Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password

endpoints/api/test/test_appspecifictoken.py

@@ -0,0 +1,33 @@
+from endpoints.api.appspecifictokens import AppTokens, AppToken
+from endpoints.api.test.shared import conduct_api_call
+from endpoints.test.shared import client_with_identity
+from test.fixtures import *
+
+def test_app_specific_tokens(app, client):
+  with client_with_identity('devtable', client) as cl:
+    # Add an app specific token.
+    token_data = {'title': 'Testing 123'}
+    resp = conduct_api_call(cl, AppTokens, 'POST', None, token_data, 200).json
+    token_uuid = resp['token']['uuid']
+    assert 'token_code' in resp['token']
+
+    # List the tokens and ensure we have the one added.
+    resp = conduct_api_call(cl, AppTokens, 'GET', None, None, 200).json
+    assert len(resp['tokens'])
+    assert token_uuid in set([token['uuid'] for token in resp['tokens']])
+    assert not set([token['token_code'] for token in resp['tokens'] if 'token_code' in token])
+
+    # Get the token and ensure we have its code.
+    resp = conduct_api_call(cl, AppToken, 'GET', {'token_uuid': token_uuid}, None, 200).json
+    assert resp['token']['uuid'] == token_uuid
+    assert 'token_code' in resp['token']
+
+    # Delete the token.
+    conduct_api_call(cl, AppToken, 'DELETE', {'token_uuid': token_uuid}, None, 204)
+
+    # Ensure the token no longer exists.
+    resp = conduct_api_call(cl, AppTokens, 'GET', None, None, 200).json
+    assert len(resp['tokens'])
+    assert token_uuid not in set([token['uuid'] for token in resp['tokens']])
+
+    conduct_api_call(cl, AppToken, 'GET', {'token_uuid': token_uuid}, None, 404)

endpoints/api/test/test_security.py

@@ -13,6 +13,7 @@ from endpoints.api.signing import RepositorySignatures
 from endpoints.api.search import ConductRepositorySearch
 from endpoints.api.superuser import SuperUserRepositoryBuildLogs, SuperUserRepositoryBuildResource
 from endpoints.api.superuser import SuperUserRepositoryBuildStatus
+from endpoints.api.appspecifictokens import AppTokens, AppToken
 from endpoints.test.shared import client_with_identity, toggle_feature
 
 from test.fixtures import *
@@ -22,9 +23,29 @@ BUILD_PARAMS = {'build_uuid': 'test-1234'}
 REPO_PARAMS = {'repository': 'devtable/someapp'}
 SEARCH_PARAMS = {'query': ''}
 NOTIFICATION_PARAMS = {'namespace': 'devtable', 'repository': 'devtable/simple', 'uuid': 'some uuid'}
-
+TOKEN_PARAMS = {'token_uuid': 'someuuid'}
 
 @pytest.mark.parametrize('resource,method,params,body,identity,expected', [
+  (AppTokens, 'GET', {}, {}, None, 401),
+  (AppTokens, 'GET', {}, {}, 'freshuser', 200),
+  (AppTokens, 'GET', {}, {}, 'reader', 200),
+  (AppTokens, 'GET', {}, {}, 'devtable', 200),
+
+  (AppTokens, 'POST', {}, {}, None, 403),
+  (AppTokens, 'POST', {}, {}, 'freshuser', 400),
+  (AppTokens, 'POST', {}, {}, 'reader', 400),
+  (AppTokens, 'POST', {}, {}, 'devtable', 400),
+
+  (AppToken, 'GET', TOKEN_PARAMS, {}, None, 401),
+  (AppToken, 'GET', TOKEN_PARAMS, {}, 'freshuser', 404),
+  (AppToken, 'GET', TOKEN_PARAMS, {}, 'reader', 404),
+  (AppToken, 'GET', TOKEN_PARAMS, {}, 'devtable', 404),
+
+  (AppToken, 'DELETE', TOKEN_PARAMS, {}, None, 403),
+  (AppToken, 'DELETE', TOKEN_PARAMS, {}, 'freshuser', 404),
+  (AppToken, 'DELETE', TOKEN_PARAMS, {}, 'reader', 404),
+  (AppToken, 'DELETE', TOKEN_PARAMS, {}, 'devtable', 404),
+
   (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, None, 403),
   (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'freshuser', 403),
   (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'reader', 403),