fixing conflicts
This commit is contained in:
commit
8239aa55e1
@ -77,6 +77,7 @@ The `IssuerPlugin` interface only required that you implement one function::
|
||||
def create_certificate(self, options):
|
||||
# requests.get('a third party')
|
||||
|
||||
|
||||
Lemur will pass a dictionary of all possible options for certificate creation.
|
||||
|
||||
Optionally the `IssuerPlugin` exposes another function for authority create::
|
||||
@ -84,7 +85,13 @@ Optionally the `IssuerPlugin` exposes another function for authority create::
|
||||
def create_authority(self, options):
|
||||
# request.get('a third party')
|
||||
|
||||
If implemented this function will be used to allow users to create external Certificate Authorities.
|
||||
|
||||
If implemented this function will be used to allow users to create external Certificate Authorities. From this function
|
||||
you are expected to return the ROOT certificate authority, any intermediates that Authority might provide and any roles
|
||||
you wish to be associated with this authority.
|
||||
|
||||
.. Note:: You do not need to associate roles to the authority at creation time as they can always be associated after the
|
||||
fact.
|
||||
|
||||
|
||||
Testing
|
||||
@ -158,3 +165,5 @@ Running tests follows the py.test standard. As long as your test files and metho
|
||||
=========================== 1 passed in 0.35 seconds ============================
|
||||
|
||||
|
||||
.. SeeAlso:: Lemur bundles several plugins that use the same interfaces mentioned above. View the source: #TODO
|
||||
|
||||
|
@ -8,8 +8,6 @@
|
||||
|
||||
|
||||
"""
|
||||
from flask import jsonify
|
||||
|
||||
from lemur import factory
|
||||
|
||||
from lemur.users.views import mod as users_bp
|
||||
|
@ -14,8 +14,6 @@ from flask import g, Blueprint, current_app, abort
|
||||
from flask.ext.restful import reqparse, Resource, Api
|
||||
from flask.ext.principal import Identity, identity_changed
|
||||
|
||||
from lemur.common.crypto import unlock
|
||||
|
||||
from lemur.auth.permissions import admin_permission
|
||||
from lemur.users import service as user_service
|
||||
from lemur.roles import service as role_service
|
||||
@ -234,24 +232,7 @@ class Ping(Resource):
|
||||
return dict(token=create_token(user))
|
||||
|
||||
|
||||
class Unlock(AuthenticatedResource):
|
||||
def __init__(self):
|
||||
self.reqparse = reqparse.RequestParser()
|
||||
super(Unlock, self).__init__()
|
||||
|
||||
@admin_permission.require(http_exception=403)
|
||||
def post(self):
|
||||
self.reqparse.add_argument('password', type=str, required=True, location='json')
|
||||
args = self.reqparse.parse_args()
|
||||
unlock(args['password'])
|
||||
return {
|
||||
"message": "You have successfully unlocked this Lemur instance",
|
||||
"type": "success"
|
||||
}
|
||||
|
||||
|
||||
api.add_resource(Login, '/auth/login', endpoint='login')
|
||||
api.add_resource(Ping, '/auth/ping', endpoint='ping')
|
||||
api.add_resource(Unlock, '/auth/unlock', endpoint='unlock')
|
||||
|
||||
|
||||
|
@ -5,13 +5,9 @@
|
||||
:license: Apache, see LICENSE for more details.
|
||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||
"""
|
||||
import os
|
||||
import arrow
|
||||
import string
|
||||
import random
|
||||
import hashlib
|
||||
import datetime
|
||||
import subprocess
|
||||
|
||||
from sqlalchemy import func, or_
|
||||
from flask import g, current_app
|
||||
@ -20,8 +16,6 @@ from lemur import database
|
||||
from lemur.common.services.aws import iam
|
||||
from lemur.plugins.base import plugins
|
||||
from lemur.certificates.models import Certificate
|
||||
from lemur.certificates.exceptions import UnableToCreateCSR, \
|
||||
UnableToCreatePrivateKey, MissingFiles
|
||||
|
||||
from lemur.accounts.models import Account
|
||||
from lemur.accounts import service as account_service
|
||||
@ -29,6 +23,12 @@ from lemur.authorities.models import Authority
|
||||
|
||||
from lemur.roles.models import Role
|
||||
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import hashes, serialization
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
|
||||
|
||||
|
||||
def get(cert_id):
|
||||
"""
|
||||
@ -127,23 +127,17 @@ def mint(issuer_options):
|
||||
authority = issuer_options['authority']
|
||||
|
||||
issuer = plugins.get(authority.plugin_name)
|
||||
# NOTE if we wanted to support more issuers it might make sense to
|
||||
# push CSR creation down to the plugin
|
||||
path = create_csr(issuer.get_csr_config(issuer_options))
|
||||
challenge, csr, csr_config, private_key = load_ssl_pack(path)
|
||||
|
||||
issuer_options['challenge'] = challenge
|
||||
csr, private_key = create_csr(issuer_options)
|
||||
|
||||
issuer_options['challenge'] = create_challenge()
|
||||
issuer_options['creator'] = g.user.email
|
||||
cert_body, cert_chain = issuer.create_certificate(csr, issuer_options)
|
||||
|
||||
cert = save_cert(cert_body, private_key, cert_chain, challenge, csr_config, issuer_options.get('accounts'))
|
||||
cert = save_cert(cert_body, private_key, cert_chain, issuer_options.get('accounts'))
|
||||
cert.user = g.user
|
||||
cert.authority = authority
|
||||
database.update(cert)
|
||||
|
||||
# securely delete pack after saving it to RDS and IAM (if applicable)
|
||||
delete_ssl_pack(path)
|
||||
|
||||
return cert, private_key, cert_chain,
|
||||
|
||||
|
||||
@ -151,7 +145,7 @@ def import_certificate(**kwargs):
|
||||
"""
|
||||
Uploads already minted certificates and pulls the required information into Lemur.
|
||||
|
||||
This is to be used for certificates that are reated outside of Lemur but
|
||||
This is to be used for certificates that are created outside of Lemur but
|
||||
should still be tracked.
|
||||
|
||||
Internally this is used to bootstrap Lemur with external
|
||||
@ -188,7 +182,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account
|
||||
:param cert_chain:
|
||||
:param challenge:
|
||||
:param csr_config:
|
||||
:param account_ids:
|
||||
:param accounts:
|
||||
"""
|
||||
cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config)
|
||||
# if we have an AWS accounts lets upload them
|
||||
@ -301,94 +295,91 @@ def create_csr(csr_config):
|
||||
|
||||
:param csr_config:
|
||||
"""
|
||||
private_key = rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
key_size=2048,
|
||||
backend=default_backend()
|
||||
)
|
||||
|
||||
# we create a no colliding file name
|
||||
path = create_path(hashlib.md5(csr_config).hexdigest())
|
||||
builder = x509.CertificateSigningRequestBuilder()
|
||||
builder = builder.subject_name(x509.Name([
|
||||
x509.NameAttribute(x509.OID_COMMON_NAME, csr_config['commonName']),
|
||||
x509.NameAttribute(x509.OID_ORGANIZATION_NAME, csr_config['organization']),
|
||||
x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, csr_config['organizationalUnit']),
|
||||
x509.NameAttribute(x509.OID_COUNTRY_NAME, csr_config['country']),
|
||||
x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, csr_config['state']),
|
||||
x509.NameAttribute(x509.OID_LOCALITY_NAME, csr_config['location'])
|
||||
]))
|
||||
|
||||
challenge = create_challenge()
|
||||
challenge_path = os.path.join(path, 'challenge.txt')
|
||||
builder = builder.add_extension(
|
||||
x509.BasicConstraints(ca=False, path_length=None), critical=True,
|
||||
)
|
||||
|
||||
with open(challenge_path, 'w') as c:
|
||||
c.write(challenge)
|
||||
#for k, v in csr_config.get('extensions', {}).items():
|
||||
# if k == 'subAltNames':
|
||||
# builder = builder.add_extension(
|
||||
# x509.SubjectAlternativeName([x509.DNSName(n) for n in v]), critical=True,
|
||||
# )
|
||||
|
||||
csr_path = os.path.join(path, 'csr_config.txt')
|
||||
# TODO support more CSR options, none of the authorities support these atm
|
||||
# builder.add_extension(
|
||||
# x509.KeyUsage(
|
||||
# digital_signature=digital_signature,
|
||||
# content_commitment=content_commitment,
|
||||
# key_encipherment=key_enipherment,
|
||||
# data_encipherment=data_encipherment,
|
||||
# key_agreement=key_agreement,
|
||||
# key_cert_sign=key_cert_sign,
|
||||
# crl_sign=crl_sign,
|
||||
# encipher_only=enchipher_only,
|
||||
# decipher_only=decipher_only
|
||||
# ), critical=True
|
||||
# )
|
||||
#
|
||||
# # we must maintain our own list of OIDs here
|
||||
# builder.add_extension(
|
||||
# x509.ExtendedKeyUsage(
|
||||
# server_authentication=server_authentication,
|
||||
# email=
|
||||
# )
|
||||
# )
|
||||
#
|
||||
# builder.add_extension(
|
||||
# x509.AuthorityInformationAccess()
|
||||
# )
|
||||
#
|
||||
# builder.add_extension(
|
||||
# x509.AuthorityKeyIdentifier()
|
||||
# )
|
||||
#
|
||||
# builder.add_extension(
|
||||
# x509.SubjectKeyIdentifier()
|
||||
# )
|
||||
#
|
||||
# builder.add_extension(
|
||||
# x509.CRLDistributionPoints()
|
||||
# )
|
||||
#
|
||||
# builder.add_extension(
|
||||
# x509.ObjectIdentifier(oid)
|
||||
# )
|
||||
|
||||
with open(csr_path, 'w') as f:
|
||||
f.write(csr_config)
|
||||
request = builder.sign(
|
||||
private_key, hashes.SHA256(), default_backend()
|
||||
)
|
||||
|
||||
#TODO use cloudCA to seed a -rand file for each call
|
||||
#TODO replace openssl shell calls with cryptograph
|
||||
with open('/dev/null', 'w') as devnull:
|
||||
code = subprocess.call(['openssl', 'genrsa',
|
||||
'-out', os.path.join(path, 'private.key'), '2048'],
|
||||
stdout=devnull, stderr=devnull)
|
||||
# serialize our private key and CSR
|
||||
pem = private_key.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.PKCS8,
|
||||
encryption_algorithm=serialization.NoEncryption()
|
||||
)
|
||||
|
||||
if code != 0:
|
||||
raise UnableToCreatePrivateKey(code)
|
||||
|
||||
with open('/dev/null', 'w') as devnull:
|
||||
code = subprocess.call(['openssl', 'req', '-new', '-sha256', '-nodes',
|
||||
'-config', csr_path, "-key", os.path.join(path, 'private.key'),
|
||||
"-out", os.path.join(path, 'request.csr')], stdout=devnull, stderr=devnull)
|
||||
|
||||
if code != 0:
|
||||
raise UnableToCreateCSR(code)
|
||||
|
||||
return path
|
||||
|
||||
|
||||
def create_path(domain_hash):
|
||||
"""
|
||||
|
||||
:param domain_hash:
|
||||
:return:
|
||||
"""
|
||||
path = os.path.join('/tmp', domain_hash)
|
||||
|
||||
try:
|
||||
os.mkdir(path)
|
||||
except OSError as e:
|
||||
now = datetime.datetime.now()
|
||||
path = os.path.join('/tmp', "{}.{}".format(domain_hash, now.strftime('%s')))
|
||||
os.mkdir(path)
|
||||
current_app.logger.warning(e)
|
||||
|
||||
current_app.logger.debug("Writing ssl files to: {}".format(path))
|
||||
return path
|
||||
|
||||
|
||||
def load_ssl_pack(path):
|
||||
"""
|
||||
Loads the information created by openssl to be used by other functions.
|
||||
|
||||
:param path:
|
||||
"""
|
||||
if len(os.listdir(path)) != 4:
|
||||
raise MissingFiles(path)
|
||||
|
||||
with open(os.path.join(path, 'challenge.txt')) as c:
|
||||
challenge = c.read()
|
||||
|
||||
with open(os.path.join(path, 'request.csr')) as r:
|
||||
csr = r.read()
|
||||
|
||||
with open(os.path.join(path, 'csr_config.txt')) as config:
|
||||
csr_config = config.read()
|
||||
|
||||
with open(os.path.join(path, 'private.key')) as key:
|
||||
private_key = key.read()
|
||||
|
||||
return (challenge, csr, csr_config, private_key,)
|
||||
|
||||
|
||||
def delete_ssl_pack(path):
|
||||
"""
|
||||
Removes the temporary files associated with CSR creation.
|
||||
|
||||
:param path:
|
||||
"""
|
||||
subprocess.check_call(['srm', '-r', path])
|
||||
csr = request.public_bytes(
|
||||
encoding=serialization.Encoding.PEM
|
||||
)
|
||||
|
||||
return csr, pem
|
||||
|
||||
def create_challenge():
|
||||
"""
|
||||
|
@ -1,185 +0,0 @@
|
||||
"""
|
||||
.. module: lemur.common.crypto
|
||||
:platform: Unix
|
||||
:synopsis: This module contains all cryptographic function's in Lemur
|
||||
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
|
||||
:license: Apache, see LICENSE for more details.
|
||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||
|
||||
"""
|
||||
import os
|
||||
import ssl
|
||||
import StringIO
|
||||
import functools
|
||||
from Crypto import Random
|
||||
from Crypto.Cipher import AES
|
||||
from hashlib import sha512
|
||||
|
||||
from flask import current_app
|
||||
|
||||
from lemur.factory import create_app
|
||||
|
||||
|
||||
old_init = ssl.SSLSocket.__init__
|
||||
|
||||
@functools.wraps(old_init)
|
||||
def ssl_bug(self, *args, **kwargs):
|
||||
kwargs['ssl_version'] = ssl.PROTOCOL_TLSv1
|
||||
old_init(self, *args, **kwargs)
|
||||
|
||||
ssl.SSLSocket.__init__ = ssl_bug
|
||||
|
||||
|
||||
def derive_key_and_iv(password, salt, key_length, iv_length):
|
||||
"""
|
||||
Derives the key and iv from the password and salt.
|
||||
|
||||
:param password:
|
||||
:param salt:
|
||||
:param key_length:
|
||||
:param iv_length:
|
||||
:return: key, iv
|
||||
"""
|
||||
d = d_i = ''
|
||||
|
||||
while len(d) < key_length + iv_length:
|
||||
d_i = sha512(d_i + password + salt).digest()
|
||||
d += d_i
|
||||
|
||||
return d[:key_length], d[key_length:key_length+iv_length]
|
||||
|
||||
|
||||
def encrypt(in_file, out_file, password, key_length=32):
|
||||
"""
|
||||
Encrypts a file.
|
||||
|
||||
:param in_file:
|
||||
:param out_file:
|
||||
:param password:
|
||||
:param key_length:
|
||||
"""
|
||||
bs = AES.block_size
|
||||
salt = Random.new().read(bs - len('Salted__'))
|
||||
key, iv = derive_key_and_iv(password, salt, key_length, bs)
|
||||
cipher = AES.new(key, AES.MODE_CBC, iv)
|
||||
out_file.write('Salted__' + salt)
|
||||
finished = False
|
||||
while not finished:
|
||||
chunk = in_file.read(1024 * bs)
|
||||
if len(chunk) == 0 or len(chunk) % bs != 0:
|
||||
padding_length = bs - (len(chunk) % bs)
|
||||
chunk += padding_length * chr(padding_length)
|
||||
finished = True
|
||||
out_file.write(cipher.encrypt(chunk))
|
||||
|
||||
|
||||
def decrypt(in_file, out_file, password, key_length=32):
|
||||
"""
|
||||
Decrypts a file.
|
||||
|
||||
:param in_file:
|
||||
:param out_file:
|
||||
:param password:
|
||||
:param key_length:
|
||||
:raise ValueError:
|
||||
"""
|
||||
bs = AES.block_size
|
||||
salt = in_file.read(bs)[len('Salted__'):]
|
||||
key, iv = derive_key_and_iv(password, salt, key_length, bs)
|
||||
cipher = AES.new(key, AES.MODE_CBC, iv)
|
||||
next_chunk = ''
|
||||
finished = False
|
||||
while not finished:
|
||||
chunk, next_chunk = next_chunk, cipher.decrypt(in_file.read(1024 * bs))
|
||||
if len(next_chunk) == 0:
|
||||
padding_length = ord(chunk[-1])
|
||||
if padding_length < 1 or padding_length > bs:
|
||||
raise ValueError("bad decrypt pad (%d)" % padding_length)
|
||||
# all the pad-bytes must be the same
|
||||
if chunk[-padding_length:] != (padding_length * chr(padding_length)):
|
||||
# this is similar to the bad decrypt:evp_enc.c from openssl program
|
||||
raise ValueError("bad decrypt")
|
||||
chunk = chunk[:-padding_length]
|
||||
finished = True
|
||||
out_file.write(chunk)
|
||||
|
||||
|
||||
def encrypt_string(string, password):
|
||||
"""
|
||||
Encrypts a string.
|
||||
|
||||
:param string:
|
||||
:param password:
|
||||
:return:
|
||||
"""
|
||||
in_file = StringIO.StringIO(string)
|
||||
enc_file = StringIO.StringIO()
|
||||
encrypt(in_file, enc_file, password)
|
||||
enc_file.seek(0)
|
||||
return enc_file.read()
|
||||
|
||||
|
||||
def decrypt_string(string, password):
|
||||
"""
|
||||
Decrypts a string.
|
||||
|
||||
:param string:
|
||||
:param password:
|
||||
:return:
|
||||
"""
|
||||
in_file = StringIO.StringIO(string)
|
||||
out_file = StringIO.StringIO()
|
||||
decrypt(in_file, out_file, password)
|
||||
out_file.seek(0)
|
||||
return out_file.read()
|
||||
|
||||
|
||||
def lock(password):
|
||||
"""
|
||||
Encrypts Lemur's KEY_PATH. This directory can be used to store secrets needed for normal
|
||||
Lemur operation. This is especially useful for storing secrets needed for communication
|
||||
with third parties (e.g. external certificate authorities).
|
||||
|
||||
Lemur does not assume anything about the contents of the directory and will attempt to
|
||||
encrypt all files contained within. Currently this has only been tested against plain
|
||||
text files.
|
||||
|
||||
:param password:
|
||||
"""
|
||||
dest_dir = os.path.join(current_app.config.get("KEY_PATH"), "encrypted")
|
||||
|
||||
if not os.path.exists(dest_dir):
|
||||
current_app.logger.debug("Creating encryption directory: {0}".format(dest_dir))
|
||||
os.makedirs(dest_dir)
|
||||
|
||||
for root, dirs, files in os.walk(os.path.join(current_app.config.get("KEY_PATH"), 'decrypted')):
|
||||
for f in files:
|
||||
source = os.path.join(root, f)
|
||||
dest = os.path.join(dest_dir, f + ".enc")
|
||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||
encrypt(in_file, out_file, password)
|
||||
|
||||
|
||||
def unlock(password):
|
||||
"""
|
||||
Decrypts Lemur's KEY_PATH, allowing lemur to use the secrets within.
|
||||
|
||||
This reverses the :func:`lock` function.
|
||||
|
||||
:param password:
|
||||
"""
|
||||
dest_dir = os.path.join(current_app.config.get("KEY_PATH"), "decrypted")
|
||||
source_dir = os.path.join(current_app.config.get("KEY_PATH"), "encrypted")
|
||||
|
||||
if not os.path.exists(dest_dir):
|
||||
current_app.logger.debug("Creating decryption directory: {0}".format(dest_dir))
|
||||
os.makedirs(dest_dir)
|
||||
|
||||
for root, dirs, files in os.walk(source_dir):
|
||||
for f in files:
|
||||
source = os.path.join(source_dir, f)
|
||||
dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1]))
|
||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||
current_app.logger.debug("Writing file: {0} Source: {1}".format(dest, source))
|
||||
decrypt(in_file, out_file, password)
|
||||
|
155
lemur/manage.py
155
lemur/manage.py
@ -1,9 +1,10 @@
|
||||
#!/usr/bin/env python
|
||||
import os
|
||||
import sys
|
||||
import base64
|
||||
from gunicorn.config import make_settings
|
||||
|
||||
from cryptography.fernet import Fernet
|
||||
|
||||
from flask import current_app
|
||||
from flask.ext.script import Manager, Command, Option, Group, prompt_pass
|
||||
from flask.ext.migrate import Migrate, MigrateCommand, stamp
|
||||
@ -20,7 +21,6 @@ from lemur.certificates import sync
|
||||
from lemur.elbs.sync import sync_all_elbs
|
||||
|
||||
from lemur import create_app
|
||||
from lemur.common.crypto import encrypt, decrypt, lock, unlock
|
||||
|
||||
# Needed to be imported so that SQLAlchemy create_all can find our models
|
||||
from lemur.users.models import User
|
||||
@ -133,78 +133,6 @@ def create():
|
||||
stamp(revision='head')
|
||||
|
||||
|
||||
@manager.command
|
||||
def lock():
|
||||
"""
|
||||
Encrypts all of the files in the `keys` directory with the password
|
||||
given. This is a useful function to ensure that you do no check in
|
||||
your key files into source code in clear text.
|
||||
|
||||
:return:
|
||||
"""
|
||||
password = prompt_pass("Please enter the encryption password")
|
||||
lock(password)
|
||||
sys.stdout.write("[+] Lemur keys have been encrypted!\n")
|
||||
|
||||
|
||||
@manager.command
|
||||
def unlock():
|
||||
"""
|
||||
Decrypts all of the files in the `keys` directory with the password
|
||||
given. This is most commonly used during the startup sequence of Lemur
|
||||
allowing it to go from source code to something that can communicate
|
||||
with external services.
|
||||
|
||||
:return:
|
||||
"""
|
||||
password = prompt_pass("Please enter the encryption password")
|
||||
unlock(password)
|
||||
sys.stdout.write("[+] Lemur keys have been unencrypted!\n")
|
||||
|
||||
|
||||
@manager.command
|
||||
def encrypt_file(source):
|
||||
"""
|
||||
Utility to encrypt sensitive files, Lemur will decrypt these
|
||||
files when admin enters the correct password.
|
||||
|
||||
Uses AES-256-CBC encryption
|
||||
"""
|
||||
dest = source + ".encrypted"
|
||||
password = prompt_pass("Please enter the encryption password")
|
||||
password1 = prompt_pass("Please confirm the encryption password")
|
||||
if password != password1:
|
||||
sys.stdout.write("[!] Encryption passwords do not match!\n")
|
||||
return
|
||||
|
||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||
encrypt(in_file, out_file, password)
|
||||
|
||||
sys.stdout.write("[+] Writing encryption files... {0}!\n".format(dest))
|
||||
|
||||
|
||||
@manager.command
|
||||
def decrypt_file(source):
|
||||
"""
|
||||
Utility to decrypt, Lemur will decrypt these
|
||||
files when admin enters the correct password.
|
||||
|
||||
Assumes AES-256-CBC encryption
|
||||
"""
|
||||
# cleanup extensions a bit
|
||||
if ".encrypted" in source:
|
||||
dest = ".".join(source.split(".")[:-1]) + ".decrypted"
|
||||
else:
|
||||
dest = source + ".decrypted"
|
||||
|
||||
password = prompt_pass("Please enter the encryption password")
|
||||
|
||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||
decrypt(in_file, out_file, password)
|
||||
|
||||
sys.stdout.write("[+] Writing decrypted files... {0}!\n".format(dest))
|
||||
|
||||
|
||||
@manager.command
|
||||
def check_revoked():
|
||||
"""
|
||||
@ -453,7 +381,84 @@ def create_config(config_path=None):
|
||||
with open(config_path, 'w') as f:
|
||||
f.write(config)
|
||||
|
||||
sys.stdout.write("Created a new configuration file {0}\n".format(config_path))
|
||||
sys.stdout.write("[+] Created a new configuration file {0}\n".format(config_path))
|
||||
|
||||
|
||||
@manager.command
|
||||
def lock(path=None):
|
||||
"""
|
||||
Encrypts a given path. This directory can be used to store secrets needed for normal
|
||||
Lemur operation. This is especially useful for storing secrets needed for communication
|
||||
with third parties (e.g. external certificate authorities).
|
||||
|
||||
Lemur does not assume anything about the contents of the directory and will attempt to
|
||||
encrypt all files contained within. Currently this has only been tested against plain
|
||||
text files.
|
||||
|
||||
Path defaults ~/.lemur/keys
|
||||
|
||||
:param: path
|
||||
"""
|
||||
if not path:
|
||||
path = os.path.expanduser('~/.lemur/keys')
|
||||
|
||||
dest_dir = os.path.join(path, "encrypted")
|
||||
sys.stdout.write("[!] Generating a new key...\n")
|
||||
|
||||
key = Fernet.generate_key()
|
||||
|
||||
if not os.path.exists(dest_dir):
|
||||
sys.stdout.write("[+] Creating encryption directory: {0}\n".format(dest_dir))
|
||||
os.makedirs(dest_dir)
|
||||
|
||||
for root, dirs, files in os.walk(os.path.join(path, 'decrypted')):
|
||||
for f in files:
|
||||
source = os.path.join(root, f)
|
||||
dest = os.path.join(dest_dir, f + ".enc")
|
||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||
f = Fernet(key)
|
||||
data = f.encrypt(in_file.read())
|
||||
out_file.write(data)
|
||||
sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source))
|
||||
|
||||
sys.stdout.write("[+] Keys have been encrypted with key {0}\n".format(key))
|
||||
|
||||
|
||||
@manager.command
|
||||
def unlock(path=None):
|
||||
"""
|
||||
Decrypts all of the files in a given directory with provided password.
|
||||
This is most commonly used during the startup sequence of Lemur
|
||||
allowing it to go from source code to something that can communicate
|
||||
with external services.
|
||||
|
||||
Path defaults ~/.lemur/keys
|
||||
|
||||
:param: path
|
||||
"""
|
||||
key = prompt_pass("[!] Please enter the encryption password")
|
||||
|
||||
if not path:
|
||||
path = os.path.expanduser('~/.lemur/keys')
|
||||
|
||||
dest_dir = os.path.join(path, "decrypted")
|
||||
source_dir = os.path.join(path, "encrypted")
|
||||
|
||||
if not os.path.exists(dest_dir):
|
||||
sys.stdout.write("[+] Creating decryption directory: {0}\n".format(dest_dir))
|
||||
os.makedirs(dest_dir)
|
||||
|
||||
for root, dirs, files in os.walk(source_dir):
|
||||
for f in files:
|
||||
source = os.path.join(source_dir, f)
|
||||
dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1]))
|
||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||
f = Fernet(key)
|
||||
data = f.decrypt(in_file.read())
|
||||
out_file.write(data)
|
||||
sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source))
|
||||
|
||||
sys.stdout.write("[+] Keys have been unencrypted!\n")
|
||||
|
||||
|
||||
def main():
|
||||
|
@ -19,6 +19,3 @@ class IssuerPlugin(Plugin):
|
||||
def create_authority(self):
|
||||
raise NotImplemented
|
||||
|
||||
def get_csr_config(self):
|
||||
raise NotImplementedError
|
||||
|
||||
|
@ -151,6 +151,3 @@ class VerisignPlugin(IssuerPlugin):
|
||||
response = self.session.post(url, headers={'content-type': 'application/x-www-form-urlencoded'})
|
||||
return self.handle_response(response.content)['Response']['Order']
|
||||
|
||||
def get_authorities(self):
|
||||
pass
|
||||
|
||||
|
@ -45,7 +45,6 @@ def app():
|
||||
ctx.pop()
|
||||
|
||||
|
||||
|
||||
@pytest.yield_fixture(scope="session")
|
||||
def db(app, request):
|
||||
_db.drop_all()
|
||||
@ -72,7 +71,6 @@ def session(db, request):
|
||||
|
||||
|
||||
@pytest.yield_fixture(scope="function")
|
||||
def client(app, session):
|
||||
with app.test_client() as client:
|
||||
yield client
|
||||
def client(app, session, client):
|
||||
yield client
|
||||
|
||||
|
@ -22,11 +22,11 @@ def test_account_get(client):
|
||||
|
||||
|
||||
def test_account_post(client):
|
||||
assert client.post(api.url_for(Accounts, account_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(Accounts, account_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_account_put(client):
|
||||
assert client.put(api.url_for(Accounts, account_id=1), {}).status_code == 401
|
||||
assert client.put(api.url_for(Accounts, account_id=1), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_account_delete(client):
|
||||
@ -34,7 +34,7 @@ def test_account_delete(client):
|
||||
|
||||
|
||||
def test_account_patch(client):
|
||||
assert client.patch(api.url_for(Accounts, account_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(Accounts, account_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
VALID_USER_HEADER_TOKEN = {
|
||||
@ -45,7 +45,7 @@ def test_auth_account_get(client):
|
||||
|
||||
|
||||
def test_auth_account_post_(client):
|
||||
assert client.post(api.url_for(Accounts, account_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Accounts, account_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_account_put(client):
|
||||
@ -57,7 +57,7 @@ def test_auth_account_delete(client):
|
||||
|
||||
|
||||
def test_auth_account_patch(client):
|
||||
assert client.patch(api.url_for(Accounts, account_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Accounts, account_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
VALID_ADMIN_HEADER_TOKEN = {
|
||||
@ -68,7 +68,7 @@ def test_admin_account_get(client):
|
||||
|
||||
|
||||
def test_admin_account_post(client):
|
||||
assert client.post(api.url_for(Accounts, account_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Accounts, account_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_account_put(client):
|
||||
@ -80,7 +80,7 @@ def test_admin_account_delete(client):
|
||||
|
||||
|
||||
def test_admin_account_patch(client):
|
||||
assert client.patch(api.url_for(Accounts, account_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Accounts, account_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_accounts_get(client):
|
||||
@ -88,11 +88,11 @@ def test_accounts_get(client):
|
||||
|
||||
|
||||
def test_accounts_post(client):
|
||||
assert client.post(api.url_for(AccountsList), {}).status_code == 401
|
||||
assert client.post(api.url_for(AccountsList), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_accounts_put(client):
|
||||
assert client.put(api.url_for(AccountsList), {}).status_code == 405
|
||||
assert client.put(api.url_for(AccountsList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_accounts_delete(client):
|
||||
@ -100,7 +100,7 @@ def test_accounts_delete(client):
|
||||
|
||||
|
||||
def test_accounts_patch(client):
|
||||
assert client.patch(api.url_for(AccountsList), {}).status_code == 405
|
||||
assert client.patch(api.url_for(AccountsList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_auth_accounts_get(client):
|
||||
@ -108,7 +108,7 @@ def test_auth_accounts_get(client):
|
||||
|
||||
|
||||
def test_auth_accounts_post(client):
|
||||
assert client.post(api.url_for(AccountsList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
||||
assert client.post(api.url_for(AccountsList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
||||
|
||||
|
||||
def test_admin_accounts_get(client):
|
||||
|
@ -16,11 +16,11 @@ def test_authority_get(client):
|
||||
|
||||
|
||||
def test_authority_post(client):
|
||||
assert client.post(api.url_for(Authorities, authority_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(Authorities, authority_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_authority_put(client):
|
||||
assert client.put(api.url_for(Authorities, authority_id=1), {}).status_code == 401
|
||||
assert client.put(api.url_for(Authorities, authority_id=1), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_authority_delete(client):
|
||||
@ -28,7 +28,7 @@ def test_authority_delete(client):
|
||||
|
||||
|
||||
def test_authority_patch(client):
|
||||
assert client.patch(api.url_for(Authorities, authority_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(Authorities, authority_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_authorities_get(client):
|
||||
@ -36,11 +36,11 @@ def test_authorities_get(client):
|
||||
|
||||
|
||||
def test_authorities_post(client):
|
||||
assert client.post(api.url_for(AuthoritiesList), {}).status_code == 401
|
||||
assert client.post(api.url_for(AuthoritiesList), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_authorities_put(client):
|
||||
assert client.put(api.url_for(AuthoritiesList), {}).status_code == 405
|
||||
assert client.put(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_authorities_delete(client):
|
||||
@ -48,7 +48,7 @@ def test_authorities_delete(client):
|
||||
|
||||
|
||||
def test_authorities_patch(client):
|
||||
assert client.patch(api.url_for(AuthoritiesList), {}).status_code == 405
|
||||
assert client.patch(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_authorities_get(client):
|
||||
@ -56,11 +56,11 @@ def test_certificate_authorities_get(client):
|
||||
|
||||
|
||||
def test_certificate_authorities_post(client):
|
||||
assert client.post(api.url_for(AuthoritiesList), {}).status_code == 401
|
||||
assert client.post(api.url_for(AuthoritiesList), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_certificate_authorities_put(client):
|
||||
assert client.put(api.url_for(AuthoritiesList), {}).status_code == 405
|
||||
assert client.put(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_authorities_delete(client):
|
||||
@ -68,7 +68,7 @@ def test_certificate_authorities_delete(client):
|
||||
|
||||
|
||||
def test_certificate_authorities_patch(client):
|
||||
assert client.patch(api.url_for(AuthoritiesList), {}).status_code == 405
|
||||
assert client.patch(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||
|
||||
|
||||
VALID_USER_HEADER_TOKEN = {
|
||||
@ -80,7 +80,7 @@ def test_auth_authority_get(client):
|
||||
|
||||
|
||||
def test_auth_authority_post_(client):
|
||||
assert client.post(api.url_for(Authorities, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_authority_put(client):
|
||||
@ -92,7 +92,7 @@ def test_auth_authority_delete(client):
|
||||
|
||||
|
||||
def test_auth_authority_patch(client):
|
||||
assert client.patch(api.url_for(Authorities, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_authorities_get(client):
|
||||
@ -100,7 +100,7 @@ def test_auth_authorities_get(client):
|
||||
|
||||
|
||||
def test_auth_authorities_post(client):
|
||||
assert client.post(api.url_for(AuthoritiesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||
assert client.post(api.url_for(AuthoritiesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||
|
||||
|
||||
def test_auth_certificates_authorities_get(client):
|
||||
@ -116,7 +116,7 @@ def test_admin_authority_get(client):
|
||||
|
||||
|
||||
def test_admin_authority_post(client):
|
||||
assert client.post(api.url_for(Authorities, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_authority_put(client):
|
||||
@ -136,11 +136,11 @@ def test_admin_authorities_get(client):
|
||||
|
||||
|
||||
def test_admin_authorities_post(client):
|
||||
assert client.post(api.url_for(AuthoritiesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
||||
assert client.post(api.url_for(AuthoritiesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
||||
|
||||
|
||||
def test_admin_authorities_put(client):
|
||||
assert client.put(api.url_for(AuthoritiesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(AuthoritiesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_authorities_delete(client):
|
||||
|
@ -1,18 +1,6 @@
|
||||
import os
|
||||
import pytest
|
||||
from mock import mock_open, patch
|
||||
from lemur.certificates.views import *
|
||||
|
||||
#def test_crud(session):
|
||||
# role = create('role1')
|
||||
# assert role.id > 0
|
||||
#
|
||||
# role = update(role.id, 'role_new', None, [])
|
||||
# assert role.name == 'role_new'
|
||||
# delete(role.id)
|
||||
# assert get(role.id) == None
|
||||
|
||||
|
||||
def test_valid_authority(session):
|
||||
assert 1 == 2
|
||||
|
||||
@ -33,28 +21,26 @@ def test_private_key_str():
|
||||
private_key_str('dfsdfsdf', 'test')
|
||||
|
||||
|
||||
def test_create_csr():
|
||||
from lemur.tests.certs import CSR_CONFIG
|
||||
def test_create_basic_csr():
|
||||
from lemur.certificates.service import create_csr
|
||||
m = mock_open()
|
||||
with patch('lemur.certificates.service.open', m, create=True):
|
||||
path = create_csr(CSR_CONFIG)
|
||||
assert path == ''
|
||||
csr_config = dict(
|
||||
commonName=u'example.com',
|
||||
organization=u'Example, Inc.',
|
||||
organizationalUnit=u'Operations',
|
||||
country=u'US',
|
||||
state=u'CA',
|
||||
location=u'A place',
|
||||
extensions=dict(subAltNames=[u'test.example.com', u'test2.example.com'])
|
||||
)
|
||||
csr, pem = create_csr(csr_config)
|
||||
|
||||
private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend())
|
||||
csr = x509.load_pem_x509_csr(csr, default_backend())
|
||||
for name in csr.subject:
|
||||
assert name.value in csr_config.values()
|
||||
|
||||
|
||||
def test_create_path():
|
||||
assert 1 == 2
|
||||
|
||||
|
||||
def test_load_ssl_pack():
|
||||
assert 1 == 2
|
||||
|
||||
|
||||
def test_delete_ssl_path():
|
||||
assert 1 == 2
|
||||
|
||||
|
||||
def test_import_certificate(session):
|
||||
def test_import_certificate():
|
||||
assert 1 == 2
|
||||
|
||||
|
||||
@ -137,20 +123,17 @@ def test_create_name():
|
||||
True
|
||||
) == 'SAN-example.com-ExampleInc-20150507-20150512'
|
||||
|
||||
def test_is_expired():
|
||||
assert 1 == 2
|
||||
|
||||
|
||||
def test_certificate_get(client):
|
||||
assert client.get(api.url_for(Certificates, certificate_id=1)).status_code == 401
|
||||
|
||||
|
||||
def test_certificate_post(client):
|
||||
assert client.post(api.url_for(Certificates, certificate_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(Certificates, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_put(client):
|
||||
assert client.put(api.url_for(Certificates, certificate_id=1), {}).status_code == 401
|
||||
assert client.put(api.url_for(Certificates, certificate_id=1), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_certificate_delete(client):
|
||||
@ -158,7 +141,7 @@ def test_certificate_delete(client):
|
||||
|
||||
|
||||
def test_certificate_patch(client):
|
||||
assert client.patch(api.url_for(Certificates, certificate_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(Certificates, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificates_get(client):
|
||||
@ -166,11 +149,11 @@ def test_certificates_get(client):
|
||||
|
||||
|
||||
def test_certificates_post(client):
|
||||
assert client.post(api.url_for(CertificatesList), {}).status_code == 401
|
||||
assert client.post(api.url_for(CertificatesList), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_certificates_put(client):
|
||||
assert client.put(api.url_for(CertificatesList), {}).status_code == 405
|
||||
assert client.put(api.url_for(CertificatesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificates_delete(client):
|
||||
@ -178,7 +161,7 @@ def test_certificates_delete(client):
|
||||
|
||||
|
||||
def test_certificates_patch(client):
|
||||
assert client.patch(api.url_for(CertificatesList), {}).status_code == 405
|
||||
assert client.patch(api.url_for(CertificatesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_credentials_get(client):
|
||||
@ -186,11 +169,11 @@ def test_certificate_credentials_get(client):
|
||||
|
||||
|
||||
def test_certificate_credentials_post(client):
|
||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_credentials_put(client):
|
||||
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405
|
||||
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_credentials_delete(client):
|
||||
@ -198,7 +181,7 @@ def test_certificate_credentials_delete(client):
|
||||
|
||||
|
||||
def test_certificate_credentials_patch(client):
|
||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificates_upload_get(client):
|
||||
@ -206,11 +189,11 @@ def test_certificates_upload_get(client):
|
||||
|
||||
|
||||
def test_certificates_upload_post(client):
|
||||
assert client.post(api.url_for(CertificatesUpload), {}).status_code == 401
|
||||
assert client.post(api.url_for(CertificatesUpload), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_certificates_upload_put(client):
|
||||
assert client.put(api.url_for(CertificatesUpload), {}).status_code == 405
|
||||
assert client.put(api.url_for(CertificatesUpload), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificates_upload_delete(client):
|
||||
@ -218,7 +201,7 @@ def test_certificates_upload_delete(client):
|
||||
|
||||
|
||||
def test_certificates_upload_patch(client):
|
||||
assert client.patch(api.url_for(CertificatesUpload), {}).status_code == 405
|
||||
assert client.patch(api.url_for(CertificatesUpload), data={}).status_code == 405
|
||||
|
||||
|
||||
VALID_USER_HEADER_TOKEN = {
|
||||
@ -230,7 +213,7 @@ def test_auth_certificate_get(client):
|
||||
|
||||
|
||||
def test_auth_certificate_post_(client):
|
||||
assert client.post(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificate_put(client):
|
||||
@ -242,7 +225,7 @@ def test_auth_certificate_delete(client):
|
||||
|
||||
|
||||
def test_auth_certificate_patch(client):
|
||||
assert client.patch(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificates_get(client):
|
||||
@ -250,7 +233,7 @@ def test_auth_certificates_get(client):
|
||||
|
||||
|
||||
def test_auth_certificates_post(client):
|
||||
assert client.post(api.url_for(CertificatesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||
assert client.post(api.url_for(CertificatesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||
|
||||
|
||||
def test_auth_certificate_credentials_get(client):
|
||||
@ -258,11 +241,11 @@ def test_auth_certificate_credentials_get(client):
|
||||
|
||||
|
||||
def test_auth_certificate_credentials_post(client):
|
||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificate_credentials_put(client):
|
||||
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificate_credentials_delete(client):
|
||||
@ -270,7 +253,7 @@ def test_auth_certificate_credentials_delete(client):
|
||||
|
||||
|
||||
def test_auth_certificate_credentials_patch(client):
|
||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificates_upload_get(client):
|
||||
@ -278,11 +261,11 @@ def test_auth_certificates_upload_get(client):
|
||||
|
||||
|
||||
def test_auth_certificates_upload_post(client):
|
||||
assert client.post(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||
assert client.post(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||
|
||||
|
||||
def test_auth_certificates_upload_put(client):
|
||||
assert client.put(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificates_upload_delete(client):
|
||||
@ -290,7 +273,7 @@ def test_auth_certificates_upload_delete(client):
|
||||
|
||||
|
||||
def test_auth_certificates_upload_patch(client):
|
||||
assert client.patch(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
VALID_ADMIN_HEADER_TOKEN = {
|
||||
@ -302,7 +285,7 @@ def test_admin_certificate_get(client):
|
||||
|
||||
|
||||
def test_admin_certificate_post(client):
|
||||
assert client.post(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_certificate_put(client):
|
||||
@ -314,7 +297,7 @@ def test_admin_certificate_delete(client):
|
||||
|
||||
|
||||
def test_admin_certificate_patch(client):
|
||||
assert client.patch(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_certificates_get(client):
|
||||
@ -328,7 +311,7 @@ def test_admin_certificate_credentials_get(client):
|
||||
|
||||
|
||||
def test_admin_certificate_credentials_post(client):
|
||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_certificate_credentials_put(client):
|
||||
@ -340,5 +323,5 @@ def test_admin_certificate_credentials_delete(client):
|
||||
|
||||
|
||||
def test_admin_certificate_credentials_patch(client):
|
||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
@ -5,11 +5,11 @@ def test_domain_get(client):
|
||||
|
||||
|
||||
def test_domain_post(client):
|
||||
assert client.post(api.url_for(Domains, domain_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(Domains, domain_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_domain_put(client):
|
||||
assert client.put(api.url_for(Domains, domain_id=1), {}).status_code == 405
|
||||
assert client.put(api.url_for(Domains, domain_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_domain_delete(client):
|
||||
@ -17,7 +17,7 @@ def test_domain_delete(client):
|
||||
|
||||
|
||||
def test_domain_patch(client):
|
||||
assert client.patch(api.url_for(Domains, domain_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(Domains, domain_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
VALID_USER_HEADER_TOKEN = {
|
||||
@ -28,7 +28,7 @@ def test_auth_domain_get(client):
|
||||
|
||||
|
||||
def test_auth_domain_post_(client):
|
||||
assert client.post(api.url_for(Domains, domain_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Domains, domain_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_domain_put(client):
|
||||
@ -40,7 +40,7 @@ def test_auth_domain_delete(client):
|
||||
|
||||
|
||||
def test_auth_domain_patch(client):
|
||||
assert client.patch(api.url_for(Domains, domain_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Domains, domain_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
VALID_ADMIN_HEADER_TOKEN = {
|
||||
@ -51,7 +51,7 @@ def test_admin_domain_get(client):
|
||||
|
||||
|
||||
def test_admin_domain_post(client):
|
||||
assert client.post(api.url_for(Domains, domain_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Domains, domain_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_domain_put(client):
|
||||
@ -63,7 +63,7 @@ def test_admin_domain_delete(client):
|
||||
|
||||
|
||||
def test_admin_domain_patch(client):
|
||||
assert client.patch(api.url_for(Domains, domain_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Domains, domain_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_domains_get(client):
|
||||
@ -71,11 +71,11 @@ def test_domains_get(client):
|
||||
|
||||
|
||||
def test_domains_post(client):
|
||||
assert client.post(api.url_for(DomainsList), {}).status_code == 405
|
||||
assert client.post(api.url_for(DomainsList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_domains_put(client):
|
||||
assert client.put(api.url_for(DomainsList), {}).status_code == 405
|
||||
assert client.put(api.url_for(DomainsList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_domains_delete(client):
|
||||
@ -83,7 +83,7 @@ def test_domains_delete(client):
|
||||
|
||||
|
||||
def test_domains_patch(client):
|
||||
assert client.patch(api.url_for(DomainsList), {}).status_code == 405
|
||||
assert client.patch(api.url_for(DomainsList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_auth_domains_get(client):
|
||||
@ -101,11 +101,11 @@ def test_certificate_domains_get(client):
|
||||
|
||||
|
||||
def test_certificate_domains_post(client):
|
||||
assert client.post(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_domains_put(client):
|
||||
assert client.put(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405
|
||||
assert client.put(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_certificate_domains_delete(client):
|
||||
@ -113,7 +113,7 @@ def test_certificate_domains_delete(client):
|
||||
|
||||
|
||||
def test_certificate_domains_patch(client):
|
||||
assert client.patch(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_auth_certificate_domains_get(client):
|
||||
|
@ -1 +0,0 @@
|
||||
KRPZPA&*!_~%dbnuzf153594
|
@ -1,38 +0,0 @@
|
||||
|
||||
# Configuration for standard CSR generation for Netflix
|
||||
# Used for procuring VeriSign certificates
|
||||
# Author: jachan
|
||||
# Contact: cloudsecurity@netflix.com
|
||||
|
||||
[ req ]
|
||||
# Use a 2048 bit private key
|
||||
default_bits = 2048
|
||||
default_keyfile = key.pem
|
||||
prompt = no
|
||||
encrypt_key = no
|
||||
|
||||
# base request
|
||||
distinguished_name = req_distinguished_name
|
||||
|
||||
# extensions
|
||||
# Uncomment the following line if you are requesting a SAN cert
|
||||
#req_extensions = req_ext
|
||||
|
||||
# distinguished_name
|
||||
[ req_distinguished_name ]
|
||||
countryName = "US" # C=
|
||||
stateOrProvinceName = "CALIFORNIA" # ST=
|
||||
localityName = "Los Gatos" # L=
|
||||
organizationName = "Netflix, Inc." # O=
|
||||
organizationalUnitName = "Operations" # OU=
|
||||
# This is the hostname/subject name on the certificate
|
||||
commonName = "dfdsflkj.net" # CN=
|
||||
|
||||
[ req_ext ]
|
||||
# Uncomment the following line if you are requesting a SAN cert
|
||||
#subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
# Put your SANs here
|
||||
|
||||
|
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAvNudwW+UeQqkpY71MIdEg501AFlPKuOXG2xU8DZhvZS6dKv+
|
||||
kDmIWdEqodDgkQiy0jyTgTwxwRqDSw96R6ZgrXefUoJJo66aCsosTBZtVaE85f1L
|
||||
bj2+3U678c+rekUdkrnGcGCo6b8QtdvBpiDy2clneox8tSvmffAdcR1uCv/790/k
|
||||
PzQ/djWDX9JcBRyDkcTJwYC0/ek7URvA/+MXmgUL13T+gWKqduaKuIBlFetonDjn
|
||||
nO11QUBiusIuHV62wzKn8m5Nc+4XoaBR0YWMFn/g6qXDYrwfCsMpka7vSWJFv5Ff
|
||||
yf+7kY3wU4xIwU2vXlIDcCsdUu6b/pYoQ0YOsQIDAQABAoIBAGbFH6iWnnXrq8MH
|
||||
8zcQNOFmF+RztRgCt0TOA76f6TowB/LbcXBsTl2J7CgYMUvbLuwm2KHX7r9FPTMI
|
||||
XiNFT5C16rYMfiQbLGo4sDhLb/3L+wawem6oHQfzA2VH++lSWRByFaEriF+CgIZl
|
||||
6pALl/uZlLzkXCx+kjPwCSV3vV0wFkDnNs6+wPrz2IhkePsuC8J0QKQLlwsES2It
|
||||
Gizzhpehdv9lc9MyZC//1QlD9gMDl5ok5Bt1Xm2c12XUEEcLlKQkJxiOrBOfXPmV
|
||||
PHCdLc7gZO30hc6dyQ1SSnLpywhz/a0ir2GMvkMbS5hculpcZmwEcdZl1HYD8ObP
|
||||
yOMbPE0CgYEA4LVGJKGtbM8RiBB0MstxNstMYVJ4mXB0lSQ0RazdO3S3ojn+oLpF
|
||||
b2pvV6m9WnHiCGigWkzhqtGGCo6aqE0MoiR4jTN8GhiZz4ggDDaVgc4Px5reUD+r
|
||||
tRsTpBHseGQ+ODGgkMI8eJYkdyqkECkYjAOrdy6uorvgxUAZecRIfJMCgYEA1yhM
|
||||
7NidTNRuA+huS5GcQwQweTM6P1qF7Kfk1JYQMVu4gibLZiLHlWCyHI9lrbI7IaMm
|
||||
g/4jXXoewv7IvyrrSEFulkPeVWxCe3mjfQ8JANfUj4kuR915LSn4lX2pbUgUS66K
|
||||
vJSUJtnzLUmb8khLEcOmDbmTFZl8D/bTHFFZlisCgYAeelfWNhuoq3lMRDcOgKuN
|
||||
bAujE6WJ4kfdxrhUTvr+ynjxxv3zXPB4CS6q7Dnjn5ix3UcKmGzvV1Xf7rGpbDHv
|
||||
eBTlyfrmKzoJfQQjw++JWKKpRycqKUin2tFSKqAxQB90Tb7ig4XiMTMm+qCgFILg
|
||||
0sqZ8rn7FpKJDoWmD2ppgwKBgG2Dl9QeVcKbhfv7PNi+HvmFkl6+knFY1D4nHzSN
|
||||
xWQ6OWoV8QXlwgzokQA0hR6qT6rJbntUyg90b1/1a5zSbbvzgiR+GxcD6bsLqQmo
|
||||
s354XTtKKgJuWpWAfYUp1ylGvP3gs8FVJyu3WC2+/9+MqJk8KrNlt9YQr7M4gTAy
|
||||
wBTNAoGAGU7Po4uI3xDKGLLK/ot3D3P8U9ByfeLlrUZtTz1PASsMOr92bkXmUPlE
|
||||
DYUd5uFfwwlvbMNT1Ooeyrzg3bARd9B6ATyMkOaJeGoQwFAI468iucnm9rNXB+/t
|
||||
U2rbIi1pXSm8zSNEY85tf6C8DU/5YbcAPf47a2UYhwCpYAJfMk0=
|
||||
-----END RSA PRIVATE KEY-----
|
@ -1,17 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICvzCCAacCAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNBTElGT1JOSUEx
|
||||
EjAQBgNVBAcTCUxvcyBHYXRvczEWMBQGA1UEChMNTmV0ZmxpeCwgSW5jLjETMBEG
|
||||
A1UECxMKT3BlcmF0aW9uczEVMBMGA1UEAxMMZGZkc2Zsa2oubmV0MIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNudwW+UeQqkpY71MIdEg501AFlPKuOX
|
||||
G2xU8DZhvZS6dKv+kDmIWdEqodDgkQiy0jyTgTwxwRqDSw96R6ZgrXefUoJJo66a
|
||||
CsosTBZtVaE85f1Lbj2+3U678c+rekUdkrnGcGCo6b8QtdvBpiDy2clneox8tSvm
|
||||
ffAdcR1uCv/790/kPzQ/djWDX9JcBRyDkcTJwYC0/ek7URvA/+MXmgUL13T+gWKq
|
||||
duaKuIBlFetonDjnnO11QUBiusIuHV62wzKn8m5Nc+4XoaBR0YWMFn/g6qXDYrwf
|
||||
CsMpka7vSWJFv5Ffyf+7kY3wU4xIwU2vXlIDcCsdUu6b/pYoQ0YOsQIDAQABoAAw
|
||||
DQYJKoZIhvcNAQEFBQADggEBAE8b0+IYGiR64Me/L0/njYvSR5WR4EnjW99Sc8X5
|
||||
k93zpk4hExrZhrlkDBA/jUHhBZcPNV9w/YkhSu5ubPjRp9gRM2d4B9gGJFAs+bwe
|
||||
LS9hCOxWIMKgvaBMEDQFcwqAv6kEJzmrIa7LtWS39wNfdko2hANtm7z9qskc8bPr
|
||||
265+Z48DwSNCF4RPhVp9eDifjHrj0I//GMXYa92uvgj1BlPo/SGMS+XFQF779p2b
|
||||
622HmUCop3pYeIyYd6rirvl9+KwqvIhm2MqHk62eHOK7Bn/FPev8OUDeV6pIvvSV
|
||||
UxsEHjjLm0V/lOD65lROc7dTq4jO5PkpoKnFQDgV5v0Bf/k=
|
||||
-----END CERTIFICATE REQUEST-----
|
@ -1,21 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDcDCCAlgCCQC8msHu/aa61zANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV
|
||||
UzETMBEGA1UECBMKQ0FMSUZPUk5JQTESMBAGA1UEBxMJTG9zIEdhdG9zMRYwFAYD
|
||||
VQQKEw1OZXRmbGl4LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMRUwEwYDVQQD
|
||||
EwxkZmRzZmxrai5uZXQwHhcNMTQwNTI1MTczMDMzWhcNMTUwNTI1MTczMDMzWjB6
|
||||
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ0FMSUZPUk5JQTESMBAGA1UEBxMJTG9z
|
||||
IEdhdG9zMRYwFAYDVQQKEw1OZXRmbGl4LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRp
|
||||
b25zMRUwEwYDVQQDEwxkZmRzZmxrai5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQC8253Bb5R5CqSljvUwh0SDnTUAWU8q45cbbFTwNmG9lLp0q/6Q
|
||||
OYhZ0Sqh0OCRCLLSPJOBPDHBGoNLD3pHpmCtd59SgkmjrpoKyixMFm1VoTzl/Utu
|
||||
Pb7dTrvxz6t6RR2SucZwYKjpvxC128GmIPLZyWd6jHy1K+Z98B1xHW4K//v3T+Q/
|
||||
ND92NYNf0lwFHIORxMnBgLT96TtRG8D/4xeaBQvXdP6BYqp25oq4gGUV62icOOec
|
||||
7XVBQGK6wi4dXrbDMqfybk1z7hehoFHRhYwWf+DqpcNivB8KwymRru9JYkW/kV/J
|
||||
/7uRjfBTjEjBTa9eUgNwKx1S7pv+lihDRg6xAgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
||||
ggEBAJHwa4l2iSiFBb6wVFBJEWEt31qp+njiVCoTg2OJzCT60Xb26hkrsiTldIIh
|
||||
eB9+y+fwdfwopzWhkNbIOlCfudx/uxtpor8/3BRbjSlNwDUg2L8pfAircJMFLQUM
|
||||
O6nqPOBWCe8hXwe9FQM/oFOavf/AAw/FED+892xlytjirK9u3B28O20W11+fY7hp
|
||||
8LQVBrMoVxFeLWmmwETAltJ7HEYutplRzYTM0vLBARl4Vd5kLJlY3j2Dp1ZpRGcg
|
||||
CrQp26UD/oaAPGtiZQSC4LJ+4JfOuuqbm3CI24QMCh9rxv3ZoOQnFuC+7cZgqrat
|
||||
V4bxCrVvWhrrDSgy9+A80NVzQ3k=
|
||||
-----END CERTIFICATE-----
|
@ -18,11 +18,11 @@ def test_role_get(client):
|
||||
|
||||
|
||||
def test_role_post(client):
|
||||
assert client.post(api.url_for(Roles, role_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(Roles, role_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_role_put(client):
|
||||
assert client.put(api.url_for(Roles, role_id=1), {}).status_code == 401
|
||||
assert client.put(api.url_for(Roles, role_id=1), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_role_delete(client):
|
||||
@ -30,7 +30,7 @@ def test_role_delete(client):
|
||||
|
||||
|
||||
def test_role_patch(client):
|
||||
assert client.patch(api.url_for(Roles, role_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(Roles, role_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_roles_get(client):
|
||||
@ -38,11 +38,11 @@ def test_roles_get(client):
|
||||
|
||||
|
||||
def test_roles_post(client):
|
||||
assert client.post(api.url_for(RolesList), {}).status_code == 401
|
||||
assert client.post(api.url_for(RolesList), data={}).status_code == 401
|
||||
|
||||
|
||||
def test_roles_put(client):
|
||||
assert client.put(api.url_for(RolesList), {}).status_code == 405
|
||||
assert client.put(api.url_for(RolesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_roles_delete(client):
|
||||
@ -50,7 +50,7 @@ def test_roles_delete(client):
|
||||
|
||||
|
||||
def test_roles_patch(client):
|
||||
assert client.patch(api.url_for(RolesList), {}).status_code == 405
|
||||
assert client.patch(api.url_for(RolesList), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_role_credentials_get(client):
|
||||
@ -58,11 +58,11 @@ def test_role_credentials_get(client):
|
||||
|
||||
|
||||
def test_role_credentials_post(client):
|
||||
assert client.post(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_role_credentials_put(client):
|
||||
assert client.put(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405
|
||||
assert client.put(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_role_credentials_delete(client):
|
||||
@ -70,7 +70,7 @@ def test_role_credentials_delete(client):
|
||||
|
||||
|
||||
def test_role_credentials_patch(client):
|
||||
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_user_roles_get(client):
|
||||
@ -78,11 +78,11 @@ def test_user_roles_get(client):
|
||||
|
||||
|
||||
def test_user_roles_post(client):
|
||||
assert client.post(api.url_for(UserRolesList, user_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_user_roles_put(client):
|
||||
assert client.put(api.url_for(UserRolesList, user_id=1), {}).status_code == 405
|
||||
assert client.put(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_user_roles_delete(client):
|
||||
@ -90,7 +90,7 @@ def test_user_roles_delete(client):
|
||||
|
||||
|
||||
def test_user_roles_patch(client):
|
||||
assert client.patch(api.url_for(UserRolesList, user_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_authority_roles_get(client):
|
||||
@ -98,11 +98,11 @@ def test_authority_roles_get(client):
|
||||
|
||||
|
||||
def test_authority_roles_post(client):
|
||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405
|
||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_authority_roles_put(client):
|
||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405
|
||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
def test_authority_roles_delete(client):
|
||||
@ -110,7 +110,7 @@ def test_authority_roles_delete(client):
|
||||
|
||||
|
||||
def test_authority_roles_patch(client):
|
||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405
|
||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405
|
||||
|
||||
|
||||
VALID_USER_HEADER_TOKEN = {
|
||||
@ -122,7 +122,7 @@ def test_auth_role_get(client):
|
||||
|
||||
|
||||
def test_auth_role_post_(client):
|
||||
assert client.post(api.url_for(Roles, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Roles, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_role_put(client):
|
||||
@ -134,7 +134,7 @@ def test_auth_role_delete(client):
|
||||
|
||||
|
||||
def test_auth_role_patch(client):
|
||||
assert client.patch(api.url_for(Roles, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Roles, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_roles_get(client):
|
||||
@ -142,7 +142,7 @@ def test_auth_roles_get(client):
|
||||
|
||||
|
||||
def test_auth_roles_post(client):
|
||||
assert client.post(api.url_for(RolesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
||||
assert client.post(api.url_for(RolesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
||||
|
||||
|
||||
def test_auth_role_credentials_get(client):
|
||||
@ -150,11 +150,11 @@ def test_auth_role_credentials_get(client):
|
||||
|
||||
|
||||
def test_auth_role_credentials_post(client):
|
||||
assert client.post(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_role_credentials_put(client):
|
||||
assert client.put(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_role_credentials_delete(client):
|
||||
@ -162,7 +162,7 @@ def test_auth_role_credentials_delete(client):
|
||||
|
||||
|
||||
def test_auth_role_credentials_patch(client):
|
||||
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_user_roles_get(client):
|
||||
@ -170,11 +170,11 @@ def test_auth_user_roles_get(client):
|
||||
|
||||
|
||||
def test_auth_user_roles_post(client):
|
||||
assert client.post(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_user_roles_put(client):
|
||||
assert client.put(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_user_roles_delete(client):
|
||||
@ -182,7 +182,7 @@ def test_auth_user_roles_delete(client):
|
||||
|
||||
|
||||
def test_auth_user_roles_patch(client):
|
||||
assert client.patch(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_authority_roles_get(client):
|
||||
@ -190,11 +190,11 @@ def test_auth_authority_roles_get(client):
|
||||
|
||||
|
||||
def test_auth_authority_roles_post(client):
|
||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_authority_roles_put(client):
|
||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_auth_authority_roles_delete(client):
|
||||
@ -202,7 +202,7 @@ def test_auth_authority_roles_delete(client):
|
||||
|
||||
|
||||
def test_auth_authority_roles_patch(client):
|
||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
VALID_ADMIN_HEADER_TOKEN = {
|
||||
@ -214,7 +214,7 @@ def test_admin_role_get(client):
|
||||
|
||||
|
||||
def test_admin_role_post(client):
|
||||
assert client.post(api.url_for(Roles, role_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(Roles, role_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_role_put(client):
|
||||
@ -226,7 +226,7 @@ def test_admin_role_delete(client):
|
||||
|
||||
|
||||
def test_admin_role_patch(client):
|
||||
assert client.patch(api.url_for(Roles, role_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(Roles, role_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_roles_get(client):
|
||||
@ -240,11 +240,11 @@ def test_admin_role_credentials_get(client):
|
||||
|
||||
|
||||
def test_admin_role_credentials_post(client):
|
||||
assert client.post(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
||||
assert client.post(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
||||
|
||||
|
||||
def test_admin_role_credentials_put(client):
|
||||
assert client.put(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_role_credentials_delete(client):
|
||||
@ -252,7 +252,7 @@ def test_admin_role_credentials_delete(client):
|
||||
|
||||
|
||||
def test_admin_role_credentials_patch(client):
|
||||
assert client.patch(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_user_roles_get(client):
|
||||
@ -260,11 +260,11 @@ def test_admin_user_roles_get(client):
|
||||
|
||||
|
||||
def test_admin_user_roles_post(client):
|
||||
assert client.post(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_user_roles_put(client):
|
||||
assert client.put(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_user_roles_delete(client):
|
||||
@ -272,7 +272,7 @@ def test_admin_user_roles_delete(client):
|
||||
|
||||
|
||||
def test_admin_user_roles_patch(client):
|
||||
assert client.patch(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_authority_roles_get(client):
|
||||
@ -280,11 +280,11 @@ def test_admin_authority_roles_get(client):
|
||||
|
||||
|
||||
def test_admin_authority_roles_post(client):
|
||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_authority_roles_put(client):
|
||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_authority_roles_delete(client):
|
||||
@ -292,7 +292,7 @@ def test_admin_authority_roles_delete(client):
|
||||
|
||||
|
||||
def test_admin_authority_roles_patch(client):
|
||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||
|
||||
|
||||
def test_admin_roles_crud(client):
|
||||
|
Loading…
Reference in New Issue
Block a user