quay/test/test_suconfig_api.py

from test.test_api_usage import ApiTestCase, READ_ACCESS_USER, ADMIN_ACCESS_USER
from endpoints.api.suconfig import (SuperUserRegistryStatus, SuperUserConfig, SuperUserConfigFile,
                                    SuperUserCreateInitialSuperUser, SuperUserConfigValidate)
from app import config_provider, all_queues
from data.database import User
from data import model

import unittest


class FreshConfigProvider(object):
  def __enter__(self):
    config_provider.reset_for_test()
    return config_provider

  def __exit__(self, type, value, traceback):
    config_provider.reset_for_test()


class TestSuperUserRegistryStatus(ApiTestCase):
  def test_registry_status(self):
    with FreshConfigProvider():
      json = self.getJsonResponse(SuperUserRegistryStatus)
      self.assertEquals('config-db', json['status'])


class TestSuperUserConfigFile(ApiTestCase):
  def test_get_non_superuser(self):
    with FreshConfigProvider():
      # No user.
      self.getResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)

      # Non-superuser.
      self.login(READ_ACCESS_USER)
      self.getResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)

  def test_get_superuser_invalid_filename(self):
    with FreshConfigProvider():
      self.login(ADMIN_ACCESS_USER)
      self.getResponse(SuperUserConfigFile, params=dict(filename='somefile'), expected_code=404)

  def test_get_superuser(self):
    with FreshConfigProvider():
      self.login(ADMIN_ACCESS_USER)
      result = self.getJsonResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'))
      self.assertFalse(result['exists'])

  def test_post_non_superuser(self):
    with FreshConfigProvider():
      # No user, before config.yaml exists.
      self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=400)

      # Write some config.
      self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))

      # No user, with config.yaml.
      self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)

      # Non-superuser.
      self.login(READ_ACCESS_USER)
      self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)

  def test_post_superuser_invalid_filename(self):
    with FreshConfigProvider():
      self.login(ADMIN_ACCESS_USER)
      self.postResponse(SuperUserConfigFile, params=dict(filename='somefile'), expected_code=404)

  def test_post_superuser(self):
    with FreshConfigProvider():
      self.login(ADMIN_ACCESS_USER)
      self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=400)


class TestSuperUserCreateInitialSuperUser(ApiTestCase):
  def test_no_config_file(self):
    with FreshConfigProvider():
      # If there is no config.yaml, then this method should security fail.
      data = dict(username='cooluser', password='password', email='fake@example.com')
      self.postResponse(SuperUserCreateInitialSuperUser, data=data, expected_code=403)

  def test_config_file_with_db_users(self):
    with FreshConfigProvider():
      # Write some config.
      self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))

      # If there is a config.yaml, but existing DB users exist, then this method should security
      # fail.
      data = dict(username='cooluser', password='password', email='fake@example.com')
      self.postResponse(SuperUserCreateInitialSuperUser, data=data, expected_code=403)

  def test_config_file_with_no_db_users(self):
    with FreshConfigProvider():
      # Write some config.
      self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))

      # Delete all the users in the DB.
      for user in list(User.select()):
        model.user.delete_user(user, all_queues)

      # This method should now succeed.
      data = dict(username='cooluser', password='password', email='fake@example.com')
      result = self.postJsonResponse(SuperUserCreateInitialSuperUser, data=data)
      self.assertTrue(result['status'])

      # Verify the superuser was created.
      User.get(User.username == 'cooluser')

      # Verify the superuser was placed into the config.
      result = self.getJsonResponse(SuperUserConfig)
      self.assertEquals(['cooluser'], result['config']['SUPER_USERS'])


class TestSuperUserConfigValidate(ApiTestCase):
  def test_nonsuperuser_noconfig(self):
    with FreshConfigProvider():
      self.login(ADMIN_ACCESS_USER)
      result = self.postJsonResponse(SuperUserConfigValidate, params=dict(service='someservice'),
                                                              data=dict(config={}))

      self.assertFalse(result['status'])


  def test_nonsuperuser_config(self):
    with FreshConfigProvider():
      # The validate config call works if there is no config.yaml OR the user is a superuser.
      # Add a config, and verify it breaks when unauthenticated.
      json = self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))
      self.assertTrue(json['exists'])

      self.postResponse(SuperUserConfigValidate, params=dict(service='someservice'),
                                                 data=dict(config={}),
                                                 expected_code=403)

      # Now login as a superuser.
      self.login(ADMIN_ACCESS_USER)
      result = self.postJsonResponse(SuperUserConfigValidate, params=dict(service='someservice'),
                                                              data=dict(config={}))

      self.assertFalse(result['status'])


class TestSuperUserConfig(ApiTestCase):
  def test_get_non_superuser(self):
    with FreshConfigProvider():
      # No user.
      self.getResponse(SuperUserConfig, expected_code=401)

      # Non-superuser.
      self.login(READ_ACCESS_USER)
      self.getResponse(SuperUserConfig, expected_code=403)

  def test_get_superuser(self):
    with FreshConfigProvider():
      self.login(ADMIN_ACCESS_USER)
      json = self.getJsonResponse(SuperUserConfig)

      # Note: We expect the config to be none because a config.yaml should never be checked into
      # the directory.
      self.assertIsNone(json['config'])

  def test_put(self):
    with FreshConfigProvider() as config:
      # The update config call works if there is no config.yaml OR the user is a superuser. First
      # try writing it without a superuser present.
      json = self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))
      self.assertTrue(json['exists'])

      # Verify the config file exists.
      self.assertTrue(config.config_exists())

      # Try writing it again. This should now fail, since the config.yaml exists.
      self.putResponse(SuperUserConfig, data=dict(config={}, hostname='barbaz'), expected_code=403)

      # Login as a non-superuser.
      self.login(READ_ACCESS_USER)

      # Try writing it again. This should fail.
      self.putResponse(SuperUserConfig, data=dict(config={}, hostname='barbaz'), expected_code=403)

      # Login as a superuser.
      self.login(ADMIN_ACCESS_USER)

      # This should succeed.
      json = self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='barbaz'))
      self.assertTrue(json['exists'])

      json = self.getJsonResponse(SuperUserConfig)
      self.assertIsNotNone(json['config'])


if __name__ == '__main__':
  unittest.main()
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`from test.test_api_usage import ApiTestCase, READ_ACCESS_USER, ADMIN_ACCESS_USER`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`from endpoints.api.suconfig import (SuperUserRegistryStatus, SuperUserConfig, SuperUserConfigFile,`
			`SuperUserCreateInitialSuperUser, SuperUserConfigValidate)`
Add support for deleting namespaces (users, organizations) Fixes #102 Fixes #105 2016-08-09 21:58:33 +00:00			`from app import config_provider, all_queues`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`from data.database import User`
Add support for deleting namespaces (users, organizations) Fixes #102 Fixes #105 2016-08-09 21:58:33 +00:00			`from data import model`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`import unittest`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00

move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`class FreshConfigProvider(object):`
			`def __enter__(self):`
			`config_provider.reset_for_test()`
			`return config_provider`

			`def __exit__(self, type, value, traceback):`
			`config_provider.reset_for_test()`


Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`class TestSuperUserRegistryStatus(ApiTestCase):`
			`def test_registry_status(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`json = self.getJsonResponse(SuperUserRegistryStatus)`
Remove license code in Quay No longer needed under Red Hat rules \o/ Fixes https://jira.coreos.com/browse/QUAY-883 2018-03-20 21:03:35 +00:00			`self.assertEquals('config-db', json['status'])`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00

			`class TestSuperUserConfigFile(ApiTestCase):`
			`def test_get_non_superuser(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`# No user.`
			`self.getResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
Fix tests 2015-01-09 22:11:51 +00:00			`# Non-superuser.`
			`self.login(READ_ACCESS_USER)`
			`self.getResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_get_superuser_invalid_filename(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`self.login(ADMIN_ACCESS_USER)`
			`self.getResponse(SuperUserConfigFile, params=dict(filename='somefile'), expected_code=404)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_get_superuser(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`self.login(ADMIN_ACCESS_USER)`
			`result = self.getJsonResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'))`
			`self.assertFalse(result['exists'])`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_post_non_superuser(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Allow SSL cert for the database to be configured This change adds a field for the SSL cert for the database in the setup tool. Fixes #89 2015-06-29 05:08:10 +00:00			`# No user, before config.yaml exists.`
			`self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=400)`

			`# Write some config.`
			`self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))`

			`# No user, with config.yaml.`
Fix tests 2015-01-09 22:11:51 +00:00			`self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
Fix tests 2015-01-09 22:11:51 +00:00			`# Non-superuser.`
			`self.login(READ_ACCESS_USER)`
			`self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=403)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_post_superuser_invalid_filename(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`self.login(ADMIN_ACCESS_USER)`
			`self.postResponse(SuperUserConfigFile, params=dict(filename='somefile'), expected_code=404)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_post_superuser(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`self.login(ADMIN_ACCESS_USER)`
			`self.postResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'), expected_code=400)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00

			`class TestSuperUserCreateInitialSuperUser(ApiTestCase):`
			`def test_no_config_file(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`# If there is no config.yaml, then this method should security fail.`
			`data = dict(username='cooluser', password='password', email='fake@example.com')`
			`self.postResponse(SuperUserCreateInitialSuperUser, data=data, expected_code=403)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_config_file_with_db_users(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`# Write some config.`
			`self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))`

			`# If there is a config.yaml, but existing DB users exist, then this method should security`
			`# fail.`
			`data = dict(username='cooluser', password='password', email='fake@example.com')`
			`self.postResponse(SuperUserCreateInitialSuperUser, data=data, expected_code=403)`

			`def test_config_file_with_no_db_users(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`# Write some config.`
			`self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))`

			`# Delete all the users in the DB.`
			`for user in list(User.select()):`
Make namespace deletion asynchronous Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a significantly better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse. Fixes https://jira.coreos.com/browse/QUAY-838 2018-02-23 21:45:16 +00:00			`model.user.delete_user(user, all_queues)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`# This method should now succeed.`
			`data = dict(username='cooluser', password='password', email='fake@example.com')`
			`result = self.postJsonResponse(SuperUserCreateInitialSuperUser, data=data)`
			`self.assertTrue(result['status'])`

			`# Verify the superuser was created.`
			`User.get(User.username == 'cooluser')`

			`# Verify the superuser was placed into the config.`
			`result = self.getJsonResponse(SuperUserConfig)`
			`self.assertEquals(['cooluser'], result['config']['SUPER_USERS'])`


			`class TestSuperUserConfigValidate(ApiTestCase):`
			`def test_nonsuperuser_noconfig(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`self.login(ADMIN_ACCESS_USER)`
			`result = self.postJsonResponse(SuperUserConfigValidate, params=dict(service='someservice'),`
			`data=dict(config={}))`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
Fix tests 2015-01-09 22:11:51 +00:00			`self.assertFalse(result['status'])`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00

			`def test_nonsuperuser_config(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`# The validate config call works if there is no config.yaml OR the user is a superuser.`
			`# Add a config, and verify it breaks when unauthenticated.`
			`json = self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))`
			`self.assertTrue(json['exists'])`

			`self.postResponse(SuperUserConfigValidate, params=dict(service='someservice'),`
			`data=dict(config={}),`
			`expected_code=403)`

			`# Now login as a superuser.`
			`self.login(ADMIN_ACCESS_USER)`
			`result = self.postJsonResponse(SuperUserConfigValidate, params=dict(service='someservice'),`
			`data=dict(config={}))`

			`self.assertFalse(result['status'])`


			`class TestSuperUserConfig(ApiTestCase):`
			`def test_get_non_superuser(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`# No user.`
			`self.getResponse(SuperUserConfig, expected_code=401)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
Fix tests 2015-01-09 22:11:51 +00:00			`# Non-superuser.`
			`self.login(READ_ACCESS_USER)`
			`self.getResponse(SuperUserConfig, expected_code=403)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_get_superuser(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider():`
Fix tests 2015-01-09 22:11:51 +00:00			`self.login(ADMIN_ACCESS_USER)`
			`json = self.getJsonResponse(SuperUserConfig)`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
Fix tests 2015-01-09 22:11:51 +00:00			`# Note: We expect the config to be none because a config.yaml should never be checked into`
			`# the directory.`
			`self.assertIsNone(json['config'])`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`def test_put(self):`
move ConfigProvider ctxmgr back to su tests 2017-02-14 19:30:53 +00:00			`with FreshConfigProvider() as config:`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00			`# The update config call works if there is no config.yaml OR the user is a superuser. First`
			`# try writing it without a superuser present.`
			`json = self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='foobar'))`
			`self.assertTrue(json['exists'])`

Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Verify the config file exists.`
Add Kubernetes configuration provider which writes config to a secret Fixes #145 2015-07-27 15:17:44 +00:00			`self.assertTrue(config.config_exists())`
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 17:53:36 +00:00
			`# Try writing it again. This should now fail, since the config.yaml exists.`
			`self.putResponse(SuperUserConfig, data=dict(config={}, hostname='barbaz'), expected_code=403)`

			`# Login as a non-superuser.`
			`self.login(READ_ACCESS_USER)`

			`# Try writing it again. This should fail.`
			`self.putResponse(SuperUserConfig, data=dict(config={}, hostname='barbaz'), expected_code=403)`

			`# Login as a superuser.`
			`self.login(ADMIN_ACCESS_USER)`

			`# This should succeed.`
			`json = self.putJsonResponse(SuperUserConfig, data=dict(config={}, hostname='barbaz'))`
			`self.assertTrue(json['exists'])`

			`json = self.getJsonResponse(SuperUserConfig)`
			`self.assertIsNotNone(json['config'])`


			`if __name__ == '__main__':`
test: move ConfigForTesting 2017-02-03 21:04:31 +00:00			`unittest.main()`