sdk/pam/tests/test_auth_event.py

   1 import arvados_pam
   2 import re
   3 from . import mocker
   4
   5 class AuthEventTest(mocker.Mocker):
   6     def attempt(self):
   7         return arvados_pam.auth_event.AuthEvent(config=self.config, service='test_service', **self.request).can_login()
   8
   9     def test_success(self):
  10         self.assertTrue(self.attempt())
  11
  12         self.api_client.virtual_machines().list.assert_called_with(
  13             filters=[['hostname','=',self.config['virtual_machine_hostname']]])
  14         self.api.assert_called_with(
  15             'v1',
  16             host=self.config['arvados_api_host'], token=self.request['token'],
  17             insecure=False,
  18             cache=False)
  19         self.assertEqual(1, len(self.syslogged))
  20         for i in ['test_service',
  21                   self.request['username'],
  22                   self.config['arvados_api_host'],
  23                   self.response['virtual_machines']['items'][0]['uuid']]:
  24             self.assertRegexpMatches(self.syslogged[0], re.escape(i))
  25         self.assertRegexpMatches(self.syslogged[0], re.escape(self.request['token'][0:15]), 'token prefix not logged')
  26         self.assertNotRegexpMatches(self.syslogged[0], re.escape(self.request['token'][15:30]), 'too much token logged')
  27
  28     def test_fail_vm_lookup(self):
  29         self.api_client.virtual_machines().list().execute.side_effect = Exception("Test-induced failure")
  30         self.assertFalse(self.attempt())
  31         self.assertRegexpMatches(self.syslogged[0], 'Test-induced failure')
  32
  33     def test_vm_hostname_not_found(self):
  34         self.response['virtual_machines'] = {
  35             'items': [],
  36             'items_available': 0,
  37         }
  38         self.assertFalse(self.attempt())
  39
  40     def test_vm_hostname_ambiguous(self):
  41         self.response['virtual_machines'] = {
  42             'items': [
  43                 {
  44                     'uuid': 'zzzzz-2x53u-382brsig8rp3065',
  45                     'hostname': 'testvm2.shell',
  46                 },
  47                 {
  48                     'uuid': 'zzzzz-2x53u-382brsig8rp3065',
  49                     'hostname': 'testvm2.shell',
  50                 },
  51             ],
  52             'items_available': 2,
  53         }
  54         self.assertFalse(self.attempt())
  55
  56     def test_server_ignores_vm_filters(self):
  57         self.response['virtual_machines'] = {
  58             'items': [
  59                 {
  60                     'uuid': 'zzzzz-2x53u-382brsig8rp3065',
  61                     'hostname': 'testvm22.shell', # <-----
  62                 },
  63             ],
  64             'items_available': 1,
  65         }
  66         self.assertFalse(self.attempt())
  67
  68     def test_fail_user_lookup(self):
  69         self.api_client.users().current().execute.side_effect = Exception("Test-induced failure")
  70         self.assertFalse(self.attempt())
  71
  72     def test_fail_permission_check(self):
  73         self.api_client.links().list().execute.side_effect = Exception("Test-induced failure")
  74         self.assertFalse(self.attempt())
  75
  76     def test_no_login_permission(self):
  77         self.response['links'] = {
  78             'items': [],
  79         }
  80         self.assertFalse(self.attempt())
  81
  82     def test_server_ignores_permission_filters(self):
  83         self.response['links'] = {
  84             'items': [{
  85                 'uuid': 'zzzzz-o0j2j-rah2ya1ohx9xaev',
  86                 'tail_uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
  87                 'head_uuid': 'zzzzz-2x53u-382brsig8rp3065',
  88                 'link_class': 'permission',
  89                 'name': 'CANT_login', # <-----
  90                 'properties': {
  91                     'username': 'active',
  92                 },
  93             }],
  94         }
  95         self.assertFalse(self.attempt())