From 1a787225216cfab7e4377db212c87e4f3d9d9702 Mon Sep 17 00:00:00 2001
From: Evan Cordell <cordell.evan@gmail.com>
Date: Wed, 5 Apr 2017 13:27:31 -0400
Subject: [PATCH] Update tests

---
 endpoints/api/signing.py            |  3 ++
 endpoints/api/test/test_security.py |  6 ++++
 endpoints/api/test/test_signing.py  | 43 +++++++++++++++++++++++++++++
 test/test_api_security.py           | 18 ------------
 test/test_api_usage.py              | 24 ----------------
 test/testconfig.py                  |  2 ++
 6 files changed, 54 insertions(+), 42 deletions(-)
 create mode 100644 endpoints/api/test/test_signing.py

diff --git a/endpoints/api/signing.py b/endpoints/api/signing.py
index 1c7716c81..34096187b 100644
--- a/endpoints/api/signing.py
+++ b/endpoints/api/signing.py
@@ -14,6 +14,9 @@ logger = logging.getLogger(__name__)
 def _default_signed_tags_for_repository(namespace, repository):
   """ Fetches the tags in the targets/releases delegation, which is the one the docker client will trust. """
   tag_data, _ = tuf_metadata_api.get_default_tags(namespace, repository)
+  if not tag_data:
+    return {'tags': None}
+
   return {
     'tags': tag_data.keys()
   }
diff --git a/endpoints/api/test/test_security.py b/endpoints/api/test/test_security.py
index 1ae2c31cc..c9b72c87c 100644
--- a/endpoints/api/test/test_security.py
+++ b/endpoints/api/test/test_security.py
@@ -5,6 +5,7 @@ from endpoints.api.team import OrganizationTeamSyncing
 from endpoints.api.test.shared import client_with_identity, conduct_api_call
 from endpoints.api.superuser import SuperUserRepositoryBuildLogs, SuperUserRepositoryBuildResource
 from endpoints.api.superuser import SuperUserRepositoryBuildStatus
+from endpoints.api.signing import RepositorySignatures
 from test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
 
 TEAM_PARAMS = {'orgname': 'buynlarge', 'teamname': 'owners'}
@@ -35,6 +36,11 @@ BUILD_PARAMS = {'build_uuid': 'test-1234'}
   (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
   (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
   (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None,  'devtable', 404),
+  
+  (RepositorySignatures, 'GET', 401, None, None),
+  (RepositorySignatures, 'GET', 403, 'freshuser', None),
+  (RepositorySignatures, 'GET', 403, 'reader', None),
+  (RepositorySignatures, 'GET', 404, 'devtable', None),
 ])
 def test_api_security(resource, method, params, body, identity, expected, client):
   with client_with_identity(identity, client) as cl:
diff --git a/endpoints/api/test/test_signing.py b/endpoints/api/test/test_signing.py
new file mode 100644
index 000000000..5d7744be5
--- /dev/null
+++ b/endpoints/api/test/test_signing.py
@@ -0,0 +1,43 @@
+from collections import Counter
+
+import pytest
+
+from endpoints.api.test.shared import client_with_identity, conduct_api_call
+from endpoints.api.signing import RepositorySignatures
+from test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
+from mock import patch
+
+VALID_TARGETS = {
+  'latest': {
+    'hashes': {
+      'sha256': 'mLmxwTyUrqIRDaz8uaBapfrp3GPERfsDg2kiMujlteo='
+    },
+    'length': 1500
+  },
+  'test_tag': {
+    'hashes': {
+      'sha256': '1234123'
+    },
+    'length': 50
+  }
+}
+
+def tags_equal(expected, actual):
+  expected_tags = expected.get('tags')
+  actual_tags = actual.get('tags')
+  if expected_tags and actual_tags:
+    return Counter(expected_tags) == Counter(actual_tags)
+  return expected == actual
+
+@pytest.mark.parametrize('targets,expected', [
+  (VALID_TARGETS, {'tags':['latest', 'test_tag']}),
+  ({'bad': 'tags'}, ({'tags': ['bad']})),
+  ({}, ({'tags': None})),
+  (None, ({'tags': None})),   # API returns None on exceptions
+])
+def test_get_signatures(targets, expected, client):
+  with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
+    mock_tuf.get_default_tags.return_value = (targets, False)
+    with client_with_identity('devtable', client) as cl:
+      params = {'repository': 'devtable/repo'}
+      assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)
diff --git a/test/test_api_security.py b/test/test_api_security.py
index 96be3ed4b..0df692b17 100644
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@@ -57,7 +57,6 @@ from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserMana
                                      SuperUserRepositoryBuildResource, SuperUserRepositoryBuildStatus)
 from endpoints.api.globalmessages import GlobalUserMessage, GlobalUserMessages
 from endpoints.api.secscan import RepositoryImageSecurity, RepositoryManifestSecurity
-from endpoints.api.signing import RepositorySignatures
 from endpoints.api.manifest import RepositoryManifestLabels, ManageRepositoryManifestLabel
 
 
@@ -4485,23 +4484,6 @@ class TestRepositoryManifestSecurity(ApiTestCase):
 
   def test_get_devtable(self):
     self._run_test('GET', 404, 'devtable', None)
-    
-class TestRepositorySignatures(ApiTestCase):
-  def setUp(self):
-    ApiTestCase.setUp(self)
-    self._set_url(RepositorySignatures, repository='devtable/simple')
-
-  def test_get_anonymous(self):
-    self._run_test('GET', 401, None, None)
-
-  def test_get_freshuser(self):
-    self._run_test('GET', 403, 'freshuser', None)
-
-  def test_get_reader(self):
-    self._run_test('GET', 403, 'reader', None)
-
-  def test_get_devtable(self):
-    self._run_test('GET', 404, 'devtable', None)
 
 
 class TestRepositoryManifestLabels(ApiTestCase):
diff --git a/test/test_api_usage.py b/test/test_api_usage.py
index 8b8a7ae94..89495262e 100644
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@@ -74,7 +74,6 @@ from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserMana
                                      SuperUserCustomCertificates, SuperUserCustomCertificate)
 from endpoints.api.globalmessages import (GlobalUserMessage, GlobalUserMessages,)
 from endpoints.api.secscan import RepositoryImageSecurity, RepositoryManifestSecurity
-from endpoints.api.signing import RepositorySignatures
 from endpoints.api.suconfig import (SuperUserRegistryStatus, SuperUserConfig, SuperUserConfigFile,
                                     SuperUserCreateInitialSuperUser)
 from endpoints.api.manifest import RepositoryManifestLabels, ManageRepositoryManifestLabel
@@ -4507,29 +4506,6 @@ class TestRepositoryImageSecurity(ApiTestCase):
                          expected_code=200)
 
 
-class TestRepositorySignatures(ApiTestCase):
-  def test_get_signatures(self):
-    self.login(ADMIN_ACCESS_USER)
-    
-    targets = {
-      'latest': {
-        'hashes': {
-          'sha256': 'mLmxwTyUrqIRDaz8uaBapfrp3GPERfsDg2kiMujlteo='
-        },
-        'length': 1500
-      },
-      'test_tag': {
-        'hashes': {
-          'sha256': '1234123'
-        },
-        'length': 50
-      }
-    }
-    
-    with patch('app.tuf_metadata_api') as mock_tuf: 
-      mock_tuf.get_default_tags.return_value = targets
-      signed_tags_response = self.getJsonResponse(RepositorySignatures, params=dict(namespace='ns', repository='repo'))
-      self.assertEquals(signed_tags_response, {'tags': ['latest', 'test_tag']})
       
 
 class TestSuperUserCustomCertificates(ApiTestCase):
diff --git a/test/testconfig.py b/test/testconfig.py
index 72c5fb229..ab2a238b9 100644
--- a/test/testconfig.py
+++ b/test/testconfig.py
@@ -64,6 +64,8 @@ class TestConfig(DefaultConfig):
   SECURITY_SCANNER_API_VERSION = 'v1'
   SECURITY_SCANNER_ENGINE_VERSION_TARGET = 1
   SECURITY_SCANNER_API_TIMEOUT_SECONDS = 1
+  
+  FEATURE_SIGNING = True
 
   SIGNING_ENGINE = 'gpg2'