2017-02-22 19:35:11 +00:00
|
|
|
import pytest
|
|
|
|
|
|
2017-03-22 11:38:52 +00:00
|
|
|
import flask
|
2017-03-22 14:30:48 +00:00
|
|
|
from flask_principal import Identity, Principal
|
2017-02-22 19:35:11 +00:00
|
|
|
|
2017-04-15 12:26:33 +00:00
|
|
|
from endpoints.v2.v2auth import get_tuf_root
|
2017-03-22 11:38:52 +00:00
|
|
|
from auth import permissions
|
2017-04-15 12:26:33 +00:00
|
|
|
from util.security.registry_jwt import QUAY_TUF_ROOT, SIGNER_TUF_ROOT, DISABLED_TUF_ROOT
|
2017-03-22 11:38:52 +00:00
|
|
|
|
2017-04-15 12:26:33 +00:00
|
|
|
from test import testconfig
|
|
|
|
|
from mock import Mock
|
|
|
|
|
|
|
|
|
|
|
2017-03-22 11:38:52 +00:00
|
|
|
def admin_identity(namespace, reponame):
|
|
|
|
|
identity = Identity('admin')
|
|
|
|
|
identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'admin'))
|
|
|
|
|
identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'admin'))
|
|
|
|
|
return identity
|
2017-02-22 19:35:11 +00:00
|
|
|
|
2017-03-22 11:38:52 +00:00
|
|
|
def write_identity(namespace, reponame):
|
|
|
|
|
identity = Identity('writer')
|
|
|
|
|
identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'write'))
|
|
|
|
|
identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'write'))
|
|
|
|
|
return identity
|
|
|
|
|
|
|
|
|
|
def read_identity(namespace, reponame):
|
|
|
|
|
identity = Identity('reader')
|
|
|
|
|
identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'read'))
|
|
|
|
|
identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'read'))
|
|
|
|
|
return identity
|
|
|
|
|
|
2017-03-22 14:30:48 +00:00
|
|
|
def app_with_principal():
|
|
|
|
|
app = flask.Flask(__name__)
|
2017-04-15 12:26:33 +00:00
|
|
|
app.config.from_object(testconfig.TestConfig())
|
2017-03-22 14:30:48 +00:00
|
|
|
principal = Principal(app)
|
|
|
|
|
return app, principal
|
|
|
|
|
|
2017-03-22 11:38:52 +00:00
|
|
|
@pytest.mark.parametrize('identity,expected', [
|
2017-03-22 20:14:56 +00:00
|
|
|
(Identity('anon'), QUAY_TUF_ROOT),
|
|
|
|
|
(read_identity("namespace", "repo"), QUAY_TUF_ROOT),
|
|
|
|
|
(read_identity("different", "repo"), QUAY_TUF_ROOT),
|
|
|
|
|
(admin_identity("different", "repo"), QUAY_TUF_ROOT),
|
|
|
|
|
(write_identity("different", "repo"), QUAY_TUF_ROOT),
|
|
|
|
|
(admin_identity("namespace", "repo"), SIGNER_TUF_ROOT),
|
|
|
|
|
(write_identity("namespace", "repo"), SIGNER_TUF_ROOT),
|
2017-02-22 19:35:11 +00:00
|
|
|
])
|
2017-03-22 11:38:52 +00:00
|
|
|
def test_get_tuf_root(identity, expected):
|
2017-03-22 14:30:48 +00:00
|
|
|
app, principal = app_with_principal()
|
2017-03-22 11:38:52 +00:00
|
|
|
with app.test_request_context('/'):
|
2017-03-22 14:30:48 +00:00
|
|
|
principal.set_identity(identity)
|
2017-04-15 12:26:33 +00:00
|
|
|
actual = get_tuf_root(Mock(), "namespace", "repo")
|
2017-03-22 14:30:48 +00:00
|
|
|
assert actual == expected, "should be %s, but was %s" % (expected, actual)
|
2017-04-15 12:26:33 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize('trust_enabled,tuf_root', [
|
|
|
|
|
(True, QUAY_TUF_ROOT),
|
|
|
|
|
(False, DISABLED_TUF_ROOT),
|
|
|
|
|
])
|
|
|
|
|
def test_trust_disabled(trust_enabled,tuf_root):
|
|
|
|
|
app, principal = app_with_principal()
|
|
|
|
|
with app.test_request_context('/'):
|
|
|
|
|
principal.set_identity(read_identity("namespace", "repo"))
|
|
|
|
|
actual = get_tuf_root(Mock(trust_enabled=trust_enabled), "namespace", "repo")
|
|
|
|
|
assert actual == tuf_root, "should be %s, but was %s" % (tuf_root, actual)
|
