def test_dependencies_3():
"""
several dependencies (even nested)
See EntityDep5 for details
"""
api = load_test_open_api_spec()
EntityDep1 = api.entities['EntityDep1'].cls
EntityDep5 = api.entities['EntityDep5'].cls
EntityDep5_Obj1 = api.entities['EntityDep5_Obj1'].cls
EntityDep5_Obj1_Obj2 = api.entities['EntityDep5_Obj1_Obj2'].cls
deps1 = EntitiesSet({
EntityWrapper(EntityDep1(id='d11', name='dep11')),
EntityWrapper(EntityDep1(id='d12', name='dep12')),
EntityWrapper(EntityDep1(id='d13', name='dep13')),
})
data = {'id': 'd51', 'name': 'dep51', 'obj1': {'obj2': {'dep1': 'dep11'}}}
deps5 = EntitiesSet(
{EntityWrapper(K8S_LOADER.load(data, None, EntityDep5))})
deps5_resolved, conflicts = resolve_entities(deps5,
[(deps1, 'obj1.obj2.dep1')])
assert conflicts is None
assert deps5_resolved.entities == {
EntityWrapper(
EntityDep5(
id='d51',
name='dep51',
obj1=EntityDep5_Obj1(obj2=EntityDep5_Obj1_Obj2(dep1='d11'))))
}
def test_compare_entity_with_secrets_with_metadata_4():
EntityTest2 = load_test_open_api_spec(
reload=True,
k8s_get_secret=_k8s_get_secret).entities['EntityTest2'].cls
data_1 = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
data_2 = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
'created': '2020-09-10T12:20:14Z',
'updated': '2020-09-20T12:20:14Z'
}
appgate_metadata = {
'generation': 2,
'latestGeneration': 3,
'creationTimestamp': '2020-09-10T10:20:14Z',
'modificationTimestamp': '2020-09-20T12:19:14Z',
}
e1 = EntityWrapper(K8S_LOADER.load(data_1, appgate_metadata, EntityTest2))
e2 = EntityWrapper(APPGATE_LOADER.load(data_2, None, EntityTest2))
assert e1 == e2
def test_loader_1():
EntityTest1 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest1'].cls
entity_1 = {
'fieldOne': 'this is read only',
'fieldTwo': 'this is write only',
'fieldThree': 'this is deprecated',
'fieldFour': 'this is a field',
'from': 'this has a weird key name',
}
e = APPGATE_LOADER.load(entity_1, None, EntityTest1)
assert e == EntityTest1(fieldOne='this is read only',
fieldTwo=None,
fieldFour='this is a field',
fromm='this has a weird key name')
assert e != EntityTest1(fieldOne=None,
fieldTwo='this is write only',
fieldFour='this is a field that changed')
assert e.fieldOne == 'this is read only'
assert e.fieldTwo is None
e = K8S_LOADER.load(entity_1, None, EntityTest1)
assert e == EntityTest1(fieldOne=None,
fieldTwo='this is write only',
fieldFour='this is a field',
fromm='this has a weird key name')
assert e != EntityTest1(fieldOne=None,
fieldTwo='this is write only',
fieldFour='this is a field that changed',
fromm='this has a weird key name')
def test_dumper_2():
"""
Test dumper with metadata
"""
EntityTest1 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest1'].cls
e1 = EntityTest1(
fieldOne='this is read only',
fieldTwo='this is write only',
fieldFour='this is a field',
appgate_metadata=AppgateMetadata(uuid='666-666-666-666-666'))
e1_data = {
'fieldTwo': 'this is write only',
'fieldFour': 'this is a field',
}
e = APPGATE_DUMPER.dump(e1)
assert e == e1_data
e2_data = {
'fieldTwo': 'this is write only',
'fieldFour': 'this is a field',
'appgate_metadata': {
'uuid': '666-666-666-666-666'
}
}
e = K8S_DUMPER.dump(e1)
assert e == e2_data
def test_read_only_write_only_eq():
"""
By default readOnly and writeOnly are never compared.
But we should load the correct data from each side (K8S or APPGATE)
"""
EntityTest4 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest4'].cls
e_data = {
'fieldOne': 'writeOnly',
'fieldTwo': 'readOnly',
}
e = APPGATE_LOADER.load(e_data, None, EntityTest4)
assert e == EntityTest4(fieldOne=None, fieldTwo='readOnly')
e = APPGATE_LOADER.load(e_data, None, EntityTest4)
assert e == EntityTest4(fieldOne=None, fieldTwo='----')
assert e.fieldTwo == 'readOnly'
assert e.fieldOne is None
e = K8S_LOADER.load(e_data, None, EntityTest4)
assert e == EntityTest4(fieldOne='writeOnly', fieldTwo=None)
e = K8S_LOADER.load(e_data, None, EntityTest4)
assert e == EntityTest4(fieldOne='-----', fieldTwo=None)
assert e.fieldOne == 'writeOnly'
assert e.fieldTwo is None
def test_compare_entity_with_secrets():
"""
If we are missing metadata frm k8s we should always update the entity
"""
EntityTest2 = load_test_open_api_spec(
reload=True,
k8s_get_secret=_k8s_get_secret).entities['EntityTest2'].cls
data_1 = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
data_2 = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
'created': '2020-09-10T12:20:14Z',
'updated': '2020-09-10T12:20:14Z'
}
e1 = EntityWrapper(K8S_LOADER.load(data_1, None, EntityTest2))
e2 = EntityWrapper(APPGATE_LOADER.load(data_2, None, EntityTest2))
assert e1 != e2
def test_write_only_attribute_load():
EntityTest2 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest2'].cls
e_data = {
'fieldOne': '1234567890',
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
e = APPGATE_LOADER.load(e_data, None, EntityTest2)
# writeOnly fields are not loaded from Appgate
assert e.fieldOne is None
assert e.fieldTwo is None
assert e.fieldThree == 'this is a field'
# writeOnly fields are not compared by default
assert e == EntityTest2(fieldOne='1234567890',
fieldTwo='this is write only',
fieldThree='this is a field')
e = K8S_LOADER.load(e_data, None, EntityTest2)
# writeOnly fields are loaded from K8S
assert e.fieldOne == '1234567890'
assert e.fieldTwo == 'this is write only'
assert e.fieldThree == 'this is a field'
# writeOnly fields are not compared by default
assert e == EntityTest2(fieldOne=None,
fieldTwo=None,
fieldThree='this is a field')
assert e.appgate_metadata.passwords == {'fieldOne': '1234567890'}
assert e.appgate_metadata.password_fields == frozenset({'fieldOne'})
def test_loader_3():
"""
Test load metadata
"""
EntityTest1 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest1'].cls
appgate_metadata = {'uuid': '666-666-666-666-666-666'}
entity_1 = {
'fieldOne': 'this is read only',
'fieldTwo': 'this is write only',
'fieldThree': 'this is deprecated',
'fieldFour': 'this is a field',
'appgate_metadata': appgate_metadata
}
e = K8S_LOADER.load(entity_1, None, EntityTest1)
# We load instance metadata
assert e.appgate_metadata == AppgateMetadata(
uuid='666-666-666-666-666-666')
assert e == EntityTest1(
fieldOne=None,
fieldTwo='this is write only',
fieldFour='this is a field',
appgate_metadata=AppgateMetadata(uuid='666-666-666-666-666-666'))
# isntance metadata is not compared
assert e == EntityTest1(
fieldOne=None,
fieldTwo='this is write only',
fieldFour='this is a field',
appgate_metadata=AppgateMetadata(uuid='333-333-333-333-333'))
def test_compare_plan_entity_pem():
EntityCert = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityCert'].cls
appgate_data = {
'name': 'c1',
'fieldOne': PEM_TEST,
'fieldTwo': {
'version': 1,
'serial': '3578',
'issuer': join_string(ISSUER),
'subject': join_string(SUBJECT),
'validFrom': '2012-08-22T05:26:54.000Z',
'validTo': '2017-08-21T05:26:54.000Z',
'fingerprint': 'Xw+1FmWBquZKEBwVg7G+vnToFKkeeooUuh6DXXj26ec=',
'certificate': join_string(CERTIFICATE_FIELD),
'subjectPublicKey': join_string(PUBKEY_FIELD),
}
}
k8s_data = {'name': 'c1', 'fieldOne': PEM2}
current_entities = EntitiesSet(
{EntityWrapper(APPGATE_LOADER.load(appgate_data, None, EntityCert))})
new_e = K8S_LOADER.load(k8s_data, None, EntityCert)
expected_entities = EntitiesSet({EntityWrapper(new_e)})
plan = compare_entities(current_entities, expected_entities, BUILTIN_TAGS)
assert plan.modify.entities == frozenset({EntityWrapper(new_e)})
assert plan.modifications_diff == {
'c1': [
'--- \n', '+++ \n', '@@ -3,10 +3,10 @@\n', ' "fieldTwo": {\n',
'- "version": 1,\n', '- "serial": "3578",\n',
'+ "version": 3,\n', '+ "serial": "0",\n',
' "issuer": "[email protected], CN=Frank4DD Web CA, OU=WebCert Support, O=Frank4DD, L=Chuo-ku, ST=Tokyo, C=JP",\n',
' "subject": "CN=www.example.com, O=Frank4DD, ST=Tokyo, C=JP",\n',
'- "validFrom": "2012-08-22T05:26:54.000Z",\n',
'- "validTo": "2017-08-21T05:26:54.000Z",\n',
'- "fingerprint": "Xw+1FmWBquZKEBwVg7G+vnToFKkeeooUuh6DXXj26ec=",\n',
'- "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNFakNDQVhzQ0FnMzZNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2JNUXN3Q1FZRFZRUUdF'
'd0pLVURFT01Bd0cKQTFVRUNCTUZWRzlyZVc4eEVEQU9CZ05WQkFjVEIwTm9kVzh0YTNVeEVUQVBCZ05WQkFvVENFWnlZVzVyTkVSRQpNUmd3RmdZRFZRUUxFdzlYWldKRFpYS'
'jBJRk4xY0hCdmNuUXhHREFXQmdOVkJBTVREMFp5WVc1ck5FUkVJRmRsCllpQkRRVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVjM1Z3Y0c5eWRFQm1jbUZ1YXpSa1pDNWpiMjB3SG'
'hjTk1USXcKT0RJeU1EVXlOalUwV2hjTk1UY3dPREl4TURVeU5qVTBXakJLTVFzd0NRWURWUVFHRXdKS1VERU9NQXdHQTFVRQpDQXdGVkc5cmVXOHhFVEFQQmdOVkJBb01DRVp'
'5WVc1ck5FUkVNUmd3RmdZRFZRUUREQTkzZDNjdVpYaGhiWEJzClpTNWpiMjB3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFtL3hta0htRVFydXJFLzByZS9qZUZS'
'TGwKOFpQakJvcDd1TEhobmlhN2xRRy81ekR0WklVQzNSVnBxRFN3QnV3L05Ud2VHeXVQK284QUc5OEh4cXhUQndJRApBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUJTM'
'lRMdUJlVFBtY2FUYVVXL0xDQjJOWU95OEdNZHpSMW14CjhpQkl1Mkg2L0UydGlZM1JJZXZWMk9XNjFxWTIvWFJRZzdZUHh4M2ZmZVV1Z1g5RjRKL2lQbm51MXpBeHh5QnkKMl'
'ZndUt2NFNXalJGb1JrSWZJbEhYMHFWdmlNaFNsTnkyaW9GTHk3SmNQWmIrdjNmdERHeXdVcWNCaVZEb2VhMApIbitHbXhaQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==",\n',
'+ "validFrom": "1901-12-13T20:45:52.000Z",\n',
'+ "validTo": "2038-01-19T03:14:07.000Z",\n',
'+ "fingerprint": "6b7fb51b56acaf0a8f9b9a3f8ca6737cb97821ddb830106c9fc9a14b8bfdfa36",\n',
'+ "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNHakNDQVlPZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRVUZBRENCbXpFTE1Ba0dB'
'MVVFQmhNQ1NsQXgKRGpBTUJnTlZCQWdUQlZSdmEzbHZNUkF3RGdZRFZRUUhFd2REYUhWdkxXdDFNUkV3RHdZRFZRUUtFd2hHY21GdQphelJFUkRFWU1CWUdBMVVFQ3hNUFYyV'
'mlRMlZ5ZENCVGRYQndiM0owTVJnd0ZnWURWUVFERXc5R2NtRnVhelJFClJDQlhaV0lnUTBFeEl6QWhCZ2txaGtpRzl3MEJDUUVXRkhOMWNIQnZjblJBWm5KaGJtczBaR1F1WT'
'I5dE1DSVkKRHpFNU1ERXhNakV6TWpBME5UVXlXaGdQTWpBek9EQXhNVGt3TXpFME1EZGFNRW94Q3pBSkJnTlZCQVlUQWtwUQpNUTR3REFZRFZRUUlEQVZVYjJ0NWJ6RVJNQTh'
'HQTFVRUNnd0lSbkpoYm1zMFJFUXhHREFXQmdOVkJBTU1EM2QzCmR5NWxlR0Z0Y0d4bExtTnZiVEJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRQ2IvR2FRZVlSQ3U2'
'c1QKL1N0NytONFZFdVh4aytNR2ludTRzZUdlSnJ1VkFiL25NTzFraFFMZEZXbW9OTEFHN0Q4MVBCNGJLNC82andBYgozd2ZHckZNSEFnTUJBQUV3RFFZSktvWklodmNOQVFFR'
'kJRQURnWUVBbnpkZVFCRzJjclhudlp5SGdDTDlkU25tCmxuYVhKSVRPLy8rRzU5dUN2REtiblgrQkt2WFh4WFFJYTdHbXR6WXV3M0xDL2pKSkwzMDdyL0NFQ1pyNnZWOUkKS0'
'huMjcreU90clBET3dURHRYeWFZT2FmOFY2ZmtTVk4zaUx4N3RiRVA2UjB1RUt4YVZhcU1aNzFlZDNTTzFPTAp3cTBqOEdrS1kvSy96bDJOd3pjPQotLS0tLUVORCBDRVJUSUZ'
'JQ0FURS0tLS0tCg==",\n',
' "subjectPublicKey": "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJv8ZpB5hEK7qxP9K3v43hUS5'
'fGT4waKe7ix4Z4mu5UBv+cw7WSFAt0Vaag0sAbsPzU8Hhsrj/qPABvfB8asUwcCAwEAAQ=="\n'
]
}
def test_deprecated_entity():
EntityTest1 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest1'].cls
with pytest.raises(TypeError,
match=f".*unexpected keyword argument 'fieldThree'"):
EntityTest1(fieldOne='this is read only',
fieldTwo='this is write only',
fieldThree='this is deprecated',
fieldFour='this is a field')
def test_dependencies_2():
"""
Two dependencies
EntityDep4 has an array field (deps1) with deps from EntityDep1
EntityDep4 has a string field (dep2) with deps from EntityDep2
"""
api = load_test_open_api_spec()
EntityDep1 = api.entities['EntityDep1'].cls
EntityDep2 = api.entities['EntityDep2'].cls
EntityDep4 = api.entities['EntityDep4'].cls
deps1 = EntitiesSet({
EntityWrapper(EntityDep1(id='d11', name='dep11')),
EntityWrapper(EntityDep1(id='d12', name='dep12')),
EntityWrapper(EntityDep1(id='d13', name='dep13')),
})
deps2 = EntitiesSet({
EntityWrapper(EntityDep2(id='d21', name='dep21')),
EntityWrapper(EntityDep2(id='d22', name='dep22')),
EntityWrapper(EntityDep2(id='d23', name='dep23')),
})
# no conflicts
deps4 = EntitiesSet({
EntityWrapper(
EntityDep4(id='d31',
name='dep31',
deps1=frozenset({'dep11', 'dep12'}),
dep2='dep23'))
})
deps3_resolved, conflicts = resolve_entities(deps4, [(deps1, 'deps1'),
(deps2, 'dep2')])
assert conflicts is None
assert deps3_resolved.entities == {
EntityWrapper(
EntityDep4(id='d31',
name='dep31',
deps1=frozenset({'d11', 'd12'}),
dep2='d23'))
}
# conflicts in field deps1
deps4 = EntitiesSet({
EntityWrapper(
EntityDep4(id='d31',
name='dep31',
deps1=frozenset({'dep14', 'dep12'}),
dep2='dep33'))
})
deps3_resolved, conflicts = resolve_entities(deps4, [(deps1, 'deps1'),
(deps2, 'dep2')])
assert conflicts == {
'dep31': {
'deps1': frozenset({'dep14'}),
'dep2': frozenset({'dep33'})
}
}
def test_compare_plan_entity_bytes():
EntityTest3Appgate = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest3Appgate'].cls
# fieldOne is writeOnly :: byte
# fieldTwo is readOnly :: checksum of fieldOne
# fieldThree is readOnly :: size of fieldOne
e_data = {
'id':
'6a01c585-c192-475b-b86f-0e632ada6769', # Current data always has ids
'name': 'entity1',
'fieldOne': None,
'fieldTwo': SHA256_FILE,
'fieldThree': 1563,
}
entities_current = EntitiesSet(
{EntityWrapper(APPGATE_LOADER.load(e_data, None, EntityTest3Appgate))})
e_data = {
'name': 'entity1',
'fieldOne': BASE64_FILE_W0,
'fieldTwo': None,
'fieldThree': None,
}
e_metadata = {'uuid': '6a01c585-c192-475b-b86f-0e632ada6769'}
entities_expected = EntitiesSet({
EntityWrapper(K8S_LOADER.load(e_data, e_metadata, EntityTest3Appgate))
})
plan = compare_entities(entities_current, entities_expected, BUILTIN_TAGS)
assert plan.modify.entities == frozenset()
assert plan.modifications_diff == {}
assert compute_diff(
list(entities_current.entities)[0],
list(entities_expected.entities)[0]) == []
# Let's change the bytes
e_data = {
'name': 'entity1',
'fieldOne': 'Some other content',
'fieldTwo': None,
'fieldThree': None,
}
new_e = K8S_LOADER.load(e_data, e_metadata, EntityTest3Appgate)
entities_expected = EntitiesSet({EntityWrapper(new_e)})
plan = compare_entities(entities_current, entities_expected, BUILTIN_TAGS)
assert plan.modify.entities == frozenset({EntityWrapper(new_e)})
assert plan.modifications_diff == {
'entity1': [
'--- \n', '+++ \n', '@@ -2,4 +2,4 @@\n',
' "name": "entity1",\n',
'- "fieldTwo": "0d373afdccb82399b29ba0d6d1a282b4d10d7e70d948257e75c05999f0be9f3e",\n',
'- "fieldThree": 1563\n',
'+ "fieldTwo": "c8f4fc85b689f8f3a70e7024e2bb8c7c8f4f7f9ffd2a1a8d01fc8fba74d1af34",\n',
'+ "fieldThree": 12\n', ' }'
]
}
def test_get_secret_read_entity_without_password():
EntityTest2 = load_test_open_api_spec(
reload=True,
k8s_get_secret=_k8s_get_secret).entities['EntityTest2'].cls
data = {
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
e = K8S_LOADER.load(data, None, EntityTest2)
# Password is coming from k8s secrets
assert e.fieldOne is None
def test_get_appgate_secret_simple_load_no_cipher():
EntityTest2 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest2'].cls
data = {
'fieldOne': ENCRYPTED_PASSWORD,
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
e = K8S_LOADER.load(data, None, EntityTest2)
# We don't try to decrypt the password, use it as we get it
assert e.fieldOne == ENCRYPTED_PASSWORD
assert e.appgate_metadata.passwords == {'fieldOne': ENCRYPTED_PASSWORD}
def test_get_appgate_secret_simple_load():
EntityTest2 = load_test_open_api_spec(
secrets_key=KEY, reload=True).entities['EntityTest2'].cls
data = {
'fieldOne': ENCRYPTED_PASSWORD,
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
e = K8S_LOADER.load(data, None, EntityTest2)
# Password is decrypted
assert e.fieldOne == '1234567890'
assert e.appgate_metadata.passwords == {'fieldOne': ENCRYPTED_PASSWORD}
def test_appgate_metadata_secrets_dump_from_appgate():
EntityTest2 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest2'].cls
e1_data = {
'fieldThree': 'this is a field',
}
e1 = APPGATE_LOADER.load(e1_data, None, EntityTest2)
e2_data = {
'fieldThree': 'this is a field',
'appgate_metadata': {
'passwordFields': ['fieldOne'],
}
}
d = K8S_DUMPER.dump(e1)
assert d == e2_data
def test_get_appgate_secret_k8s_simple_load_missing_key():
EntityTest2 = load_test_open_api_spec(
reload=True,
k8s_get_secret=_k8s_get_secret).entities['EntityTest2'].cls
data = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
with pytest.raises(TypedloadException,
match='Unable to get secret: secret-storage.field-one'):
K8S_LOADER.load(data, None, EntityTest2)
def test_write_only_password_attribute_dump():
EntityTest2 = load_test_open_api_spec().entities['EntityTest2'].cls
e = EntityTest2(fieldOne='1234567890',
fieldTwo='this is write only',
fieldThree='this is a field')
e_data = {
'fieldOne': '1234567890',
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
assert K8S_DUMPER.dump(e) == e_data
e_data = {
'fieldOne': '1234567890',
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
assert APPGATE_DUMPER.dump(e) == e_data
def test_get_appgate_secret_k8s_simple_load():
EntityTest2 = load_test_open_api_spec(
reload=True,
k8s_get_secret=_k8s_get_secret).entities['EntityTest2'].cls
data = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
e = K8S_LOADER.load(data, None, EntityTest2)
# Password is coming from k8s secrets
assert e.fieldOne == '1234567890-from-k8s'
assert e.appgate_metadata.passwords == {'fieldOne': data['fieldOne']}
def test_bytes_dump():
EntityTest3 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest3'].cls
e = EntityTest3(fieldOne=BASE64_FILE_W0, fieldTwo=SHA256_FILE)
e_data = {'fieldOne': BASE64_FILE_W0}
# We don't dump the checksum field associated to bytes to APPGATE
assert APPGATE_DUMPER.dump(e) == e_data
e = EntityTest3(fieldOne=BASE64_FILE_W0)
assert APPGATE_DUMPER.dump(e) == e_data
e = EntityTest3(fieldTwo=SHA256_FILE)
assert APPGATE_DUMPER.dump(e) == {}
e = EntityTest3(fieldOne=BASE64_FILE_W0, fieldTwo=SHA256_FILE)
e_data = {
'fieldOne': BASE64_FILE_W0,
}
# We don't dump the checksum field associated to bytes to K8S
assert K8S_DUMPER.dump(e) == e_data
def test_bytes_diff_dump():
# DIFF mode we should dump just the fields used for equality
EntityTest3Appgate = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest3Appgate'].cls
appgate_metadata = {'uuid': '6a01c585-c192-475b-b86f-0e632ada6769'}
e_data = {
'name': 'entity1',
'fieldOne': BASE64_FILE_W0,
'fieldTwo': None,
'fieldThree': None,
'appgate_metadata': appgate_metadata
}
e = K8S_LOADER.load(e_data, None, EntityTest3Appgate)
assert DIFF_DUMPER.dump(e) == {
'name': 'entity1',
'fieldTwo': SHA256_FILE,
'fieldThree': SIZE_FILE,
}
def test_write_only_password_attribute_load():
e_data = {
'fieldOne': ENCRYPTED_PASSWORD, # password
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
EntityTest2 = load_test_open_api_spec().entities['EntityTest2'].cls
e = APPGATE_LOADER.load(e_data, None, EntityTest2)
# writeOnly passwords are not loaded from Appgate
assert e.fieldOne is None
assert e.fieldTwo is None
assert e.fieldThree == 'this is a field'
assert e.fieldThree == 'this is a field'
# writeOnly passwords are not compared
assert e == EntityTest2(fieldOne='wrong-password',
fieldTwo='some value',
fieldThree='this is a field')
# normal fields are compared
assert e != EntityTest2(
fieldOne=None,
fieldTwo=None,
fieldThree='this is a field with a different value')
# normal writeOnly fields are not compared when compare_secrets is True
assert e == EntityTest2(fieldOne=None,
fieldTwo='some value',
fieldThree='this is a field')
e = K8S_LOADER.load(e_data, None, EntityTest2)
# writeOnly password fields are loaded from K8S
assert e.fieldOne == '1234567890' # decrypted password
assert e.fieldTwo == 'this is write only'
assert e.fieldThree == 'this is a field'
# writeOnly password fields are not compared by default
assert e == EntityTest2(fieldOne=None,
fieldTwo=None,
fieldThree='this is a field')
assert e != EntityTest2(
fieldOne=None,
fieldTwo=None,
fieldThree='this is a field with a different value')
def test_dumper_1():
EntityTest1 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest1'].cls
e1 = EntityTest1(fieldOne='this is read only',
fieldTwo='this is write only',
fieldFour='this is a field',
fromm='this is a field with a weird name')
e1_data = {
'fieldTwo': 'this is write only',
'fieldFour': 'this is a field',
'from': 'this is a field with a weird name',
}
e = APPGATE_DUMPER.dump(e1)
assert e == e1_data
e1_data = {
'fieldTwo': 'this is write only',
'fieldFour': 'this is a field',
'from': 'this is a field with a weird name',
}
e = K8S_DUMPER.dump(e1)
assert e == e1_data
def test_compare_entities_updated_changed():
EntityTest2 = load_test_open_api_spec(
reload=True,
k8s_get_secret=_k8s_get_secret).entities['EntityTest2'].cls
data_1 = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
}
data_2 = {
'fieldOne': {
'type': 'k8s/secret',
'name': 'secret-storage-1',
'key': 'field-one'
},
'fieldTwo': 'this is write only',
'fieldThree': 'this is a field',
'created': '2020-09-10T12:20:14Z',
'updated': '2020-09-10T12:20:14Z'
}
appgate_metadata = {
'generation': 1,
'latestGeneration': 1,
'creationTimestamp': '2020-09-10T10:20:14Z',
'modificationTimestamp': '2020-09-16T12:20:14Z',
}
e1 = EntityWrapper(K8S_LOADER.load(data_1, appgate_metadata, EntityTest2))
e2 = EntityWrapper(APPGATE_LOADER.load(data_2, None, EntityTest2))
diff = compute_diff(e2, e1)
assert diff == [
'--- \n', '+++ \n', '@@ -2,3 +2,3 @@\n',
' "fieldThree": "this is a field",\n',
'- "updated": "2020-09-10T12:20:14.000Z"\n',
'+ "updated": "2020-09-16T12:20:14.000Z"\n', ' }'
]
def test_dependencies_1():
"""
One dependency
EntityDep3 has an array field (deps1) with deps from EntityDep1
"""
api = load_test_open_api_spec()
EntityDep1 = api.entities['EntityDep1'].cls
EntityDep3 = api.entities['EntityDep3'].cls
deps1 = EntitiesSet({
EntityWrapper(EntityDep1(id='d11', name='dep11')),
EntityWrapper(EntityDep1(id='d12', name='dep12')),
EntityWrapper(EntityDep1(id='d13', name='dep13')),
})
deps3 = EntitiesSet({
EntityWrapper(
EntityDep3(id='d31',
name='dep31',
deps1=frozenset({'dep11', 'dep12'})))
})
# No conflits
deps3_resolved, conflicts = resolve_entities(deps3, [(deps1, 'deps1')])
assert conflicts is None
assert deps3_resolved.entities == {
EntityWrapper(
EntityDep3(id='d31', name='dep31', deps1=frozenset({'d11',
'd12'})))
}
# Conflicts
deps3 = EntitiesSet({
EntityWrapper(
EntityDep3(id='d31',
name='dep31',
deps1=frozenset({'dep14', 'dep12'})))
})
deps3_resolved, conflicts = resolve_entities(deps3, [(deps1, 'deps1')])
assert conflicts == {'dep31': {'deps1': frozenset({'dep14'})}}
def test_bytes_load():
EntityTest3 = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTest3'].cls
# fieldOne is writeOnly :: byte
# fieldTwo is readOnly :: checksum of fieldOne
e_data = {
'fieldOne': BASE64_FILE_W0,
'fieldTwo': SHA256_FILE,
}
# writeOnly with format bytes is never read from APPGATE
# readOnly associated as checksum to writeOnly bytes is always read from APPGATE
e = APPGATE_LOADER.load(e_data, None, EntityTest3)
assert e.fieldOne is None
assert e.fieldTwo == SHA256_FILE
assert e == EntityTest3(fieldTwo=SHA256_FILE)
# writeOnly bytes is never compared
assert e == EntityTest3(fieldOne='Some value', fieldTwo=SHA256_FILE)
# readOnly associated to writeOnly bytes is compared
assert e != EntityTest3(fieldOne='Some value', fieldTwo='22222')
e_data = {
'fieldOne': BASE64_FILE_W0,
'fieldTwo': None,
}
e = K8S_LOADER.load(e_data, None, EntityTest3)
# When reading from K8S the checksum field associated to bytes is computed
# by the operator
assert e.fieldOne == BASE64_FILE_W0
assert e.fieldTwo == SHA256_FILE
# We never compare the bytes field itself, only the associated checksum field
assert e == EntityTest3(fieldOne=None,
fieldTwo=SHA256_FILE,
fieldThree=SIZE_FILE)
assert e != EntityTest3(
fieldOne=BASE64_FILE_W0, fieldTwo='1111111', fieldThree=SIZE_FILE)
assert e != EntityTest3(
fieldOne=BASE64_FILE_W0, fieldTwo=SHA256_FILE, fieldThree=666)
def test_loader_2():
"""
Test that id fields are created if missing
"""
EntityTestWithId = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityTestWithId'].cls
appgate_metadata = {'uuid': '666-666-666-666-666-777'}
entity_1 = {
'fieldOne': 'this is read only',
'fieldTwo': 'this is write only',
'fieldThree': 'this is deprecated',
'fieldFour': 'this is a field',
}
with patch('appgate.openapi.attribmaker.uuid4') as uuid4:
uuid4.return_value = '111-111-111-111-111'
e = K8S_LOADER.load(entity_1, None, EntityTestWithId)
# Normally we create a new uuid value for id if it's not present
assert e.id == '111-111-111-111-111'
entity_2 = entity_1
entity_2['appgate_metadata'] = appgate_metadata
# If we have in metadata we use it
e = K8S_LOADER.load(entity_2, None, EntityTestWithId)
assert e.id == '666-666-666-666-666-777'
def test_certificate_pem_load():
EntityCert = load_test_open_api_spec(
secrets_key=None, reload=True).entities['EntityCert'].cls
EntityCert_Fieldtwo = load_test_open_api_spec(
secrets_key=None).entities['EntityCert_Fieldtwo'].cls
cert = EntityCert_Fieldtwo(
version=1,
serial='3578',
issuer=join_string(ISSUER),
subject=join_string(SUBJECT),
validFrom=datetime.datetime(2012,
8,
22,
5,
26,
54,
tzinfo=datetime.timezone.utc),
validTo=datetime.datetime(2017,
8,
21,
5,
26,
54,
tzinfo=datetime.timezone.utc),
fingerprint=FINGERPRINT,
certificate=join_string(CERTIFICATE_FIELD),
subjectPublicKey=join_string(PUBKEY_FIELD))
e0_data = {
'fieldOne': PEM_TEST,
'fieldTwo': {
'version': 1,
'serial': '3578',
'issuer': join_string(ISSUER),
'subject': join_string(SUBJECT),
'validFrom': '2012-08-22T05:26:54.000Z',
'validTo': '2017-08-21T05:26:54.000Z',
'fingerprint': FINGERPRINT,
'certificate': join_string(CERTIFICATE_FIELD),
'subjectPublicKey': join_string(PUBKEY_FIELD),
}
}
e0 = APPGATE_LOADER.load(e0_data, None, EntityCert)
assert e0.fieldOne is None
assert e0.fieldTwo == cert
e1_data = {
'fieldOne': PEM_TEST,
}
e1 = K8S_LOADER.load(e1_data, None, EntityCert)
assert e1.fieldOne == PEM_TEST
assert e1.fieldTwo == cert
assert e1 == EntityCert(fieldOne='Crap data that is ignored',
fieldTwo=cert)
assert e1 == e0
cert2 = EntityCert_Fieldtwo(
version=1,
serial='3578',
issuer=join_string(ISSUER),
subject=join_string(SUBJECT),
validFrom=datetime.datetime(2017,
3,
6,
16,
50,
58,
516000,
tzinfo=datetime.timezone.utc),
validTo=datetime.datetime(2025,
3,
6,
16,
50,
58,
516000,
tzinfo=datetime.timezone.utc),
fingerprint=FINGERPRINT,
certificate=join_string(CERTIFICATE_FIELD),
subjectPublicKey=join_string(PUBKEY_FIELD))
e2 = EntityCert(fieldOne=None, fieldTwo=cert2)
assert e1 != e2
e2_dumped = DIFF_DUMPER.dump(e2)
# Just check that it's dumped properly
assert e2_dumped['fieldTwo']['validFrom'] == '2017-03-06T16:50:58.516Z'
def test_dependencies_4():
"""
several dependencies (even nested)
See EntityDep5 for details
"""
test_api_spec = load_test_open_api_spec()
EntityDep1 = test_api_spec.entities['EntityDep1'].cls
EntityDep2 = test_api_spec.entities['EntityDep2'].cls
EntityDep3 = test_api_spec.entities['EntityDep3'].cls
EntityDep4 = test_api_spec.entities['EntityDep4'].cls
EntityDep6 = test_api_spec.entities['EntityDep6'].cls
EntityDep6_Obj1 = test_api_spec.entities['EntityDep6_Obj1'].cls
EntityDep6_Obj1_Obj2 = test_api_spec.entities['EntityDep6_Obj1_Obj2'].cls
EntityDep6_Obj1_Obj2_Deps1 = test_api_spec.entities[
'EntityDep6_Obj1_Obj2_Deps1'].cls
deps1 = EntitiesSet({
EntityWrapper(EntityDep1(id='d11', name='dep11')),
EntityWrapper(EntityDep1(id='d12', name='dep12')),
EntityWrapper(EntityDep1(id='d13', name='dep13')),
})
deps2 = EntitiesSet({
EntityWrapper(EntityDep2(id='d21', name='dep21')),
EntityWrapper(EntityDep2(id='d22', name='dep22')),
EntityWrapper(EntityDep2(id='d23', name='dep23')),
})
deps3 = EntitiesSet({
EntityWrapper(
EntityDep3(id='d31',
name='dep31',
deps1=frozenset({'dep11', 'dep12'}))),
EntityWrapper(
EntityDep3(id='d32',
name='dep32',
deps1=frozenset({'dep11', 'dep13'}))),
EntityWrapper(
EntityDep3(id='d33',
name='dep33',
deps1=frozenset({'dep12', 'dep13'}))),
})
deps4 = EntitiesSet({
EntityWrapper(
EntityDep4(id='d41',
name='dep41',
deps1=frozenset({'dep11', 'dep12'}),
dep2='dep21')),
EntityWrapper(
EntityDep4(id='d42',
name='dep42',
deps1=frozenset({'dep11', 'dep13'}),
dep2='dep22')),
EntityWrapper(
EntityDep4(id='d43',
name='dep43',
deps1=frozenset({'dep12', 'dep13'}),
dep2='dep23')),
})
# no conflicts
data = {
'id': 'd61',
'name': 'dep61',
'deps4': ['dep41', 'dep42'],
'obj1': {
'dep3': 'dep31',
'obj2': {
'deps1': [
{
'dep1': 'dep11'
},
{
'dep1': 'dep12'
},
{
'dep1': 'dep13'
},
],
'deps2': ['dep21', 'dep22']
}
}
}
deps6 = EntitiesSet(
{EntityWrapper(K8S_LOADER.load(data, None, EntityDep6))})
appgate_state = AppgateState(
entities_set={
'EntityDep1': deps1,
'EntityDep2': deps2,
'EntityDep3': deps3,
'EntityDep4': deps4,
'EntityDep5': EntitiesSet(),
'EntityDep6': deps6,
})
conflicts = resolve_appgate_state(appgate_state, test_api_spec)
assert conflicts == {}
assert appgate_state.entities_set['EntityDep1'].entities == {
EntityWrapper(EntityDep1(id='d11', name='dep11')),
EntityWrapper(EntityDep1(id='d12', name='dep12')),
EntityWrapper(EntityDep1(id='d13', name='dep13')),
}
assert appgate_state.entities_set['EntityDep2'].entities == {
EntityWrapper(EntityDep2(id='d21', name='dep21')),
EntityWrapper(EntityDep2(id='d22', name='dep22')),
EntityWrapper(EntityDep2(id='d23', name='dep23')),
}
assert appgate_state.entities_set['EntityDep3'].entities == {
EntityWrapper(
EntityDep3(id='d31', name='dep31', deps1=frozenset({'d11',
'd12'}))),
EntityWrapper(
EntityDep3(id='d32', name='dep32', deps1=frozenset({'d11',
'd13'}))),
EntityWrapper(
EntityDep3(id='d33', name='dep33', deps1=frozenset({'d12',
'd13'}))),
}
assert appgate_state.entities_set['EntityDep4'].entities == {
EntityWrapper(
EntityDep4(id='d41',
name='dep41',
deps1=frozenset({'d11', 'd12'}),
dep2='d21')),
EntityWrapper(
EntityDep4(id='d42',
name='dep42',
deps1=frozenset({'d11', 'd13'}),
dep2='d22')),
EntityWrapper(
EntityDep4(id='d43',
name='dep43',
deps1=frozenset({'d12', 'd13'}),
dep2='d23')),
}
assert appgate_state.entities_set['EntityDep6'].entities == {
EntityWrapper(
EntityDep6(name='dep61',
deps4=frozenset({'d42', 'd41'}),
obj1=EntityDep6_Obj1(
dep3='d31',
obj2=EntityDep6_Obj1_Obj2(deps1=frozenset({
EntityDep6_Obj1_Obj2_Deps1(dep1='dep11'),
EntityDep6_Obj1_Obj2_Deps1(dep1='dep12'),
EntityDep6_Obj1_Obj2_Deps1(dep1='dep13'),
}),
deps2=frozenset(
{'d21', 'd22'})))))
}
# Test empty list in dependencies
data = {
'id': 'd61',
'name': 'dep61',
'obj1': {
'dep3': 'dep31',
'obj2': {
'deps1': [],
'deps2': ['dep21', 'dep22']
}
}
}
deps6 = EntitiesSet(
{EntityWrapper(K8S_LOADER.load(data, None, EntityDep6))})
appgate_state = AppgateState(
entities_set={
'EntityDep1': deps1,
'EntityDep2': deps2,
'EntityDep3': deps3,
'EntityDep4': deps4,
'EntityDep5': EntitiesSet(),
'EntityDep6': deps6,
})
conflicts = resolve_appgate_state(appgate_state, test_api_spec)
assert conflicts == {}
assert appgate_state.entities_set['EntityDep6'].entities == {
EntityWrapper(
EntityDep6(name='dep61',
deps4=frozenset(),
obj1=EntityDep6_Obj1(dep3='d31',
obj2=EntityDep6_Obj1_Obj2(
deps1=frozenset(),
deps2=frozenset({'d21',
'd22'})))))
}
