X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=modules%2Flibjuju%2Ftests%2Fintegration%2Ftest_controller.py;h=6423a98892c6b43b39322a84a65bfe8b3949e830;hb=f5b4b20b4ea114432a2096047262e874155b5c41;hp=9c6f7ac45eb939e735b990e29c800ef4b3697d79;hpb=c3e6c2ec9a1fddfc8e9bd31509b366e633b6d99e;p=osm%2FN2VC.git diff --git a/modules/libjuju/tests/integration/test_controller.py b/modules/libjuju/tests/integration/test_controller.py index 9c6f7ac..6423a98 100644 --- a/modules/libjuju/tests/integration/test_controller.py +++ b/modules/libjuju/tests/integration/test_controller.py @@ -1,8 +1,10 @@ import asyncio -import pytest +import subprocess import uuid from juju.client.connection import Connection +from juju.client.jujudata import FileJujuData +from juju.controller import Controller from juju.errors import JujuAPIError import pytest @@ -19,6 +21,7 @@ async def test_add_remove_user(event_loop): assert user is None user = await controller.add_user(username) assert user is not None + assert user.secret_key is not None assert user.username == username users = await controller.get_users() assert any(u.username == username for u in users) @@ -74,6 +77,33 @@ async def test_change_user_password(event_loop): await new_connection.close() +@base.bootstrapped +@pytest.mark.asyncio +async def test_reset_user_password(event_loop): + async with base.CleanController() as controller: + username = 'test{}'.format(uuid.uuid4()) + user = await controller.add_user(username) + origin_secret_key = user.secret_key + await user.set_password('password') + await controller.reset_user_password(username) + user = await controller.get_user(username) + new_secret_key = user.secret_key + # Check secret key is different after the reset. + assert origin_secret_key != new_secret_key + # Check that we can't connect with the old password. + new_connection = None + try: + kwargs = controller.connection().connect_params() + kwargs['username'] = username + kwargs['password'] = 'password' + new_connection = await Connection.connect(**kwargs) + except JujuAPIError: + pass + finally: + # No connection with old password + assert new_connection is None + + @base.bootstrapped @pytest.mark.asyncio async def test_grant_revoke(event_loop): @@ -89,9 +119,9 @@ async def test_grant_revoke(event_loop): fresh = await controller.get_user(username) # fetch fresh copy assert fresh.access == 'superuser' await user.revoke() - assert user.access is '' + assert user.access == '' fresh = await controller.get_user(username) # fetch fresh copy - assert fresh.access is '' + assert fresh.access == '' @base.bootstrapped @@ -168,3 +198,31 @@ async def test_add_destroy_model_by_uuid(event_loop): await asyncio.wait_for(_wait_for_model_gone(controller, model_name), timeout=60) + + +# this test must be run serially because it modifies the login password +@pytest.mark.serial +@base.bootstrapped +@pytest.mark.asyncio +async def test_macaroon_auth(event_loop): + jujudata = FileJujuData() + account = jujudata.accounts()[jujudata.current_controller()] + with base.patch_file('~/.local/share/juju/accounts.yaml'): + if 'password' in account: + # force macaroon auth by "changing" password to current password + result = subprocess.run( + ['juju', 'change-user-password'], + input='{0}\n{0}\n'.format(account['password']), + universal_newlines=True, + stderr=subprocess.PIPE) + assert result.returncode == 0, ('Failed to change password: ' + '{}'.format(result.stderr)) + controller = Controller() + try: + await controller.connect() + assert controller.is_connected() + finally: + if controller.is_connected(): + await controller.disconnect() + async with base.CleanModel(): + pass # create and login to model works