def test_fetch_x509_svids_corrupted_response(mocker): WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock( return_value=iter( [ workload_pb2.X509SVIDResponse( svids=[ workload_pb2.X509SVID( spiffe_id='spiffe://example.org/service', x509_svid=_CHAIN1, x509_svid_key=_KEY1, ), workload_pb2.X509SVID( spiffe_id='spiffe://example.org/service2', x509_svid=_CORRUPTED, x509_svid_key=_KEY2, ), ] ) ] ) ) with (pytest.raises(FetchX509SvidError)) as exception: WORKLOAD_API_CLIENT.fetch_x509_svids() assert ( str(exception.value) == 'Error fetching X.509 SVID: Error parsing certificate: Unable to parse DER X.509 certificate.' )
def test_fetch_x509_svids_raise_exception(mocker): WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock( side_effect=Exception('mocked error')) with (pytest.raises(FetchX509SvidError)) as exception: WORKLOAD_API_CLIENT.fetch_x509_svids() assert str(exception.value) == 'Error fetching X.509 SVID: mocked error.'
def test_fetch_x509_svids_invalid_response(mocker): WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock( return_value=iter([])) with (pytest.raises(FetchX509SvidError)) as exception: WORKLOAD_API_CLIENT.fetch_x509_svids() assert (str(exception.value) == 'Error fetching X.509 SVID: X.509 SVID response is invalid.')
def test_fetch_x509_svids_raise_grpc_error_call(mocker): WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock( side_effect=FakeCall()) with (pytest.raises(FetchX509SvidError)) as exception: WORKLOAD_API_CLIENT.fetch_x509_svids() assert (str(exception.value) == 'Error fetching X.509 SVID: Error details from Workload API.')
def test_fetch_x509_svids_success(mocker): WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock( return_value=iter([ workload_pb2.X509SVIDResponse(svids=[ workload_pb2.X509SVID( spiffe_id='spiffe://example.org/service', x509_svid=CHAIN1, x509_svid_key=KEY1, ), workload_pb2.X509SVID( spiffe_id='spiffe://example.org/service2', x509_svid=CHAIN2, x509_svid_key=KEY2, ), ]) ])) svids = WORKLOAD_API_CLIENT.fetch_x509_svids() assert len(svids) == 2 svid1 = svids[0] assert svid1.spiffe_id() == SpiffeId.parse('spiffe://example.org/service') assert len(svid1.cert_chain()) == 2 assert isinstance(svid1.leaf(), Certificate) assert isinstance(svid1.private_key(), ec.EllipticCurvePrivateKey) svid2 = svids[1] assert svid2.spiffe_id() == SpiffeId.parse('spiffe://example.org/service2') assert len(svid2.cert_chain()) == 1 assert isinstance(svid2.leaf(), Certificate) assert isinstance(svid2.private_key(), ec.EllipticCurvePrivateKey)