sdk/pam/tests/test_auth_event.py

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 import arvados_pam
   6 import re
   7 from . import mocker
   8
   9 class AuthEventTest(mocker.Mocker):
  10     def attempt(self):
  11         return arvados_pam.auth_event.AuthEvent(config=self.config, service='test_service', **self.request).can_login()
  12
  13     def test_success(self):
  14         self.assertTrue(self.attempt())
  15
  16         self.api_client.virtual_machines().list.assert_called_with(
  17             filters=[['hostname','=',self.config['virtual_machine_hostname']]])
  18         self.api.assert_called_with(
  19             'v1',
  20             host=self.config['arvados_api_host'], token=self.request['token'],
  21             insecure=False,
  22             cache=False)
  23         self.assertEqual(1, len(self.syslogged))
  24         for i in ['test_service',
  25                   self.request['username'],
  26                   self.config['arvados_api_host'],
  27                   self.response['virtual_machines']['items'][0]['uuid']]:
  28             self.assertRegexpMatches(self.syslogged[0], re.escape(i))
  29         self.assertRegexpMatches(self.syslogged[0], re.escape(self.request['token'][0:15]), 'token prefix not logged')
  30         self.assertNotRegexpMatches(self.syslogged[0], re.escape(self.request['token'][15:30]), 'too much token logged')
  31
  32     def test_fail_vm_lookup(self):
  33         self.api_client.virtual_machines().list().execute.side_effect = Exception("Test-induced failure")
  34         self.assertFalse(self.attempt())
  35         self.assertRegexpMatches(self.syslogged[0], 'Test-induced failure')
  36
  37     def test_vm_hostname_not_found(self):
  38         self.response['virtual_machines'] = {
  39             'items': [],
  40             'items_available': 0,
  41         }
  42         self.assertFalse(self.attempt())
  43
  44     def test_vm_hostname_ambiguous(self):
  45         self.response['virtual_machines'] = {
  46             'items': [
  47                 {
  48                     'uuid': 'zzzzz-2x53u-382brsig8rp3065',
  49                     'hostname': 'testvm2.shell',
  50                 },
  51                 {
  52                     'uuid': 'zzzzz-2x53u-382brsig8rp3065',
  53                     'hostname': 'testvm2.shell',
  54                 },
  55             ],
  56             'items_available': 2,
  57         }
  58         self.assertFalse(self.attempt())
  59
  60     def test_server_ignores_vm_filters(self):
  61         self.response['virtual_machines'] = {
  62             'items': [
  63                 {
  64                     'uuid': 'zzzzz-2x53u-382brsig8rp3065',
  65                     'hostname': 'testvm22.shell', # <-----
  66                 },
  67             ],
  68             'items_available': 1,
  69         }
  70         self.assertFalse(self.attempt())
  71
  72     def test_fail_user_lookup(self):
  73         self.api_client.users().current().execute.side_effect = Exception("Test-induced failure")
  74         self.assertFalse(self.attempt())
  75
  76     def test_fail_permission_check(self):
  77         self.api_client.links().list().execute.side_effect = Exception("Test-induced failure")
  78         self.assertFalse(self.attempt())
  79
  80     def test_no_login_permission(self):
  81         self.response['links'] = {
  82             'items': [],
  83         }
  84         self.assertFalse(self.attempt())
  85
  86     def test_server_ignores_permission_filters(self):
  87         self.response['links'] = {
  88             'items': [{
  89                 'uuid': 'zzzzz-o0j2j-rah2ya1ohx9xaev',
  90                 'tail_uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
  91                 'head_uuid': 'zzzzz-2x53u-382brsig8rp3065',
  92                 'link_class': 'permission',
  93                 'name': 'CANT_login', # <-----
  94                 'properties': {
  95                     'username': 'active',
  96                 },
  97             }],
  98         }
  99         self.assertFalse(self.attempt())