This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/endpoints/v2/test/test_v2auth.py
Evan Cordell 2661db7485 Add flag to enable trust per repo (#2541)
* Add flag to enable trust per repo

* Add api for enabling/disabling trust

* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api

* Add `set_trust` method to repository

* Expose new logkind to UI

* Fix registry tests

* Rebase migrations and regen test.db

* Raise downstreamissue if trust metadata can't be removed

* Refactor change_repo_trust

* Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00

64 lines
2.4 KiB
Python

import pytest
import flask
from flask_principal import Identity, Principal
from endpoints.v2.v2auth import get_tuf_root
from auth import permissions
from util.security.registry_jwt import QUAY_TUF_ROOT, SIGNER_TUF_ROOT, DISABLED_TUF_ROOT
from test import testconfig
from mock import Mock
def admin_identity(namespace, reponame):
identity = Identity('admin')
identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'admin'))
identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'admin'))
return identity
def write_identity(namespace, reponame):
identity = Identity('writer')
identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'write'))
identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'write'))
return identity
def read_identity(namespace, reponame):
identity = Identity('reader')
identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'read'))
identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'read'))
return identity
def app_with_principal():
app = flask.Flask(__name__)
app.config.from_object(testconfig.TestConfig())
principal = Principal(app)
return app, principal
@pytest.mark.parametrize('identity,expected', [
(Identity('anon'), QUAY_TUF_ROOT),
(read_identity("namespace", "repo"), QUAY_TUF_ROOT),
(read_identity("different", "repo"), QUAY_TUF_ROOT),
(admin_identity("different", "repo"), QUAY_TUF_ROOT),
(write_identity("different", "repo"), QUAY_TUF_ROOT),
(admin_identity("namespace", "repo"), SIGNER_TUF_ROOT),
(write_identity("namespace", "repo"), SIGNER_TUF_ROOT),
])
def test_get_tuf_root(identity, expected):
app, principal = app_with_principal()
with app.test_request_context('/'):
principal.set_identity(identity)
actual = get_tuf_root(Mock(), "namespace", "repo")
assert actual == expected, "should be %s, but was %s" % (expected, actual)
@pytest.mark.parametrize('trust_enabled,tuf_root', [
(True, QUAY_TUF_ROOT),
(False, DISABLED_TUF_ROOT),
])
def test_trust_disabled(trust_enabled,tuf_root):
app, principal = app_with_principal()
with app.test_request_context('/'):
principal.set_identity(read_identity("namespace", "repo"))
actual = get_tuf_root(Mock(trust_enabled=trust_enabled), "namespace", "repo")
assert actual == tuf_root, "should be %s, but was %s" % (tuf_root, actual)