def test_init_with_entering_password_but_not_in_atty( self, isatty, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) context = krbContext(using_keytab=False, principal=self.principal) self.assertRaises(IOError, context.init_with_password) context = krbContext(using_keytab=False, principal=self.principal, password='') self.assertRaises(IOError, context.init_with_password)
def test_init_in_given_ccache( self, store_cred_into, acquire_cred_with_password, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) ccache = '/tmp/mycc' context = krbContext(using_keytab=False, principal=self.principal, ccache_file=ccache, password='******') context.init_with_password() Credentials.assert_called_once_with( usage='initiate', name=self.princ_name, store={'ccache': ccache}) acquire_cred_with_password.assert_called_once_with( self.princ_name, 'security') store_cred_into.assert_called_once_with( {'ccache': '/tmp/mycc'}, acquire_cred_with_password.return_value.creds, usage='initiate', overwrite=True)
def test_cred_not_expired(self, Credentials): context = krbContext(using_keytab=True, principal=self.service_principal) context.init_with_keytab() self.assertEqual(1, Credentials.call_count) Credentials.return_value.store.assert_not_called()
def test_init_with_given_keytab_and_ccache(self, exists, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) keytab = '/etc/app/app.keytab' ccache = '/tmp/mycc' context = krbContext(using_keytab=True, principal=self.service_principal, keytab_file=keytab, ccache_file=ccache) context.init_with_keytab() Credentials.assert_has_calls([ call(usage='initiate', name=self.princ_name, store={ 'client_keytab': keytab, 'ccache': ccache }), call(usage='initiate', name=self.princ_name, store={ 'client_keytab': keytab, 'ccache': self.tmp_ccache }), ]) Credentials.return_value.store.assert_called_once_with( store={'ccache': ccache}, usage='initiate', overwrite=True)
def assert_krbContext(self, init_creds_keytab, init): with kctx.krbContext(using_keytab=True, principal='HTTP/[email protected]', keytab_file='/etc/httpd/conf/httpd.keytab', ccache_file='/tmp/krb5cc_app') as context: self.assertTrue(context.initialized) self.assertEqual('/tmp/krb5cc_app', os.environ['KRB5CCNAME'])
def test_init_cred_with_need_enter_password(self, store_cred, acquire_cred_with_password, getpass, isatty, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) getpass.return_value = 'mypassword' context = krbContext(using_keytab=False, principal=self.principal) context.init_with_password() isatty.assert_called_once() # Ensure this must be called. getpass.assert_called_once() Credentials.assert_called_once_with(usage='initiate', name=self.princ_name) acquire_cred_with_password.assert_called_once_with( self.princ_name, 'mypassword') store_cred.assert_called_once_with( acquire_cred_with_password.return_value.creds, usage='initiate', overwrite=True)
def test_init_with_default_keytab(self, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) with krbContext(using_keytab=True, principal='app/[email protected]', ccache_file='/tmp/my_cc'): self.assertEqual('/tmp/my_cc', os.environ['KRB5CCNAME'])
def test_specify_existing_keytab(self, exists): exists.return_value = True context = krbContext(using_keytab=True, principal='HTTP/[email protected]', keytab_file='/etc/app/app.keytab') self.assertEqual('/etc/app/app.keytab', context._cleaned_options['keytab'])
def test_init(self, Popen, get_tgt_time, stdin): get_tgt_time.return_value = get_fake_cred_time(expired=True) Popen.return_value.communicate.return_value = ('', '') Popen.return_value.returncode = 0 stdin.isatty.return_value = True with kctx.krbContext(): pass
def login(): if os.path.exists(krb5cc_file): os.remove(krb5cc_file) with krbContext(using_keytab=True, principal=userPrincipal, keytab_file=keytableFilePath, ccache_file=krb5cc_file): pass
def test_not_in_terminal(self, get_tgt_time, stdin): stdin.isatty.return_value = False get_tgt_time.return_value = get_fake_cred_time(expired=True) try: with kctx.krbContext(): pass except Exception as e: self.assertTrue(isinstance(e, IOError))
def test_no_need_init(self, get_tgt_time): get_tgt_time.return_value = get_fake_cred_time(expired=False) with patch.dict(os.environ, {}, clear=True): with kctx.krbContext(using_keytab=True, principal='HTTP/[email protected]') as context: self.assertFalse(context.initialized) self.assertTrue('KRB5CCNAME' not in os.environ) self.assertTrue('KRB5CCNAME' not in os.environ)
def test_do_nothing_if_unnecessary_to_init(self, Credentials): with krbContext(using_keytab=True, principal='app/[email protected]'): # Nothing is changed, but original KRB5CCNAME must be removed # since default ccache is used. self.assertNotIn('KRB5CCNAME', os.environ) # Original ccache must be restored. self.assertEqual('/tmp/my_cc', os.environ['KRB5CCNAME'])
def test_access_initialized_property(self, get_tgt_time): get_tgt_time.return_value = get_fake_cred_time(expired=False) with patch.dict(os.environ, {'fake_var': '1'}, clear=True): with kctx.krbContext(using_keytab=True, principal='HTTP/[email protected]', keytab_file='/etc/httpd/conf/httpd.keytab', ccache_file='/tmp/krb5cc_pid_appname') as ctx: self.assertFalse(ctx.initialized)
def test_no_need_init_if_not_expired( self, store_cred_into, acquire_cred_with_password, Credentials): context = krbContext(using_keytab=False, principal=self.principal, password='******') context.init_with_password() self.assertEqual(1, Credentials.call_count) store_cred_into.assert_not_called() acquire_cred_with_password.assert_not_called()
def test_init_command_fails(self, Popen, stdin): Popen.return_value.returncode = 1 Popen.return_value.communicate.return_value = ('', 'something goes wrong.') stdin.isatty.return_value = True try: with kctx.krbContext(): pass except Exception as e: self.assertTrue(isinstance(e, KRB5InitError))
def test_init_in_default_ccache_with_password( self, store_cred, acquire_cred_with_password, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) with krbContext(using_keytab=False, principal='cqi', password='******'): self.assertNotIn('KRB5CCNAME', os.environ) self.assertNotIn('KRB5CCNAME', os.environ)
def test_all_defaults(self, get_login): get_login.return_value = 'cqi' context = krbContext() expected_princ = gssapi.names.Name(get_login.return_value, gssapi.names.NameType.user) self.assertEqual(expected_princ, context._cleaned_options['principal']) self.assertEqual(kctx.DEFAULT_CCACHE, context._cleaned_options['ccache']) self.assertFalse(context._cleaned_options['using_keytab'])
def test_init_in_default_ccache_without_original_krb5ccname_is_set( self, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) with krbContext(using_keytab=True, principal='app/[email protected]'): self.assertNotIn('KRB5CCNAME', os.environ) # Originally, no KRB5CCNAME is set, it should be cleaned after exit. self.assertNotIn('KRB5CCNAME', os.environ)
def test_init_in_default_ccache_and_original_krb5ccname_is_set( self, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) with krbContext(using_keytab=True, principal='app/[email protected]'): self.assertNotIn('KRB5CCNAME', os.environ) self.assertIn('KRB5CCNAME', os.environ) self.assertEqual('/tmp/my_cc', os.environ['KRB5CCNAME'])
def test_original_ccache_should_be_restored(self, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) with krbContext(using_keytab=True, principal='app/[email protected]', ccache_file='/tmp/app_pid_cc'): # Inside context, given ccache should be used. self.assertEqual('/tmp/app_pid_cc', os.environ['KRB5CCNAME']) self.assertIn('KRB5CCNAME', os.environ) self.assertEqual('/tmp/my_cc', os.environ['KRB5CCNAME'])
def test_all_defaults(self): context = krbContext(using_keytab=True, principal='HTTP/[email protected]') self.assertTrue(context._cleaned_options['using_keytab']) expected_princ = gssapi.names.Name( 'HTTP/[email protected]', gssapi.names.NameType.kerberos_principal) self.assertEqual(expected_princ, context._cleaned_options['principal']) self.assertEqual(kctx.DEFAULT_CCACHE, context._cleaned_options['ccache']) self.assertEqual(kctx.DEFAULT_KEYTAB, context._cleaned_options['keytab'])
def test_init_in_default_ccache_with_default_keytab(self, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) context = krbContext(using_keytab=True, principal=self.service_principal) context.init_with_keytab() Credentials.assert_has_calls([ call(usage='initiate', name=self.princ_name), call(usage='initiate', name=self.princ_name, store={'ccache': self.tmp_ccache}), ]) Credentials.return_value.store.assert_called_once_with( store=None, usage='initiate', overwrite=True)
def test_init_in_default_ccache(self, store_cred, acquire_cred_with_password, Credentials): type(Credentials.return_value).lifetime = PropertyMock( side_effect=gssapi.exceptions.ExpiredCredentialsError(1, 1)) context = krbContext(using_keytab=False, principal=self.principal, password='******') context.init_with_password() acquire_cred_with_password.assert_called_once_with( self.princ_name, 'security') store_cred.assert_called_once_with( acquire_cred_with_password.return_value.creds, usage='initiate', overwrite=True)
def test_specify_principal(self): context = krbContext(principal='cqi') expected_princ = gssapi.names.Name('cqi', gssapi.names.NameType.user) self.assertEqual(expected_princ, context._cleaned_options['principal'])
def test_specify_ccache(self): context = krbContext(principal='cqi', ccache_file='/var/app/krb5_ccache') self.assertEqual('/var/app/krb5_ccache', context._cleaned_options['ccache'])
def test_specify_ccache(self): context = krbContext(using_keytab=True, principal='HTTP/[email protected]', ccache_file='/var/app/krb5_ccache') self.assertEqual('/var/app/krb5_ccache', context._cleaned_options['ccache'])