initial import for Open Source 🎉

endpoints/appr/test/test_api.py

@@ -0,0 +1,163 @@
+import uuid
+
+import pytest
+
+from cnr.tests.conftest import *
+from cnr.tests.test_apiserver import BaseTestServer
+from cnr.tests.test_models import CnrTestModels
+
+import data.appr_model.blob as appr_blob
+
+from data.database import User
+from data.model import organization, user
+from endpoints.appr import registry # Needed to register the endpoint
+from endpoints.appr.cnr_backend import Channel, Package, QuayDB
+from endpoints.appr.models_cnr import model as appr_app_model
+
+from test.fixtures import *
+
+
+def create_org(namespace, owner):
+  try:
+    User.get(username=namespace)
+  except User.DoesNotExist:
+    organization.create_organization(namespace, "%s@test.com" % str(uuid.uuid1()), owner)
+
+
+class ChannelTest(Channel):
+  @classmethod
+  def dump_all(cls, package_class=None):
+    result = []
+    for repo in appr_app_model.list_applications(with_channels=True):
+      for chan in repo.channels:
+        result.append({'name': chan.name, 'current': chan.current, 'package': repo.name})
+    return result
+
+
+class PackageTest(Package):
+  def _save(self, force, **kwargs):
+    owner = user.get_user('devtable')
+    create_org(self.namespace, owner)
+    super(PackageTest, self)._save(force, user=owner, visibility="public")
+
+  @classmethod
+  def create_repository(cls, package_name, visibility, owner):
+    ns, _ = package_name.split("/")
+    owner = user.get_user('devtable')
+    visibility = "public"
+    create_org(ns, owner)
+    return super(PackageTest, cls).create_repository(package_name, visibility, owner)
+
+  @classmethod
+  def dump_all(cls, blob_cls):
+    result = []
+    for repo in appr_app_model.list_applications(with_channels=True):
+      package_name = repo.name
+      for release in repo.releases:
+        for mtype in cls.manifests(package_name, release):
+          package = appr_app_model.fetch_release(package_name, release, mtype)
+          blob = blob_cls.get(package_name, package.manifest.content.digest)
+          app_data = cls._apptuple_to_dict(package)
+          app_data.pop('digest')
+          app_data['channels'] = [
+            x.name
+            for x in appr_app_model.list_release_channels(package_name, package.release, False)
+          ]
+          app_data['blob'] = blob.b64blob
+          result.append(app_data)
+    return result
+
+
+@pytest.fixture(autouse=True)
+def quaydb(monkeypatch, app):
+  monkeypatch.setattr('endpoints.appr.cnr_backend.QuayDB.Package', PackageTest)
+  monkeypatch.setattr('endpoints.appr.cnr_backend.Package', PackageTest)
+  monkeypatch.setattr('endpoints.appr.registry.Package', PackageTest)
+  monkeypatch.setattr('cnr.models.Package', PackageTest)
+
+  monkeypatch.setattr('endpoints.appr.cnr_backend.QuayDB.Channel', ChannelTest)
+  monkeypatch.setattr('endpoints.appr.registry.Channel', ChannelTest)
+  monkeypatch.setattr('cnr.models.Channel', ChannelTest)
+
+
+class TestServerQuayDB(BaseTestServer):
+  DB_CLASS = QuayDB
+
+  @property
+  def token(self):
+    return "basic ZGV2dGFibGU6cGFzc3dvcmQ="
+
+  def test_search_package_match(self, db_with_data1, client):
+    """ TODO: search cross namespace and package name """
+    BaseTestServer.test_search_package_match(self, db_with_data1, client)
+
+  def test_list_search_package_match(self, db_with_data1, client):
+    url = self._url_for("api/v1/packages")
+    res = self.Client(client, self.headers()).get(url, params={'query': 'rocketchat'})
+    assert res.status_code == 200
+    assert len(self.json(res)) == 1
+
+  def test_list_search_package_no_match(self, db_with_data1, client):
+    url = self._url_for("api/v1/packages")
+    res = self.Client(client, self.headers()).get(url, params={'query': 'toto'})
+    assert res.status_code == 200
+    assert len(self.json(res)) == 0
+
+  @pytest.mark.xfail
+  def test_push_package_already_exists_force(self, db_with_data1, package_b64blob, client):
+    """ No force push implemented """
+    BaseTestServer.test_push_package_already_exists_force(self, db_with_data1, package_b64blob,
+                                                          client)
+
+  @pytest.mark.xfail
+  def test_delete_channel_release_absent_release(self, db_with_data1, client):
+    BaseTestServer.test_delete_channel_release_absent_release(self, db_with_data1, client)
+
+  @pytest.mark.xfail
+  def test_get_absent_blob(self, newdb, client):
+    pass
+
+
+class TestQuayModels(CnrTestModels):
+  DB_CLASS = QuayDB
+
+  @pytest.mark.xfail
+  def test_channel_delete_releases(self, db_with_data1):
+    """ Can't remove a release from the channel, only delete the channel entirely """
+    CnrTestModels.test_channel_delete_releases(self, db_with_data1)
+
+  @pytest.mark.xfail
+  def test_forbiddeb_db_reset(self, db_class):
+    pass
+
+  @pytest.mark.xfail
+  def test_db_restore(self, newdb, dbdata1):
+    # This will fail as long as CNR tests use a mediatype with v1.
+    pass
+
+  def test_push_same_blob(self, db_with_data1):
+    p = db_with_data1.Package.get("titi/rocketchat", ">1.2", 'kpm')
+    assert p.package == "titi/rocketchat"
+    assert p.release == "2.0.1"
+    assert p.digest == "d3b54b7912fe770a61b59ab612a442eac52a8a5d8d05dbe92bf8f212d68aaa80"
+    blob = db_with_data1.Blob.get("titi/rocketchat", p.digest)
+    bdb = appr_blob.get_blob(p.digest, appr_app_model.models_ref)
+    newblob = db_with_data1.Blob("titi/app2", blob.b64blob)
+    p2 = db_with_data1.Package("titi/app2", "1.0.0", "helm", newblob)
+    p2.save()
+    b2db = appr_blob.get_blob(p2.digest, appr_app_model.models_ref)
+    assert b2db.id == bdb.id
+
+  def test_force_push_different_blob(self, db_with_data1):
+    p = db_with_data1.Package.get("titi/rocketchat", "2.0.1", 'kpm')
+    assert p.package == "titi/rocketchat"
+    assert p.release == "2.0.1"
+    assert p.digest == "d3b54b7912fe770a61b59ab612a442eac52a8a5d8d05dbe92bf8f212d68aaa80"
+    blob = db_with_data1.Blob.get(
+      "titi/rocketchat", "72ed15c9a65961ecd034cca098ec18eb99002cd402824aae8a674a8ae41bd0ef")
+    p2 = db_with_data1.Package("titi/rocketchat", "2.0.1", "kpm", blob)
+    p2.save(force=True)
+    pnew = db_with_data1.Package.get("titi/rocketchat", "2.0.1", 'kpm')
+    assert pnew.package == "titi/rocketchat"
+    assert pnew.release == "2.0.1"
+    assert pnew.digest == "72ed15c9a65961ecd034cca098ec18eb99002cd402824aae8a674a8ae41bd0ef"

endpoints/appr/test/test_api_security.py

@@ -0,0 +1,97 @@
+import base64
+import pytest
+
+from flask import url_for
+
+from data import model
+from endpoints.appr.registry import appr_bp, blobs
+from endpoints.test.shared import client_with_identity
+from test.fixtures import *
+
+BLOB_ARGS = {'digest': 'abcd1235'}
+PACKAGE_ARGS = {'release': 'r', 'media_type': 'foo'}
+RELEASE_ARGS = {'release': 'r'}
+CHANNEL_ARGS = {'channel_name': 'c'}
+CHANNEL_RELEASE_ARGS = {'channel_name': 'c', 'release': 'r'}
+
+@pytest.mark.parametrize('resource,method,params,owned_by,is_public,identity,expected', [
+  ('appr.blobs', 'GET', BLOB_ARGS, 'devtable', False, 'public', 403),
+  ('appr.blobs', 'GET', BLOB_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.blobs', 'GET', BLOB_ARGS, 'devtable', True, 'public', 404),
+  ('appr.blobs', 'GET', BLOB_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.delete_package', 'DELETE', PACKAGE_ARGS, 'devtable', False, 'public', 403),
+  ('appr.delete_package', 'DELETE', PACKAGE_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.delete_package', 'DELETE', PACKAGE_ARGS, 'devtable', True, 'public', 403),
+  ('appr.delete_package', 'DELETE', PACKAGE_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.show_package', 'GET', PACKAGE_ARGS, 'devtable', False, 'public', 403),
+  ('appr.show_package', 'GET', PACKAGE_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.show_package', 'GET', PACKAGE_ARGS, 'devtable', True, 'public', 404),
+  ('appr.show_package', 'GET', PACKAGE_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.show_package_releases', 'GET', {}, 'devtable', False, 'public', 403),
+  ('appr.show_package_releases', 'GET', {}, 'devtable', False, 'devtable', 200),
+  ('appr.show_package_releases', 'GET', {}, 'devtable', True, 'public', 200),
+  ('appr.show_package_releases', 'GET', {}, 'devtable', True, 'devtable', 200),
+
+  ('appr.show_package_release_manifests', 'GET', RELEASE_ARGS, 'devtable', False, 'public', 403),
+  ('appr.show_package_release_manifests', 'GET', RELEASE_ARGS, 'devtable', False, 'devtable', 200),
+  ('appr.show_package_release_manifests', 'GET', RELEASE_ARGS, 'devtable', True, 'public', 200),
+  ('appr.show_package_release_manifests', 'GET', RELEASE_ARGS, 'devtable', True, 'devtable', 200),
+
+  ('appr.pull', 'GET', PACKAGE_ARGS, 'devtable', False, 'public', 403),
+  ('appr.pull', 'GET', PACKAGE_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.pull', 'GET', PACKAGE_ARGS, 'devtable', True, 'public', 404),
+  ('appr.pull', 'GET', PACKAGE_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.push', 'POST', {}, 'devtable', False, 'public', 403),
+  ('appr.push', 'POST', {}, 'devtable', False, 'devtable', 400),
+  ('appr.push', 'POST', {}, 'devtable', True, 'public', 403),
+  ('appr.push', 'POST', {}, 'devtable', True, 'devtable', 400),
+
+  ('appr.list_channels', 'GET', {}, 'devtable', False, 'public', 403),
+  ('appr.list_channels', 'GET', {}, 'devtable', False, 'devtable', 200),
+  ('appr.list_channels', 'GET', {}, 'devtable', True, 'public', 200),
+  ('appr.list_channels', 'GET', {}, 'devtable', True, 'devtable', 200),
+
+  ('appr.show_channel', 'GET', CHANNEL_ARGS, 'devtable', False, 'public', 403),
+  ('appr.show_channel', 'GET', CHANNEL_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.show_channel', 'GET', CHANNEL_ARGS, 'devtable', True, 'public', 404),
+  ('appr.show_channel', 'GET', CHANNEL_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.delete_channel', 'DELETE', CHANNEL_ARGS, 'devtable', False, 'public', 403),
+  ('appr.delete_channel', 'DELETE', CHANNEL_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.delete_channel', 'DELETE', CHANNEL_ARGS, 'devtable', True, 'public', 403),
+  ('appr.delete_channel', 'DELETE', CHANNEL_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.add_channel_release', 'POST', CHANNEL_RELEASE_ARGS, 'devtable', False, 'public', 403),
+  ('appr.add_channel_release', 'POST', CHANNEL_RELEASE_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.add_channel_release', 'POST', CHANNEL_RELEASE_ARGS, 'devtable', True, 'public', 403),
+  ('appr.add_channel_release', 'POST', CHANNEL_RELEASE_ARGS, 'devtable', True, 'devtable', 404),
+
+  ('appr.delete_channel_release', 'DELETE', CHANNEL_RELEASE_ARGS, 'devtable', False, 'public', 403),
+  ('appr.delete_channel_release', 'DELETE', CHANNEL_RELEASE_ARGS, 'devtable', False, 'devtable', 404),
+  ('appr.delete_channel_release', 'DELETE', CHANNEL_RELEASE_ARGS, 'devtable', True, 'public', 403),
+  ('appr.delete_channel_release', 'DELETE', CHANNEL_RELEASE_ARGS, 'devtable', True, 'devtable', 404),
+])
+def test_api_security(resource, method, params, owned_by, is_public, identity, expected, app, client):
+  app.register_blueprint(appr_bp, url_prefix='/cnr')
+
+  with client_with_identity(identity, client) as cl:
+    owner = model.user.get_user(owned_by)
+    visibility = 'public' if is_public else 'private'
+    model.repository.create_repository(owned_by, 'someapprepo', owner, visibility=visibility,
+                                       repo_kind='application')
+
+    params['namespace'] = owned_by
+    params['package_name'] = 'someapprepo'
+    params['_csrf_token'] = '123csrfforme'
+
+    url = url_for(resource, **params)
+    headers = {}
+    if identity is not None:
+      headers['authorization'] = 'basic ' + base64.b64encode('%s:password' % identity)
+
+    rv = cl.open(url, headers=headers, method=method)
+    assert rv.status_code == expected

endpoints/appr/test/test_appr_decorators.py

@@ -0,0 +1,20 @@
+import pytest
+
+from werkzeug.exceptions import HTTPException
+
+from data import model
+from endpoints.appr import require_app_repo_read
+
+from test.fixtures import *
+
+def test_require_app_repo_read(app):
+  called = [False]
+
+  # Ensure that trying to read an *image* repository fails.
+  @require_app_repo_read
+  def empty(**kwargs):
+    called[0] = True
+
+  with pytest.raises(HTTPException):
+    empty(namespace='devtable', package_name='simple')
+    assert not called[0]

endpoints/appr/test/test_digest_prefix.py

@@ -0,0 +1,11 @@
+import pytest
+from endpoints.appr.models_cnr import _strip_sha256_header
+
+
+@pytest.mark.parametrize('digest,expected', [
+  ('sha256:251b6897608fb18b8a91ac9abac686e2e95245d5a041f2d1e78fe7a815e6480a',
+   '251b6897608fb18b8a91ac9abac686e2e95245d5a041f2d1e78fe7a815e6480a'),
+  ('251b6897608fb18b8a91ac9abac686e2e95245d5a041f2d1e78fe7a815e6480a',
+   '251b6897608fb18b8a91ac9abac686e2e95245d5a041f2d1e78fe7a815e6480a'),])
+def test_stip_sha256(digest, expected):
+  assert _strip_sha256_header(digest) == expected

endpoints/appr/test/test_registry.py

@@ -0,0 +1,92 @@
+import base64
+import json
+
+from mock import patch
+
+import pytest
+
+from flask import url_for
+
+from data import model
+from endpoints.appr.registry import appr_bp
+
+from test.fixtures import *
+
+
+@pytest.mark.parametrize('login_data, expected_code', [
+  ({
+    "username": "devtable",
+    "password": "password"
+  }, 200),
+  ({
+    "username": "devtable",
+    "password": "badpass"
+  }, 401),
+  ({
+    "username": "devtable+dtrobot",
+    "password": "badpass"
+  }, 401),
+  ({
+    "username": "devtable+dtrobot2",
+    "password": "badpass"
+  }, 401),
+])
+def test_login(login_data, expected_code, app, client):
+  if "+" in login_data['username'] and login_data['password'] is None:
+    username, robotname = login_data['username'].split("+")
+    _, login_data['password'] = model.user.create_robot(robotname, model.user.get_user(username))
+
+  url = url_for('appr.login')
+  headers = {'Content-Type': 'application/json'}
+  data = {'user': login_data}
+
+  rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
+  assert rv.status_code == expected_code
+
+
+@pytest.mark.parametrize('release_name', [
+  '1.0',
+  '1',
+  1,
+])
+def test_invalid_release_name(release_name, app, client):
+  params = {
+    'namespace': 'devtable',
+    'package_name': 'someapprepo',
+  }
+
+  url = url_for('appr.push', **params)
+  auth = base64.b64encode('devtable:password')
+  headers = {'Content-Type': 'application/json', 'Authorization': 'Basic ' + auth}
+  data = {
+    'release': release_name,
+    'media_type': 'application/vnd.cnr.manifest.v1+json',
+    'blob': 'H4sIAFQwWVoAA+3PMQrCQBAF0Bxlb+Bk143nETGIIEoSC29vMMFOu3TvNb/5DH/Ot8f02jWbiohDremT3ZKR90uuUlty7nKJNmqKtkQuTarbzlo8x+k4zFOu4+lyH4afvbnW93/urH98EwAAAAAAAAAAADb0BsdwExIAKAAA',
+  }
+
+  rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
+  assert rv.status_code == 422
+
+
+@pytest.mark.parametrize('readonly, expected_status', [
+  (True, 405),
+  (False, 422),
+])
+def test_readonly(readonly, expected_status, app, client):
+  params = {
+    'namespace': 'devtable',
+    'package_name': 'someapprepo',
+  }
+
+  url = url_for('appr.push', **params)
+  auth = base64.b64encode('devtable:password')
+  headers = {'Content-Type': 'application/json', 'Authorization': 'Basic ' + auth}
+  data = {
+    'release': '1.0',
+    'media_type': 'application/vnd.cnr.manifest.v0+json',
+    'blob': 'H4sIAFQwWVoAA+3PMQrCQBAF0Bxlb+Bk143nETGIIEoSC29vMMFOu3TvNb/5DH/Ot8f02jWbiohDremT3ZKR90uuUlty7nKJNmqKtkQuTarbzlo8x+k4zFOu4+lyH4afvbnW93/urH98EwAAAAAAAAAAADb0BsdwExIAKAAA',
+  }
+
+  with patch('endpoints.appr.models_cnr.model.is_readonly', readonly):
+    rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
+    assert rv.status_code == expected_status