More tests

test/test_api_usage.py

@@ -3563,8 +3563,11 @@ class TestSuperUserKeyManagement(ApiTestCase):
   def test_get_update_keys(self):
     self.login(ADMIN_ACCESS_USER)
 
+    kind = LogEntryKind.get(LogEntryKind.name == 'service_key_modify')
+    existing_modify = model.log.LogEntry.select().where(LogEntry.kind == kind).count()
+
     json = self.getJsonResponse(SuperUserServiceKeyManagement)
-    self.assertEquals(3, len(json['keys']))
+    self.assertEquals(4, len(json['keys']))
 
     key = json['keys'][0]
     self.assertTrue('name' in key)
@@ -3586,7 +3589,7 @@ class TestSuperUserKeyManagement(ApiTestCase):
 
     # Ensure a log was added for the modification.
     kind = LogEntryKind.get(LogEntryKind.name == 'service_key_modify')
-    self.assertEquals(1, model.log.LogEntry.select().where(LogEntry.kind == kind).count())
+    self.assertEquals(existing_modify + 1, model.log.LogEntry.select().where(LogEntry.kind == kind).count())
 
     # Update the key's metadata.
     self.putJsonResponse(SuperUserServiceKey, params=dict(kid=key['kid']),
@@ -3598,7 +3601,7 @@ class TestSuperUserKeyManagement(ApiTestCase):
 
     # Ensure a log was added for the modification.
     kind = LogEntryKind.get(LogEntryKind.name == 'service_key_modify')
-    self.assertEquals(2, model.log.LogEntry.select().where(LogEntry.kind == kind).count())
+    self.assertEquals(existing_modify + 2, model.log.LogEntry.select().where(LogEntry.kind == kind).count())
 
     # Change the key's expiration.
     self.putJsonResponse(SuperUserServiceKey, params=dict(kid=key['kid']),
@@ -3619,12 +3622,55 @@ class TestSuperUserKeyManagement(ApiTestCase):
     self.getResponse(SuperUserServiceKey, params=dict(kid=key['kid']), expected_code=404)
 
     json = self.getJsonResponse(SuperUserServiceKeyManagement)
-    self.assertEquals(2, len(json['keys']))
+    self.assertEquals(3, len(json['keys']))
 
     # Ensure a log was added for the deletion.
     kind = LogEntryKind.get(LogEntryKind.name == 'service_key_delete')
     self.assertEquals(1, model.log.LogEntry.select().where(LogEntry.kind == kind).count())
 
+  def test_approve_key(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    kind = LogEntryKind.get(LogEntryKind.name == 'service_key_approve')
+    existing_log_count = model.log.LogEntry.select().where(LogEntry.kind == kind).count()
+
+    # Ensure the key is not yet approved.
+    json = self.getJsonResponse(SuperUserServiceKey, params=dict(kid='kid3'))
+    self.assertEquals('unapprovedkey', json['name'])
+    self.assertIsNone(json['approval'])
+
+    # Approve the key.
+    self.postResponse(SuperUserServiceKeyApproval, params=dict(kid='kid3'),
+                      data=dict(notes='testapprove'), expected_code=201)
+
+    # Ensure the key is approved.
+    json = self.getJsonResponse(SuperUserServiceKey, params=dict(kid='kid3'))
+    self.assertEquals('unapprovedkey', json['name'])
+    self.assertIsNotNone(json['approval'])
+    self.assertEquals('ServiceKeyApprovalType.SUPERUSER', json['approval']['approval_type'])
+    self.assertEquals(ADMIN_ACCESS_USER, json['approval']['approver']['username'])
+    self.assertEquals('testapprove', json['approval']['notes'])
+
+    # Ensure the approval was logged.
+    kind = LogEntryKind.get(LogEntryKind.name == 'service_key_approve')
+    self.assertEquals(existing_log_count + 1, model.log.LogEntry.select().where(LogEntry.kind == kind).count())
+
+  def test_approve_preapproved(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    new_key = {
+      'service': 'coolservice',
+      'name': 'mynewkey',
+      'metadata': dict(foo='baz'),
+      'notes': 'whazzup!?',
+      'expiration': timegm((datetime.datetime.now() + datetime.timedelta(days=1)).utctimetuple()),
+    }
+
+    # Create the key (preapproved automatically)
+    json = self.postJsonResponse(SuperUserServiceKeyManagement, data=new_key)
+
+    # Try to approve again.
+    self.postResponse(SuperUserServiceKeyApproval, params=dict(kid=json['kid']), expected_code=201)
 
   def test_create_key(self):
     self.login(ADMIN_ACCESS_USER)