Closes 262 (#324)

Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.

lemur/tests/conftest.py

@@ -7,6 +7,7 @@ from flask.ext.principal import identity_changed, Identity
 
 from lemur import create_app
 from lemur.database import db as _db
+from lemur.auth.service import create_token
 
 from .factories import AuthorityFactory, NotificationFactory, DestinationFactory, \
     CertificateFactory, UserFactory, RoleFactory
@@ -110,6 +111,15 @@ def role(session):
     return r
 
 
+@pytest.fixture
+def user(session):
+    u = UserFactory()
+    session.commit()
+    user_token = create_token(u)
+    token = {'Authorization': 'Basic ' + user_token}
+    return {'user': u, 'token': token}
+
+
 @pytest.yield_fixture(scope="function")
 def logged_in_user(app, user):
     with app.test_request_context():

lemur/tests/factories.py

@@ -14,7 +14,7 @@ from lemur.notifications.models import Notification
 from lemur.users.models import User
 from lemur.roles.models import Role
 
-from .vectors import INTERNAL_VALID_SAN_STR, PRIVATE_KEY_STR
+from .vectors import INTERNAL_VALID_LONG_STR, INTERNAL_VALID_SAN_STR, PRIVATE_KEY_STR
 
 
 class BaseFactory(SQLAlchemyModelFactory):
@@ -31,7 +31,7 @@ class AuthorityFactory(BaseFactory):
     name = Sequence(lambda n: 'authority{0}'.format(n))
     owner = 'joe@example.com'
     plugin_name = 'TheRing'
-    body = INTERNAL_VALID_SAN_STR
+    body = INTERNAL_VALID_LONG_STR
 
     class Meta:
         """Factory configuration."""
@@ -56,15 +56,8 @@ class CertificateFactory(BaseFactory):
     owner = 'joe@example.com'
     status = FuzzyChoice(['valid', 'revoked', 'unknown'])
     deleted = False
-    bits = 2048
-    issuer = 'Example'
-    serial = FuzzyText(length=128)
-    cn = 'test.example.com'
     description = FuzzyText(length=128)
     active = True
-    san = 'true'
-    not_before = FuzzyDate(date(2016, 1, 1), date(2020, 1, 1))
-    not_after = FuzzyDate(date(2016, 1, 1), date(2020, 1, 1))
     date_created = FuzzyDate(date(2016, 1, 1), date(2020, 1, 1))
 
     class Meta:
@@ -132,6 +125,15 @@ class CertificateFactory(BaseFactory):
             for domain in extracted:
                 self.domains.append(domain)
 
+    @post_generation
+    def roles(self, create, extracted, **kwargs):
+        if not create:
+            return
+
+        if extracted:
+            for domain in extracted:
+                self.roles.append(domain)
+
 
 class DestinationFactory(BaseFactory):
     """Destination factory."""

lemur/tests/test_authorities.py

@@ -25,6 +25,26 @@ def test_authority_input_schema(client, role):
     assert not errors
 
 
+@pytest.mark.parametrize("token, count", [
+    (VALID_USER_HEADER_TOKEN, 0),
+    (VALID_ADMIN_HEADER_TOKEN, 1)
+])
+def test_admin_authority(client, authority, token, count):
+    assert client.get(api.url_for(AuthoritiesList), headers=token).json['total'] == count
+
+
+def test_user_authority(session, client, authority, role, user):
+    assert client.get(api.url_for(AuthoritiesList), headers=user['token']).json['total'] == 0
+    u = user['user']
+    u.roles.append(role)
+    authority.roles.append(role)
+    session.commit()
+    assert client.get(api.url_for(AuthoritiesList), headers=user['token']).json['total'] == 1
+    u.roles.remove(role)
+    session.commit()
+    assert client.get(api.url_for(AuthoritiesList), headers=user['token']).json['total'] == 0
+
+
 @pytest.mark.parametrize("token,status", [
     (VALID_USER_HEADER_TOKEN, 404),
     (VALID_ADMIN_HEADER_TOKEN, 404),

lemur/tests/test_certificates.py

@@ -186,8 +186,8 @@ def test_certificate_valid_dates(client, authority):
         'owner': 'jim@example.com',
         'authority': {'id': authority.id},
         'description': 'testtestest',
-        'validityStart': '2017-04-30T00:12:34.513631',
-        'validityEnd': '2018-04-30T00:12:34.513631'
+        'validityStart': '2020-01-01T00:21:34.513631',
+        'validityEnd': '2020-01-01T00:22:34.513631'
     }
 
     data, errors = CertificateInputSchema().load(input_data)
@@ -293,79 +293,18 @@ def test_create_basic_csr(client):
         assert name.value in csr_config.values()
 
 
-def test_cert_get_cn(client):
-    from .vectors import INTERNAL_VALID_LONG_CERT
-    from lemur.certificates.models import get_cn
-
-    assert get_cn(INTERNAL_VALID_LONG_CERT) == 'long.lived.com'
-
-
-def test_cert_get_sub_alt_domains(client):
-    from .vectors import INTERNAL_VALID_SAN_CERT, INTERNAL_VALID_LONG_CERT
-    from lemur.certificates.models import get_domains
-
-    assert get_domains(INTERNAL_VALID_LONG_CERT) == []
-    assert get_domains(INTERNAL_VALID_SAN_CERT) == ['example2.long.com', 'example3.long.com']
-
-
-def test_cert_is_san(client):
-    from .vectors import INTERNAL_VALID_SAN_CERT, INTERNAL_VALID_LONG_CERT
-    from lemur.certificates.models import is_san
-
-    assert not is_san(INTERNAL_VALID_LONG_CERT)
-    assert is_san(INTERNAL_VALID_SAN_CERT)
-
-
-def test_cert_is_wildcard(client):
-    from .vectors import INTERNAL_VALID_WILDCARD_CERT, INTERNAL_VALID_LONG_CERT
-    from lemur.certificates.models import is_wildcard
-    assert is_wildcard(INTERNAL_VALID_WILDCARD_CERT)
-    assert not is_wildcard(INTERNAL_VALID_LONG_CERT)
-
-
-def test_cert_get_bitstrength(client):
-    from .vectors import INTERNAL_VALID_LONG_CERT
-    from lemur.certificates.models import get_bitstrength
-    assert get_bitstrength(INTERNAL_VALID_LONG_CERT) == 2048
-
-
-def test_cert_get_issuer(client):
-    from .vectors import INTERNAL_VALID_LONG_CERT
-    from lemur.certificates.models import get_issuer
-    assert get_issuer(INTERNAL_VALID_LONG_CERT) == 'Example'
-
-
 def test_get_name_from_arn(client):
-    from lemur.certificates.models import get_name_from_arn
+    from lemur.certificates.service import get_name_from_arn
     arn = 'arn:aws:iam::11111111:server-certificate/mycertificate'
     assert get_name_from_arn(arn) == 'mycertificate'
 
 
 def test_get_account_number(client):
-    from lemur.certificates.models import get_account_number
+    from lemur.certificates.service import get_account_number
     arn = 'arn:aws:iam::11111111:server-certificate/mycertificate'
     assert get_account_number(arn) == '11111111'
 
 
-def test_create_name(client):
-    from lemur.certificates.models import create_name
-    from datetime import datetime
-    assert create_name(
-        'Example Inc,',
-        datetime(2015, 5, 7, 0, 0, 0),
-        datetime(2015, 5, 12, 0, 0, 0),
-        'example.com',
-        False
-    ) == 'example.com-ExampleInc-20150507-20150512'
-    assert create_name(
-        'Example Inc,',
-        datetime(2015, 5, 7, 0, 0, 0),
-        datetime(2015, 5, 12, 0, 0, 0),
-        'example.com',
-        True
-    ) == 'SAN-example.com-ExampleInc-20150507-20150512'
-
-
 @pytest.mark.parametrize("token,status", [
     (VALID_USER_HEADER_TOKEN, 404),
     (VALID_ADMIN_HEADER_TOKEN, 404),

lemur/tests/test_defaults.py

@@ -0,0 +1,61 @@
+
+
+def test_cert_get_cn(client):
+    from .vectors import INTERNAL_VALID_LONG_CERT
+    from lemur.common.defaults import common_name
+
+    assert common_name(INTERNAL_VALID_LONG_CERT) == 'long.lived.com'
+
+
+def test_cert_sub_alt_domains(client):
+    from .vectors import INTERNAL_VALID_SAN_CERT, INTERNAL_VALID_LONG_CERT
+    from lemur.common.defaults import domains
+
+    assert domains(INTERNAL_VALID_LONG_CERT) == []
+    assert domains(INTERNAL_VALID_SAN_CERT) == ['example2.long.com', 'example3.long.com']
+
+
+def test_cert_is_san(client):
+    from .vectors import INTERNAL_VALID_SAN_CERT, INTERNAL_VALID_LONG_CERT
+    from lemur.common.defaults import san
+
+    assert not san(INTERNAL_VALID_LONG_CERT)
+    assert san(INTERNAL_VALID_SAN_CERT)
+
+
+def test_cert_is_wildcard(client):
+    from .vectors import INTERNAL_VALID_WILDCARD_CERT, INTERNAL_VALID_LONG_CERT
+    from lemur.common.defaults import is_wildcard
+    assert is_wildcard(INTERNAL_VALID_WILDCARD_CERT)
+    assert not is_wildcard(INTERNAL_VALID_LONG_CERT)
+
+
+def test_cert_bitstrength(client):
+    from .vectors import INTERNAL_VALID_LONG_CERT
+    from lemur.common.defaults import bitstrength
+    assert bitstrength(INTERNAL_VALID_LONG_CERT) == 2048
+
+
+def test_cert_issuer(client):
+    from .vectors import INTERNAL_VALID_LONG_CERT
+    from lemur.common.defaults import issuer
+    assert issuer(INTERNAL_VALID_LONG_CERT) == 'Example'
+
+
+def test_create_name(client):
+    from lemur.common.defaults import certificate_name
+    from datetime import datetime
+    assert certificate_name(
+        'example.com',
+        'Example Inc,',
+        datetime(2015, 5, 7, 0, 0, 0),
+        datetime(2015, 5, 12, 0, 0, 0),
+        False
+    ) == 'example.com-ExampleInc-20150507-20150512'
+    assert certificate_name(
+        'example.com',
+        'Example Inc,',
+        datetime(2015, 5, 7, 0, 0, 0),
+        datetime(2015, 5, 12, 0, 0, 0),
+        True
+    ) == 'SAN-example.com-ExampleInc-20150507-20150512'

lemur/tests/test_roles.py

@@ -1,6 +1,7 @@
 import pytest
 
 from lemur.roles.views import *  # noqa
+from lemur.tests.factories import RoleFactory, AuthorityFactory, CertificateFactory
 
 
 from .vectors import VALID_ADMIN_HEADER_TOKEN, VALID_USER_HEADER_TOKEN
@@ -18,6 +19,25 @@ def test_role_input_schema(client):
     assert not errors
 
 
+def test_multiple_authority_certificate_association(session, client):
+    role = RoleFactory()
+    authority = AuthorityFactory()
+    certificate = CertificateFactory()
+    authority1 = AuthorityFactory()
+    certificate1 = CertificateFactory()
+
+    role.authorities.append(authority)
+    role.authorities.append(authority1)
+    role.certificates.append(certificate)
+    role.certificates.append(certificate1)
+
+    session.commit()
+    assert role.authorities[0].name == authority.name
+    assert role.authorities[1].name == authority1.name
+    assert role.certificates[0].name == certificate.name
+    assert role.certificates[1].name == certificate1.name
+
+
 @pytest.mark.parametrize("token,status", [
     (VALID_USER_HEADER_TOKEN, 403),
     (VALID_ADMIN_HEADER_TOKEN, 200),