2661db7485
* Add flag to enable trust per repo * Add api for enabling/disabling trust * Add new LogEntryKind for changing repo trust settings Also add tests for repo trust api * Add `set_trust` method to repository * Expose new logkind to UI * Fix registry tests * Rebase migrations and regen test.db * Raise downstreamissue if trust metadata can't be removed * Refactor change_repo_trust * Add show_if to change_repo_trust endpoint
54 lines
3 KiB
Python
54 lines
3 KiB
Python
import pytest
|
|
from flask_principal import AnonymousIdentity
|
|
|
|
from endpoints.api import api
|
|
from endpoints.api.team import OrganizationTeamSyncing
|
|
from endpoints.api.test.shared import client_with_identity, conduct_api_call
|
|
from endpoints.api.superuser import SuperUserRepositoryBuildLogs, SuperUserRepositoryBuildResource
|
|
from endpoints.api.superuser import SuperUserRepositoryBuildStatus
|
|
from endpoints.api.signing import RepositorySignatures
|
|
from endpoints.api.repository import RepositoryTrust
|
|
from test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
|
|
|
|
TEAM_PARAMS = {'orgname': 'buynlarge', 'teamname': 'owners'}
|
|
BUILD_PARAMS = {'build_uuid': 'test-1234'}
|
|
REPO_PARAMS = {'repository': 'devtable/someapp'}
|
|
|
|
@pytest.mark.parametrize('resource,method,params,body,identity,expected', [
|
|
(OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, None, 403),
|
|
(OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'freshuser', 403),
|
|
(OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'reader', 403),
|
|
(OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'devtable', 400),
|
|
|
|
(OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, None, 403),
|
|
(OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, 'freshuser', 403),
|
|
(OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, 'reader', 403),
|
|
(OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, 'devtable', 200),
|
|
|
|
(SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, None, 401),
|
|
(SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
|
|
(SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, 'reader', 403),
|
|
(SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, 'devtable', 400),
|
|
|
|
(SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, None, 401),
|
|
(SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
|
|
(SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, 'reader', 403),
|
|
(SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, 'devtable', 400),
|
|
|
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, None, 401),
|
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
|
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
|
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'devtable', 404),
|
|
|
|
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
|
|
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
|
|
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 200),
|
|
|
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, None, 403),
|
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'freshuser', 403),
|
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'reader', 403),
|
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'devtable', 404),
|
|
])
|
|
def test_api_security(resource, method, params, body, identity, expected, client):
|
|
with client_with_identity(identity, client) as cl:
|
|
conduct_api_call(cl, resource, method, params, body, expected)
|