diff --git a/config.py b/config.py index d09cbc87f..8616f47d4 100644 --- a/config.py +++ b/config.py @@ -140,6 +140,8 @@ class TestConfig(FlaskConfig, FakeStorage, EphemeralDB, FakeUserfiles, 'format': LOG_FORMAT } POPULATE_DB_TEST_DATA = True + TESTING = True + INCLUDE_TEST_ENDPOINTS = True class DebugConfig(FlaskConfig, MailConfig, LocalStorage, SQLiteDB, diff --git a/test/specs.py b/test/specs.py index be860f126..3244b04f4 100644 --- a/test/specs.py +++ b/test/specs.py @@ -28,514 +28,231 @@ NEW_ORG_REPO_DETAILS = { 'namespace': ORG, } -class hashabledict(dict): - def __hash__(self): - return hash(tuple(sorted(self.items()))) +NEW_USER_DETAILS = { + 'username': 'bob', + 'password': 'password', + 'email': 'jake@devtable.com', +} + +SEND_RECOVERY_DETAILS = { + 'email': 'jacob.moshenko@gmail.com', +} + +SIGNIN_DETAILS = { + 'username': 'devtable', + 'password': 'password', +} + +FILE_DROP_DETAILS = { + 'mimeType': 'application/zip', +} + +CHANGE_PERMISSION_DETAILS = { + 'role': 'admin', +} + +CREATE_BUILD_DETAILS = { + 'file_id': str(uuid4()), +} + +CHANGE_VISIBILITY_DETAILS = { + 'visibility': 'public', +} + +CREATE_TOKEN_DETAILS = { + 'friendlyName': 'A new token', +} + +UPDATE_REPO_DETAILS = { + 'description': 'A new description', +} -def open_kwargs(method='GET', json_object=None): - kwargs = hashabledict([ - ('method', method), - ]) +class TestSpec(object): + def __init__(self, url, anon_code=401, no_access_code=403, read_code=403, + admin_code=200): + self._url = url + self._data = None + self._method = 'GET' - if json_object is not None: - kwargs['data'] = json.dumps(json_object) - kwargs['content_type'] = 'application/json' + self.anon_code = anon_code + self.no_access_code = no_access_code + self.read_code = read_code + self.admin_code = admin_code - elif method == 'POST' or method == 'PUT': - kwargs['data'] = json.dumps({ - 'fake': 'json', - 'data': 'here', - }) - kwargs['content_type'] = 'application/json' + def set_data_from_obj(self, json_serializable): + self._data = json.dumps(json_serializable) + return self - return kwargs + def set_method(self, method): + self._method = method + return self + + def get_client_args(self): + kwargs = { + 'method': self._method + } + + if self._data or self._method == 'POST' or self._method == 'PUT': + kwargs['data'] = self._data if self._data else '{}' + kwargs['content_type'] = 'application/json' + + return self._url, kwargs -def build_anon_spec(): - return OrderedDict([ - ((url_for('welcome'), open_kwargs()), 200), +def build_specs(): + return [ + TestSpec(url_for('welcome'), 200, 200, 200, 200), - ((url_for('plans_list'), open_kwargs()), 200), + TestSpec(url_for('plans_list'), 200, 200, 200, 200), - ((url_for('get_logged_in_user'), open_kwargs()), 200), + TestSpec(url_for('get_logged_in_user'), 200, 200, 200, 200), - ((url_for('change_user_details'), open_kwargs('PUT')), 401), + TestSpec(url_for('change_user_details'), 401, 200, 200, 200).set_method('PUT'), - ((url_for('create_user_api'), open_kwargs('POST')), 400), + TestSpec(url_for('create_user_api'), 201, 201, 201, 201).set_method('POST').set_data_from_obj(NEW_USER_DETAILS), - ((url_for('signin_api'), open_kwargs('POST')), 400), + TestSpec(url_for('signin_api'), 200, 200, 200, 200).set_method('POST').set_data_from_obj(SIGNIN_DETAILS), - ((url_for('send_recovery'), open_kwargs('POST')), 400), + TestSpec(url_for('send_recovery'), 201, 201, 201, 201).set_method('POST').set_data_from_obj(SEND_RECOVERY_DETAILS), - ((url_for('get_matching_users', prefix='dev'), open_kwargs()), 401), + TestSpec(url_for('get_matching_users', prefix='dev'), 401, 200, 200, 200), - ((url_for('get_matching_entities', prefix='dev'), open_kwargs()), 401), + TestSpec(url_for('get_matching_entities', prefix='dev'), 401, 200, 200, 200), - ((url_for('get_organization', orgname=ORG), open_kwargs()), 401), + TestSpec(url_for('get_organization', orgname=ORG), 401, 403, 200, 200), - ((url_for('get_organization_private_allowed', orgname=ORG), - open_kwargs()), 401), + TestSpec(url_for('get_organization_private_allowed', orgname=ORG)), - ((url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS), - open_kwargs('PUT')), 401), - ((url_for('update_organization_team', orgname=ORG, teamname=ORG_READERS), - open_kwargs('PUT')), 401), + TestSpec(url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS)).set_method('PUT'), + TestSpec(url_for('update_organization_team', orgname=ORG, teamname=ORG_READERS)).set_method('PUT'), - ((url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS), - open_kwargs('DELETE')), 401), - ((url_for('delete_organization_team', orgname=ORG, teamname=ORG_READERS), - open_kwargs('DELETE')), 401), + TestSpec(url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS), admin_code=400).set_method('DELETE'), + TestSpec(url_for('delete_organization_team', orgname=ORG, teamname=ORG_READERS), admin_code=204).set_method('DELETE'), - ((url_for('get_organization_team_members', orgname=ORG, - teamname=ORG_OWNERS), open_kwargs()), 401), - ((url_for('get_organization_team_members', orgname=ORG, - teamname=ORG_READERS), open_kwargs()), 401), + TestSpec(url_for('get_organization_team_members', orgname=ORG, teamname=ORG_OWNERS)), + TestSpec(url_for('get_organization_team_members', orgname=ORG, teamname=ORG_READERS), read_code=200), - ((url_for('update_organization_team_member', orgname=ORG, - teamname=ORG_OWNERS, membername=ORG_OWNER), - open_kwargs('PUT')), 401), - ((url_for('update_organization_team_member', orgname=ORG, - teamname=ORG_READERS, membername=ORG_OWNER), - open_kwargs('PUT')), 401), + TestSpec(url_for('update_organization_team_member', orgname=ORG, teamname=ORG_OWNERS, membername=ORG_OWNER), admin_code=400).set_method('PUT'), + TestSpec(url_for('update_organization_team_member', orgname=ORG, teamname=ORG_READERS, membername=ORG_OWNER)).set_method('PUT'), - ((url_for('delete_organization_team_member', orgname=ORG, - teamname=ORG_OWNERS, membername=ORG_OWNER), - open_kwargs('DELETE')), 401), - ((url_for('delete_organization_team_member', orgname=ORG, - teamname=ORG_READERS, membername=ORG_OWNER), - open_kwargs('DELETE')), 401), + TestSpec(url_for('delete_organization_team_member', orgname=ORG, teamname=ORG_OWNERS, membername=ORG_OWNER), admin_code=400).set_method('DELETE'), + TestSpec(url_for('delete_organization_team_member', orgname=ORG, teamname=ORG_READERS, membername=ORG_OWNER), admin_code=400).set_method('DELETE'), - ((url_for('create_repo_api'), open_kwargs('POST', NEW_ORG_REPO_DETAILS)), - 401), + TestSpec(url_for('create_repo_api')).set_method('POST').set_data_from_obj(NEW_ORG_REPO_DETAILS), - ((url_for('match_repos_api'), open_kwargs()), 200), + TestSpec(url_for('match_repos_api'), 200, 200, 200, 200), - ((url_for('list_repos_api'), open_kwargs()), 200), + TestSpec(url_for('list_repos_api'), 200, 200, 200, 200), - ((url_for('update_repo_api', repository=PUBLIC_REPO), open_kwargs('PUT')), - 401), - ((url_for('update_repo_api', repository=ORG_REPO), open_kwargs('PUT')), - 401), - ((url_for('update_repo_api', repository=PRIVATE_REPO), - open_kwargs('PUT')), 401), + TestSpec(url_for('update_repo_api', repository=PUBLIC_REPO), admin_code=403).set_method('PUT'), + TestSpec(url_for('update_repo_api', repository=ORG_REPO)).set_method('PUT').set_data_from_obj(UPDATE_REPO_DETAILS), + TestSpec(url_for('update_repo_api', repository=PRIVATE_REPO)).set_method('PUT').set_data_from_obj(UPDATE_REPO_DETAILS), - ((url_for('change_repo_visibility_api', repository=PUBLIC_REPO), - open_kwargs('POST')), 401), - ((url_for('change_repo_visibility_api', repository=ORG_REPO), - open_kwargs('POST')), 401), - ((url_for('change_repo_visibility_api', repository=PRIVATE_REPO), - open_kwargs('POST')), 401), + TestSpec(url_for('change_repo_visibility_api', repository=PUBLIC_REPO), admin_code=403).set_method('POST').set_data_from_obj(CHANGE_VISIBILITY_DETAILS), + TestSpec(url_for('change_repo_visibility_api', repository=ORG_REPO)).set_method('POST').set_data_from_obj(CHANGE_VISIBILITY_DETAILS), + TestSpec(url_for('change_repo_visibility_api', repository=PRIVATE_REPO)).set_method('POST').set_data_from_obj(CHANGE_VISIBILITY_DETAILS), - ((url_for('delete_repository', repository=PUBLIC_REPO), - open_kwargs('DELETE')), 401), - ((url_for('delete_repository', repository=ORG_REPO), - open_kwargs('DELETE')), 401), - ((url_for('delete_repository', repository=PRIVATE_REPO), - open_kwargs('DELETE')), 401), + TestSpec(url_for('delete_repository', repository=PUBLIC_REPO), admin_code=403).set_method('DELETE'), + TestSpec(url_for('delete_repository', repository=ORG_REPO), admin_code=204).set_method('DELETE'), + TestSpec(url_for('delete_repository', repository=PRIVATE_REPO), admin_code=204).set_method('DELETE'), - ((url_for('get_repo_api', repository=PUBLIC_REPO), open_kwargs()), 200), - ((url_for('get_repo_api', repository=ORG_REPO), open_kwargs()), 403), - ((url_for('get_repo_api', repository=PRIVATE_REPO), open_kwargs()), 403), + TestSpec(url_for('get_repo_api', repository=PUBLIC_REPO), 200, 200, 200, 200), + TestSpec(url_for('get_repo_api', repository=ORG_REPO), 403, 403, 200, 200), + TestSpec(url_for('get_repo_api', repository=PRIVATE_REPO), 403, 403, 200, 200), - ((url_for('get_repo_builds', repository=PUBLIC_REPO), open_kwargs()), - 401), - ((url_for('get_repo_builds', repository=ORG_REPO), open_kwargs()), 401), - ((url_for('get_repo_builds', repository=PRIVATE_REPO), open_kwargs()), - 401), + TestSpec(url_for('get_repo_builds', repository=PUBLIC_REPO), admin_code=403), + TestSpec(url_for('get_repo_builds', repository=ORG_REPO)), + TestSpec(url_for('get_repo_builds', repository=PRIVATE_REPO)), - ((url_for('get_filedrop_url'), open_kwargs('POST')), 401), + TestSpec(url_for('get_filedrop_url'), 401, 200, 200, 200).set_method('POST').set_data_from_obj(FILE_DROP_DETAILS), - ((url_for('request_repo_build', repository=PUBLIC_REPO), - open_kwargs('POST')), 401), - ((url_for('request_repo_build', repository=ORG_REPO), - open_kwargs('POST')), 401), - ((url_for('request_repo_build', repository=PRIVATE_REPO), - open_kwargs('POST')), 401), + TestSpec(url_for('request_repo_build', repository=PUBLIC_REPO), admin_code=403).set_method('POST').set_data_from_obj(CREATE_BUILD_DETAILS), + TestSpec(url_for('request_repo_build', repository=ORG_REPO), admin_code=201).set_method('POST').set_data_from_obj(CREATE_BUILD_DETAILS), + TestSpec(url_for('request_repo_build', repository=PRIVATE_REPO), admin_code=201).set_method('POST').set_data_from_obj(CREATE_BUILD_DETAILS), - ((url_for('list_repository_images', repository=PUBLIC_REPO), - open_kwargs()), 200), - ((url_for('list_repository_images', repository=ORG_REPO), - open_kwargs()), 403), - ((url_for('list_repository_images', repository=PRIVATE_REPO), - open_kwargs()), 403), + TestSpec(url_for('list_repository_images', repository=PUBLIC_REPO), 200, 200, 200, 200), + TestSpec(url_for('list_repository_images', repository=ORG_REPO), 403, 403, 200, 200), + TestSpec(url_for('list_repository_images', repository=PRIVATE_REPO), 403, 403, 200, 200), - ((url_for('get_image', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID), - open_kwargs()), 404), - ((url_for('get_image', repository=ORG_REPO, image_id=FAKE_IMAGE_ID), - open_kwargs()), 403), - ((url_for('get_image', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID), - open_kwargs()), 403), + TestSpec(url_for('get_image', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID), 404, 404, 404, 404), + TestSpec(url_for('get_image', repository=ORG_REPO, image_id=FAKE_IMAGE_ID), 403, 403, 404, 404), + TestSpec(url_for('get_image', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID), 403, 403, 404, 404), - ((url_for('get_image_changes', repository=PUBLIC_REPO, - image_id=FAKE_IMAGE_ID), open_kwargs()), 404), - ((url_for('get_image_changes', repository=ORG_REPO, - image_id=FAKE_IMAGE_ID), open_kwargs()), 403), - ((url_for('get_image_changes', repository=PRIVATE_REPO, - image_id=FAKE_IMAGE_ID), open_kwargs()), 403), + TestSpec(url_for('get_image_changes', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID), 404, 404, 404, 404), + TestSpec(url_for('get_image_changes', repository=ORG_REPO, image_id=FAKE_IMAGE_ID), 403, 403, 404, 404), + TestSpec(url_for('get_image_changes', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID), 403, 403, 404, 404), - ((url_for('list_tag_images', repository=PUBLIC_REPO, tag=FAKE_TAG_NAME), - open_kwargs()), 404), - ((url_for('list_tag_images', repository=ORG_REPO, tag=FAKE_TAG_NAME), - open_kwargs()), 403), - ((url_for('list_tag_images', repository=PRIVATE_REPO, tag=FAKE_TAG_NAME), - open_kwargs()), 403), + TestSpec(url_for('list_tag_images', repository=PUBLIC_REPO, tag=FAKE_TAG_NAME), 404, 404, 404, 404), + TestSpec(url_for('list_tag_images', repository=ORG_REPO, tag=FAKE_TAG_NAME), 403, 403, 404, 404), + TestSpec(url_for('list_tag_images', repository=PRIVATE_REPO, tag=FAKE_TAG_NAME), 403, 403, 404, 404), - ((url_for('list_repo_team_permissions', repository=PUBLIC_REPO), - open_kwargs()), 401), - ((url_for('list_repo_team_permissions', repository=ORG_REPO), - open_kwargs()), 401), - ((url_for('list_repo_team_permissions', repository=PRIVATE_REPO), - open_kwargs()), 401), + TestSpec(url_for('list_repo_team_permissions', repository=PUBLIC_REPO), admin_code=403), + TestSpec(url_for('list_repo_team_permissions', repository=ORG_REPO)), + TestSpec(url_for('list_repo_team_permissions', repository=PRIVATE_REPO)), - ((url_for('list_repo_user_permissions', repository=PUBLIC_REPO), - open_kwargs()), 401), - ((url_for('list_repo_user_permissions', repository=ORG_REPO), - open_kwargs()), 401), - ((url_for('list_repo_user_permissions', repository=PRIVATE_REPO), - open_kwargs()), 401), + TestSpec(url_for('list_repo_user_permissions', repository=PUBLIC_REPO), admin_code=403), + TestSpec(url_for('list_repo_user_permissions', repository=ORG_REPO)), + TestSpec(url_for('list_repo_user_permissions', repository=PRIVATE_REPO)), - ((url_for('get_user_permissions', repository=PUBLIC_REPO, - username=FAKE_USERNAME), open_kwargs()), 401), - ((url_for('get_user_permissions', repository=ORG_REPO, - username=FAKE_USERNAME), open_kwargs()), 401), - ((url_for('get_user_permissions', repository=PRIVATE_REPO, - username=FAKE_USERNAME), open_kwargs()), 401), + TestSpec(url_for('get_user_permissions', repository=PUBLIC_REPO, username=FAKE_USERNAME), admin_code=403), + TestSpec(url_for('get_user_permissions', repository=ORG_REPO, username=FAKE_USERNAME), admin_code=400), + TestSpec(url_for('get_user_permissions', repository=PRIVATE_REPO, username=FAKE_USERNAME), admin_code=400), - ((url_for('get_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_OWNERS), open_kwargs()), 401), - ((url_for('get_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_READERS), open_kwargs()), 401), - ((url_for('get_team_permissions', repository=ORG_REPO, - teamname=ORG_OWNERS), open_kwargs()), 401), - ((url_for('get_team_permissions', repository=ORG_REPO, - teamname=ORG_READERS), open_kwargs()), 401), - ((url_for('get_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_OWNERS), open_kwargs()), 401), - ((url_for('get_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_READERS), open_kwargs()), 401), + TestSpec(url_for('get_team_permissions', repository=PUBLIC_REPO, teamname=ORG_OWNERS), admin_code=403), + TestSpec(url_for('get_team_permissions', repository=PUBLIC_REPO, teamname=ORG_READERS), admin_code=403), + TestSpec(url_for('get_team_permissions', repository=ORG_REPO, teamname=ORG_OWNERS), admin_code=400), + TestSpec(url_for('get_team_permissions', repository=ORG_REPO, teamname=ORG_READERS)), + TestSpec(url_for('get_team_permissions', repository=PRIVATE_REPO, teamname=ORG_OWNERS), admin_code=400), + TestSpec(url_for('get_team_permissions', repository=PRIVATE_REPO, teamname=ORG_READERS), admin_code=400), - ((url_for('change_user_permissions', repository=PUBLIC_REPO, - username=FAKE_USERNAME), open_kwargs('PUT')), 401), - ((url_for('change_user_permissions', repository=ORG_REPO, - username=FAKE_USERNAME), open_kwargs('PUT')), 401), - ((url_for('change_user_permissions', repository=PRIVATE_REPO, - username=FAKE_USERNAME), open_kwargs('PUT')), 401), + TestSpec(url_for('change_user_permissions', repository=PUBLIC_REPO, username=FAKE_USERNAME), admin_code=403).set_method('PUT'), + TestSpec(url_for('change_user_permissions', repository=ORG_REPO, username=FAKE_USERNAME), admin_code=400).set_method('PUT'), + TestSpec(url_for('change_user_permissions', repository=PRIVATE_REPO, username=FAKE_USERNAME), admin_code=400).set_method('PUT'), - ((url_for('change_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_OWNERS), open_kwargs('PUT')), 401), - ((url_for('change_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_READERS), open_kwargs('PUT')), 401), - ((url_for('change_team_permissions', repository=ORG_REPO, - teamname=ORG_OWNERS), open_kwargs('PUT')), 401), - ((url_for('change_team_permissions', repository=ORG_REPO, - teamname=ORG_READERS), open_kwargs('PUT')), 401), - ((url_for('change_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_OWNERS), open_kwargs('PUT')), 401), - ((url_for('change_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_READERS), open_kwargs('PUT')), 401), + TestSpec(url_for('change_team_permissions', repository=PUBLIC_REPO, teamname=ORG_OWNERS), admin_code=403).set_method('PUT').set_data_from_obj(CHANGE_PERMISSION_DETAILS), + TestSpec(url_for('change_team_permissions', repository=PUBLIC_REPO, teamname=ORG_READERS), admin_code=403).set_method('PUT').set_data_from_obj(CHANGE_PERMISSION_DETAILS), + TestSpec(url_for('change_team_permissions', repository=ORG_REPO, teamname=ORG_OWNERS)).set_method('PUT').set_data_from_obj(CHANGE_PERMISSION_DETAILS), + TestSpec(url_for('change_team_permissions', repository=ORG_REPO, teamname=ORG_READERS)).set_method('PUT').set_data_from_obj(CHANGE_PERMISSION_DETAILS), + TestSpec(url_for('change_team_permissions', repository=PRIVATE_REPO, teamname=ORG_OWNERS), admin_code=400).set_method('PUT').set_data_from_obj(CHANGE_PERMISSION_DETAILS), + TestSpec(url_for('change_team_permissions', repository=PRIVATE_REPO, teamname=ORG_READERS), admin_code=400).set_method('PUT').set_data_from_obj(CHANGE_PERMISSION_DETAILS), - ((url_for('delete_user_permissions', repository=PUBLIC_REPO, - username=FAKE_USERNAME), open_kwargs('DELETE')), 401), - ((url_for('delete_user_permissions', repository=ORG_REPO, - username=FAKE_USERNAME), open_kwargs('DELETE')), 401), - ((url_for('delete_user_permissions', repository=PRIVATE_REPO, - username=FAKE_USERNAME), open_kwargs('DELETE')), 401), + TestSpec(url_for('delete_user_permissions', repository=PUBLIC_REPO, username=FAKE_USERNAME), admin_code=403).set_method('DELETE'), + TestSpec(url_for('delete_user_permissions', repository=ORG_REPO, username=FAKE_USERNAME), admin_code=400).set_method('DELETE'), + TestSpec(url_for('delete_user_permissions', repository=PRIVATE_REPO, username=FAKE_USERNAME), admin_code=400).set_method('DELETE'), - ((url_for('delete_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_OWNERS), open_kwargs('DELETE')), 401), - ((url_for('delete_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_READERS), open_kwargs('DELETE')), 401), - ((url_for('delete_team_permissions', repository=ORG_REPO, - teamname=ORG_OWNERS), open_kwargs('DELETE')), 401), - ((url_for('delete_team_permissions', repository=ORG_REPO, - teamname=ORG_READERS), open_kwargs('DELETE')), 401), - ((url_for('delete_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_OWNERS), open_kwargs('DELETE')), 401), - ((url_for('delete_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_READERS), open_kwargs('DELETE')), 401), + TestSpec(url_for('delete_team_permissions', repository=PUBLIC_REPO, teamname=ORG_OWNERS), admin_code=403).set_method('DELETE'), + TestSpec(url_for('delete_team_permissions', repository=PUBLIC_REPO, teamname=ORG_READERS), admin_code=403).set_method('DELETE'), + TestSpec(url_for('delete_team_permissions', repository=ORG_REPO, teamname=ORG_OWNERS), admin_code=400).set_method('DELETE'), + TestSpec(url_for('delete_team_permissions', repository=ORG_REPO, teamname=ORG_READERS), admin_code=204).set_method('DELETE'), + TestSpec(url_for('delete_team_permissions', repository=PRIVATE_REPO, teamname=ORG_OWNERS), admin_code=400).set_method('DELETE'), + TestSpec(url_for('delete_team_permissions', repository=PRIVATE_REPO, teamname=ORG_READERS), admin_code=400).set_method('DELETE'), - ((url_for('list_repo_tokens', repository=PUBLIC_REPO), open_kwargs()), - 401), - ((url_for('list_repo_tokens', repository=ORG_REPO), open_kwargs()), 401), - ((url_for('list_repo_tokens', repository=PRIVATE_REPO), open_kwargs()), - 401), + TestSpec(url_for('list_repo_tokens', repository=PUBLIC_REPO), admin_code=403), + TestSpec(url_for('list_repo_tokens', repository=ORG_REPO)), + TestSpec(url_for('list_repo_tokens', repository=PRIVATE_REPO)), - ((url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN), - open_kwargs()), 401), - ((url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN), - open_kwargs()), 401), - ((url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN), - open_kwargs()), 401), + TestSpec(url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN), admin_code=403), + TestSpec(url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN), admin_code=400), + TestSpec(url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN), admin_code=400), - ((url_for('create_token', repository=PUBLIC_REPO), open_kwargs('POST')), - 401), - ((url_for('create_token', repository=ORG_REPO), open_kwargs('POST')), - 401), - ((url_for('create_token', repository=PRIVATE_REPO), open_kwargs('POST')), - 401), + TestSpec(url_for('create_token', repository=PUBLIC_REPO), admin_code=403).set_method('POST'), + TestSpec(url_for('create_token', repository=ORG_REPO), admin_code=201).set_method('POST').set_data_from_obj(CREATE_TOKEN_DETAILS), + TestSpec(url_for('create_token', repository=PRIVATE_REPO), admin_code=201).set_method('POST').set_data_from_obj(CREATE_TOKEN_DETAILS), - ((url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), - open_kwargs('PUT')), 401), - ((url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN), - open_kwargs('PUT')), 401), - ((url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), - open_kwargs('PUT')), 401), + TestSpec(url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), admin_code=403).set_method('PUT'), + TestSpec(url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN), admin_code=400).set_method('PUT'), + TestSpec(url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), admin_code=400).set_method('PUT'), - ((url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), - open_kwargs('DELETE')), 401), - ((url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN), - open_kwargs('DELETE')), 401), - ((url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), - open_kwargs('DELETE')), 401), + TestSpec(url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), admin_code=403).set_method('DELETE'), + TestSpec(url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN), admin_code=400).set_method('DELETE'), + TestSpec(url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), admin_code=400).set_method('DELETE'), - ((url_for('subscribe_api'), open_kwargs('PUT')), 401), + TestSpec(url_for('subscribe_api'), 401, 400, 400, 400).set_method('PUT'), - ((url_for('subscribe_org_api', orgname=ORG), open_kwargs('PUT')), 401), + TestSpec(url_for('subscribe_org_api', orgname=ORG), 401, 403, 403, 400).set_method('PUT'), - ((url_for('get_subscription'), open_kwargs()), 401), + TestSpec(url_for('get_subscription'), 401, 200, 200, 200), - ((url_for('get_org_subscription', orgname=ORG), open_kwargs()), 401), - ]) - - -def build_no_access_spec(): - changes = OrderedDict([ - ((url_for('change_user_details'), open_kwargs('PUT')), 200), - - ((url_for('get_matching_users', prefix='dev'), open_kwargs()), 200), - - ((url_for('get_matching_entities', prefix='dev'), open_kwargs()), 200), - - ((url_for('get_organization', orgname=ORG), open_kwargs()), 403), - - ((url_for('get_organization_private_allowed', orgname=ORG), - open_kwargs()), 403), - - ((url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS), - open_kwargs('PUT')), 403), - ((url_for('update_organization_team', orgname=ORG, teamname=ORG_READERS), - open_kwargs('PUT')), 403), - - ((url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS), - open_kwargs('DELETE')), 403), - ((url_for('delete_organization_team', orgname=ORG, teamname=ORG_READERS), - open_kwargs('DELETE')), 403), - - ((url_for('get_organization_team_members', orgname=ORG, - teamname=ORG_OWNERS), open_kwargs()), 403), - ((url_for('get_organization_team_members', orgname=ORG, - teamname=ORG_READERS), open_kwargs()), 403), - - ((url_for('update_organization_team_member', orgname=ORG, - teamname=ORG_OWNERS, membername=ORG_OWNER), - open_kwargs('PUT')), 403), - ((url_for('update_organization_team_member', orgname=ORG, - teamname=ORG_READERS, membername=ORG_OWNER), - open_kwargs('PUT')), 403), - - ((url_for('delete_organization_team_member', orgname=ORG, - teamname=ORG_OWNERS, membername=ORG_OWNER), - open_kwargs('DELETE')), 403), - ((url_for('delete_organization_team_member', orgname=ORG, - teamname=ORG_READERS, membername=ORG_OWNER), - open_kwargs('DELETE')), 403), - - ((url_for('create_repo_api'), open_kwargs('POST', NEW_ORG_REPO_DETAILS)), - 403), - - ((url_for('update_repo_api', repository=PUBLIC_REPO), open_kwargs('PUT')), - 403), - ((url_for('update_repo_api', repository=ORG_REPO), open_kwargs('PUT')), - 403), - ((url_for('update_repo_api', repository=PRIVATE_REPO), - open_kwargs('PUT')), 403), - - ((url_for('change_repo_visibility_api', repository=PUBLIC_REPO), - open_kwargs('POST')), 403), - ((url_for('change_repo_visibility_api', repository=ORG_REPO), - open_kwargs('POST')), 403), - ((url_for('change_repo_visibility_api', repository=PRIVATE_REPO), - open_kwargs('POST')), 403), - - ((url_for('delete_repository', repository=PUBLIC_REPO), - open_kwargs('DELETE')), 403), - ((url_for('delete_repository', repository=ORG_REPO), - open_kwargs('DELETE')), 403), - ((url_for('delete_repository', repository=PRIVATE_REPO), - open_kwargs('DELETE')), 403), - - ((url_for('get_repo_builds', repository=PUBLIC_REPO), open_kwargs()), - 403), - ((url_for('get_repo_builds', repository=ORG_REPO), open_kwargs()), 403), - ((url_for('get_repo_builds', repository=PRIVATE_REPO), open_kwargs()), - 403), - - ((url_for('get_filedrop_url'), open_kwargs('POST')), 400), - - ((url_for('request_repo_build', repository=PUBLIC_REPO), - open_kwargs('POST')), 403), - ((url_for('request_repo_build', repository=ORG_REPO), - open_kwargs('POST')), 403), - ((url_for('request_repo_build', repository=PRIVATE_REPO), - open_kwargs('POST')), 403), - - ((url_for('list_repo_team_permissions', repository=PUBLIC_REPO), - open_kwargs()), 403), - ((url_for('list_repo_team_permissions', repository=ORG_REPO), - open_kwargs()), 403), - ((url_for('list_repo_team_permissions', repository=PRIVATE_REPO), - open_kwargs()), 403), - - ((url_for('list_repo_user_permissions', repository=PUBLIC_REPO), - open_kwargs()), 403), - ((url_for('list_repo_user_permissions', repository=ORG_REPO), - open_kwargs()), 403), - ((url_for('list_repo_user_permissions', repository=PRIVATE_REPO), - open_kwargs()), 403), - - ((url_for('get_user_permissions', repository=PUBLIC_REPO, - username=FAKE_USERNAME), open_kwargs()), 403), - ((url_for('get_user_permissions', repository=ORG_REPO, - username=FAKE_USERNAME), open_kwargs()), 403), - ((url_for('get_user_permissions', repository=PRIVATE_REPO, - username=FAKE_USERNAME), open_kwargs()), 403), - - ((url_for('get_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_OWNERS), open_kwargs()), 403), - ((url_for('get_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_READERS), open_kwargs()), 403), - ((url_for('get_team_permissions', repository=ORG_REPO, - teamname=ORG_OWNERS), open_kwargs()), 403), - ((url_for('get_team_permissions', repository=ORG_REPO, - teamname=ORG_READERS), open_kwargs()), 403), - ((url_for('get_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_OWNERS), open_kwargs()), 403), - ((url_for('get_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_READERS), open_kwargs()), 403), - - ((url_for('change_user_permissions', repository=PUBLIC_REPO, - username=FAKE_USERNAME), open_kwargs('PUT')), 403), - ((url_for('change_user_permissions', repository=ORG_REPO, - username=FAKE_USERNAME), open_kwargs('PUT')), 403), - ((url_for('change_user_permissions', repository=PRIVATE_REPO, - username=FAKE_USERNAME), open_kwargs('PUT')), 403), - - ((url_for('change_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_OWNERS), open_kwargs('PUT')), 403), - ((url_for('change_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_READERS), open_kwargs('PUT')), 403), - ((url_for('change_team_permissions', repository=ORG_REPO, - teamname=ORG_OWNERS), open_kwargs('PUT')), 403), - ((url_for('change_team_permissions', repository=ORG_REPO, - teamname=ORG_READERS), open_kwargs('PUT')), 403), - ((url_for('change_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_OWNERS), open_kwargs('PUT')), 403), - ((url_for('change_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_READERS), open_kwargs('PUT')), 403), - - ((url_for('delete_user_permissions', repository=PUBLIC_REPO, - username=FAKE_USERNAME), open_kwargs('DELETE')), 403), - ((url_for('delete_user_permissions', repository=ORG_REPO, - username=FAKE_USERNAME), open_kwargs('DELETE')), 403), - ((url_for('delete_user_permissions', repository=PRIVATE_REPO, - username=FAKE_USERNAME), open_kwargs('DELETE')), 403), - - ((url_for('delete_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_OWNERS), open_kwargs('DELETE')), 403), - ((url_for('delete_team_permissions', repository=PUBLIC_REPO, - teamname=ORG_READERS), open_kwargs('DELETE')), 403), - ((url_for('delete_team_permissions', repository=ORG_REPO, - teamname=ORG_OWNERS), open_kwargs('DELETE')), 403), - ((url_for('delete_team_permissions', repository=ORG_REPO, - teamname=ORG_READERS), open_kwargs('DELETE')), 403), - ((url_for('delete_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_OWNERS), open_kwargs('DELETE')), 403), - ((url_for('delete_team_permissions', repository=PRIVATE_REPO, - teamname=ORG_READERS), open_kwargs('DELETE')), 403), - - ((url_for('list_repo_tokens', repository=PUBLIC_REPO), open_kwargs()), - 403), - ((url_for('list_repo_tokens', repository=ORG_REPO), open_kwargs()), 403), - ((url_for('list_repo_tokens', repository=PRIVATE_REPO), open_kwargs()), - 403), - - ((url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN), - open_kwargs()), 403), - ((url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN), - open_kwargs()), 403), - ((url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN), - open_kwargs()), 403), - - ((url_for('create_token', repository=PUBLIC_REPO), open_kwargs('POST')), - 403), - ((url_for('create_token', repository=ORG_REPO), open_kwargs('POST')), - 403), - ((url_for('create_token', repository=PRIVATE_REPO), open_kwargs('POST')), - 403), - - ((url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), - open_kwargs('PUT')), 403), - ((url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN), - open_kwargs('PUT')), 403), - ((url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), - open_kwargs('PUT')), 403), - - ((url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), - open_kwargs('DELETE')), 403), - ((url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN), - open_kwargs('DELETE')), 403), - ((url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), - open_kwargs('DELETE')), 403), - - ((url_for('subscribe_api'), open_kwargs('PUT')), 400), - - ((url_for('subscribe_org_api', orgname=ORG), open_kwargs('PUT')), 403), - - ((url_for('get_subscription'), open_kwargs()), 200), - - ((url_for('get_org_subscription', orgname=ORG), open_kwargs()), 403), - ]) - - to_update = build_anon_spec() - to_update.update(changes) - return to_update - - -def build_read_access_spec(): - changes = OrderedDict([ - ((url_for('get_organization', orgname=ORG), open_kwargs()), 200), - - ((url_for('get_organization_team_members', orgname=ORG, - teamname=ORG_READERS), open_kwargs()), 200), - - ((url_for('create_repo_api'), open_kwargs('POST', NEW_ORG_REPO_DETAILS)), - 403), - - ((url_for('get_repo_api', repository=ORG_REPO), open_kwargs()), 200), - ((url_for('get_repo_api', repository=PRIVATE_REPO), open_kwargs()), 200), - - ((url_for('list_repository_images', repository=ORG_REPO), - open_kwargs()), 200), - ((url_for('list_repository_images', repository=PRIVATE_REPO), - open_kwargs()), 200), - - ((url_for('get_image', repository=ORG_REPO, image_id=FAKE_IMAGE_ID), - open_kwargs()), 404), - ((url_for('get_image', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID), - open_kwargs()), 404), - - ((url_for('get_image_changes', repository=ORG_REPO, - image_id=FAKE_IMAGE_ID), open_kwargs()), 404), - ((url_for('get_image_changes', repository=PRIVATE_REPO, - image_id=FAKE_IMAGE_ID), open_kwargs()), 404), - - ((url_for('list_tag_images', repository=ORG_REPO, tag=FAKE_TAG_NAME), - open_kwargs()), 404), - ((url_for('list_tag_images', repository=PRIVATE_REPO, tag=FAKE_TAG_NAME), - open_kwargs()), 404), - ]) - - to_update = build_no_access_spec() - to_update.update(changes) - return to_update + TestSpec(url_for('get_org_subscription', orgname=ORG)), + ] diff --git a/test/test_api_security.py b/test/test_api_security.py index 2ccd1fcce..6a8ffd743 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -6,12 +6,12 @@ import endpoints.api from app import app from data import model from initdb import wipe_database, initialize_database, populate_database -from specs import (build_anon_spec, build_no_access_spec, - build_read_access_spec) +from specs import build_specs NO_ACCESS_USER = 'freshuser' READ_ACCESS_USER = 'reader' +ADMIN_ACCESS_USER = 'devtable' class ApiTestCase(unittest.TestCase): @@ -42,14 +42,18 @@ class SpecTestBuilder(type): rv = c.open(url, **open_kwargs) msg = '%s %s: %s expected: %s' % (open_kwargs['method'], url, rv.status_code, expected_status) + if rv.status_code != expected_status: + print msg self.assertEqual(rv.status_code, expected_status, msg) return test def __new__(cls, name, bases, attrs): with app.test_request_context() as ctx: - spec = attrs['spec_func']() - for (url, open_kwargs), expected_status in spec.items(): + specs = attrs['spec_func']() + for test_spec in specs: + url, open_kwargs = test_spec.get_client_args() + expected_status = getattr(test_spec, attrs['result_attr']) test = SpecTestBuilder._test_generator(url, expected_status, open_kwargs, attrs['auth_username']) @@ -64,21 +68,31 @@ class SpecTestBuilder(type): class TestAnonymousAccess(ApiTestCase): __metaclass__ = SpecTestBuilder - spec_func = build_anon_spec + spec_func = build_specs + result_attr = 'anon_code' auth_username = None class TestNoAccess(ApiTestCase): __metaclass__ = SpecTestBuilder - spec_func = build_no_access_spec + spec_func = build_specs + result_attr = 'no_access_code' auth_username = NO_ACCESS_USER class TestReadAccess(ApiTestCase): __metaclass__ = SpecTestBuilder - spec_func = build_read_access_spec + spec_func = build_specs + result_attr = 'read_code' auth_username = READ_ACCESS_USER +class TestAdminAccess(ApiTestCase): + __metaclass__ = SpecTestBuilder + spec_func = build_specs + result_attr = 'admin_code' + auth_username = ADMIN_ACCESS_USER + + if __name__ == '__main__': unittest.main() diff --git a/test/teststorage.py b/test/teststorage.py index c29484ce4..d597bfa0e 100644 --- a/test/teststorage.py +++ b/test/teststorage.py @@ -19,6 +19,9 @@ class FakeStorage(Storage): def stream_write(self, path, fp): pass + def remove(self, path): + pass + def exists(self, path): return True