import asyncio
-import pytest
+import subprocess
import uuid
from juju.client.connection import Connection
+from juju.client.jujudata import FileJujuData
+from juju.controller import Controller
from juju.errors import JujuAPIError
import pytest
assert user is None
user = await controller.add_user(username)
assert user is not None
+ assert user.secret_key is not None
assert user.username == username
users = await controller.get_users()
assert any(u.username == username for u in users)
await new_connection.close()
+@base.bootstrapped
+@pytest.mark.asyncio
+async def test_reset_user_password(event_loop):
+ async with base.CleanController() as controller:
+ username = 'test{}'.format(uuid.uuid4())
+ user = await controller.add_user(username)
+ origin_secret_key = user.secret_key
+ await user.set_password('password')
+ await controller.reset_user_password(username)
+ user = await controller.get_user(username)
+ new_secret_key = user.secret_key
+ # Check secret key is different after the reset.
+ assert origin_secret_key != new_secret_key
+ # Check that we can't connect with the old password.
+ new_connection = None
+ try:
+ kwargs = controller.connection().connect_params()
+ kwargs['username'] = username
+ kwargs['password'] = 'password'
+ new_connection = await Connection.connect(**kwargs)
+ except JujuAPIError:
+ pass
+ finally:
+ # No connection with old password
+ assert new_connection is None
+
+
@base.bootstrapped
@pytest.mark.asyncio
async def test_grant_revoke(event_loop):
fresh = await controller.get_user(username) # fetch fresh copy
assert fresh.access == 'superuser'
await user.revoke()
- assert user.access is ''
+ assert user.access == ''
fresh = await controller.get_user(username) # fetch fresh copy
- assert fresh.access is ''
+ assert fresh.access == ''
@base.bootstrapped
await asyncio.wait_for(_wait_for_model_gone(controller,
model_name),
timeout=60)
+
+
+# this test must be run serially because it modifies the login password
+@pytest.mark.serial
+@base.bootstrapped
+@pytest.mark.asyncio
+async def test_macaroon_auth(event_loop):
+ jujudata = FileJujuData()
+ account = jujudata.accounts()[jujudata.current_controller()]
+ with base.patch_file('~/.local/share/juju/accounts.yaml'):
+ if 'password' in account:
+ # force macaroon auth by "changing" password to current password
+ result = subprocess.run(
+ ['juju', 'change-user-password'],
+ input='{0}\n{0}\n'.format(account['password']),
+ universal_newlines=True,
+ stderr=subprocess.PIPE)
+ assert result.returncode == 0, ('Failed to change password: '
+ '{}'.format(result.stderr))
+ controller = Controller()
+ try:
+ await controller.connect()
+ assert controller.is_connected()
+ finally:
+ if controller.is_connected():
+ await controller.disconnect()
+ async with base.CleanModel():
+ pass # create and login to model works
projects / osm / N2VC.git / blobdiff