def test_get_repo_state_can_write(state, can_write, client, initialized_db):
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
response = conduct_api_call(cl, Repository, "GET", params).json
assert response["can_write"]
repo = model.repository.get_repository("devtable", "simple")
repo.state = state
repo.save()
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
response = conduct_api_call(cl, Repository, "GET", params).json
assert response["can_write"] == can_write
def test_get_mirror(client):
"""
Verify that performing a `GET` request returns expected and accurate data.
"""
mirror = _setup_mirror()
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
resp = conduct_api_call(cl, RepoMirrorResource, "GET", params, None,
200).json
assert resp["is_enabled"] == True
assert resp["external_reference"] == "quay.io/redhat/quay"
assert resp["sync_interval"] == 5000
assert resp["sync_start_date"] == "2020-01-02T06:30:00Z"
assert resp["external_registry_username"] == "fakeUsername"
assert "external_registry_password" not in resp
assert "external_registry_config" in resp
assert resp["external_registry_config"]["verify_tls"] == True
assert "proxy" in resp["external_registry_config"]
assert resp["external_registry_config"]["proxy"][
"http_proxy"] == "http://insecure.proxy.corp"
assert resp["external_registry_config"]["proxy"][
"https_proxy"] == "https://secure.proxy.corp"
assert resp["external_registry_config"]["proxy"][
"no_proxy"] == "mylocalhost"
def test_team_syncing(client):
with mock_ldap() as ldap:
with patch("endpoints.api.team.authentication", ldap):
with client_with_identity("devtable", client) as cl:
config = {
"group_dn": "cn=AwesomeFolk",
}
conduct_api_call(cl, OrganizationTeamSyncing, "POST",
UNSYNCED_TEAM_PARAMS, config)
# Ensure the team is now synced.
sync_info = model.team.get_team_sync_information(
UNSYNCED_TEAM_PARAMS["orgname"],
UNSYNCED_TEAM_PARAMS["teamname"])
assert sync_info is not None
assert json.loads(sync_info.config) == config
# Remove the syncing.
conduct_api_call(cl, OrganizationTeamSyncing, "DELETE",
UNSYNCED_TEAM_PARAMS, None)
# Ensure the team is no longer synced.
sync_info = model.team.get_team_sync_information(
UNSYNCED_TEAM_PARAMS["orgname"],
UNSYNCED_TEAM_PARAMS["teamname"])
assert sync_info is None
def test_user_metadata_update(client):
with patch("features.USER_METADATA",
FeatureNameValue("USER_METADATA", True)):
with client_with_identity("devtable", client) as cl:
metadata = {
"given_name": "Quay",
"family_name": "User",
"location": "NYC",
"company": "Red Hat",
}
# Update all user metadata fields.
conduct_api_call(cl, User, "PUT", None, body=metadata)
# Test that they were successfully updated.
user = conduct_api_call(cl, User, "GET", None).json
for field in metadata:
assert user.get(field) == metadata.get(field)
# Now nullify one of the fields, and remove another.
metadata["company"] = None
location = metadata.pop("location")
conduct_api_call(cl, User, "PUT", None, body=metadata)
user = conduct_api_call(cl, User, "GET", None).json
for field in metadata:
assert user.get(field) == metadata.get(field)
# The location field should be unchanged.
assert user.get("location") == location
def test_change_tag_expiration(expiration, expected_code, client):
with client_with_identity('devtable', client) as cl:
conduct_api_call(cl,
Organization,
'PUT', {'orgname': 'buynlarge'},
body={'tag_expiration_s': expiration},
expected_code=expected_code)
def test_search_query_count(query, client):
with client_with_identity("devtable", client) as cl:
params = {"query": query}
with assert_query_count(10):
result = conduct_api_call(cl, ConductSearch, "GET", params, None,
200).json
assert len(result["results"])
def test_create_mirror_sets_permissions(existing_robot_permission,
expected_permission, client):
mirror_bot, _ = model.user.create_robot(
'newmirrorbot', model.user.get_namespace_user('devtable'))
if existing_robot_permission:
model.permission.set_user_repo_permission(mirror_bot.username,
'devtable', 'simple',
existing_robot_permission)
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/simple'}
request_body = {
'external_reference': 'quay.io/foobar/barbaz',
'sync_interval': 100,
'sync_start_date': '2019-08-20T17:51:00Z',
'root_rule': {
'rule_type': 'TAG_GLOB_CSV',
'rule_value': ['latest', 'foo', 'bar']
},
'robot_username': '******',
}
conduct_api_call(cl, RepoMirrorResource, 'POST', params, request_body,
201)
# Check the status of the robot.
permissions = model.permission.get_user_repository_permissions(
mirror_bot, 'devtable', 'simple')
assert permissions[0].role.name == expected_permission
config = model.repo_mirror.get_mirror(
model.repository.get_repository('devtable', 'simple'))
assert config.root_rule.rule_value == ['latest', 'foo', 'bar']
def test_delete_repo(client, initialized_db):
with client_with_identity("devtable", client) as cl:
resp = conduct_api_call(cl, RepositoryList, "GET", {
"namespace": "devtable"
}).json
repos = {repo["name"] for repo in resp["repositories"]}
assert "simple" in repos
# Delete the repository.
params = {"repository": "devtable/simple"}
conduct_api_call(cl, Repository, "DELETE", params, expected_code=204)
# Ensure it isn't visible anymore.
conduct_api_call(cl, Repository, "GET", params, expected_code=404)
resp = conduct_api_call(cl, RepositoryList, "GET", {
"namespace": "devtable"
}).json
repos = {repo["name"] for repo in resp["repositories"]}
assert "simple" not in repos
# Check that the repository is enqueued for deletion.
marker = database.DeletedRepository.get()
assert marker.original_name == "simple"
assert marker.queue_id
def test_create_mirror_sets_permissions(existing_robot_permission, expected_permission, client):
mirror_bot, _ = model.user.create_robot(
"newmirrorbot", model.user.get_namespace_user("devtable")
)
if existing_robot_permission:
model.permission.set_user_repo_permission(
mirror_bot.username, "devtable", "simple", existing_robot_permission
)
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
request_body = {
"external_reference": "quay.io/foobar/barbaz",
"sync_interval": 100,
"sync_start_date": "2019-08-20T17:51:00Z",
"root_rule": {"rule_kind": "tag_glob_csv", "rule_value": ["latest", "foo", "bar"]},
"robot_username": "******",
}
conduct_api_call(cl, RepoMirrorResource, "POST", params, request_body, 201)
# Check the status of the robot.
permissions = model.permission.get_user_repository_permissions(mirror_bot, "devtable", "simple")
assert permissions[0].role.name == expected_permission
config = model.repo_mirror.get_mirror(model.repository.get_repository("devtable", "simple"))
assert config.root_rule.rule_value == ["latest", "foo", "bar"]
def test_list_starred_repos(client):
with client_with_identity("devtable", client) as cl:
params = {
"starred": "true",
}
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]}
assert "devtable/simple" in repos
assert "public/publicrepo" not in repos
# Add a star on publicrepo.
publicrepo = model.repository.get_repository("public", "publicrepo")
model.repository.star_repository(model.user.get_user("devtable"), publicrepo)
# Ensure publicrepo shows up.
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]}
assert "devtable/simple" in repos
assert "public/publicrepo" in repos
# Make publicrepo private and ensure it disappears.
model.repository.set_repository_visibility(publicrepo, "private")
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repos = {r["namespace"] + "/" + r["name"] for r in response["repositories"]}
assert "devtable/simple" in repos
assert "public/publicrepo" not in repos
def test_get_app_repo(client, initialized_db):
with client_with_identity('devtable', client) as cl:
devtable = model.user.get_user('devtable')
repo = model.repository.create_repository('devtable',
'someappr',
devtable,
repo_kind='application')
models_ref = appr_model.models_ref
blob.get_or_create_blob('sha256:somedigest', 0,
'application/vnd.cnr.blob.v0.tar+gzip',
['local_us'], models_ref)
release.create_app_release(
repo, 'test',
dict(
mediaType='application/vnd.cnr.package-manifest.helm.v0.json'),
'sha256:somedigest', models_ref, False)
channel.create_or_update_channel(repo, 'somechannel', 'test',
models_ref)
params = {'repository': 'devtable/someappr'}
response = conduct_api_call(cl, Repository, 'GET', params).json
assert response['kind'] == 'application'
assert response['channels']
assert response['releases']
def test_api_security(resource, method, params, owned_by, is_public, identity,
expected, app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
with client_with_identity(identity, client) as cl:
owner = model.user.get_user(owned_by)
visibility = 'public' if is_public else 'private'
model.repository.create_repository(owned_by,
'someapprepo',
owner,
visibility=visibility,
repo_kind='application')
params['namespace'] = owned_by
params['package_name'] = 'someapprepo'
params['_csrf_token'] = '123csrfforme'
url = url_for(resource, **params)
headers = {}
if identity is not None:
headers['authorization'] = 'basic ' + base64.b64encode(
'%s:password' % identity)
rv = cl.open(url, headers=headers, method=method)
assert rv.status_code == expected
def test_list_app_repositories_last_modified(client):
with client_with_identity("devtable", client) as cl:
devtable = model.user.get_user("devtable")
repo = model.repository.create_repository(
"devtable", "someappr", devtable, repo_kind="application"
)
models_ref = appr_model.models_ref
blob.get_or_create_blob(
"sha256:somedigest", 0, "application/vnd.cnr.blob.v0.tar+gzip", ["local_us"], models_ref
)
release.create_app_release(
repo,
"test",
dict(mediaType="application/vnd.cnr.package-manifest.helm.v0.json"),
"sha256:somedigest",
models_ref,
False,
)
channel.create_or_update_channel(repo, "somechannel", "test", models_ref)
params = {
"namespace": "devtable",
"last_modified": "true",
"repo_kind": "application",
}
response = conduct_api_call(cl, RepositoryList, "GET", params).json
assert len(response["repositories"]) > 0
for repo in response["repositories"]:
assert repo["last_modified"] is not None
def test_create_robot_with_metadata(endpoint, body, client):
with client_with_identity("devtable", client) as cl:
# Create the robot with the specified body.
conduct_api_call(
cl,
endpoint,
"PUT",
{
"orgname": "buynlarge",
"robot_shortname": "somebot"
},
body,
expected_code=201,
)
# Ensure the create succeeded.
resp = conduct_api_call(
cl,
endpoint,
"GET",
{
"orgname": "buynlarge",
"robot_shortname": "somebot",
},
)
body = body or {}
assert resp.json["description"] == (body.get("description") or "")
assert resp.json["unstructured_metadata"] == (
body.get("unstructured_metadata") or {})
def test_repository_search_pagination(page_count, client):
# Create at least a few pages of results.
all_repositories = set()
user = model.user.get_user("devtable")
for index in range(0, MAX_PER_PAGE * page_count):
repo_name = "somerepo%s" % index
all_repositories.add(repo_name)
model.repository.create_repository("devtable", repo_name, user)
with client_with_identity("devtable", client) as cl:
for page_index in range(0, page_count):
params = {"query": "somerepo", "page": page_index + 1}
repo_results = conduct_api_call(
cl, ConductRepositorySearch, "GET", params, None, 200
).json
assert len(repo_results["results"]) <= MAX_PER_PAGE
for repo in repo_results["results"]:
all_repositories.remove(repo["name"])
if page_index < page_count - 1:
assert len(repo_results["results"]) == MAX_PER_PAGE
assert repo_results["has_additional"]
else:
assert not repo_results["has_additional"]
assert not all_repositories
def test_get_app_repo(client, initialized_db):
with client_with_identity("devtable", client) as cl:
devtable = model.user.get_user("devtable")
repo = model.repository.create_repository("devtable",
"someappr",
devtable,
repo_kind="application")
models_ref = appr_model.models_ref
blob.get_or_create_blob("sha256:somedigest", 0,
"application/vnd.cnr.blob.v0.tar+gzip",
["local_us"], models_ref)
release.create_app_release(
repo,
"test",
dict(
mediaType="application/vnd.cnr.package-manifest.helm.v0.json"),
"sha256:somedigest",
models_ref,
False,
)
channel.create_or_update_channel(repo, "somechannel", "test",
models_ref)
params = {"repository": "devtable/someappr"}
response = conduct_api_call(cl, Repository, "GET", params).json
assert response["kind"] == "application"
assert response["channels"]
assert response["releases"]
def test_change_credentials(request_body, expected_status, client):
""" Verify credentials can only be modified as a pair. """
mirror = _setup_mirror()
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
conduct_api_call(cl, RepoMirrorResource, "PUT", params, request_body,
expected_status)
def test_change_config(key, value, expected_status, client):
"""
Verify that changing each attribute works as expected.
"""
mirror = _setup_mirror()
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
if key in ("http_proxy", "https_proxy", "no_proxy"):
request_body = {
"external_registry_config": {
"proxy": {
key: value
}
}
}
elif key == "verify_tls":
request_body = {"external_registry_config": {key: value}}
else:
request_body = {key: value}
conduct_api_call(cl, RepoMirrorResource, "PUT", params, request_body,
expected_status)
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/simple"}
resp = conduct_api_call(cl, RepoMirrorResource, "GET", params, None,
200)
if expected_status < 400:
if key == "external_registry_password":
assert key not in resp.json
elif key == "verify_tls":
assert resp.json["external_registry_config"]["verify_tls"] == value
elif key in ("http_proxy", "https_proxy", "no_proxy"):
assert resp.json["external_registry_config"]["proxy"][key] == value
else:
assert resp.json[key] == value
else:
if key == "external_registry_password":
assert key not in resp.json
elif key == "verify_tls":
assert resp.json["external_registry_config"][key] != value
elif key in ("http_proxy", "https_proxy", "no_proxy"):
assert resp.json["external_registry_config"]["proxy"][key] != value
else:
assert resp.json[key] != value
def test_change_install_user(client):
with client_with_identity("devtable", client) as cl:
params = {"username": "******"}
body = {"email": "*****@*****.**"}
result = conduct_api_call(cl, SuperUserManagement, "PUT", params, body,
200).json
assert result["email"] == body["email"]
def test_change_install_user(client):
with client_with_identity('devtable', client) as cl:
params = {'username': '******'}
body = {'email': '*****@*****.**'}
result = conduct_api_call(cl, SuperUserManagement, 'PUT', params, body,
200).json
assert result['email'] == body['email']
def test_get_signatures(targets_map, expected, client):
with patch("endpoints.api.signing.tuf_metadata_api") as mock_tuf:
mock_tuf.get_all_tags_with_expiration.return_value = targets_map
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/trusted"}
assert tags_equal(
expected, conduct_api_call(cl, RepositorySignatures, "GET", params, None, 200).json
)
def test_delete_expired_app_token(app, client):
user = model.user.get_user("devtable")
expiration = datetime.now() - timedelta(seconds=10)
token = model.appspecifictoken.create_token(user, "some token", expiration)
with client_with_identity("devtable", client) as cl:
# Delete the token.
conduct_api_call(cl, AppToken, "DELETE", {"token_uuid": token.uuid},
None, 204)
def test_list_all_users(disabled, client):
with client_with_identity("devtable", client) as cl:
params = {"disabled": disabled}
result = conduct_api_call(cl, SuperUserList, "GET", params, None,
200).json
assert len(result["users"])
for user in result["users"]:
if not disabled:
assert user["enabled"]
def test_list_repos(client, initialized_db):
with client_with_identity("devtable", client) as cl:
params = {"starred": "true", "repo_kind": "application"}
response = conduct_api_call(cl, RepositoryList, "GET", params).json
repo_states = {r["state"] for r in response["repositories"]}
for state in repo_states:
assert state in [
"NORMAL", "MIRROR", "READ_ONLY", "MARKED_FOR_DELETION"
]
def test_list_all_users(disabled, client):
with client_with_identity('devtable', client) as cl:
params = {'disabled': disabled}
result = conduct_api_call(cl, SuperUserList, 'GET', params, None,
200).json
assert len(result['users'])
for user in result['users']:
if not disabled:
assert user['enabled']
def test_change_config(key, value, expected_status, client):
""" Verify that changing each attribute works as expected. """
mirror = _setup_mirror()
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/simple'}
if key in ('http_proxy', 'https_proxy', 'no_proxy'):
request_body = {
'external_registry_config': {
'proxy': {
key: value
}
}
}
elif key == 'verify_tls':
request_body = {'external_registry_config': {key: value}}
else:
request_body = {key: value}
conduct_api_call(cl, RepoMirrorResource, 'PUT', params, request_body,
expected_status)
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/simple'}
resp = conduct_api_call(cl, RepoMirrorResource, 'GET', params, None,
200)
if expected_status < 400:
if key == 'external_registry_password':
assert key not in resp.json
elif key == 'verify_tls':
assert resp.json['external_registry_config']['verify_tls'] == value
elif key in ('http_proxy', 'https_proxy', 'no_proxy'):
assert resp.json['external_registry_config']['proxy'][key] == value
else:
assert resp.json[key] == value
else:
if key == 'external_registry_password':
assert key not in resp.json
elif key == 'verify_tls':
assert resp.json['external_registry_config'][key] != value
elif key in ('http_proxy', 'https_proxy', 'no_proxy'):
assert resp.json['external_registry_config']['proxy'][key] != value
else:
assert resp.json[key] != value
def test_change_tag_expiration(expiration, expected_code, client):
with client_with_identity("devtable", client) as cl:
conduct_api_call(
cl,
Organization,
"PUT",
{"orgname": "buynlarge"},
body={"tag_expiration_s": expiration},
expected_code=expected_code,
)
def test_get_repo(has_tag_manifest, client, initialized_db):
with client_with_identity('devtable', client) as cl:
if not has_tag_manifest:
database.TagManifestLabelMap.delete().execute()
database.TagManifestToManifest.delete().execute()
database.TagManifestLabel.delete().execute()
database.TagManifest.delete().execute()
params = {'repository': 'devtable/simple'}
response = conduct_api_call(cl, Repository, 'GET', params).json
assert response['kind'] == 'image'
def test_get_repo(has_tag_manifest, client, initialized_db):
with client_with_identity("devtable", client) as cl:
if not has_tag_manifest:
database.TagManifestLabelMap.delete().execute()
database.TagManifestToManifest.delete().execute()
database.TagManifestLabel.delete().execute()
database.TagManifest.delete().execute()
params = {"repository": "devtable/simple"}
response = conduct_api_call(cl, Repository, "GET", params).json
assert response["kind"] == "image"
def test_post_changetrust(trust_enabled, repo_found, expected_status, client):
with patch("endpoints.api.repository.tuf_metadata_api") as mock_tuf:
with patch(
"endpoints.api.repository_models_pre_oci.model.repository.get_repository"
) as mock_model:
mock_model.return_value = MagicMock() if repo_found else None
mock_tuf.get_default_tags_with_expiration.return_value = ["tags", "expiration"]
with client_with_identity("devtable", client) as cl:
params = {"repository": "devtable/repo"}
request_body = {"trust_enabled": trust_enabled}
conduct_api_call(cl, RepositoryTrust, "POST", params, request_body, expected_status)