diff options
-rw-r--r-- | moon_wrapper/moon_wrapper/api/oslowrapper.py | 7 | ||||
-rw-r--r-- | moon_wrapper/tests/unit_python/api/test_wrapper.py | 47 | ||||
-rw-r--r-- | moon_wrapper/tests/unit_python/conftest.py | 53 |
3 files changed, 94 insertions, 13 deletions
diff --git a/moon_wrapper/moon_wrapper/api/oslowrapper.py b/moon_wrapper/moon_wrapper/api/oslowrapper.py index d2836c08..ad9e430a 100644 --- a/moon_wrapper/moon_wrapper/api/oslowrapper.py +++ b/moon_wrapper/moon_wrapper/api/oslowrapper.py @@ -71,7 +71,7 @@ class OsloWrapper(Resource): logger.info("containers {}".format(containers)) for container in containers: if container.get("keystone_project_id") == project_id: - if "pipeline" in container['name']: + if "interface" in container['name']: return "http://{}:{}".format( container['name'], container['port']) @@ -80,7 +80,7 @@ class OsloWrapper(Resource): for containers in self.CACHE.containers.values(): for container in containers: if container.get("keystone_project_id") == project_id: - if "pipeline" in container['name']: + if "interface" in container['name']: return "http://{}:{}".format( container['name'], container['port']) @@ -109,6 +109,9 @@ class OsloWrapper(Resource): _object, _action )) + ''' + [Note] i think here if status != 200, should raise an exception + ''' logger.debug("Get interface {}".format(req.text)) if req.status_code == 200: if req.json().get("result", False): diff --git a/moon_wrapper/tests/unit_python/api/test_wrapper.py b/moon_wrapper/tests/unit_python/api/test_wrapper.py index 7e9a7421..be3e8576 100644 --- a/moon_wrapper/tests/unit_python/api/test_wrapper.py +++ b/moon_wrapper/tests/unit_python/api/test_wrapper.py @@ -1,3 +1,8 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + import json @@ -20,9 +25,47 @@ def test_authz_true(context): 'rule': context.get('action_name'), 'target': json.dumps(_target), 'credentials': 'null'} - req = client.post("/authz", data=json.dumps(authz_data)) - assert req.status_code == 200 + req = client.post("/authz/oslo", data=json.dumps(authz_data)) + assert req.status_code is 200 assert req.data assert isinstance(req.data, bytes) assert req.data == b"True" +def test_authz_error_response_code(context): + import moon_wrapper.server + server = moon_wrapper.server.main() + client = server.app.test_client() + _target = { + 'target': { + "name": context.get('object_name'), + }, + "project_id": context.get('invalid_project_id'), + "user_id": context.get('subject_name') + } + authz_data = { + 'rule': context.get('action_name'), + 'target': json.dumps(_target), + 'credentials': 'null'} + req = client.post("/authz/oslo", data=json.dumps(authz_data)) + assert req.status_code is 200 + assert req.data + assert isinstance(req.data, bytes) + assert req.data == b"False" + +def test_authz_error_no_interface_key(context): + import moon_wrapper.server + server = moon_wrapper.server.main() + client = server.app.test_client() + _target = { + 'target': { + "name": context.get('object_name'), + }, + "project_id": context.get('project_with_no_interface_key'), + "user_id": context.get('subject_name') + } + authz_data = { + 'rule': context.get('action_name'), + 'target': json.dumps(_target), + 'credentials': 'null'} + req = client.post("/authz/oslo", data=json.dumps(authz_data)) + assert req.status_code == 403
\ No newline at end of file diff --git a/moon_wrapper/tests/unit_python/conftest.py b/moon_wrapper/tests/unit_python/conftest.py index b160ebf6..621c2014 100644 --- a/moon_wrapper/tests/unit_python/conftest.py +++ b/moon_wrapper/tests/unit_python/conftest.py @@ -1,3 +1,8 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + import base64 import json import os @@ -5,7 +10,6 @@ import pickle import pytest import requests_mock from uuid import uuid4 -from requests.packages.urllib3.response import HTTPResponse CONF = { "openstack": { @@ -13,7 +17,7 @@ CONF = { "url": "http://keystone:5000/v3", "user": "admin", "check_token": False, - "password": "p4ssw0rd", + "password": "p4ssw0rd", # nosec "domain": "default", "certificate": False, "project": "admin" @@ -21,21 +25,21 @@ CONF = { }, "components": { "wrapper": { - "bind": "0.0.0.0", + "bind": "0.0.0.0", # nosec "port": 8080, "container": "wukongsun/moon_wrapper:v4.3", "timeout": 5, "hostname": "wrapper" }, "manager": { - "bind": "0.0.0.0", + "bind": "0.0.0.0", # nosec "port": 8082, "container": "wukongsun/moon_manager:v4.3", "hostname": "manager" }, "port_start": 31001, "orchestrator": { - "bind": "0.0.0.0", + "bind": "0.0.0.0", # nosec "port": 8083, "container": "wukongsun/moon_orchestrator:v4.3", "hostname": "orchestrator" @@ -60,7 +64,7 @@ CONF = { "logging": { "handlers": { "file": { - "filename": "/tmp/moon.log", + "filename": "/tmp/moon.log", # nosec "class": "logging.handlers.RotatingFileHandler", "level": "DEBUG", "formatter": "custom", @@ -105,7 +109,7 @@ CONF = { "master": { "url": None, "login": None, - "password": None + "password": None # nosec } }, "docker": { @@ -135,6 +139,10 @@ COMPONENTS = ( CONTEXT = { "project_id": "a64beb1cc224474fb4badd43173e7101", + "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd", + "invalid_project_id" : "invalid_project_id", + "invalid_pdp_id": "invalid_pdp_id", + "project_with_no_interface_key" : "232399a4-de5f-11e7-8001-3863bbb766f3", "subject_name": "testuser", "object_name": "vm1", "action_name": "boot", @@ -206,7 +214,7 @@ def set_env_variables(): def get_pickled_context(): - from python_moonutilities.security_functions import Context + from python_moonutilities.context import Context from python_moonutilities.cache import Cache CACHE = Cache() CACHE.update() @@ -295,6 +303,15 @@ def set_consul_and_db(monkeypatch): "keystone_project_id": "a64beb1cc224474fb4badd43173e7101", "namespace": "moon", "container": "wukongsun/moon_authz:v4.3" + }, + { + "pdp_id": "invalid_pdp_id", + "port": 8080, + "genre": "interface", + "name": "interface-paltry", + "keystone_project_id": "invalid_project_id", + "namespace": "moon", + "container": "wukongsun/moon_authz:v4.3" } ], "232399a4-de5f-11e7-8001-3863bbb766f3": [ @@ -325,6 +342,15 @@ def set_consul_and_db(monkeypatch): ], "name": "pdp_rbac", "keystone_project_id": "a64beb1cc224474fb4badd43173e7101" + }, + "invalid_pdp_id":{ + + "description": "test", + "security_pipeline": [ + "f8f49a779ceb47b3ac810f01ef71b4e0" + ], + "name": "pdp_rbac", + "keystone_project_id": "invalid_project_id" } } } @@ -671,13 +697,22 @@ def set_consul_and_db(monkeypatch): ) m.register_uri( 'GET', 'http://interface-paltry:8080/authz/{}/{}/{}/{}'.format( - CONTEXT.get("project_id"), + CONTEXT.get("pdp_id"), CONTEXT.get("subject_name"), CONTEXT.get("object_name"), CONTEXT.get("action_name"), ), json={"result": True, "message": "================"} ) + m.register_uri( + 'GET', 'http://interface-paltry:8080/authz/{}/{}/{}/{}'.format( + CONTEXT.get("invalid_pdp_id"), + CONTEXT.get("subject_name"), + CONTEXT.get("object_name"), + CONTEXT.get("action_name"), + ), + status_code=500 + ) # from moon_db.db_manager import init_engine, run # engine = init_engine() # run("upgrade", logging.getLogger("db_manager"), engine) |