name="two tsa", url="https://two.tsa"), ])) @mock.patch.object(TokensApi, 'get_token', (lambda x, y: Token( available=True, id="0", keys=[], logged_in=False, name="softToken-0", possible_actions= [PossibleAction.LOGIN, PossibleAction.EDIT_FRIENDLY_NAME], read_only=False, saved_to_configuration=True, status=TokenStatus.OK, type=TokenType.SOFTWARE))) def test_status_initialized_server(self): with XRDSSTTest() as app: status_controller = StatusController() status_controller.app = app status_controller.load_config = (lambda: self.ss_config) status_controller._default() out, err = self.capsys.readouterr() # Global status assert status_controller.app._last_rendered[0][1][0].count( 'OK') == 1 assert status_controller.app._last_rendered[0][1][0].count( 'SUCCESS') == 1 assert status_controller.app._last_rendered[0][1][0].count( 'LAST') == 1 assert status_controller.app._last_rendered[0][1][0].count( 'NEXT') == 1 # Security server and its version assert status_controller.app._last_rendered[0][1][1].count( 'longServerName') == 1 assert status_controller.app._last_rendered[0][1][1].count( '6.25.0') == 1 # Roles granted to API user assert status_controller.app._last_rendered[0][1][2].upper().count( 'ADMINISTRATOR') == 1 assert status_controller.app._last_rendered[0][1][2].upper().count( 'OFFICER') == 1 # Initialization statuses assert status_controller.app._last_rendered[0][1][3].count( 'ANCHOR INITIALIZED') == 1 assert status_controller.app._last_rendered[0][1][3].count( 'CODE INITIALIZED') == 1 assert status_controller.app._last_rendered[0][1][3].count( 'OWNER INITIALIZED') == 1 assert status_controller.app._last_rendered[0][1][3].count( 'TOKEN INITIALIZED') == 1 # TSA list assert status_controller.app._last_rendered[0][1][4].count( 'one tsa') == 1 assert status_controller.app._last_rendered[0][1][4].count( 'two tsa') == 1 # Token data assert status_controller.app._last_rendered[0][1][5].count( 'ID 0') == 1 assert status_controller.app._last_rendered[0][1][5].count( 'softToken-0') == 1 assert status_controller.app._last_rendered[0][1][5].count( 'STATUS OK') == 1 assert status_controller.app._last_rendered[0][1][5].count( 'LOGIN NO') == 1 # Other columns not filled with given data for col in range(6, 9): assert '' == status_controller.app._last_rendered[0][1][ col].strip() with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err)
class TestToken(unittest.TestCase): configuration_anchor = os.path.join( ROOT_DIR, "tests/resources/configuration-anchor.xml") ss_config = { 'admin_credentials': 'TOOLKIT_ADMIN_CREDENTIALS', 'logging': { 'file': '/tmp/xrdsst_test_token_log', 'level': 'INFO' }, 'ssh_access': { 'user': '******', 'private_key': 'TOOLKIT_SSH_PRIVATE_KEY' }, 'security_server': [{ 'name': 'ssX', 'url': 'https://non.existing.url.blah:8999/api/v1', 'fqdn': 'client_only', 'api_key': 'TOOLKIT_SS1_API_KEY', 'api_key_url': 'https://localhost:4000/api/v1/api-keys', 'configuration_anchor': configuration_anchor, 'owner_dn_country': 'FI', 'owner_dn_org': 'UNSERE', 'owner_member_class': 'VOG', 'owner_member_code': '4321', 'security_server_code': 'SS3', 'software_token_id': '0', 'software_token_pin': '1122' }, { 'name': 'ssY', 'url': 'https://non.existing.url.blah:8999/api/v1', 'fqdn': 'client_only', 'api_key': 'TOOLKIT_SS2_API_KEY', 'api_key_url': 'https://localhost:4000/api/v1/api-keys', 'configuration_anchor': configuration_anchor, 'owner_dn_country': 'FI', 'owner_dn_org': 'UNSERE', 'owner_member_class': 'VOG', 'owner_member_code': '4321', 'security_server_code': 'SS4', 'software_token_id': '0', 'software_token_pin': '1122' }] } @pytest.fixture(autouse=True) def capsys(self, capsys): self.capsys = capsys def test_token_list(self): with XRDSSTTest() as app: with mock.patch('xrdsst.api.tokens_api.TokensApi.get_tokens', return_value=TokenTestData.token_list_response): token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) token_controller.list() def test_get_tokens(self): with XRDSSTTest() as app: with mock.patch('xrdsst.api.tokens_api.TokensApi.get_tokens', return_value=TokenTestData.token_list_response): token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) for security_server in self.ss_config["security_server"]: configuration = token_controller.create_api_config( security_server, self.ss_config) response = token_controller.remote_get_tokens( configuration) assert response == TokenTestData.token_list_response def test_get_tokens_exception(self): with XRDSSTTest() as app: with mock.patch('xrdsst.api.tokens_api.TokensApi.get_tokens', side_effect=ApiException): token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) for security_server in self.ss_config["security_server"]: configuration = token_controller.create_api_config( security_server, self.ss_config) token_controller.remote_get_tokens(configuration) self.assertRaises(ApiException) def test_token_login(self): with XRDSSTTest() as app: with mock.patch('xrdsst.api.tokens_api.TokensApi.login_token', return_value=TokenTestData.token_login_response): token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) token_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) token_controller.login() out, err = self.capsys.readouterr() assert 1 == out.count( "Security server 'ssX' token 0 logged in.") with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err) @mock.patch.object( TokensApi, 'login_token', side_effect=ApiException(http_resp=ObjectStruct( status=409, reason=None, data='{"status":409,"error":{"code":"action_not_possible"}}', getheaders=(lambda: None)))) def test_token_login_already_logged_in(self, tokens_api_mock): with XRDSSTTest() as app: token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) token_controller.get_server_status = ( lambda x, y: StatusTestData.server_status_essentials_complete) token_controller.login() out, err = self.capsys.readouterr() assert 1 == out.count("Token 0 already logged in for 'ssX'") with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err) @staticmethod def mock_add_key_and_csr_test_token_init_keys(id_, **kwargs): if kwargs[ 'body'].csr_generate_request.key_usage_type == KeyUsageType.AUTHENTICATION: return TokenTestData.add_auth_key_with_csr_response return TokenTestData.add_sign_key_with_csr_response @mock.patch.object(TokensApi, 'get_token', (lambda x, y: TokenTestData.token_login_response)) @mock.patch.object(TokensApi, 'add_key_and_csr', mock_add_key_and_csr_test_token_init_keys) def test_token_init_keys(self): with XRDSSTTest() as app: with mock.patch( 'xrdsst.api.certificate_authorities_api.CertificateAuthoritiesApi.get_approved_certificate_authorities' ) as mock_get_cas: mock_get_cas.return_value.__enter__.return_value = TokenTestData.ca_list_response with mock.patch( 'xrdsst.api.security_servers_api.SecurityServersApi.get_security_servers', return_value=TokenTestData. security_servers_current_server_response): token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) token_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) token_controller.init_keys() out, err = self.capsys.readouterr() assert 2 == out.count("Created AUTHENTICATION CSR") assert 2 == out.count("Created SIGNING CSR") with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err) def test_token_init_keys_without_token_logged_in(self): with XRDSSTTest() as app: with mock.patch( 'xrdsst.api.certificate_authorities_api.CertificateAuthoritiesApi.get_approved_certificate_authorities' ) as mock_get_cas: mock_get_cas.return_value.__enter__.return_value = TokenTestData.ca_list_response with mock.patch( 'xrdsst.api.security_servers_api.SecurityServersApi.get_security_servers', return_value=TokenTestData. security_servers_current_server_response): with mock.patch( 'xrdsst.api.tokens_api.TokensApi.get_token', return_value=TokenTestData.token_login_response): with mock.patch( 'xrdsst.api.tokens_api.TokensApi.add_key_and_csr', return_value=TokenTestData. add_auth_key_with_csr_response): token_controller = TokenController() token_controller.app = app token_controller.load_config = ( lambda: self.ss_config) token_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete_token_logged_out( )) token_controller.init_keys() out, err = self.capsys.readouterr() assert 1 == out.count( "SKIPPED 'ssX': has ['init', 'client add'] performed but also needs ['token login'] completion before continuing with requested ['token init-keys']" ) with self.capsys.disabled(): sys.stdout.write(out) sys.stderr.write(err) def test_token_init_keys_without_cas_available(self): with XRDSSTTest() as app: with mock.patch( 'xrdsst.api.certificate_authorities_api.CertificateAuthoritiesApi.get_approved_certificate_authorities' ) as mock_get_cas: mock_get_cas.return_value.__enter__.return_value = [] with mock.patch( 'xrdsst.api.security_servers_api.SecurityServersApi.get_security_servers', return_value=TokenTestData. security_servers_current_server_response): token_controller = TokenController() token_controller.app = app token_controller.load_config = (lambda: self.ss_config) token_controller.get_server_status = ( lambda x, y: StatusTestData. server_status_essentials_complete) self.assertRaises(IndexError, lambda: token_controller.init_keys()) def test_token_list_nonresolving_url(self): urllib3.util.retry.Retry.DEFAULT = urllib3.util.retry.Retry(0) token_controller = TokenController() token_controller.load_config = (lambda: self.ss_config) self.assertRaises(urllib3.exceptions.MaxRetryError, lambda: token_controller.list())