Skip to content

Commit

Permalink
test(secrets): fixes breaking tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@RomilShah
RomilShah committed Oct 26, 2023
1 parent 7483d89 commit 0d86ff0
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 173 deletions.
73 changes: 0 additions & 73 deletions rapyuta_io/clients/secret.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,6 @@ def __str__(self):
return str(self.value)

DOCKER = 'kubernetes.io/dockercfg'
SOURCE_BASIC_AUTH = 'kubernetes.io/basic-auth'
SOURCE_SSH_AUTH = 'kubernetes.io/ssh-auth'


class _SecretConfigBase(six.with_metaclass(ABCMeta, ObjBase)):
Expand All @@ -132,77 +130,6 @@ def get_serialize_map(self):
pass


class SecretConfigSourceSSHAuth(_SecretConfigBase):
"""
SecretConfigSSHAuth represents Source Secret with SSH Authentication. This type of secrets can be used to access
private Git repositories using SSH, for building the Docker images from Source Code.
:param ssh_key: Private SSH key for authenticating with the Git repository hosting
:type ssh_key: str
"""

def __init__(self, ssh_key):
self.validate(ssh_key)
self.ssh_key = ssh_key

@staticmethod
def validate(ssh_key):
if not (isinstance(ssh_key, str) or isinstance(ssh_key, six.string_types)) or ssh_key == '':
raise InvalidParameterException('ssh_key cannot be empty')

@classmethod
def get_type(cls):
return SecretType.SOURCE_SSH_AUTH

def serialize(self):
return {
'ssh-privatekey': base64.b64encode(self.ssh_key.encode()).decode()
}


class SecretConfigSourceBasicAuth(_SecretConfigBase):
"""
SecretConfigSourceBasicAuth represents Source Secret with Basic Authentication. This type of secrets can be used to
access private Git repositories exposing HTTP interface, for building the Docker images from Source Code.
:param username: Username for the Git repository hosting
:type username: str
:param password: Password for the Git repository hosting
:type password: str
:param ca_cert: If the Git repository is using self-signed certificates, a CA Root Certificate can optionally be provided.
:type ca_cert: str
"""

def __init__(self, username, password, ca_cert=None):
self.validate(username, password, ca_cert)
self.username = username
self.password = password
self.ca_cert = ca_cert

@staticmethod
def validate(username, password, ca_cert):
if not isinstance(username, six.string_types) or username == '':
raise InvalidParameterException('username cannot be empty')
if not isinstance(password, six.string_types) or password == '':
raise InvalidParameterException('password cannot be empty')
if ca_cert is not None and (not isinstance(ca_cert, six.string_types) or ca_cert == ''):
raise InvalidParameterException('ca_cert cannot be empty')

@classmethod
def get_type(cls):
return SecretType.SOURCE_BASIC_AUTH

def serialize(self):
ret = {
'username': base64.b64encode(self.username.encode()).decode(),
'password': base64.b64encode(self.password.encode()).decode(),
}
if self.ca_cert is not None:
ret['ca.crt'] = base64.b64encode(self.ca_cert.encode()).decode()

return ret


class SecretConfigDocker(_SecretConfigBase):
"""
SecretConfigDocker represents Docker Secret for Docker registries. This type of secrets can be used to access
Expand Down
6 changes: 2 additions & 4 deletions sdk_test/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import six
from six.moves import filter

from rapyuta_io import Client, SecretConfigSourceSSHAuth, SecretConfigDocker, \
from rapyuta_io import Client, SecretConfigDocker, \
DeviceArch, Secret, Project
from rapyuta_io.utils.error import InvalidParameterException
from rapyuta_io.utils.utils import create_auth_header, \
Expand Down Expand Up @@ -154,12 +154,10 @@ def set_devices(self, devices):
self._devices = list(filter(filter_devices_by_name(), devices))

def create_secrets(self):
ssh_key = self._config['git']['ssh-key']
git_secret = self.client.create_secret(Secret('git-secret', SecretConfigSourceSSHAuth(ssh_key)))
docker = self._config['docker']
docker_secret = self.client.create_secret(Secret('docker-secret', SecretConfigDocker(
docker['username'], docker['password'], docker['email'])))
self._secrets = {'git': git_secret, 'docker': docker_secret}
self._secrets = {'docker': docker_secret}

def delete_secrets(self):
for secret in self._secrets.values():
Expand Down
138 changes: 42 additions & 96 deletions tests/secret_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,66 +6,14 @@

from mock import Mock, call, patch

from rapyuta_io.clients.secret import SecretConfigSourceBasicAuth, SecretConfigSourceSSHAuth, SecretType, \
from rapyuta_io.clients.secret import SecretType, \
SecretConfigDocker, DOCKER_HUB_REGISTRY, Secret
from rapyuta_io.utils import InvalidParameterException, InternalServerError, ResourceNotFoundError
from tests.utils.client import get_client, headers, AUTH_TOKEN
from tests.utils.secrets_responses import SECRET_CREATE_SUCCESS, SECRET_LIST_SUCCESS, SECRET_UPDATE_SUCCESS


class SecretConfigTests(unittest.TestCase):
def test_bad_secret_config_ssh_auth(self):
expected_err_msg = 'ssh_key cannot be empty'
with self.assertRaises(InvalidParameterException) as e:
SecretConfigSourceSSHAuth(ssh_key='')
self.assertEqual(expected_err_msg, str(e.exception))

def test_secret_config_ssh_auth(self):
secret_config = SecretConfigSourceSSHAuth(ssh_key='ssh-key')
expected_serialize = {'ssh-privatekey': base64.b64encode('ssh-key'.encode()).decode()}
self.assertEqual('ssh-key', secret_config.ssh_key)
self.assertEqual(SecretType.SOURCE_SSH_AUTH, secret_config.get_type())
self.assertEqual(expected_serialize, secret_config.serialize())

def test_bad_secret_config_basic_auth_empty_username(self):
expected_err_msg = 'username cannot be empty'
with self.assertRaises(InvalidParameterException) as e:
SecretConfigSourceBasicAuth(username='', password='password', ca_cert='ca-cert')
self.assertEqual(expected_err_msg, str(e.exception))

def test_bad_secret_config_basic_auth_empty_password(self):
expected_err_msg = 'password cannot be empty'
with self.assertRaises(InvalidParameterException) as e:
SecretConfigSourceBasicAuth(username='username', password='', ca_cert='ca-cert')
self.assertEqual(expected_err_msg, str(e.exception))

def test_bad_secret_config_basic_auth_empty_ca_cert(self):
expected_err_msg = 'ca_cert cannot be empty'
with self.assertRaises(InvalidParameterException) as e:
SecretConfigSourceBasicAuth(username='username', password='password', ca_cert='')
self.assertEqual(expected_err_msg, str(e.exception))

def test_secret_config_basic_auth_empty_ca_cert(self):
secret_config = SecretConfigSourceBasicAuth(username='username', password='password')
expected_serialize = {'username': base64.b64encode('username'.encode()).decode(),
'password': base64.b64encode('password'.encode()).decode()}
self.assertEqual('username', secret_config.username)
self.assertEqual('password', secret_config.password)
self.assertIsNone(secret_config.ca_cert)
self.assertEqual(SecretType.SOURCE_BASIC_AUTH, secret_config.get_type())
self.assertEqual(expected_serialize, secret_config.serialize())

def test_secret_config_basic_auth_with_ca_cert(self):
secret_config = SecretConfigSourceBasicAuth(username='username', password='password', ca_cert='ca-cert')
expected_serialize = {'username': base64.b64encode('username'.encode()).decode(),
'password': base64.b64encode('password'.encode()).decode(),
'ca.crt': base64.b64encode('ca-cert'.encode()).decode()}
self.assertEqual('username', secret_config.username)
self.assertEqual('password', secret_config.password)
self.assertEqual('ca-cert', secret_config.ca_cert)
self.assertEqual(SecretType.SOURCE_BASIC_AUTH, secret_config.get_type())
self.assertEqual(expected_serialize, secret_config.serialize())

def test_bad_secret_config_docker_empty_username(self):
expected_err_msg = 'username cannot be empty'
with self.assertRaises(InvalidParameterException) as e:
Expand Down Expand Up @@ -118,42 +66,36 @@ class SecretTests(unittest.TestCase):
def test_bad_secret_name_length(self):
expected_err_msg = 'length of name must be between 3 and 253 characters'
with self.assertRaises(InvalidParameterException) as e:
Secret(name='a' * 300, secret_config=SecretConfigSourceSSHAuth('ssh-key'))
Secret(name='a' * 300, secret_config=SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
self.assertEqual(expected_err_msg, str(e.exception))

def test_bad_secret_name_pattern(self):
expected_err_msg = 'name must consist of lower case alphanumeric characters or - and must start and end with ' \
'an alphanumeric character'
with self.assertRaises(InvalidParameterException) as e:
Secret(name='-SECRET-', secret_config=SecretConfigSourceSSHAuth('ssh-key'))
Secret(name='-SECRET-', secret_config=SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
self.assertEqual(expected_err_msg, str(e.exception))

def test_bad_secret_name_type(self):
expected_err_msg = 'name must be a string'
with self.assertRaises(InvalidParameterException) as e:
Secret(name=123, secret_config=SecretConfigSourceSSHAuth('ssh-key'))
self.assertEqual(expected_err_msg, str(e.exception))

def test_bad_secret_config(self):
expected_err_msg = 'secret_config must be of type SourceSecretBasicConfig, SourceSecretSSHConfig or ' \
'DockerSecretConfig'
with self.assertRaises(InvalidParameterException) as e:
Secret(name='bad', secret_config='invalid-secret')
Secret(name=123, secret_config=SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
self.assertEqual(expected_err_msg, str(e.exception))

def test_create_secret_invalid_secret_type(self):
expected_err_msg = 'secret must be non-empty and of type rapyuta_io.clients.secret.Secret'
client = get_client()
with self.assertRaises(InvalidParameterException) as e:
client.create_secret('invalid-secret-type')

self.assertEqual(str(e.exception), expected_err_msg)

@patch('requests.request')
def test_create_secret_internal_server_error(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceSSHAuth('ssh-key'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
docker_config = '{"quay.io": {"username": "username", "password": "password", "email": "[email protected]", "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}}'
client = get_client()
expected_payload = {'type': SecretType.SOURCE_SSH_AUTH, 'data': {'ssh-privatekey': base64.b64encode('ssh-key'.encode()).decode()}, 'name': 'test-secret'}
expected_payload = {
'type': str(SecretType.DOCKER),
'data': {'.dockercfg': base64.b64encode(docker_config.encode()).decode()},
'name': 'test-secret'
}
expected_url = 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io/api/secret/create'
mock_secret = Mock()
mock_secret.status_code = requests.codes.INTERNAL_SERVER_ERROR
Expand All @@ -166,9 +108,15 @@ def test_create_secret_internal_server_error(self, mock_request):

@patch('requests.request')
def test_create_secret_success(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceSSHAuth('ssh-key'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
docker_config = '{"quay.io": {"username": "username", "password": "password", "email": "[email protected]", "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}}'
client = get_client()
expected_payload = {'type': SecretType.SOURCE_SSH_AUTH, 'data': {'ssh-privatekey': base64.b64encode('ssh-key'.encode()).decode()}, 'name': 'test-secret'}
expected_payload = {
'type': str(SecretType.DOCKER),
'data': {'.dockercfg': base64.b64encode(docker_config.encode()).decode()},
'name': 'test-secret'
}
expected_url = 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io/api/secret/create'
mock_secret = Mock()
mock_secret.text = SECRET_CREATE_SUCCESS
Expand Down Expand Up @@ -296,7 +244,7 @@ def test_delete_secret_success(self, mock_request):

@patch('requests.request')
def test_delete_method_internal_server_error(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceSSHAuth('ssh-key'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]'))
setattr(secret, '_core_api_host', 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io')
setattr(secret, '_auth_token', 'Bearer ' + AUTH_TOKEN)
setattr(secret, '_project', 'test_project')
Expand All @@ -313,7 +261,7 @@ def test_delete_method_internal_server_error(self, mock_request):
])

def test_delete_method_invalid_parameter(self):
secret = Secret('test-secret', SecretConfigSourceSSHAuth('ssh-key'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]'))
expected_err_msg = 'Secret must be created first'
setattr(secret, 'guid', 'secret-guid')
with self.assertRaises(InvalidParameterException) as e:
Expand All @@ -322,7 +270,8 @@ def test_delete_method_invalid_parameter(self):

@patch('requests.request')
def test_delete_method_success(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceSSHAuth('ssh-key'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
setattr(secret, '_core_api_host', 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io')
setattr(secret, '_auth_token', 'Bearer ' + AUTH_TOKEN)
setattr(secret, '_project', 'test_project')
Expand All @@ -340,14 +289,13 @@ def test_delete_method_success(self, mock_request):

@patch('requests.request')
def test_update_method_success(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceBasicAuth(username="testuser", password='testpassword'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
docker_config = '{"quay.io": {"username": "username", "password": "password", "email": "[email protected]", "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}}'
client = get_client()
expected_payload = {
'type': SecretType.SOURCE_BASIC_AUTH,
'data': {
"username": base64.b64encode('testuser'.encode()).decode(),
"password": base64.b64encode('testpassword'.encode()).decode()
},
'type': str(SecretType.DOCKER),
'data': {'.dockercfg': base64.b64encode(docker_config.encode()).decode()},
'name': 'test-secret'
}
expected_url = 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io/api/secret/secret-guid/update'
Expand All @@ -363,14 +311,13 @@ def test_update_method_success(self, mock_request):

@patch('requests.request')
def test_update_method_internal_server_error(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceBasicAuth(username="testuser", password='testpassword'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
docker_config = '{"quay.io": {"username": "username", "password": "password", "email": "[email protected]", "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}}'
client = get_client()
expected_payload = {
'type': SecretType.SOURCE_BASIC_AUTH,
'data': {
"username": base64.b64encode('testuser'.encode()).decode(),
"password": base64.b64encode('testpassword'.encode()).decode()
},
'type': str(SecretType.DOCKER),
'data': {'.dockercfg': base64.b64encode(docker_config.encode()).decode()},
'name': 'test-secret'
}
expected_url = 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io/api/secret/secret-guid/update'
Expand All @@ -385,14 +332,13 @@ def test_update_method_internal_server_error(self, mock_request):

@patch('requests.request')
def test_update_method_not_found_error(self, mock_request):
secret = Secret('test-secret', SecretConfigSourceBasicAuth(username="testuser", password='testpassword'))
secret = Secret('test-secret', SecretConfigDocker(username='username', password='password', email='[email protected]',
registry='quay.io'))
docker_config = '{"quay.io": {"username": "username", "password": "password", "email": "[email protected]", "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}}'
client = get_client()
expected_payload = {
'type': SecretType.SOURCE_BASIC_AUTH,
'data': {
"username": base64.b64encode('testuser'.encode()).decode(),
"password": base64.b64encode('testpassword'.encode()).decode()
},
'type': str(SecretType.DOCKER),
'data': {'.dockercfg': base64.b64encode(docker_config.encode()).decode()},
'name': 'test-secret'
}
expected_url = 'https://gaapiserver.apps.okd4v2.prod.rapyuta.io/api/secret/secret-guid/update'
Expand Down

0 comments on commit 0d86ff0

Please sign in to comment.