Georg/nftables-http-api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust tests for authorization

Browse Source 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2024-09-28 18:08:37 +02:00
parent a47ee638f1
commit 353ca0f44a
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57
3 changed files with 54 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/test.sh
View File

@ -8,5 +8,5 @@ podman run \
-it \ -it \
-v .:"$wd" \ -v .:"$wd" \
registry.opensuse.org/home/crameleon/containers/containers/crameleon/pytest-nftables:latest \ registry.opensuse.org/home/crameleon/containers/containers/crameleon/pytest-nftables:latest \
env PYTHONPATH="$wd" pytest --pdb --pdbcls=IPython.terminal.debugger:Pdb -rA -s -v -x "$wd"/tests env NFT-API-CONFIG="$wd"/tests/config.yaml PYTHONPATH="$wd" pytest --pdb --pdbcls=IPython.terminal.debugger:Pdb -rA -s -v -x "$wd"/tests

12
tests/config.yaml Normal file
View File

@ -0,0 +1,12 @@
nft-api:
tokens:
$2y$05$1g7dRvcw2Jkml7WHIWa1Q.O9qg5shbHA8VHxZhwkmCTVmnkl4GDjW: # == ICanOnlyGet
/set/inet/filter/testset4:
- GET
$2y$05$7e4Slhr6/SWvaQXGRQywdua0jpm6HxOCiC8tYowpR2ioW2.ZKFdHe: # == foo
/set/inet/filter/testset4:
- GET
- POST
/set/inet/filter/testset6:
- GET
- POST

43
tests/test_api_set.py
View File

@ -10,22 +10,60 @@ You may obtain copies of the Licence in any of the official languages at https:/
from json import dumps, loads from json import dumps, loads
from falcon import HTTP_CREATED, HTTP_OK from falcon import HTTP_CREATED, HTTP_OK, HTTP_UNAUTHORIZED
from pytest import mark from pytest import mark
vs = [4, 6] vs = [4, 6]
def test_get_set_unauthorized_no_token(client):
response = client.simulate_get('/set/inet/filter/testset4')
have_out = loads(response.content)
assert response.status == HTTP_UNAUTHORIZED
assert 'title' in have_out
assert have_out['title'] == 'Authentication required'
def test_get_set_unauthorized_wrong_token(client):
response = client.simulate_get(
'/set/inet/filter/testset4',
headers={'X-NFT-API-Token': 'pwned'},
)
have_out = loads(response.content)
assert response.status == HTTP_UNAUTHORIZED
assert 'title' in have_out
assert have_out['title'] == 'Unauthorized'
def test_post_set_unauthorized_wrong_token_for_method(client):
response = client.simulate_post(
'/set/inet/filter/testset4',
headers={
'content-type': 'application/json',
'X-NFT-API-Token': 'ICanOnlyGet',
},
)
have_out = loads(response.content)
assert response.status == HTTP_UNAUTHORIZED
assert 'title' in have_out
assert have_out['title'] == 'Unauthorized method for path'
@mark.parametrize('v', vs) @mark.parametrize('v', vs)
def test_get_set(client, nft_ruleset_populated_sets, v): # noqa ARG001, nft is not needed here def test_get_set(client, nft_ruleset_populated_sets, v): # noqa ARG001, nft is not needed here
want_out = { want_out = {
4: ["192.168.0.0/24", "127.0.0.1"], 4: ["192.168.0.0/24", "127.0.0.1"],
6: ["fd80::/64", "fe80::1"], 6: ["fd80::/64", "fe80::1"],
} }
response = client.simulate_get(f'/set/inet/filter/testset{v}') response = client.simulate_get(
f'/set/inet/filter/testset{v}',
headers={'X-NFT-API-Token': 'foo'},
)
have_out = loads(response.content) have_out = loads(response.content)
assert sorted(have_out) == sorted(want_out[v]) assert sorted(have_out) == sorted(want_out[v])
assert response.status == HTTP_OK assert response.status == HTTP_OK
@mark.parametrize('v', vs) @mark.parametrize('v', vs)
@mark.parametrize('plvariant', ['address', 'network']) @mark.parametrize('plvariant', ['address', 'network'])
@mark.parametrize('plformat', ['string', 'list']) @mark.parametrize('plformat', ['string', 'list'])
@ -65,6 +103,7 @@ def test_append_to_set(client, nft_ruleset_populated_sets, v, plvariant, plforma
}), }),
headers={ headers={
'content-type': 'application/json', 'content-type': 'application/json',
'X-NFT-API-Token': 'foo',
}, },
) )
have_out = loads(response.content) have_out = loads(response.content)