X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FN2VC.git;a=blobdiff_plain;f=modules%2Flibjuju%2Ftests%2Fintegration%2Ftest_macaroon_auth.py;fp=modules%2Flibjuju%2Ftests%2Fintegration%2Ftest_macaroon_auth.py;h=9911c41f020bdcac6939ed3a8d8a896c4a2161a9;hp=0000000000000000000000000000000000000000;hb=b09436613925b2eb334c10f219b743868e4b3fe5;hpb=421c4a23dc5e60db9596b79ea87cdc19cc463e9b diff --git a/modules/libjuju/tests/integration/test_macaroon_auth.py b/modules/libjuju/tests/integration/test_macaroon_auth.py new file mode 100644 index 0000000..9911c41 --- /dev/null +++ b/modules/libjuju/tests/integration/test_macaroon_auth.py @@ -0,0 +1,108 @@ +import logging +import os + +import macaroonbakery.bakery as bakery +import macaroonbakery.httpbakery as httpbakery +import macaroonbakery.httpbakery.agent as agent +from juju.errors import JujuAPIError +from juju.model import Model + +import pytest + +from .. import base + +log = logging.getLogger(__name__) + + +@base.bootstrapped +@pytest.mark.asyncio +@pytest.mark.xfail +async def test_macaroon_auth(event_loop): + auth_info, username = agent_auth_info() + # Create a bakery client that can do agent authentication. + client = httpbakery.Client( + key=auth_info.key, + interaction_methods=[agent.AgentInteractor(auth_info)], + ) + + async with base.CleanModel(bakery_client=client) as m: + async with await m.get_controller() as c: + await c.grant_model(username, m.info.uuid, 'admin') + async with Model( + jujudata=NoAccountsJujuData(m._connector.jujudata), + bakery_client=client, + ): + pass + + +@base.bootstrapped +@pytest.mark.asyncio +@pytest.mark.xfail +async def test_macaroon_auth_with_bad_key(event_loop): + auth_info, username = agent_auth_info() + # Use a random key rather than the correct key. + auth_info = auth_info._replace(key=bakery.generate_key()) + # Create a bakery client can do agent authentication. + client = httpbakery.Client( + key=auth_info.key, + interaction_methods=[agent.AgentInteractor(auth_info)], + ) + + async with base.CleanModel(bakery_client=client) as m: + async with await m.get_controller() as c: + await c.grant_model(username, m.info.uuid, 'admin') + try: + async with Model( + jujudata=NoAccountsJujuData(m._connector.jujudata), + bakery_client=client, + ): + pytest.fail('Should not be able to connect with invalid key') + except httpbakery.BakeryException: + # We're expecting this because we're using the + # wrong key. + pass + + +@base.bootstrapped +@pytest.mark.asyncio +async def test_macaroon_auth_with_unauthorized_user(event_loop): + auth_info, username = agent_auth_info() + # Create a bakery client can do agent authentication. + client = httpbakery.Client( + key=auth_info.key, + interaction_methods=[agent.AgentInteractor(auth_info)], + ) + async with base.CleanModel(bakery_client=client) as m: + # Note: no grant of rights to the agent user. + try: + async with Model( + jujudata=NoAccountsJujuData(m._connector.jujudata), + bakery_client=client, + ): + pytest.fail('Should not be able to connect without grant') + except (JujuAPIError, httpbakery.DischargeError): + # We're expecting this because we're using the + # wrong user name. + pass + + +def agent_auth_info(): + agent_data = os.environ.get('TEST_AGENTS') + if agent_data is None: + pytest.skip('skipping macaroon_auth because no TEST_AGENTS ' + 'environment variable is set') + auth_info = agent.read_auth_info(agent_data) + if len(auth_info.agents) != 1: + raise Exception('TEST_AGENTS agent data requires exactly one agent') + return auth_info, auth_info.agents[0].username + + +class NoAccountsJujuData: + def __init__(self, jujudata): + self.__jujudata = jujudata + + def __getattr__(self, name): + return getattr(self.__jujudata, name) + + def accounts(self): + return {}