def test_team_syncing(client):
with mock_ldap() as ldap:
with patch("endpoints.api.team.authentication", ldap):
with client_with_identity("devtable", client) as cl:
config = {
"group_dn": "cn=AwesomeFolk",
}
conduct_api_call(cl, OrganizationTeamSyncing, "POST",
UNSYNCED_TEAM_PARAMS, config)
# Ensure the team is now synced.
sync_info = model.team.get_team_sync_information(
UNSYNCED_TEAM_PARAMS["orgname"],
UNSYNCED_TEAM_PARAMS["teamname"])
assert sync_info is not None
assert json.loads(sync_info.config) == config
# Remove the syncing.
conduct_api_call(cl, OrganizationTeamSyncing, "DELETE",
UNSYNCED_TEAM_PARAMS, None)
# Ensure the team is no longer synced.
sync_info = model.team.get_team_sync_information(
UNSYNCED_TEAM_PARAMS["orgname"],
UNSYNCED_TEAM_PARAMS["teamname"])
assert sync_info is None
def test_change_tag_expiration(expiration, expected_code, client):
with client_with_identity('devtable', client) as cl:
conduct_api_call(cl,
Organization,
'PUT', {'orgname': 'buynlarge'},
body={'tag_expiration_s': expiration},
expected_code=expected_code)
def test_get_security_info_with_pull_secret(endpoint, anonymous_allowed,
auth_headers, expected_code,
client):
with patch("features.ANONYMOUS_ACCESS", anonymous_allowed):
repository_ref = registry_model.lookup_repository("devtable", "simple")
tag = registry_model.get_repo_tag(repository_ref, "latest")
manifest = registry_model.get_manifest_for_tag(tag)
params = {
"repository": "devtable/simple",
"imageid": tag.manifest.legacy_image_root_id,
"manifestref": manifest.digest,
}
headers = {}
if auth_headers is not None:
headers["Authorization"] = auth_headers
conduct_api_call(client,
endpoint,
"GET",
params,
None,
headers=headers,
expected_code=expected_code)
def test_enabled_disabled_trigger(app, client):
trigger = model.build.list_build_triggers("devtable", "building")[0]
trigger.config = json.dumps({"hook_id": "someid"})
trigger.save()
params = {
"repository": "devtable/building",
"trigger_uuid": trigger.uuid,
}
body = {
"enabled": False,
}
with client_with_identity("devtable", client) as cl:
result = conduct_api_call(cl, BuildTrigger, "PUT", params, body,
200).json
assert not result["enabled"]
body = {
"enabled": True,
}
with client_with_identity("devtable", client) as cl:
result = conduct_api_call(cl, BuildTrigger, "PUT", params, body,
200).json
assert result["enabled"]
def test_list_starred_repos(client):
with client_with_identity("devtable", client) as cl:
params = {
"starred": "true",
}
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]}
assert "devtable/simple" in repos
assert "public/publicrepo" not in repos
# Add a star on publicrepo.
publicrepo = model.repository.get_repository("public", "publicrepo")
model.repository.star_repository(model.user.get_user("devtable"), publicrepo)
# Ensure publicrepo shows up.
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]}
assert "devtable/simple" in repos
assert "public/publicrepo" in repos
# Make publicrepo private and ensure it disappears.
model.repository.set_repository_visibility(publicrepo, "private")
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]}
assert "devtable/simple" in repos
assert "public/publicrepo" not in repos
def test_create_mirror_sets_permissions(existing_robot_permission,
expected_permission, client):
mirror_bot, _ = model.user.create_robot(
'newmirrorbot', model.user.get_namespace_user('devtable'))
if existing_robot_permission:
model.permission.set_user_repo_permission(mirror_bot.username,
'devtable', 'simple',
existing_robot_permission)
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/simple'}
request_body = {
'external_reference': 'quay.io/foobar/barbaz',
'sync_interval': 100,
'sync_start_date': '2019-08-20T17:51:00Z',
'root_rule': {
'rule_type': 'TAG_GLOB_CSV',
'rule_value': ['latest', 'foo', 'bar']
},
'robot_username': '******',
}
conduct_api_call(cl, RepoMirrorResource, 'POST', params, request_body,
201)
# Check the status of the robot.
permissions = model.permission.get_user_repository_permissions(
mirror_bot, 'devtable', 'simple')
assert permissions[0].role.name == expected_permission
config = model.repo_mirror.get_mirror(
model.repository.get_repository('devtable', 'simple'))
assert config.root_rule.rule_value == ['latest', 'foo', 'bar']
def test_create_mirror_sets_permissions(existing_robot_permission, expected_permission, client):
mirror_bot, _ = model.user.create_robot(
"newmirrorbot", model.user.get_namespace_user("devtable")
)
if existing_robot_permission:
model.permission.set_user_repo_permission(
mirror_bot.username, "devtable", "simple", existing_robot_permission
)
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
request_body = {
"external_reference": "quay.io/foobar/barbaz",
"sync_interval": 100,
"sync_start_date": "2019-08-20T17:51:00Z",
"root_rule": {"rule_kind": "tag_glob_csv", "rule_value": ["latest", "foo", "bar"]},
"robot_username": "******",
}
conduct_api_call(cl, RepoMirrorResource, "POST", params, request_body, 201)
# Check the status of the robot.
permissions = model.permission.get_user_repository_permissions(mirror_bot, "devtable", "simple")
assert permissions[0].role.name == expected_permission
config = model.repo_mirror.get_mirror(model.repository.get_repository("devtable", "simple"))
assert config.root_rule.rule_value == ["latest", "foo", "bar"]
def test_create_robot_with_metadata(endpoint, body, client):
with client_with_identity("devtable", client) as cl:
# Create the robot with the specified body.
conduct_api_call(
cl,
endpoint,
"PUT",
{
"orgname": "buynlarge",
"robot_shortname": "somebot"
},
body,
expected_code=201,
)
# Ensure the create succeeded.
resp = conduct_api_call(
cl,
endpoint,
"GET",
{
"orgname": "buynlarge",
"robot_shortname": "somebot",
},
)
body = body or {}
assert resp.json["description"] == (body.get("description") or "")
assert resp.json["unstructured_metadata"] == (
body.get("unstructured_metadata") or {})
def test_get_security_info_with_pull_secret(endpoint, client):
repository_ref = registry_model.lookup_repository("devtable", "simple")
tag = registry_model.get_repo_tag(repository_ref,
"latest",
include_legacy_image=True)
manifest = registry_model.get_manifest_for_tag(tag,
backfill_if_necessary=True)
params = {
"repository": "devtable/simple",
"imageid": tag.legacy_image.docker_image_id,
"manifestref": manifest.digest,
}
headers = {
"Authorization": "Basic %s" % base64.b64encode("devtable:password"),
}
conduct_api_call(client,
endpoint,
"GET",
params,
None,
headers=headers,
expected_code=200)
def test_get_security_info_with_pull_secret(endpoint, client):
repository_ref = registry_model.lookup_repository('devtable', 'simple')
tag = registry_model.get_repo_tag(repository_ref,
'latest',
include_legacy_image=True)
manifest = registry_model.get_manifest_for_tag(tag,
backfill_if_necessary=True)
params = {
'repository': 'devtable/simple',
'imageid': tag.legacy_image.docker_image_id,
'manifestref': manifest.digest,
}
headers = {
'Authorization': 'Basic %s' % base64.b64encode('devtable:password'),
}
conduct_api_call(client,
endpoint,
'GET',
params,
None,
headers=headers,
expected_code=200)
def test_enabled_disabled_trigger(app, client):
trigger = model.build.list_build_triggers('devtable', 'building')[0]
trigger.config = json.dumps({'hook_id': 'someid'})
trigger.save()
params = {
'repository': 'devtable/building',
'trigger_uuid': trigger.uuid,
}
body = {
'enabled': False,
}
with client_with_identity('devtable', client) as cl:
result = conduct_api_call(cl, BuildTrigger, 'PUT', params, body,
200).json
assert not result['enabled']
body = {
'enabled': True,
}
with client_with_identity('devtable', client) as cl:
result = conduct_api_call(cl, BuildTrigger, 'PUT', params, body,
200).json
assert result['enabled']
def test_change_credentials(request_body, expected_status, client):
""" Verify credentials can only be modified as a pair. """
mirror = _setup_mirror()
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
conduct_api_call(cl, RepoMirrorResource, "PUT", params, request_body,
expected_status)
def test_create_repo_notification(namespace, repository, body, expected_code,
authd_client):
params = {'repository': namespace + '/' + repository}
conduct_api_call(authd_client,
RepositoryNotificationList,
'POST',
params,
body,
expected_code=expected_code)
def test_delete_expired_app_token(app, client):
user = model.user.get_user("devtable")
expiration = datetime.now() - timedelta(seconds=10)
token = model.appspecifictoken.create_token(user, "some token", expiration)
with client_with_identity("devtable", client) as cl:
# Delete the token.
conduct_api_call(cl, AppToken, "DELETE", {"token_uuid": token.uuid},
None, 204)
def test_create_repo_notification(namespace, repository, body, expected_code,
authd_client):
params = {"repository": namespace + "/" + repository}
conduct_api_call(authd_client,
RepositoryNotificationList,
"POST",
params,
body,
expected_code=expected_code)
def test_change_tag_expiration(expiration, expected_code, client):
with client_with_identity("devtable", client) as cl:
conduct_api_call(
cl,
Organization,
"PUT",
{"orgname": "buynlarge"},
body={"tag_expiration_s": expiration},
expected_code=expected_code,
)
def test_post_changetrust(trust_enabled, repo_found, expected_status, client):
with patch("endpoints.api.repository.tuf_metadata_api") as mock_tuf:
with patch(
"endpoints.api.repository_models_pre_oci.model.repository.get_repository"
) as mock_model:
mock_model.return_value = MagicMock() if repo_found else None
mock_tuf.get_default_tags_with_expiration.return_value = ["tags", "expiration"]
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/repo"}
request_body = {"trust_enabled": trust_enabled}
conduct_api_call(cl, RepositoryTrust, "POST", params, request_body, expected_status)
def test_get_repo_notification(namespace, repository, uuid, expected_code,
authd_client, monkeypatch):
monkeypatch.setattr(
'endpoints.api.repositorynotification.model.get_repo_notification',
mock_get_notification(uuid))
params = {'repository': namespace + '/' + repository, 'uuid': uuid}
conduct_api_call(authd_client,
RepositoryNotification,
'GET',
params,
expected_code=expected_code)
def test_disallowed_for_apps(resource, method, params, client):
namespace = 'devtable'
repository = 'someapprepo'
devtable = model.user.get_user('devtable')
model.repository.create_repository(namespace, repository, devtable, repo_kind='application')
params = params or {}
params['repository'] = '%s/%s' % (namespace, repository)
with client_with_identity('devtable', client) as cl:
conduct_api_call(cl, resource, method, params, None, 501)
def test_robot_permission(repository, username, expected_code, client):
with client_with_identity('devtable', client) as cl:
conduct_api_call(cl,
RepositoryUserPermission,
'PUT', {
'repository': repository,
'username': username
},
body={
'role': 'read',
},
expected_code=expected_code)
def test_test_repo_notification(namespace, repository, uuid, expected_code,
authd_client, monkeypatch):
monkeypatch.setattr(
"endpoints.api.repositorynotification.model.queue_test_notification",
mock_get_notification(uuid),
)
params = {"repository": namespace + "/" + repository, "uuid": uuid}
conduct_api_call(authd_client,
TestRepositoryNotification,
"POST",
params,
expected_code=expected_code)
def test_post_changetrust(trust_enabled, repo_found, expected_status, client):
with patch('endpoints.api.repository.tuf_metadata_api') as mock_tuf:
with patch(
'endpoints.api.repository_models_pre_oci.model.repository.get_repository'
) as mock_model:
mock_model.return_value = MagicMock() if repo_found else None
mock_tuf.get_default_tags_with_expiration.return_value = [
'tags', 'expiration'
]
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/repo'}
request_body = {'trust_enabled': trust_enabled}
conduct_api_call(cl, RepositoryTrust, 'POST', params,
request_body, expected_status)
def test_disallowed_for_nonnormal(state, resource, method, params, client):
namespace = 'devtable'
repository = 'somenewstaterepo'
devtable = model.user.get_user('devtable')
repo = model.repository.create_repository(namespace, repository, devtable)
repo.state = state
repo.save()
params = params or {}
params['repository'] = '%s/%s' % (namespace, repository)
with client_with_identity('devtable', client) as cl:
conduct_api_call(cl, resource, method, params, None, 503)
def test_get_repo_state_can_write(state, can_write, client, initialized_db):
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/simple'}
response = conduct_api_call(cl, Repository, 'GET', params).json
assert response['can_write']
repo = model.repository.get_repository('devtable', 'simple')
repo.state = state
repo.save()
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/simple'}
response = conduct_api_call(cl, Repository, 'GET', params).json
assert response['can_write'] == can_write
def test_get_repo_state_can_write(state, can_write, client, initialized_db):
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
response = conduct_api_call(cl, Repository, "GET", params).json
assert response["can_write"]
repo = model.repository.get_repository("devtable", "simple")
repo.state = state
repo.save()
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
response = conduct_api_call(cl, Repository, "GET", params).json
assert response["can_write"] == can_write
def test_change_tag_expiration_default(expiration_time, expected_status,
client, app):
with client_with_identity("devtable", client) as cl:
params = {
"repository": "devtable/simple",
"tag": "latest",
}
request_body = {
"expiration": expiration_time,
}
conduct_api_call(cl, RepositoryTag, "put", params, request_body,
expected_status)
def test_change_tag_expiration_default(expiration_time, expected_status,
client, app):
with client_with_identity('devtable', client) as cl:
params = {
'repository': 'devtable/simple',
'tag': 'latest',
}
request_body = {
'expiration': expiration_time,
}
conduct_api_call(cl, RepositoryTag, 'put', params, request_body,
expected_status)
def test_disallowed_for_nonnormal(state, resource, method, params, client):
namespace = "devtable"
repository = "somenewstaterepo"
devtable = model.user.get_user("devtable")
repo = model.repository.create_repository(namespace, repository, devtable)
repo.state = state
repo.save()
params = params or {}
params["repository"] = "%s/%s" % (namespace, repository)
with client_with_identity("devtable", client) as cl:
conduct_api_call(cl, resource, method, params, {}, 503)
def test_robot_permission(repository, username, expected_code, client):
with client_with_identity("devtable", client) as cl:
conduct_api_call(
cl,
RepositoryUserPermission,
"PUT",
{
"repository": repository,
"username": username
},
body={
"role": "read",
},
expected_code=expected_code,
)
def test_disallowed_for_apps(resource, method, params, client):
namespace = "devtable"
repository = "someapprepo"
devtable = model.user.get_user("devtable")
model.repository.create_repository(namespace,
repository,
devtable,
repo_kind="application")
params = params or {}
params["repository"] = "%s/%s" % (namespace, repository)
with client_with_identity("devtable", client) as cl:
conduct_api_call(cl, resource, method, params, None, 501)
