216 lines
8.6 KiB
Python
216 lines
8.6 KiB
Python
# Copyright (c) 2013 Rackspace, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
import six
|
|
|
|
from barbicanclient import client
|
|
from barbicanclient import barbican as barb
|
|
from barbicanclient.tests import keystone_client_fixtures
|
|
from barbicanclient.tests import test_client
|
|
from barbicanclient.barbican import Barbican
|
|
|
|
|
|
class WhenTestingBarbicanCLI(test_client.BaseEntityResource):
|
|
|
|
def setUp(self):
|
|
self._setUp('barbican')
|
|
self.captured_stdout = six.StringIO()
|
|
self.captured_stderr = six.StringIO()
|
|
self.barbican = Barbican(
|
|
stdout=self.captured_stdout,
|
|
stderr=self.captured_stderr
|
|
)
|
|
self.parser = self.barbican.build_option_parser('desc', 'vers')
|
|
|
|
def assert_client_raises(self, args, message):
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
e = self.assertRaises(
|
|
Exception, self.barbican.create_client, argv
|
|
)
|
|
self.assertIn(message, str(e))
|
|
|
|
def create_and_assert_client(self, args):
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
|
|
client = self.barbican.create_client(argv)
|
|
self.assertIsNotNone(client)
|
|
return client
|
|
|
|
def test_should_show_usage_with_help_flag(self):
|
|
e = self.assertRaises(SystemExit, self.barbican.run, ['-h'])
|
|
self.assertEqual(0, e.code)
|
|
self.assertIn('usage', self.captured_stdout.getvalue())
|
|
|
|
def test_should_show_usage_with_no_args(self):
|
|
exit_code = self.barbican.run([])
|
|
self.assertEquals(1, exit_code)
|
|
self.assertIn('usage', self.captured_stderr.getvalue())
|
|
|
|
def test_should_error_if_noauth_and_authurl_both_specified(self):
|
|
args = "--no-auth --os-auth-url http://localhost:5000/v3"
|
|
message = (
|
|
'ERROR: argument --os-auth-url/-A: not allowed with '
|
|
'argument --no-auth/-N'
|
|
)
|
|
self.assert_client_raises(args, message)
|
|
|
|
def _expect_error_with_invalid_noauth_args(self, args):
|
|
expected_err_msg = (
|
|
'ERROR: please specify --endpoint '
|
|
'and --os-project-id (or --os-tenant-id)'
|
|
)
|
|
self.assert_client_raises(args, expected_err_msg)
|
|
|
|
def test_should_error_if_noauth_and_missing_endpoint_tenantid_args(self):
|
|
self._expect_error_with_invalid_noauth_args("--no-auth secret list")
|
|
self._expect_error_with_invalid_noauth_args(
|
|
"--no-auth --endpoint http://xyz secret list")
|
|
self._expect_error_with_invalid_noauth_args(
|
|
"--no-auth --os-tenant-id 123 secret list")
|
|
self._expect_error_with_invalid_noauth_args(
|
|
"--no-auth --os-project-id 123 secret list")
|
|
|
|
def test_should_succeed_if_noauth_with_valid_args_specified(self):
|
|
args = (
|
|
'--no-auth --endpoint {0} --os-tenant-id {1}'
|
|
'secret list'.format(self.endpoint, self.project_id)
|
|
)
|
|
list_secrets_url = '{0}/v1/secrets'.format(self.endpoint)
|
|
self.responses.get(list_secrets_url, json={"secrets": [], "total": 0})
|
|
client = self.create_and_assert_client(args)
|
|
secret_list = client.secrets.list()
|
|
self.assertTrue(self.responses._adapter.called)
|
|
self.assertEqual(1, self.responses._adapter.call_count)
|
|
self.assertEqual([], secret_list)
|
|
|
|
def test_should_error_if_required_keystone_auth_arguments_are_missing(
|
|
self):
|
|
expected_error_msg = (
|
|
'ERROR: please specify the following --os-project-id or'
|
|
' (--os-project-name and --os-project-domain-name) or '
|
|
' (--os-project-name and --os-project-domain-id)'
|
|
)
|
|
self.assert_client_raises(
|
|
'--os-auth-url http://localhost:35357/v2.0 secret list',
|
|
expected_error_msg)
|
|
self.assert_client_raises(
|
|
'--os-auth-url http://localhost:35357/v2.0 --os-username barbican '
|
|
'--os-password barbican secret list',
|
|
expected_error_msg
|
|
)
|
|
|
|
def test_check_auth_arguments_v2(self):
|
|
args = ("--os-username 'bob' --os-password 'jan' --os-auth-url 'boop'"
|
|
" --os-tenant-id 123 --os-identity-api-version '2.0'")
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
api_version = argv.os_identity_api_version
|
|
barbican = Barbican()
|
|
response = barbican.check_auth_arguments(argv, api_version)
|
|
self.assertEqual(True, response)
|
|
|
|
def test_should_fail_check_auth_arguments_v2(self):
|
|
args = ("--os-username bob --os-password jan --os-auth-url boop"
|
|
" --os-identity-api-version 2.0")
|
|
message = 'ERROR: please specify --os-tenant-id or --os-tenant-name'
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
api_version = argv.os_identity_api_version
|
|
e = self.assertRaises(
|
|
Exception,
|
|
self.barbican.check_auth_arguments,
|
|
argv,
|
|
api_version,
|
|
True
|
|
)
|
|
self.assertIn(message, str(e))
|
|
|
|
def test_should_fail_create_client_with_no_auth_url(self):
|
|
args = '--os-auth-token 1234567890 --os-tenant-id 123'
|
|
message = 'ERROR: please specify --os-auth-url'
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
e = self.assertRaises(
|
|
Exception, self.barbican.create_client, argv
|
|
)
|
|
self.assertIn(message, str(e))
|
|
|
|
def test_should_fail_missing_credentials(self):
|
|
message = 'ERROR: please specify authentication credentials'
|
|
args = ''
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
e = self.assertRaises(
|
|
Exception, self.barbican.create_client, argv
|
|
)
|
|
self.assertIn(message, str(e))
|
|
|
|
def test_main(self):
|
|
args = ''
|
|
response = barb.main(args)
|
|
self.assertEqual(1, response)
|
|
|
|
def test_default_endpoint_filter_kwargs_set_correctly(self):
|
|
auth_args = ('--no-auth --endpoint http://barbican_endpoint:9311/v1 '
|
|
'--os-project-id project1')
|
|
argv, remainder = self.parser.parse_known_args(auth_args.split())
|
|
barbican_client = self.barbican.create_client(argv)
|
|
httpclient = barbican_client.secrets._api
|
|
|
|
self.assertEqual(client._DEFAULT_SERVICE_INTERFACE,
|
|
httpclient.interface)
|
|
self.assertEqual(client._DEFAULT_SERVICE_TYPE, httpclient.service_type)
|
|
self.assertEqual(client._DEFAULT_API_VERSION, httpclient.version)
|
|
self.assertIsNone(httpclient.service_name)
|
|
|
|
def test_endpoint_filter_kwargs_set_correctly(self):
|
|
from testtools.content import text_content
|
|
auth_args = ('--no-auth --endpoint http://barbican_endpoint:9311/v1 '
|
|
'--os-project-id project1')
|
|
endpoint_filter_args = ('--interface private '
|
|
'--service-type custom-type '
|
|
'--service-name Burrbican '
|
|
'--region-name RegionTwo '
|
|
'--barbican-api-version v2')
|
|
args = auth_args + ' ' + endpoint_filter_args
|
|
argv, remainder = self.parser.parse_known_args(args.split())
|
|
barbican_client = self.barbican.create_client(argv)
|
|
httpclient = barbican_client.secrets._api
|
|
|
|
self.assertEqual('private', httpclient.interface)
|
|
self.assertEqual('custom-type', httpclient.service_type)
|
|
self.assertEqual('Burrbican', httpclient.service_name)
|
|
self.assertEqual('RegionTwo', httpclient.region_name)
|
|
self.assertEqual('v2', httpclient.version)
|
|
|
|
|
|
class TestBarbicanWithKeystonePasswordAuth(
|
|
keystone_client_fixtures.KeystoneClientFixture):
|
|
|
|
def setUp(self):
|
|
super(TestBarbicanWithKeystonePasswordAuth, self).setUp()
|
|
|
|
self.test_arguments = {
|
|
'--os-username': 'some_user',
|
|
'--os-password': 'some_pass',
|
|
}
|
|
|
|
|
|
class TestBarbicanWithKeystoneTokenAuth(
|
|
keystone_client_fixtures.KeystoneClientFixture):
|
|
|
|
def setUp(self):
|
|
super(TestBarbicanWithKeystoneTokenAuth, self).setUp()
|
|
|
|
self.test_arguments = {
|
|
'--os-auth-token': 'some_token',
|
|
'--os-project-id': 'some_project_id',
|
|
}
|