9 class ConfigTest(unittest.TestCase):
10 def test_ok_config(self):
13 ARVADOS_API_HOST: xyzzy.example
14 virtual_machine_hostname: foo.shell
15 """, 'servicename', 'xyzzy.example', 'foo.shell')
17 @mock.patch('arvados_pam.config_file')
18 def assertConfig(self, txt, svcname, apihost, shellhost, config_file):
19 configfake = StringIO.StringIO(txt)
20 config_file.side_effect = [configfake]
21 c = arvados_pam.config()
22 self.assertEqual(apihost, c[svcname]['ARVADOS_API_HOST'])
23 self.assertEqual(shellhost, c[svcname]['virtual_machine_hostname'])
25 class AuthTest(unittest.TestCase):
29 'ARVADOS_API_HOST': 'zzzzz.api_host.example',
30 'virtual_machine_hostname': 'testvm2.shell',
36 'token': '3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi',
43 'uuid': 'zzzzz-o0j2j-rah2ya1ohx9xaev',
44 'tail_uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
45 'head_uuid': 'zzzzz-2x53u-382brsig8rp3065',
46 'link_class': 'permission',
54 'uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
55 'full_name': 'Active User',
57 'virtual_machines': lambda: {
59 'uuid': 'zzzzz-2x53u-382brsig8rp3065',
60 'hostname': 'testvm2.shell',
67 return arvados_pam.AuthEvent(config=self.config, service='test_service', **self.request).can_login()
69 def test_success(self):
70 self.assertTrue(self.attempt())
72 cfg = self.config['test_service']
73 self.api_client.virtual_machines().list.assert_called_with(
74 filters=[['hostname','=',cfg['virtual_machine_hostname']]])
75 self.api.assert_called_with(
76 'v1', host=cfg['ARVADOS_API_HOST'], token=self.request['token'], cache=None)
78 def test_fail_vm_lookup(self):
79 self.response['virtual_machines'] = self._raise
80 self.assertFalse(self.attempt())
82 def test_vm_hostname_not_found(self):
83 self.response['virtual_machines'] = lambda: {
87 self.assertFalse(self.attempt())
89 def test_vm_hostname_ambiguous(self):
90 self.response['virtual_machines'] = lambda: {
93 'uuid': 'zzzzz-2x53u-382brsig8rp3065',
94 'hostname': 'testvm2.shell',
97 'uuid': 'zzzzz-2x53u-382brsig8rp3065',
98 'hostname': 'testvm2.shell',
101 'items_available': 2,
103 self.assertFalse(self.attempt())
105 def test_server_ignores_vm_filters(self):
106 self.response['virtual_machines'] = lambda: {
109 'uuid': 'zzzzz-2x53u-382brsig8rp3065',
110 'hostname': 'testvm22.shell', # <-----
113 'items_available': 1,
115 self.assertFalse(self.attempt())
117 def test_fail_user_lookup(self):
118 self.response['users'] = self._raise
119 self.assertFalse(self.attempt())
121 def test_fail_permission_check(self):
122 self.response['links'] = self._raise
123 self.assertFalse(self.attempt())
125 def test_no_login_permission(self):
126 self.response['links'] = lambda: {
129 self.assertFalse(self.attempt())
131 def test_server_ignores_permission_filters(self):
132 self.response['links'] = lambda: {
134 'uuid': 'zzzzz-o0j2j-rah2ya1ohx9xaev',
135 'tail_uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
136 'head_uuid': 'zzzzz-2x53u-382brsig8rp3065',
137 'link_class': 'permission',
138 'name': 'CANT_login', # <-----
140 'username': 'active',
144 self.assertFalse(self.attempt())
147 self.config = self.default_config.copy()
148 self.request = self.default_request.copy()
149 self.response = self.default_response.copy()
150 self.api_client = mock.MagicMock(name='api_client')
151 self.api_client.users().current().execute.side_effect = lambda: self.response['users']()
152 self.api_client.virtual_machines().list().execute.side_effect = lambda: self.response['virtual_machines']()
153 self.api_client.links().list().execute.side_effect = lambda: self.response['links']()
154 patcher = mock.patch('arvados.api')
155 self.api = patcher.start()
156 self.addCleanup(patcher.stop)
157 self.api.side_effect = [self.api_client]
159 def _raise(self, exception=Exception("Test-induced failure"), *args, **kwargs):