示例#1
0
def test_fetch_x509_svids_corrupted_response(mocker):
    WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock(
        return_value=iter(
            [
                workload_pb2.X509SVIDResponse(
                    svids=[
                        workload_pb2.X509SVID(
                            spiffe_id='spiffe://example.org/service',
                            x509_svid=_CHAIN1,
                            x509_svid_key=_KEY1,
                        ),
                        workload_pb2.X509SVID(
                            spiffe_id='spiffe://example.org/service2',
                            x509_svid=_CORRUPTED,
                            x509_svid_key=_KEY2,
                        ),
                    ]
                )
            ]
        )
    )

    with (pytest.raises(FetchX509SvidError)) as exception:
        WORKLOAD_API_CLIENT.fetch_x509_svids()

    assert (
        str(exception.value)
        == 'Error fetching X.509 SVID: Error parsing certificate: Unable to parse DER X.509 certificate.'
    )
示例#2
0
def test_fetch_x509_svids_raise_exception(mocker):
    WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock(
        side_effect=Exception('mocked error'))

    with (pytest.raises(FetchX509SvidError)) as exception:
        WORKLOAD_API_CLIENT.fetch_x509_svids()

    assert str(exception.value) == 'Error fetching X.509 SVID: mocked error.'
示例#3
0
def test_fetch_x509_svids_invalid_response(mocker):
    WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock(
        return_value=iter([]))

    with (pytest.raises(FetchX509SvidError)) as exception:
        WORKLOAD_API_CLIENT.fetch_x509_svids()

    assert (str(exception.value) ==
            'Error fetching X.509 SVID: X.509 SVID response is invalid.')
示例#4
0
def test_fetch_x509_svids_raise_grpc_error_call(mocker):
    WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock(
        side_effect=FakeCall())

    with (pytest.raises(FetchX509SvidError)) as exception:
        WORKLOAD_API_CLIENT.fetch_x509_svids()

    assert (str(exception.value) ==
            'Error fetching X.509 SVID: Error details from Workload API.')
示例#5
0
def test_fetch_x509_svids_success(mocker):
    WORKLOAD_API_CLIENT._spiffe_workload_api_stub.FetchX509SVID = mocker.Mock(
        return_value=iter([
            workload_pb2.X509SVIDResponse(svids=[
                workload_pb2.X509SVID(
                    spiffe_id='spiffe://example.org/service',
                    x509_svid=CHAIN1,
                    x509_svid_key=KEY1,
                ),
                workload_pb2.X509SVID(
                    spiffe_id='spiffe://example.org/service2',
                    x509_svid=CHAIN2,
                    x509_svid_key=KEY2,
                ),
            ])
        ]))

    svids = WORKLOAD_API_CLIENT.fetch_x509_svids()

    assert len(svids) == 2

    svid1 = svids[0]
    assert svid1.spiffe_id() == SpiffeId.parse('spiffe://example.org/service')
    assert len(svid1.cert_chain()) == 2
    assert isinstance(svid1.leaf(), Certificate)
    assert isinstance(svid1.private_key(), ec.EllipticCurvePrivateKey)

    svid2 = svids[1]
    assert svid2.spiffe_id() == SpiffeId.parse('spiffe://example.org/service2')
    assert len(svid2.cert_chain()) == 1
    assert isinstance(svid2.leaf(), Certificate)
    assert isinstance(svid2.private_key(), ec.EllipticCurvePrivateKey)