From fe83adc0da764a35da59c669d4fbd600c3461c46 Mon Sep 17 00:00:00 2001 From: Jakub Urban Date: Mon, 26 Sep 2022 14:39:20 +0200 Subject: [PATCH] Add tests for authorino context --- .../authorino/identity/context/__init__.py | 0 .../context/test_anonymous_context.py | 26 +++++++++++ .../identity/context/test_api_key_context.py | 42 +++++++++++++++++ .../identity/context/test_rhsso_context.py | 45 +++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 testsuite/tests/kuadrant/authorino/identity/context/__init__.py create mode 100644 testsuite/tests/kuadrant/authorino/identity/context/test_anonymous_context.py create mode 100644 testsuite/tests/kuadrant/authorino/identity/context/test_api_key_context.py create mode 100644 testsuite/tests/kuadrant/authorino/identity/context/test_rhsso_context.py diff --git a/testsuite/tests/kuadrant/authorino/identity/context/__init__.py b/testsuite/tests/kuadrant/authorino/identity/context/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testsuite/tests/kuadrant/authorino/identity/context/test_anonymous_context.py b/testsuite/tests/kuadrant/authorino/identity/context/test_anonymous_context.py new file mode 100644 index 00000000..ed2f234e --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/identity/context/test_anonymous_context.py @@ -0,0 +1,26 @@ +"""Test for anonymous identity context""" +import json + +import pytest + + +@pytest.fixture(scope="module") +def authorization(authorization, rhsso): + """Setup AuthConfig for test""" + authorization.add_oidc_identity("rhsso", rhsso.well_known["issuer"]) + authorization.add_anonymous_identity("anonymous") + authorization.add_response({"name": "auth-json", "json": { + "properties": [{"name": "auth", "valueFrom": {"authJSON": "auth"}}, + {"name": "context", "valueFrom": {"authJSON": "context"}}]}}) + return authorization + + +def test_anonymous_context(client): + """ + Test: + - Make request without authentication + - Assert that response has the right information in context + """ + response = client.get("/get") + assert json.loads(response.json()["headers"]["Auth-Json"])["auth"]["identity"]["anonymous"] + assert response.status_code == 200 diff --git a/testsuite/tests/kuadrant/authorino/identity/context/test_api_key_context.py b/testsuite/tests/kuadrant/authorino/identity/context/test_api_key_context.py new file mode 100644 index 00000000..30b0b5d8 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/identity/context/test_api_key_context.py @@ -0,0 +1,42 @@ +"""Test for API key identity context""" +import json + +import pytest + +from testsuite.httpx.auth import HeaderApiKeyAuth + + +@pytest.fixture(scope="module") +def api_key(create_api_key, module_label): + """Creates API key Secret""" + api_key = "api_key_value" + return create_api_key("api-key", module_label, api_key) + + +@pytest.fixture(scope="module") +def auth(api_key): + """Valid API Key Auth""" + return HeaderApiKeyAuth(api_key) + + +@pytest.fixture(scope="module") +def authorization(authorization, module_label): + """Setup AuthConfig for test""" + authorization.add_api_key_identity("api_key", match_label=module_label) + authorization.add_response({"name": "auth-json", "json": { + "properties": [{"name": "auth", "valueFrom": {"authJSON": "auth"}}]}}) + return authorization + + +def tests_api_key_context(client, auth, api_key, module_label, testconfig): + """ + Test: + - Make request with API key authentication + - Assert that response has the right information in context + """ + response = client.get("get", auth=auth) + assert response.status_code == 200 + identity = json.loads(response.json()["headers"]["Auth-Json"])["auth"]["identity"] + assert identity['data']['api_key'] == api_key.model.data.api_key + assert identity["metadata"]["namespace"] == testconfig["openshift"].project + assert identity["metadata"]["labels"]["group"] == module_label diff --git a/testsuite/tests/kuadrant/authorino/identity/context/test_rhsso_context.py b/testsuite/tests/kuadrant/authorino/identity/context/test_rhsso_context.py new file mode 100644 index 00000000..3b6c3d06 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/identity/context/test_rhsso_context.py @@ -0,0 +1,45 @@ +"""Test for RHSSO identity context""" +import json +import time + +import pytest + + +@pytest.fixture(scope="module") +def authorization(authorization, rhsso): + """Setup AuthConfig for test""" + authorization.add_oidc_identity("rhsso", rhsso.well_known["issuer"]) + authorization.add_response({"name": "auth-json", "json": { + "properties": [{"name": "auth", "valueFrom": {"authJSON": "auth"}}, + {"name": "context", "valueFrom": {"authJSON": "context"}}]}}) + return authorization + + +@pytest.fixture(scope="module") +def realm_role(rhsso, blame): + """Add realm role to rhsso user""" + role_name = blame("realm_role") + role = rhsso.realm.create_realm_role(role_name) + rhsso.realm.assign_realm_role(role, rhsso.user) + return role + + +def tests_rhsso_context(client, auth, rhsso, realm_role): + """ + Test: + - Make request with RHSSO authentication + - Assert that response has the right information in context + """ + response = client.get("get", auth=auth) + assert response.status_code == 200 + auth_json = json.loads(response.json()["headers"]["Auth-Json"]) + identity = auth_json["auth"]["identity"] + context = auth_json["context"] + now = time.time() + assert rhsso.well_known["issuer"] == identity["iss"] + assert identity["azp"] == rhsso.client_name + assert float(identity["exp"]) > now + assert float(identity["iat"]) <= now + assert context["request"]["http"]["headers"]["authorization"] == f"Bearer {auth.token.access_token}" + assert realm_role["name"] in identity["realm_access"]["roles"] + assert identity['email'] == rhsso.client.admin.get_user(rhsso.user)["email"]