vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Remove license code in Quay

Browse source 
No longer needed under Red Hat rules \o/

Fixes https://jira.coreos.com/browse/QUAY-883
This commit is contained in:
Joseph Schorr 2018-03-20 17:03:35 -04:00
parent 041a7fcd36
commit 3586955669
23 changed files with 19 additions and 1471 deletions
Download patch file Download diff file Expand all files Collapse all files

33
test/test_api_security.py
View file

@ -51,7 +51,7 @@ from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserMana
SuperUserOrganizationManagement, SuperUserOrganizationList,
SuperUserAggregateLogs, SuperUserServiceKeyManagement,
SuperUserServiceKey, SuperUserServiceKeyApproval,
SuperUserTakeOwnership, SuperUserLicense,
SuperUserTakeOwnership,
SuperUserCustomCertificates,
SuperUserCustomCertificate, SuperUserRepositoryBuildLogs,
SuperUserRepositoryBuildResource, SuperUserRepositoryBuildStatus)
@ -4187,37 +4187,6 @@ class TestSuperUserCustomCertificate(ApiTestCase):
self._run_test('DELETE', 204, 'devtable', None)
class TestSuperUserLicense(ApiTestCase):
def setUp(self):
ApiTestCase.setUp(self)
self._set_url(SuperUserLicense)
def test_get_anonymous(self):
self._run_test('GET', 401, None, None)
def test_get_freshuser(self):
self._run_test('GET', 403, 'freshuser', None)
def test_get_reader(self):
self._run_test('GET', 403, 'reader', None)
def test_get_devtable(self):
self._run_test('GET', 200, 'devtable', None)
def test_put_anonymous(self):
self._run_test('PUT', 401, None, {})
def test_put_freshuser(self):
self._run_test('PUT', 403, 'freshuser', {'license': ''})
def test_put_reader(self):
self._run_test('PUT', 403, 'reader', {'license': ''})
def test_put_devtable(self):
self._run_test('PUT', 400, 'devtable', {'license': ''})
class TestSuperUserManagement(ApiTestCase):
def setUp(self):
ApiTestCase.setUp(self)

11
test/test_api_usage.py
View file

@ -4036,20 +4036,13 @@ class TestSuperUserCreateInitialSuperUser(ApiTestCase):
class TestSuperUserConfig(ApiTestCase):
def test_get_status_update_config(self):
# With no config the status should be 'upload-license'.
# With no config the status should be 'config-db'.
json = self.getJsonResponse(SuperUserRegistryStatus)
self.assertEquals('upload-license', json['status'])
self.assertEquals('config-db', json['status'])
# And the config should 401.
self.getResponse(SuperUserConfig, expected_code=401)
# Add a fake license file.
config_provider.save_license('something')
# With no config but a license the status should be 'config-db'.
json = self.getJsonResponse(SuperUserRegistryStatus)
self.assertEquals('config-db', json['status'])
# Add some fake config.
fake_config = {
'AUTHENTICATION_TYPE': 'Database',

570
test/test_license.py
View file

@ -1,570 +0,0 @@
import unittest
from datetime import datetime, timedelta
import jwt
import json
from Crypto.PublicKey import RSA
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_der_public_key
from util.license import (decode_license, LicenseDecodeError, ExpirationType,
MONTHLY_GRACE_PERIOD, YEARLY_GRACE_PERIOD, TRIAL_GRACE_PERIOD,
QUAY_DEPLOYMENTS_ENTITLEMENT, QUAY_ENTITLEMENT)
def get_date(delta):
return str(datetime.now() + delta)
class TestLicense(unittest.TestCase):
def keys(self):
with open('test/data/test.pem') as f:
private_key = f.read()
public_key = load_der_public_key(RSA.importKey(private_key).publickey().exportKey('DER'),
backend=default_backend())
return (public_key, private_key)
def create_license(self, license_data, keys=None):
jwt_data = {
'license': json.dumps(license_data),
}
(public_key, private_key) = keys or self.keys()
# Encode the license with the JWT key.
encoded = jwt.encode(jwt_data, private_key, algorithm='RS256')
# Decode it into a license object.
return decode_license(encoded, public_key_instance=public_key)
def test_license_decodeerror_invalid(self):
with self.assertRaises(LicenseDecodeError):
decode_license('some random stuff')
def test_license_decodeerror_badkey(self):
(_, private_key) = self.keys()
jwt_data = {
'license': json.dumps({}),
}
encoded_stuff = jwt.encode(jwt_data, private_key, algorithm='RS256')
with self.assertRaises(LicenseDecodeError):
# Note that since we don't give a key here, the prod one will be used, and it should fail.
decode_license(encoded_stuff)
def assertValid(self, license, config=None):
results = license.validate(config or {})
is_met = all([r.is_met() for r in results])
self.assertTrue(is_met, [r for r in results if not r.is_met()])
def assertNotValid(self, license, config=None, requirement=None, expired=None):
results = license.validate(config or {})
is_met = all([r.is_met() for r in results])
self.assertFalse(is_met)
invalid_results = [r for r in results if not r.is_met()]
if requirement is not None:
self.assertEquals(invalid_results[0].requirement.name, requirement)
if expired is not None:
self.assertEquals(invalid_results[0].entitlement.expiration.expiration_type, expired)
def test_missing_subscriptions(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
})
self.assertNotValid(license, requirement=QUAY_ENTITLEMENT)
def test_empty_subscriptions(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {},
})
self.assertNotValid(license, requirement=QUAY_ENTITLEMENT)
def test_missing_quay_entitlement(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_DEPLOYMENTS_ENTITLEMENT: 0,
},
},
},
})
self.assertNotValid(license, requirement=QUAY_ENTITLEMENT)
def test_valid_quay_entitlement(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertValid(license)
def test_missing_expiration(self):
license = self.create_license({
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertNotValid(license, expired=ExpirationType.license_wide)
def test_expired_license(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=-10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertNotValid(license, expired=ExpirationType.license_wide)
def test_expired_sub_implicit_monthly_withingrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(MONTHLY_GRACE_PERIOD * -1 + timedelta(days=1)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertValid(license)
def test_expired_sub_monthly_withingrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(MONTHLY_GRACE_PERIOD * -1 + timedelta(days=1)),
"durationPeriod": "monthly",
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertValid(license)
def test_expired_sub_monthly_outsidegrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(MONTHLY_GRACE_PERIOD * -1 + timedelta(days=-1)),
"durationPeriod": "monthly",
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertNotValid(license, expired=ExpirationType.monthly)
def test_expired_sub_yearly_withingrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(YEARLY_GRACE_PERIOD * -1 + timedelta(days=1)),
"durationPeriod": "yearly",
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertValid(license)
def test_expired_sub_yearly_outsidegrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(YEARLY_GRACE_PERIOD * -1 + timedelta(days=-1)),
"durationPeriod": "yearly",
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertNotValid(license, expired=ExpirationType.yearly)
def test_expired_sub_intrial_withingrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=1)),
"inTrial": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertValid(license)
def test_expired_sub_intrial_outsidegrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=-1)),
"inTrial": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertNotValid(license, expired=ExpirationType.in_trial)
def test_expired_sub_trialonly_withingrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"trialEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=1)),
"trialOnly": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertValid(license)
def test_expired_sub_trialonly_outsidegrace(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"trialEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=-1)),
"trialOnly": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
self.assertNotValid(license, expired=ExpirationType.trial_only)
def test_valid_quay_entitlement_regions(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
],
}
self.assertValid(license, config=config)
def test_invalid_quay_entitlement_regions(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertNotValid(license, config=config, requirement=QUAY_DEPLOYMENTS_ENTITLEMENT)
def test_valid_regions_across_multiple_sub(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
"anothersub": {
"serviceEnd": get_date(timedelta(days=20)),
"entitlements": {
QUAY_DEPLOYMENTS_ENTITLEMENT: 5,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertValid(license, config=config)
def test_valid_regions_across_multiple_sub_one_expired(self):
# Setup a license with one sub having too few regions, and another having enough, but it is
# expired.
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"serviceEnd": get_date(timedelta(days=10)),
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 1,
},
},
"anothersub": {
"trialEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=-1)),
"trialOnly": True,
"entitlements": {
QUAY_DEPLOYMENTS_ENTITLEMENT: 5,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertNotValid(license, config=config, requirement=QUAY_DEPLOYMENTS_ENTITLEMENT,
expired=ExpirationType.trial_only)
def test_valid_regions_across_multiple_sub_one_expired(self):
service_end = get_date(timedelta(days=20))
expiration_date = get_date(timedelta(days=10))
license = self.create_license({
"expirationDate": expiration_date,
"subscriptions": {
"somesub": {
"trialEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=-1)),
"trialOnly": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 3,
},
},
"anothersub": {
"serviceEnd": service_end,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 5,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertValid(license, config=config)
entitlements = license.validate(config)
self.assertEquals(2, len(entitlements))
self.assertEntitlement(entitlements[0], QUAY_ENTITLEMENT, expiration_date)
self.assertEntitlement(entitlements[1], QUAY_DEPLOYMENTS_ENTITLEMENT, expiration_date)
def test_quay_is_under_expired_sub(self):
license = self.create_license({
"expirationDate": get_date(timedelta(days=10)),
"subscriptions": {
"somesub": {
"trialEnd": get_date(TRIAL_GRACE_PERIOD * -1 + timedelta(days=-1)),
"trialOnly": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 3,
},
},
"anothersub": {
"serviceEnd": get_date(timedelta(days=20)),
"entitlements": {
QUAY_DEPLOYMENTS_ENTITLEMENT: 5,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertNotValid(license, config=config, expired=ExpirationType.trial_only,
requirement=QUAY_ENTITLEMENT)
def assertEntitlement(self, entitlement, expected_name, expected_date):
self.assertEquals(expected_name, entitlement.requirement.name)
self.assertEquals(expected_date, str(entitlement.entitlement.expiration.expiration_date))
def test_license_with_multiple_subscriptions(self):
service_end = get_date(timedelta(days=20))
expiration_date = get_date(timedelta(days=10))
trial_end = get_date(timedelta(days=2))
license = self.create_license({
"expirationDate": expiration_date,
"subscriptions": {
"realsub": {
"serviceEnd": service_end,
"entitlements": {
QUAY_ENTITLEMENT: 1,
},
},
"trialsub": {
"trialEnd": trial_end,
"trialOnly": True,
"inTrial": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 3,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertValid(license, config=config)
entitlements = license.validate(config)
self.assertEquals(2, len(entitlements))
self.assertEntitlement(entitlements[0], QUAY_ENTITLEMENT, expiration_date)
self.assertEntitlement(entitlements[1], QUAY_DEPLOYMENTS_ENTITLEMENT, trial_end)
def test_license_with_multiple_subscriptions_one_expired(self):
service_end = get_date(timedelta(days=20))
expiration_date = get_date(timedelta(days=10))
trial_end = get_date(timedelta(days=-2))
license = self.create_license({
"expirationDate": expiration_date,
"subscriptions": {
"realsub": {
"serviceEnd": service_end,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 3,
},
},
"trialsub": {
"trialEnd": trial_end,
"trialOnly": True,
"inTrial": True,
"entitlements": {
QUAY_ENTITLEMENT: 1,
QUAY_DEPLOYMENTS_ENTITLEMENT: 3,
},
},
},
})
config = {
'DISTRIBUTED_STORAGE_CONFIG': [
{'name': 'first'},
{'name': 'second'},
],
}
self.assertValid(license, config=config)
entitlements = license.validate(config)
self.assertEquals(2, len(entitlements))
self.assertEntitlement(entitlements[0], QUAY_ENTITLEMENT, expiration_date)
self.assertEntitlement(entitlements[1], QUAY_DEPLOYMENTS_ENTITLEMENT, expiration_date)
if __name__ == '__main__':
unittest.main()

2
test/test_suconfig_api.py
View file

@ -21,7 +21,7 @@ class TestSuperUserRegistryStatus(ApiTestCase):
def test_registry_status(self):
with FreshConfigProvider():
json = self.getJsonResponse(SuperUserRegistryStatus)
self.assertEquals('upload-license', json['status'])
self.assertEquals('config-db', json['status'])
class TestSuperUserConfigFile(ApiTestCase):