def _get_auth(self, token): user_id = token.get('userId') username = token.get('username') scopes = token.get('scopes', []) roles = token.get('roles', []) if not user_id: raise Exception('user_id is missing') if not username: raise Exception('username is missing') if not scopes: raise Exception('scopes not specified') scopes = [scope.strip() for scope in scopes.split(',')] if roles: roles = [role.strip() for role in roles.split(',')] organizations = token.get('organizations') if organizations: organizations = [org.strip() for org in organizations.split(',')] namespaces = token.get('namespaces') if namespaces: namespaces = [ns.strip() for ns in namespaces.split(',')] return Auth(user_id, username, roles=roles, organizations=organizations, namespaces=namespaces, scopes=scopes)
def test_security_context(): """Test SecurityContext with thread-local based context. """ local_context = local() sc = SecurityContext(local_context) assert sc.has_auth() is False auth = Auth(user_id="test", username="******") sc.set_auth(auth) assert local_context.microkubes_auth is not None assert sc.has_auth() is True result = sc.get_auth() assert result is not None assert result == auth sc.clear_auth() assert local_context.microkubes_auth is None assert sc.has_auth() is False assert sc.get_auth() is None
def test_set_auth(): """Test set_auth to a thread-local based context. """ ctx = local() auth = Auth(user_id="test-001", username="******") set_auth(ctx, auth) assert ctx.microkubes_auth is not None assert ctx.microkubes_auth == auth
def test_get_auth(): """Test get auth from thread-local based context. """ ctx = local() auth = Auth(user_id="test-001", username="******") ctx.microkubes_auth = auth result = get_auth(ctx) assert result is not None assert auth == result
def test_has_auth(): """Test has_auth with thread-local based context. """ ctx = local() auth = Auth(user_id="test-001", username="******") assert has_auth(ctx) is False ctx.microkubes_auth = auth assert has_auth(ctx)
def test_auth_eq(): """Test Auth equality override. """ a1 = Auth(user_id="a1", username="******") a2 = Auth(user_id="a1", username="******") assert a1 == a2 assert a2 == a1 a1 = Auth(user_id="a1", username="******", roles=["user"]) a2 = Auth(user_id="a1", username="******") assert a1 != a2 assert a2 != a1 a1 = Auth(user_id="a1", username="******", roles=["user"], organizations=["o1", "o2"], namespaces=["ns1", "ns2"], scopes="api:read,api:write") a2 = Auth(user_id="a1", username="******", roles=["user"], organizations=["o1", "o2"], namespaces=["ns1", "ns2"], scopes="api:read,api:write") assert a1 == a2 # mix up the names in the lists a1 = Auth(user_id="a1", username="******", roles=["user", "r2"], organizations=["o1", "o2"], namespaces=["ns1", "ns2"], scopes="api:read,api:write") a2 = Auth(user_id="a1", username="******", roles=["r2", "user"], organizations=["o2", "o1"], namespaces=["ns2", "ns1"], scopes="api:read,api:write") assert a1 == a2 # mix, but should not be equal a1 = Auth(user_id="a1", username="******", roles=["user", "r2"], organizations=["o1", "o2"], namespaces=["ns1", "ns2", "ns3"], scopes="api:read,api:write") a2 = Auth(user_id="a1", username="******", roles=["r2", "user"], organizations=["o2", "o1"], namespaces=["ns2", "ns1"], scopes="api:read,api:write") assert a1 != a2
def _get_auth(self, attributes={}): """Create authentication object """ user_id = attributes.get('urn:oid:0.9.2342.19200300.100.1.1', [])[0] email = attributes.get('urn:oid:1.3.6.1.4.1.5923.1.1.1.6', [])[0] roles = attributes.get('urn:oid:1.3.6.1.4.1.5923.1.1.1.1', []) if not user_id: raise Exception('user_id is missing') if not email: raise Exception('email is missing') if not roles: raise Exception('roles not specified') # TODO: Add scopes, namespaces and organizations in session created from Microkubes Identity Provider # and user's fullname if possible return Auth(user_id, email, roles=roles)