diff --git a/test/test_api_usage.py b/test/test_api_usage.py index 29bf30b88..90650dc46 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -3563,8 +3563,11 @@ class TestSuperUserKeyManagement(ApiTestCase): def test_get_update_keys(self): self.login(ADMIN_ACCESS_USER) + kind = LogEntryKind.get(LogEntryKind.name == 'service_key_modify') + existing_modify = model.log.LogEntry.select().where(LogEntry.kind == kind).count() + json = self.getJsonResponse(SuperUserServiceKeyManagement) - self.assertEquals(3, len(json['keys'])) + self.assertEquals(4, len(json['keys'])) key = json['keys'][0] self.assertTrue('name' in key) @@ -3586,7 +3589,7 @@ class TestSuperUserKeyManagement(ApiTestCase): # Ensure a log was added for the modification. kind = LogEntryKind.get(LogEntryKind.name == 'service_key_modify') - self.assertEquals(1, model.log.LogEntry.select().where(LogEntry.kind == kind).count()) + self.assertEquals(existing_modify + 1, model.log.LogEntry.select().where(LogEntry.kind == kind).count()) # Update the key's metadata. self.putJsonResponse(SuperUserServiceKey, params=dict(kid=key['kid']), @@ -3598,7 +3601,7 @@ class TestSuperUserKeyManagement(ApiTestCase): # Ensure a log was added for the modification. kind = LogEntryKind.get(LogEntryKind.name == 'service_key_modify') - self.assertEquals(2, model.log.LogEntry.select().where(LogEntry.kind == kind).count()) + self.assertEquals(existing_modify + 2, model.log.LogEntry.select().where(LogEntry.kind == kind).count()) # Change the key's expiration. self.putJsonResponse(SuperUserServiceKey, params=dict(kid=key['kid']), @@ -3619,12 +3622,55 @@ class TestSuperUserKeyManagement(ApiTestCase): self.getResponse(SuperUserServiceKey, params=dict(kid=key['kid']), expected_code=404) json = self.getJsonResponse(SuperUserServiceKeyManagement) - self.assertEquals(2, len(json['keys'])) + self.assertEquals(3, len(json['keys'])) # Ensure a log was added for the deletion. kind = LogEntryKind.get(LogEntryKind.name == 'service_key_delete') self.assertEquals(1, model.log.LogEntry.select().where(LogEntry.kind == kind).count()) + def test_approve_key(self): + self.login(ADMIN_ACCESS_USER) + + kind = LogEntryKind.get(LogEntryKind.name == 'service_key_approve') + existing_log_count = model.log.LogEntry.select().where(LogEntry.kind == kind).count() + + # Ensure the key is not yet approved. + json = self.getJsonResponse(SuperUserServiceKey, params=dict(kid='kid3')) + self.assertEquals('unapprovedkey', json['name']) + self.assertIsNone(json['approval']) + + # Approve the key. + self.postResponse(SuperUserServiceKeyApproval, params=dict(kid='kid3'), + data=dict(notes='testapprove'), expected_code=201) + + # Ensure the key is approved. + json = self.getJsonResponse(SuperUserServiceKey, params=dict(kid='kid3')) + self.assertEquals('unapprovedkey', json['name']) + self.assertIsNotNone(json['approval']) + self.assertEquals('ServiceKeyApprovalType.SUPERUSER', json['approval']['approval_type']) + self.assertEquals(ADMIN_ACCESS_USER, json['approval']['approver']['username']) + self.assertEquals('testapprove', json['approval']['notes']) + + # Ensure the approval was logged. + kind = LogEntryKind.get(LogEntryKind.name == 'service_key_approve') + self.assertEquals(existing_log_count + 1, model.log.LogEntry.select().where(LogEntry.kind == kind).count()) + + def test_approve_preapproved(self): + self.login(ADMIN_ACCESS_USER) + + new_key = { + 'service': 'coolservice', + 'name': 'mynewkey', + 'metadata': dict(foo='baz'), + 'notes': 'whazzup!?', + 'expiration': timegm((datetime.datetime.now() + datetime.timedelta(days=1)).utctimetuple()), + } + + # Create the key (preapproved automatically) + json = self.postJsonResponse(SuperUserServiceKeyManagement, data=new_key) + + # Try to approve again. + self.postResponse(SuperUserServiceKeyApproval, params=dict(kid=json['kid']), expected_code=201) def test_create_key(self): self.login(ADMIN_ACCESS_USER)