aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--moon_wrapper/moon_wrapper/api/oslowrapper.py7
-rw-r--r--moon_wrapper/tests/unit_python/api/test_wrapper.py47
-rw-r--r--moon_wrapper/tests/unit_python/conftest.py53
3 files changed, 94 insertions, 13 deletions
diff --git a/moon_wrapper/moon_wrapper/api/oslowrapper.py b/moon_wrapper/moon_wrapper/api/oslowrapper.py
index d2836c08..ad9e430a 100644
--- a/moon_wrapper/moon_wrapper/api/oslowrapper.py
+++ b/moon_wrapper/moon_wrapper/api/oslowrapper.py
@@ -71,7 +71,7 @@ class OsloWrapper(Resource):
logger.info("containers {}".format(containers))
for container in containers:
if container.get("keystone_project_id") == project_id:
- if "pipeline" in container['name']:
+ if "interface" in container['name']:
return "http://{}:{}".format(
container['name'],
container['port'])
@@ -80,7 +80,7 @@ class OsloWrapper(Resource):
for containers in self.CACHE.containers.values():
for container in containers:
if container.get("keystone_project_id") == project_id:
- if "pipeline" in container['name']:
+ if "interface" in container['name']:
return "http://{}:{}".format(
container['name'],
container['port'])
@@ -109,6 +109,9 @@ class OsloWrapper(Resource):
_object,
_action
))
+ '''
+ [Note] i think here if status != 200, should raise an exception
+ '''
logger.debug("Get interface {}".format(req.text))
if req.status_code == 200:
if req.json().get("result", False):
diff --git a/moon_wrapper/tests/unit_python/api/test_wrapper.py b/moon_wrapper/tests/unit_python/api/test_wrapper.py
index 7e9a7421..be3e8576 100644
--- a/moon_wrapper/tests/unit_python/api/test_wrapper.py
+++ b/moon_wrapper/tests/unit_python/api/test_wrapper.py
@@ -1,3 +1,8 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
import json
@@ -20,9 +25,47 @@ def test_authz_true(context):
'rule': context.get('action_name'),
'target': json.dumps(_target),
'credentials': 'null'}
- req = client.post("/authz", data=json.dumps(authz_data))
- assert req.status_code == 200
+ req = client.post("/authz/oslo", data=json.dumps(authz_data))
+ assert req.status_code is 200
assert req.data
assert isinstance(req.data, bytes)
assert req.data == b"True"
+def test_authz_error_response_code(context):
+ import moon_wrapper.server
+ server = moon_wrapper.server.main()
+ client = server.app.test_client()
+ _target = {
+ 'target': {
+ "name": context.get('object_name'),
+ },
+ "project_id": context.get('invalid_project_id'),
+ "user_id": context.get('subject_name')
+ }
+ authz_data = {
+ 'rule': context.get('action_name'),
+ 'target': json.dumps(_target),
+ 'credentials': 'null'}
+ req = client.post("/authz/oslo", data=json.dumps(authz_data))
+ assert req.status_code is 200
+ assert req.data
+ assert isinstance(req.data, bytes)
+ assert req.data == b"False"
+
+def test_authz_error_no_interface_key(context):
+ import moon_wrapper.server
+ server = moon_wrapper.server.main()
+ client = server.app.test_client()
+ _target = {
+ 'target': {
+ "name": context.get('object_name'),
+ },
+ "project_id": context.get('project_with_no_interface_key'),
+ "user_id": context.get('subject_name')
+ }
+ authz_data = {
+ 'rule': context.get('action_name'),
+ 'target': json.dumps(_target),
+ 'credentials': 'null'}
+ req = client.post("/authz/oslo", data=json.dumps(authz_data))
+ assert req.status_code == 403 \ No newline at end of file
diff --git a/moon_wrapper/tests/unit_python/conftest.py b/moon_wrapper/tests/unit_python/conftest.py
index b160ebf6..621c2014 100644
--- a/moon_wrapper/tests/unit_python/conftest.py
+++ b/moon_wrapper/tests/unit_python/conftest.py
@@ -1,3 +1,8 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
import base64
import json
import os
@@ -5,7 +10,6 @@ import pickle
import pytest
import requests_mock
from uuid import uuid4
-from requests.packages.urllib3.response import HTTPResponse
CONF = {
"openstack": {
@@ -13,7 +17,7 @@ CONF = {
"url": "http://keystone:5000/v3",
"user": "admin",
"check_token": False,
- "password": "p4ssw0rd",
+ "password": "p4ssw0rd", # nosec
"domain": "default",
"certificate": False,
"project": "admin"
@@ -21,21 +25,21 @@ CONF = {
},
"components": {
"wrapper": {
- "bind": "0.0.0.0",
+ "bind": "0.0.0.0", # nosec
"port": 8080,
"container": "wukongsun/moon_wrapper:v4.3",
"timeout": 5,
"hostname": "wrapper"
},
"manager": {
- "bind": "0.0.0.0",
+ "bind": "0.0.0.0", # nosec
"port": 8082,
"container": "wukongsun/moon_manager:v4.3",
"hostname": "manager"
},
"port_start": 31001,
"orchestrator": {
- "bind": "0.0.0.0",
+ "bind": "0.0.0.0", # nosec
"port": 8083,
"container": "wukongsun/moon_orchestrator:v4.3",
"hostname": "orchestrator"
@@ -60,7 +64,7 @@ CONF = {
"logging": {
"handlers": {
"file": {
- "filename": "/tmp/moon.log",
+ "filename": "/tmp/moon.log", # nosec
"class": "logging.handlers.RotatingFileHandler",
"level": "DEBUG",
"formatter": "custom",
@@ -105,7 +109,7 @@ CONF = {
"master": {
"url": None,
"login": None,
- "password": None
+ "password": None # nosec
}
},
"docker": {
@@ -135,6 +139,10 @@ COMPONENTS = (
CONTEXT = {
"project_id": "a64beb1cc224474fb4badd43173e7101",
+ "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd",
+ "invalid_project_id" : "invalid_project_id",
+ "invalid_pdp_id": "invalid_pdp_id",
+ "project_with_no_interface_key" : "232399a4-de5f-11e7-8001-3863bbb766f3",
"subject_name": "testuser",
"object_name": "vm1",
"action_name": "boot",
@@ -206,7 +214,7 @@ def set_env_variables():
def get_pickled_context():
- from python_moonutilities.security_functions import Context
+ from python_moonutilities.context import Context
from python_moonutilities.cache import Cache
CACHE = Cache()
CACHE.update()
@@ -295,6 +303,15 @@ def set_consul_and_db(monkeypatch):
"keystone_project_id": "a64beb1cc224474fb4badd43173e7101",
"namespace": "moon",
"container": "wukongsun/moon_authz:v4.3"
+ },
+ {
+ "pdp_id": "invalid_pdp_id",
+ "port": 8080,
+ "genre": "interface",
+ "name": "interface-paltry",
+ "keystone_project_id": "invalid_project_id",
+ "namespace": "moon",
+ "container": "wukongsun/moon_authz:v4.3"
}
],
"232399a4-de5f-11e7-8001-3863bbb766f3": [
@@ -325,6 +342,15 @@ def set_consul_and_db(monkeypatch):
],
"name": "pdp_rbac",
"keystone_project_id": "a64beb1cc224474fb4badd43173e7101"
+ },
+ "invalid_pdp_id":{
+
+ "description": "test",
+ "security_pipeline": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0"
+ ],
+ "name": "pdp_rbac",
+ "keystone_project_id": "invalid_project_id"
}
}
}
@@ -671,13 +697,22 @@ def set_consul_and_db(monkeypatch):
)
m.register_uri(
'GET', 'http://interface-paltry:8080/authz/{}/{}/{}/{}'.format(
- CONTEXT.get("project_id"),
+ CONTEXT.get("pdp_id"),
CONTEXT.get("subject_name"),
CONTEXT.get("object_name"),
CONTEXT.get("action_name"),
),
json={"result": True, "message": "================"}
)
+ m.register_uri(
+ 'GET', 'http://interface-paltry:8080/authz/{}/{}/{}/{}'.format(
+ CONTEXT.get("invalid_pdp_id"),
+ CONTEXT.get("subject_name"),
+ CONTEXT.get("object_name"),
+ CONTEXT.get("action_name"),
+ ),
+ status_code=500
+ )
# from moon_db.db_manager import init_engine, run
# engine = init_engine()
# run("upgrade", logging.getLogger("db_manager"), engine)