def _get_auth(self, token):
user_id = token.get('userId')
username = token.get('username')
scopes = token.get('scopes', [])
roles = token.get('roles', [])
if not user_id:
raise Exception('user_id is missing')
if not username:
raise Exception('username is missing')
if not scopes:
raise Exception('scopes not specified')
scopes = [scope.strip() for scope in scopes.split(',')]
if roles:
roles = [role.strip() for role in roles.split(',')]
organizations = token.get('organizations')
if organizations:
organizations = [org.strip() for org in organizations.split(',')]
namespaces = token.get('namespaces')
if namespaces:
namespaces = [ns.strip() for ns in namespaces.split(',')]
return Auth(user_id,
username,
roles=roles,
organizations=organizations,
namespaces=namespaces,
scopes=scopes)
def test_security_context():
"""Test SecurityContext with thread-local based context.
"""
local_context = local()
sc = SecurityContext(local_context)
assert sc.has_auth() is False
auth = Auth(user_id="test", username="******")
sc.set_auth(auth)
assert local_context.microkubes_auth is not None
assert sc.has_auth() is True
result = sc.get_auth()
assert result is not None
assert result == auth
sc.clear_auth()
assert local_context.microkubes_auth is None
assert sc.has_auth() is False
assert sc.get_auth() is None
def test_set_auth():
"""Test set_auth to a thread-local based context.
"""
ctx = local()
auth = Auth(user_id="test-001", username="******")
set_auth(ctx, auth)
assert ctx.microkubes_auth is not None
assert ctx.microkubes_auth == auth
def test_get_auth():
"""Test get auth from thread-local based context.
"""
ctx = local()
auth = Auth(user_id="test-001", username="******")
ctx.microkubes_auth = auth
result = get_auth(ctx)
assert result is not None
assert auth == result
def test_has_auth():
"""Test has_auth with thread-local based context.
"""
ctx = local()
auth = Auth(user_id="test-001", username="******")
assert has_auth(ctx) is False
ctx.microkubes_auth = auth
assert has_auth(ctx)
def test_auth_eq():
"""Test Auth equality override.
"""
a1 = Auth(user_id="a1", username="******")
a2 = Auth(user_id="a1", username="******")
assert a1 == a2
assert a2 == a1
a1 = Auth(user_id="a1", username="******", roles=["user"])
a2 = Auth(user_id="a1", username="******")
assert a1 != a2
assert a2 != a1
a1 = Auth(user_id="a1", username="******", roles=["user"], organizations=["o1", "o2"],
namespaces=["ns1", "ns2"], scopes="api:read,api:write")
a2 = Auth(user_id="a1", username="******", roles=["user"], organizations=["o1", "o2"],
namespaces=["ns1", "ns2"], scopes="api:read,api:write")
assert a1 == a2
# mix up the names in the lists
a1 = Auth(user_id="a1", username="******", roles=["user", "r2"], organizations=["o1", "o2"],
namespaces=["ns1", "ns2"], scopes="api:read,api:write")
a2 = Auth(user_id="a1", username="******", roles=["r2", "user"], organizations=["o2", "o1"],
namespaces=["ns2", "ns1"], scopes="api:read,api:write")
assert a1 == a2
# mix, but should not be equal
a1 = Auth(user_id="a1", username="******", roles=["user", "r2"], organizations=["o1", "o2"],
namespaces=["ns1", "ns2", "ns3"], scopes="api:read,api:write")
a2 = Auth(user_id="a1", username="******", roles=["r2", "user"], organizations=["o2", "o1"],
namespaces=["ns2", "ns1"], scopes="api:read,api:write")
assert a1 != a2
def _get_auth(self, attributes={}):
"""Create authentication object
"""
user_id = attributes.get('urn:oid:0.9.2342.19200300.100.1.1', [])[0]
email = attributes.get('urn:oid:1.3.6.1.4.1.5923.1.1.1.6', [])[0]
roles = attributes.get('urn:oid:1.3.6.1.4.1.5923.1.1.1.1', [])
if not user_id:
raise Exception('user_id is missing')
if not email:
raise Exception('email is missing')
if not roles:
raise Exception('roles not specified')
# TODO: Add scopes, namespaces and organizations in session created from Microkubes Identity Provider
# and user's fullname if possible
return Auth(user_id, email, roles=roles)