fixing conflicts
This commit is contained in:
commit
8239aa55e1
|
@ -77,6 +77,7 @@ The `IssuerPlugin` interface only required that you implement one function::
|
||||||
def create_certificate(self, options):
|
def create_certificate(self, options):
|
||||||
# requests.get('a third party')
|
# requests.get('a third party')
|
||||||
|
|
||||||
|
|
||||||
Lemur will pass a dictionary of all possible options for certificate creation.
|
Lemur will pass a dictionary of all possible options for certificate creation.
|
||||||
|
|
||||||
Optionally the `IssuerPlugin` exposes another function for authority create::
|
Optionally the `IssuerPlugin` exposes another function for authority create::
|
||||||
|
@ -84,7 +85,13 @@ Optionally the `IssuerPlugin` exposes another function for authority create::
|
||||||
def create_authority(self, options):
|
def create_authority(self, options):
|
||||||
# request.get('a third party')
|
# request.get('a third party')
|
||||||
|
|
||||||
If implemented this function will be used to allow users to create external Certificate Authorities.
|
|
||||||
|
If implemented this function will be used to allow users to create external Certificate Authorities. From this function
|
||||||
|
you are expected to return the ROOT certificate authority, any intermediates that Authority might provide and any roles
|
||||||
|
you wish to be associated with this authority.
|
||||||
|
|
||||||
|
.. Note:: You do not need to associate roles to the authority at creation time as they can always be associated after the
|
||||||
|
fact.
|
||||||
|
|
||||||
|
|
||||||
Testing
|
Testing
|
||||||
|
@ -158,3 +165,5 @@ Running tests follows the py.test standard. As long as your test files and metho
|
||||||
=========================== 1 passed in 0.35 seconds ============================
|
=========================== 1 passed in 0.35 seconds ============================
|
||||||
|
|
||||||
|
|
||||||
|
.. SeeAlso:: Lemur bundles several plugins that use the same interfaces mentioned above. View the source: #TODO
|
||||||
|
|
||||||
|
|
|
@ -8,8 +8,6 @@
|
||||||
|
|
||||||
|
|
||||||
"""
|
"""
|
||||||
from flask import jsonify
|
|
||||||
|
|
||||||
from lemur import factory
|
from lemur import factory
|
||||||
|
|
||||||
from lemur.users.views import mod as users_bp
|
from lemur.users.views import mod as users_bp
|
||||||
|
|
|
@ -14,8 +14,6 @@ from flask import g, Blueprint, current_app, abort
|
||||||
from flask.ext.restful import reqparse, Resource, Api
|
from flask.ext.restful import reqparse, Resource, Api
|
||||||
from flask.ext.principal import Identity, identity_changed
|
from flask.ext.principal import Identity, identity_changed
|
||||||
|
|
||||||
from lemur.common.crypto import unlock
|
|
||||||
|
|
||||||
from lemur.auth.permissions import admin_permission
|
from lemur.auth.permissions import admin_permission
|
||||||
from lemur.users import service as user_service
|
from lemur.users import service as user_service
|
||||||
from lemur.roles import service as role_service
|
from lemur.roles import service as role_service
|
||||||
|
@ -234,24 +232,7 @@ class Ping(Resource):
|
||||||
return dict(token=create_token(user))
|
return dict(token=create_token(user))
|
||||||
|
|
||||||
|
|
||||||
class Unlock(AuthenticatedResource):
|
|
||||||
def __init__(self):
|
|
||||||
self.reqparse = reqparse.RequestParser()
|
|
||||||
super(Unlock, self).__init__()
|
|
||||||
|
|
||||||
@admin_permission.require(http_exception=403)
|
|
||||||
def post(self):
|
|
||||||
self.reqparse.add_argument('password', type=str, required=True, location='json')
|
|
||||||
args = self.reqparse.parse_args()
|
|
||||||
unlock(args['password'])
|
|
||||||
return {
|
|
||||||
"message": "You have successfully unlocked this Lemur instance",
|
|
||||||
"type": "success"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
api.add_resource(Login, '/auth/login', endpoint='login')
|
api.add_resource(Login, '/auth/login', endpoint='login')
|
||||||
api.add_resource(Ping, '/auth/ping', endpoint='ping')
|
api.add_resource(Ping, '/auth/ping', endpoint='ping')
|
||||||
api.add_resource(Unlock, '/auth/unlock', endpoint='unlock')
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -5,13 +5,9 @@
|
||||||
:license: Apache, see LICENSE for more details.
|
:license: Apache, see LICENSE for more details.
|
||||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||||
"""
|
"""
|
||||||
import os
|
|
||||||
import arrow
|
import arrow
|
||||||
import string
|
import string
|
||||||
import random
|
import random
|
||||||
import hashlib
|
|
||||||
import datetime
|
|
||||||
import subprocess
|
|
||||||
|
|
||||||
from sqlalchemy import func, or_
|
from sqlalchemy import func, or_
|
||||||
from flask import g, current_app
|
from flask import g, current_app
|
||||||
|
@ -20,8 +16,6 @@ from lemur import database
|
||||||
from lemur.common.services.aws import iam
|
from lemur.common.services.aws import iam
|
||||||
from lemur.plugins.base import plugins
|
from lemur.plugins.base import plugins
|
||||||
from lemur.certificates.models import Certificate
|
from lemur.certificates.models import Certificate
|
||||||
from lemur.certificates.exceptions import UnableToCreateCSR, \
|
|
||||||
UnableToCreatePrivateKey, MissingFiles
|
|
||||||
|
|
||||||
from lemur.accounts.models import Account
|
from lemur.accounts.models import Account
|
||||||
from lemur.accounts import service as account_service
|
from lemur.accounts import service as account_service
|
||||||
|
@ -29,6 +23,12 @@ from lemur.authorities.models import Authority
|
||||||
|
|
||||||
from lemur.roles.models import Role
|
from lemur.roles.models import Role
|
||||||
|
|
||||||
|
from cryptography import x509
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives import hashes, serialization
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def get(cert_id):
|
def get(cert_id):
|
||||||
"""
|
"""
|
||||||
|
@ -127,23 +127,17 @@ def mint(issuer_options):
|
||||||
authority = issuer_options['authority']
|
authority = issuer_options['authority']
|
||||||
|
|
||||||
issuer = plugins.get(authority.plugin_name)
|
issuer = plugins.get(authority.plugin_name)
|
||||||
# NOTE if we wanted to support more issuers it might make sense to
|
|
||||||
# push CSR creation down to the plugin
|
|
||||||
path = create_csr(issuer.get_csr_config(issuer_options))
|
|
||||||
challenge, csr, csr_config, private_key = load_ssl_pack(path)
|
|
||||||
|
|
||||||
issuer_options['challenge'] = challenge
|
csr, private_key = create_csr(issuer_options)
|
||||||
|
|
||||||
|
issuer_options['challenge'] = create_challenge()
|
||||||
issuer_options['creator'] = g.user.email
|
issuer_options['creator'] = g.user.email
|
||||||
cert_body, cert_chain = issuer.create_certificate(csr, issuer_options)
|
cert_body, cert_chain = issuer.create_certificate(csr, issuer_options)
|
||||||
|
|
||||||
cert = save_cert(cert_body, private_key, cert_chain, challenge, csr_config, issuer_options.get('accounts'))
|
cert = save_cert(cert_body, private_key, cert_chain, issuer_options.get('accounts'))
|
||||||
cert.user = g.user
|
cert.user = g.user
|
||||||
cert.authority = authority
|
cert.authority = authority
|
||||||
database.update(cert)
|
database.update(cert)
|
||||||
|
|
||||||
# securely delete pack after saving it to RDS and IAM (if applicable)
|
|
||||||
delete_ssl_pack(path)
|
|
||||||
|
|
||||||
return cert, private_key, cert_chain,
|
return cert, private_key, cert_chain,
|
||||||
|
|
||||||
|
|
||||||
|
@ -151,7 +145,7 @@ def import_certificate(**kwargs):
|
||||||
"""
|
"""
|
||||||
Uploads already minted certificates and pulls the required information into Lemur.
|
Uploads already minted certificates and pulls the required information into Lemur.
|
||||||
|
|
||||||
This is to be used for certificates that are reated outside of Lemur but
|
This is to be used for certificates that are created outside of Lemur but
|
||||||
should still be tracked.
|
should still be tracked.
|
||||||
|
|
||||||
Internally this is used to bootstrap Lemur with external
|
Internally this is used to bootstrap Lemur with external
|
||||||
|
@ -188,7 +182,7 @@ def save_cert(cert_body, private_key, cert_chain, challenge, csr_config, account
|
||||||
:param cert_chain:
|
:param cert_chain:
|
||||||
:param challenge:
|
:param challenge:
|
||||||
:param csr_config:
|
:param csr_config:
|
||||||
:param account_ids:
|
:param accounts:
|
||||||
"""
|
"""
|
||||||
cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config)
|
cert = Certificate(cert_body, private_key, challenge, cert_chain, csr_config)
|
||||||
# if we have an AWS accounts lets upload them
|
# if we have an AWS accounts lets upload them
|
||||||
|
@ -301,94 +295,91 @@ def create_csr(csr_config):
|
||||||
|
|
||||||
:param csr_config:
|
:param csr_config:
|
||||||
"""
|
"""
|
||||||
|
private_key = rsa.generate_private_key(
|
||||||
|
public_exponent=65537,
|
||||||
|
key_size=2048,
|
||||||
|
backend=default_backend()
|
||||||
|
)
|
||||||
|
|
||||||
# we create a no colliding file name
|
builder = x509.CertificateSigningRequestBuilder()
|
||||||
path = create_path(hashlib.md5(csr_config).hexdigest())
|
builder = builder.subject_name(x509.Name([
|
||||||
|
x509.NameAttribute(x509.OID_COMMON_NAME, csr_config['commonName']),
|
||||||
|
x509.NameAttribute(x509.OID_ORGANIZATION_NAME, csr_config['organization']),
|
||||||
|
x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, csr_config['organizationalUnit']),
|
||||||
|
x509.NameAttribute(x509.OID_COUNTRY_NAME, csr_config['country']),
|
||||||
|
x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, csr_config['state']),
|
||||||
|
x509.NameAttribute(x509.OID_LOCALITY_NAME, csr_config['location'])
|
||||||
|
]))
|
||||||
|
|
||||||
challenge = create_challenge()
|
builder = builder.add_extension(
|
||||||
challenge_path = os.path.join(path, 'challenge.txt')
|
x509.BasicConstraints(ca=False, path_length=None), critical=True,
|
||||||
|
)
|
||||||
|
|
||||||
with open(challenge_path, 'w') as c:
|
#for k, v in csr_config.get('extensions', {}).items():
|
||||||
c.write(challenge)
|
# if k == 'subAltNames':
|
||||||
|
# builder = builder.add_extension(
|
||||||
|
# x509.SubjectAlternativeName([x509.DNSName(n) for n in v]), critical=True,
|
||||||
|
# )
|
||||||
|
|
||||||
csr_path = os.path.join(path, 'csr_config.txt')
|
# TODO support more CSR options, none of the authorities support these atm
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.KeyUsage(
|
||||||
|
# digital_signature=digital_signature,
|
||||||
|
# content_commitment=content_commitment,
|
||||||
|
# key_encipherment=key_enipherment,
|
||||||
|
# data_encipherment=data_encipherment,
|
||||||
|
# key_agreement=key_agreement,
|
||||||
|
# key_cert_sign=key_cert_sign,
|
||||||
|
# crl_sign=crl_sign,
|
||||||
|
# encipher_only=enchipher_only,
|
||||||
|
# decipher_only=decipher_only
|
||||||
|
# ), critical=True
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
# # we must maintain our own list of OIDs here
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.ExtendedKeyUsage(
|
||||||
|
# server_authentication=server_authentication,
|
||||||
|
# email=
|
||||||
|
# )
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.AuthorityInformationAccess()
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.AuthorityKeyIdentifier()
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.SubjectKeyIdentifier()
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.CRLDistributionPoints()
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
# builder.add_extension(
|
||||||
|
# x509.ObjectIdentifier(oid)
|
||||||
|
# )
|
||||||
|
|
||||||
with open(csr_path, 'w') as f:
|
request = builder.sign(
|
||||||
f.write(csr_config)
|
private_key, hashes.SHA256(), default_backend()
|
||||||
|
)
|
||||||
|
|
||||||
#TODO use cloudCA to seed a -rand file for each call
|
# serialize our private key and CSR
|
||||||
#TODO replace openssl shell calls with cryptograph
|
pem = private_key.private_bytes(
|
||||||
with open('/dev/null', 'w') as devnull:
|
encoding=serialization.Encoding.PEM,
|
||||||
code = subprocess.call(['openssl', 'genrsa',
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
'-out', os.path.join(path, 'private.key'), '2048'],
|
encryption_algorithm=serialization.NoEncryption()
|
||||||
stdout=devnull, stderr=devnull)
|
)
|
||||||
|
|
||||||
if code != 0:
|
csr = request.public_bytes(
|
||||||
raise UnableToCreatePrivateKey(code)
|
encoding=serialization.Encoding.PEM
|
||||||
|
)
|
||||||
with open('/dev/null', 'w') as devnull:
|
|
||||||
code = subprocess.call(['openssl', 'req', '-new', '-sha256', '-nodes',
|
|
||||||
'-config', csr_path, "-key", os.path.join(path, 'private.key'),
|
|
||||||
"-out", os.path.join(path, 'request.csr')], stdout=devnull, stderr=devnull)
|
|
||||||
|
|
||||||
if code != 0:
|
|
||||||
raise UnableToCreateCSR(code)
|
|
||||||
|
|
||||||
return path
|
|
||||||
|
|
||||||
|
|
||||||
def create_path(domain_hash):
|
|
||||||
"""
|
|
||||||
|
|
||||||
:param domain_hash:
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
path = os.path.join('/tmp', domain_hash)
|
|
||||||
|
|
||||||
try:
|
|
||||||
os.mkdir(path)
|
|
||||||
except OSError as e:
|
|
||||||
now = datetime.datetime.now()
|
|
||||||
path = os.path.join('/tmp', "{}.{}".format(domain_hash, now.strftime('%s')))
|
|
||||||
os.mkdir(path)
|
|
||||||
current_app.logger.warning(e)
|
|
||||||
|
|
||||||
current_app.logger.debug("Writing ssl files to: {}".format(path))
|
|
||||||
return path
|
|
||||||
|
|
||||||
|
|
||||||
def load_ssl_pack(path):
|
|
||||||
"""
|
|
||||||
Loads the information created by openssl to be used by other functions.
|
|
||||||
|
|
||||||
:param path:
|
|
||||||
"""
|
|
||||||
if len(os.listdir(path)) != 4:
|
|
||||||
raise MissingFiles(path)
|
|
||||||
|
|
||||||
with open(os.path.join(path, 'challenge.txt')) as c:
|
|
||||||
challenge = c.read()
|
|
||||||
|
|
||||||
with open(os.path.join(path, 'request.csr')) as r:
|
|
||||||
csr = r.read()
|
|
||||||
|
|
||||||
with open(os.path.join(path, 'csr_config.txt')) as config:
|
|
||||||
csr_config = config.read()
|
|
||||||
|
|
||||||
with open(os.path.join(path, 'private.key')) as key:
|
|
||||||
private_key = key.read()
|
|
||||||
|
|
||||||
return (challenge, csr, csr_config, private_key,)
|
|
||||||
|
|
||||||
|
|
||||||
def delete_ssl_pack(path):
|
|
||||||
"""
|
|
||||||
Removes the temporary files associated with CSR creation.
|
|
||||||
|
|
||||||
:param path:
|
|
||||||
"""
|
|
||||||
subprocess.check_call(['srm', '-r', path])
|
|
||||||
|
|
||||||
|
return csr, pem
|
||||||
|
|
||||||
def create_challenge():
|
def create_challenge():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,185 +0,0 @@
|
||||||
"""
|
|
||||||
.. module: lemur.common.crypto
|
|
||||||
:platform: Unix
|
|
||||||
:synopsis: This module contains all cryptographic function's in Lemur
|
|
||||||
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
|
|
||||||
:license: Apache, see LICENSE for more details.
|
|
||||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
|
||||||
|
|
||||||
"""
|
|
||||||
import os
|
|
||||||
import ssl
|
|
||||||
import StringIO
|
|
||||||
import functools
|
|
||||||
from Crypto import Random
|
|
||||||
from Crypto.Cipher import AES
|
|
||||||
from hashlib import sha512
|
|
||||||
|
|
||||||
from flask import current_app
|
|
||||||
|
|
||||||
from lemur.factory import create_app
|
|
||||||
|
|
||||||
|
|
||||||
old_init = ssl.SSLSocket.__init__
|
|
||||||
|
|
||||||
@functools.wraps(old_init)
|
|
||||||
def ssl_bug(self, *args, **kwargs):
|
|
||||||
kwargs['ssl_version'] = ssl.PROTOCOL_TLSv1
|
|
||||||
old_init(self, *args, **kwargs)
|
|
||||||
|
|
||||||
ssl.SSLSocket.__init__ = ssl_bug
|
|
||||||
|
|
||||||
|
|
||||||
def derive_key_and_iv(password, salt, key_length, iv_length):
|
|
||||||
"""
|
|
||||||
Derives the key and iv from the password and salt.
|
|
||||||
|
|
||||||
:param password:
|
|
||||||
:param salt:
|
|
||||||
:param key_length:
|
|
||||||
:param iv_length:
|
|
||||||
:return: key, iv
|
|
||||||
"""
|
|
||||||
d = d_i = ''
|
|
||||||
|
|
||||||
while len(d) < key_length + iv_length:
|
|
||||||
d_i = sha512(d_i + password + salt).digest()
|
|
||||||
d += d_i
|
|
||||||
|
|
||||||
return d[:key_length], d[key_length:key_length+iv_length]
|
|
||||||
|
|
||||||
|
|
||||||
def encrypt(in_file, out_file, password, key_length=32):
|
|
||||||
"""
|
|
||||||
Encrypts a file.
|
|
||||||
|
|
||||||
:param in_file:
|
|
||||||
:param out_file:
|
|
||||||
:param password:
|
|
||||||
:param key_length:
|
|
||||||
"""
|
|
||||||
bs = AES.block_size
|
|
||||||
salt = Random.new().read(bs - len('Salted__'))
|
|
||||||
key, iv = derive_key_and_iv(password, salt, key_length, bs)
|
|
||||||
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
||||||
out_file.write('Salted__' + salt)
|
|
||||||
finished = False
|
|
||||||
while not finished:
|
|
||||||
chunk = in_file.read(1024 * bs)
|
|
||||||
if len(chunk) == 0 or len(chunk) % bs != 0:
|
|
||||||
padding_length = bs - (len(chunk) % bs)
|
|
||||||
chunk += padding_length * chr(padding_length)
|
|
||||||
finished = True
|
|
||||||
out_file.write(cipher.encrypt(chunk))
|
|
||||||
|
|
||||||
|
|
||||||
def decrypt(in_file, out_file, password, key_length=32):
|
|
||||||
"""
|
|
||||||
Decrypts a file.
|
|
||||||
|
|
||||||
:param in_file:
|
|
||||||
:param out_file:
|
|
||||||
:param password:
|
|
||||||
:param key_length:
|
|
||||||
:raise ValueError:
|
|
||||||
"""
|
|
||||||
bs = AES.block_size
|
|
||||||
salt = in_file.read(bs)[len('Salted__'):]
|
|
||||||
key, iv = derive_key_and_iv(password, salt, key_length, bs)
|
|
||||||
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
||||||
next_chunk = ''
|
|
||||||
finished = False
|
|
||||||
while not finished:
|
|
||||||
chunk, next_chunk = next_chunk, cipher.decrypt(in_file.read(1024 * bs))
|
|
||||||
if len(next_chunk) == 0:
|
|
||||||
padding_length = ord(chunk[-1])
|
|
||||||
if padding_length < 1 or padding_length > bs:
|
|
||||||
raise ValueError("bad decrypt pad (%d)" % padding_length)
|
|
||||||
# all the pad-bytes must be the same
|
|
||||||
if chunk[-padding_length:] != (padding_length * chr(padding_length)):
|
|
||||||
# this is similar to the bad decrypt:evp_enc.c from openssl program
|
|
||||||
raise ValueError("bad decrypt")
|
|
||||||
chunk = chunk[:-padding_length]
|
|
||||||
finished = True
|
|
||||||
out_file.write(chunk)
|
|
||||||
|
|
||||||
|
|
||||||
def encrypt_string(string, password):
|
|
||||||
"""
|
|
||||||
Encrypts a string.
|
|
||||||
|
|
||||||
:param string:
|
|
||||||
:param password:
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
in_file = StringIO.StringIO(string)
|
|
||||||
enc_file = StringIO.StringIO()
|
|
||||||
encrypt(in_file, enc_file, password)
|
|
||||||
enc_file.seek(0)
|
|
||||||
return enc_file.read()
|
|
||||||
|
|
||||||
|
|
||||||
def decrypt_string(string, password):
|
|
||||||
"""
|
|
||||||
Decrypts a string.
|
|
||||||
|
|
||||||
:param string:
|
|
||||||
:param password:
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
in_file = StringIO.StringIO(string)
|
|
||||||
out_file = StringIO.StringIO()
|
|
||||||
decrypt(in_file, out_file, password)
|
|
||||||
out_file.seek(0)
|
|
||||||
return out_file.read()
|
|
||||||
|
|
||||||
|
|
||||||
def lock(password):
|
|
||||||
"""
|
|
||||||
Encrypts Lemur's KEY_PATH. This directory can be used to store secrets needed for normal
|
|
||||||
Lemur operation. This is especially useful for storing secrets needed for communication
|
|
||||||
with third parties (e.g. external certificate authorities).
|
|
||||||
|
|
||||||
Lemur does not assume anything about the contents of the directory and will attempt to
|
|
||||||
encrypt all files contained within. Currently this has only been tested against plain
|
|
||||||
text files.
|
|
||||||
|
|
||||||
:param password:
|
|
||||||
"""
|
|
||||||
dest_dir = os.path.join(current_app.config.get("KEY_PATH"), "encrypted")
|
|
||||||
|
|
||||||
if not os.path.exists(dest_dir):
|
|
||||||
current_app.logger.debug("Creating encryption directory: {0}".format(dest_dir))
|
|
||||||
os.makedirs(dest_dir)
|
|
||||||
|
|
||||||
for root, dirs, files in os.walk(os.path.join(current_app.config.get("KEY_PATH"), 'decrypted')):
|
|
||||||
for f in files:
|
|
||||||
source = os.path.join(root, f)
|
|
||||||
dest = os.path.join(dest_dir, f + ".enc")
|
|
||||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
|
||||||
encrypt(in_file, out_file, password)
|
|
||||||
|
|
||||||
|
|
||||||
def unlock(password):
|
|
||||||
"""
|
|
||||||
Decrypts Lemur's KEY_PATH, allowing lemur to use the secrets within.
|
|
||||||
|
|
||||||
This reverses the :func:`lock` function.
|
|
||||||
|
|
||||||
:param password:
|
|
||||||
"""
|
|
||||||
dest_dir = os.path.join(current_app.config.get("KEY_PATH"), "decrypted")
|
|
||||||
source_dir = os.path.join(current_app.config.get("KEY_PATH"), "encrypted")
|
|
||||||
|
|
||||||
if not os.path.exists(dest_dir):
|
|
||||||
current_app.logger.debug("Creating decryption directory: {0}".format(dest_dir))
|
|
||||||
os.makedirs(dest_dir)
|
|
||||||
|
|
||||||
for root, dirs, files in os.walk(source_dir):
|
|
||||||
for f in files:
|
|
||||||
source = os.path.join(source_dir, f)
|
|
||||||
dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1]))
|
|
||||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
|
||||||
current_app.logger.debug("Writing file: {0} Source: {1}".format(dest, source))
|
|
||||||
decrypt(in_file, out_file, password)
|
|
||||||
|
|
155
lemur/manage.py
155
lemur/manage.py
|
@ -1,9 +1,10 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import base64
|
import base64
|
||||||
from gunicorn.config import make_settings
|
from gunicorn.config import make_settings
|
||||||
|
|
||||||
|
from cryptography.fernet import Fernet
|
||||||
|
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
from flask.ext.script import Manager, Command, Option, Group, prompt_pass
|
from flask.ext.script import Manager, Command, Option, Group, prompt_pass
|
||||||
from flask.ext.migrate import Migrate, MigrateCommand, stamp
|
from flask.ext.migrate import Migrate, MigrateCommand, stamp
|
||||||
|
@ -20,7 +21,6 @@ from lemur.certificates import sync
|
||||||
from lemur.elbs.sync import sync_all_elbs
|
from lemur.elbs.sync import sync_all_elbs
|
||||||
|
|
||||||
from lemur import create_app
|
from lemur import create_app
|
||||||
from lemur.common.crypto import encrypt, decrypt, lock, unlock
|
|
||||||
|
|
||||||
# Needed to be imported so that SQLAlchemy create_all can find our models
|
# Needed to be imported so that SQLAlchemy create_all can find our models
|
||||||
from lemur.users.models import User
|
from lemur.users.models import User
|
||||||
|
@ -133,78 +133,6 @@ def create():
|
||||||
stamp(revision='head')
|
stamp(revision='head')
|
||||||
|
|
||||||
|
|
||||||
@manager.command
|
|
||||||
def lock():
|
|
||||||
"""
|
|
||||||
Encrypts all of the files in the `keys` directory with the password
|
|
||||||
given. This is a useful function to ensure that you do no check in
|
|
||||||
your key files into source code in clear text.
|
|
||||||
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
password = prompt_pass("Please enter the encryption password")
|
|
||||||
lock(password)
|
|
||||||
sys.stdout.write("[+] Lemur keys have been encrypted!\n")
|
|
||||||
|
|
||||||
|
|
||||||
@manager.command
|
|
||||||
def unlock():
|
|
||||||
"""
|
|
||||||
Decrypts all of the files in the `keys` directory with the password
|
|
||||||
given. This is most commonly used during the startup sequence of Lemur
|
|
||||||
allowing it to go from source code to something that can communicate
|
|
||||||
with external services.
|
|
||||||
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
password = prompt_pass("Please enter the encryption password")
|
|
||||||
unlock(password)
|
|
||||||
sys.stdout.write("[+] Lemur keys have been unencrypted!\n")
|
|
||||||
|
|
||||||
|
|
||||||
@manager.command
|
|
||||||
def encrypt_file(source):
|
|
||||||
"""
|
|
||||||
Utility to encrypt sensitive files, Lemur will decrypt these
|
|
||||||
files when admin enters the correct password.
|
|
||||||
|
|
||||||
Uses AES-256-CBC encryption
|
|
||||||
"""
|
|
||||||
dest = source + ".encrypted"
|
|
||||||
password = prompt_pass("Please enter the encryption password")
|
|
||||||
password1 = prompt_pass("Please confirm the encryption password")
|
|
||||||
if password != password1:
|
|
||||||
sys.stdout.write("[!] Encryption passwords do not match!\n")
|
|
||||||
return
|
|
||||||
|
|
||||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
|
||||||
encrypt(in_file, out_file, password)
|
|
||||||
|
|
||||||
sys.stdout.write("[+] Writing encryption files... {0}!\n".format(dest))
|
|
||||||
|
|
||||||
|
|
||||||
@manager.command
|
|
||||||
def decrypt_file(source):
|
|
||||||
"""
|
|
||||||
Utility to decrypt, Lemur will decrypt these
|
|
||||||
files when admin enters the correct password.
|
|
||||||
|
|
||||||
Assumes AES-256-CBC encryption
|
|
||||||
"""
|
|
||||||
# cleanup extensions a bit
|
|
||||||
if ".encrypted" in source:
|
|
||||||
dest = ".".join(source.split(".")[:-1]) + ".decrypted"
|
|
||||||
else:
|
|
||||||
dest = source + ".decrypted"
|
|
||||||
|
|
||||||
password = prompt_pass("Please enter the encryption password")
|
|
||||||
|
|
||||||
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
|
||||||
decrypt(in_file, out_file, password)
|
|
||||||
|
|
||||||
sys.stdout.write("[+] Writing decrypted files... {0}!\n".format(dest))
|
|
||||||
|
|
||||||
|
|
||||||
@manager.command
|
@manager.command
|
||||||
def check_revoked():
|
def check_revoked():
|
||||||
"""
|
"""
|
||||||
|
@ -453,7 +381,84 @@ def create_config(config_path=None):
|
||||||
with open(config_path, 'w') as f:
|
with open(config_path, 'w') as f:
|
||||||
f.write(config)
|
f.write(config)
|
||||||
|
|
||||||
sys.stdout.write("Created a new configuration file {0}\n".format(config_path))
|
sys.stdout.write("[+] Created a new configuration file {0}\n".format(config_path))
|
||||||
|
|
||||||
|
|
||||||
|
@manager.command
|
||||||
|
def lock(path=None):
|
||||||
|
"""
|
||||||
|
Encrypts a given path. This directory can be used to store secrets needed for normal
|
||||||
|
Lemur operation. This is especially useful for storing secrets needed for communication
|
||||||
|
with third parties (e.g. external certificate authorities).
|
||||||
|
|
||||||
|
Lemur does not assume anything about the contents of the directory and will attempt to
|
||||||
|
encrypt all files contained within. Currently this has only been tested against plain
|
||||||
|
text files.
|
||||||
|
|
||||||
|
Path defaults ~/.lemur/keys
|
||||||
|
|
||||||
|
:param: path
|
||||||
|
"""
|
||||||
|
if not path:
|
||||||
|
path = os.path.expanduser('~/.lemur/keys')
|
||||||
|
|
||||||
|
dest_dir = os.path.join(path, "encrypted")
|
||||||
|
sys.stdout.write("[!] Generating a new key...\n")
|
||||||
|
|
||||||
|
key = Fernet.generate_key()
|
||||||
|
|
||||||
|
if not os.path.exists(dest_dir):
|
||||||
|
sys.stdout.write("[+] Creating encryption directory: {0}\n".format(dest_dir))
|
||||||
|
os.makedirs(dest_dir)
|
||||||
|
|
||||||
|
for root, dirs, files in os.walk(os.path.join(path, 'decrypted')):
|
||||||
|
for f in files:
|
||||||
|
source = os.path.join(root, f)
|
||||||
|
dest = os.path.join(dest_dir, f + ".enc")
|
||||||
|
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||||
|
f = Fernet(key)
|
||||||
|
data = f.encrypt(in_file.read())
|
||||||
|
out_file.write(data)
|
||||||
|
sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source))
|
||||||
|
|
||||||
|
sys.stdout.write("[+] Keys have been encrypted with key {0}\n".format(key))
|
||||||
|
|
||||||
|
|
||||||
|
@manager.command
|
||||||
|
def unlock(path=None):
|
||||||
|
"""
|
||||||
|
Decrypts all of the files in a given directory with provided password.
|
||||||
|
This is most commonly used during the startup sequence of Lemur
|
||||||
|
allowing it to go from source code to something that can communicate
|
||||||
|
with external services.
|
||||||
|
|
||||||
|
Path defaults ~/.lemur/keys
|
||||||
|
|
||||||
|
:param: path
|
||||||
|
"""
|
||||||
|
key = prompt_pass("[!] Please enter the encryption password")
|
||||||
|
|
||||||
|
if not path:
|
||||||
|
path = os.path.expanduser('~/.lemur/keys')
|
||||||
|
|
||||||
|
dest_dir = os.path.join(path, "decrypted")
|
||||||
|
source_dir = os.path.join(path, "encrypted")
|
||||||
|
|
||||||
|
if not os.path.exists(dest_dir):
|
||||||
|
sys.stdout.write("[+] Creating decryption directory: {0}\n".format(dest_dir))
|
||||||
|
os.makedirs(dest_dir)
|
||||||
|
|
||||||
|
for root, dirs, files in os.walk(source_dir):
|
||||||
|
for f in files:
|
||||||
|
source = os.path.join(source_dir, f)
|
||||||
|
dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1]))
|
||||||
|
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
|
||||||
|
f = Fernet(key)
|
||||||
|
data = f.decrypt(in_file.read())
|
||||||
|
out_file.write(data)
|
||||||
|
sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source))
|
||||||
|
|
||||||
|
sys.stdout.write("[+] Keys have been unencrypted!\n")
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
|
|
@ -19,6 +19,3 @@ class IssuerPlugin(Plugin):
|
||||||
def create_authority(self):
|
def create_authority(self):
|
||||||
raise NotImplemented
|
raise NotImplemented
|
||||||
|
|
||||||
def get_csr_config(self):
|
|
||||||
raise NotImplementedError
|
|
||||||
|
|
||||||
|
|
|
@ -151,6 +151,3 @@ class VerisignPlugin(IssuerPlugin):
|
||||||
response = self.session.post(url, headers={'content-type': 'application/x-www-form-urlencoded'})
|
response = self.session.post(url, headers={'content-type': 'application/x-www-form-urlencoded'})
|
||||||
return self.handle_response(response.content)['Response']['Order']
|
return self.handle_response(response.content)['Response']['Order']
|
||||||
|
|
||||||
def get_authorities(self):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,6 @@ def app():
|
||||||
ctx.pop()
|
ctx.pop()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.yield_fixture(scope="session")
|
@pytest.yield_fixture(scope="session")
|
||||||
def db(app, request):
|
def db(app, request):
|
||||||
_db.drop_all()
|
_db.drop_all()
|
||||||
|
@ -72,7 +71,6 @@ def session(db, request):
|
||||||
|
|
||||||
|
|
||||||
@pytest.yield_fixture(scope="function")
|
@pytest.yield_fixture(scope="function")
|
||||||
def client(app, session):
|
def client(app, session, client):
|
||||||
with app.test_client() as client:
|
yield client
|
||||||
yield client
|
|
||||||
|
|
||||||
|
|
|
@ -22,11 +22,11 @@ def test_account_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_account_post(client):
|
def test_account_post(client):
|
||||||
assert client.post(api.url_for(Accounts, account_id=1), {}).status_code == 405
|
assert client.post(api.url_for(Accounts, account_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_account_put(client):
|
def test_account_put(client):
|
||||||
assert client.put(api.url_for(Accounts, account_id=1), {}).status_code == 401
|
assert client.put(api.url_for(Accounts, account_id=1), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_account_delete(client):
|
def test_account_delete(client):
|
||||||
|
@ -34,7 +34,7 @@ def test_account_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_account_patch(client):
|
def test_account_patch(client):
|
||||||
assert client.patch(api.url_for(Accounts, account_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(Accounts, account_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_USER_HEADER_TOKEN = {
|
VALID_USER_HEADER_TOKEN = {
|
||||||
|
@ -45,7 +45,7 @@ def test_auth_account_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_account_post_(client):
|
def test_auth_account_post_(client):
|
||||||
assert client.post(api.url_for(Accounts, account_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Accounts, account_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_account_put(client):
|
def test_auth_account_put(client):
|
||||||
|
@ -57,7 +57,7 @@ def test_auth_account_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_account_patch(client):
|
def test_auth_account_patch(client):
|
||||||
assert client.patch(api.url_for(Accounts, account_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Accounts, account_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_ADMIN_HEADER_TOKEN = {
|
VALID_ADMIN_HEADER_TOKEN = {
|
||||||
|
@ -68,7 +68,7 @@ def test_admin_account_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_account_post(client):
|
def test_admin_account_post(client):
|
||||||
assert client.post(api.url_for(Accounts, account_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Accounts, account_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_account_put(client):
|
def test_admin_account_put(client):
|
||||||
|
@ -80,7 +80,7 @@ def test_admin_account_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_account_patch(client):
|
def test_admin_account_patch(client):
|
||||||
assert client.patch(api.url_for(Accounts, account_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Accounts, account_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_accounts_get(client):
|
def test_accounts_get(client):
|
||||||
|
@ -88,11 +88,11 @@ def test_accounts_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_accounts_post(client):
|
def test_accounts_post(client):
|
||||||
assert client.post(api.url_for(AccountsList), {}).status_code == 401
|
assert client.post(api.url_for(AccountsList), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_accounts_put(client):
|
def test_accounts_put(client):
|
||||||
assert client.put(api.url_for(AccountsList), {}).status_code == 405
|
assert client.put(api.url_for(AccountsList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_accounts_delete(client):
|
def test_accounts_delete(client):
|
||||||
|
@ -100,7 +100,7 @@ def test_accounts_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_accounts_patch(client):
|
def test_accounts_patch(client):
|
||||||
assert client.patch(api.url_for(AccountsList), {}).status_code == 405
|
assert client.patch(api.url_for(AccountsList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_accounts_get(client):
|
def test_auth_accounts_get(client):
|
||||||
|
@ -108,7 +108,7 @@ def test_auth_accounts_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_accounts_post(client):
|
def test_auth_accounts_post(client):
|
||||||
assert client.post(api.url_for(AccountsList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
assert client.post(api.url_for(AccountsList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
||||||
|
|
||||||
|
|
||||||
def test_admin_accounts_get(client):
|
def test_admin_accounts_get(client):
|
||||||
|
|
|
@ -16,11 +16,11 @@ def test_authority_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_authority_post(client):
|
def test_authority_post(client):
|
||||||
assert client.post(api.url_for(Authorities, authority_id=1), {}).status_code == 405
|
assert client.post(api.url_for(Authorities, authority_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_authority_put(client):
|
def test_authority_put(client):
|
||||||
assert client.put(api.url_for(Authorities, authority_id=1), {}).status_code == 401
|
assert client.put(api.url_for(Authorities, authority_id=1), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_authority_delete(client):
|
def test_authority_delete(client):
|
||||||
|
@ -28,7 +28,7 @@ def test_authority_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_authority_patch(client):
|
def test_authority_patch(client):
|
||||||
assert client.patch(api.url_for(Authorities, authority_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(Authorities, authority_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_authorities_get(client):
|
def test_authorities_get(client):
|
||||||
|
@ -36,11 +36,11 @@ def test_authorities_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_authorities_post(client):
|
def test_authorities_post(client):
|
||||||
assert client.post(api.url_for(AuthoritiesList), {}).status_code == 401
|
assert client.post(api.url_for(AuthoritiesList), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_authorities_put(client):
|
def test_authorities_put(client):
|
||||||
assert client.put(api.url_for(AuthoritiesList), {}).status_code == 405
|
assert client.put(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_authorities_delete(client):
|
def test_authorities_delete(client):
|
||||||
|
@ -48,7 +48,7 @@ def test_authorities_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_authorities_patch(client):
|
def test_authorities_patch(client):
|
||||||
assert client.patch(api.url_for(AuthoritiesList), {}).status_code == 405
|
assert client.patch(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_authorities_get(client):
|
def test_certificate_authorities_get(client):
|
||||||
|
@ -56,11 +56,11 @@ def test_certificate_authorities_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_authorities_post(client):
|
def test_certificate_authorities_post(client):
|
||||||
assert client.post(api.url_for(AuthoritiesList), {}).status_code == 401
|
assert client.post(api.url_for(AuthoritiesList), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_authorities_put(client):
|
def test_certificate_authorities_put(client):
|
||||||
assert client.put(api.url_for(AuthoritiesList), {}).status_code == 405
|
assert client.put(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_authorities_delete(client):
|
def test_certificate_authorities_delete(client):
|
||||||
|
@ -68,7 +68,7 @@ def test_certificate_authorities_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_authorities_patch(client):
|
def test_certificate_authorities_patch(client):
|
||||||
assert client.patch(api.url_for(AuthoritiesList), {}).status_code == 405
|
assert client.patch(api.url_for(AuthoritiesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_USER_HEADER_TOKEN = {
|
VALID_USER_HEADER_TOKEN = {
|
||||||
|
@ -80,7 +80,7 @@ def test_auth_authority_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_post_(client):
|
def test_auth_authority_post_(client):
|
||||||
assert client.post(api.url_for(Authorities, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_put(client):
|
def test_auth_authority_put(client):
|
||||||
|
@ -92,7 +92,7 @@ def test_auth_authority_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_patch(client):
|
def test_auth_authority_patch(client):
|
||||||
assert client.patch(api.url_for(Authorities, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authorities_get(client):
|
def test_auth_authorities_get(client):
|
||||||
|
@ -100,7 +100,7 @@ def test_auth_authorities_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authorities_post(client):
|
def test_auth_authorities_post(client):
|
||||||
assert client.post(api.url_for(AuthoritiesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
assert client.post(api.url_for(AuthoritiesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_authorities_get(client):
|
def test_auth_certificates_authorities_get(client):
|
||||||
|
@ -116,7 +116,7 @@ def test_admin_authority_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_post(client):
|
def test_admin_authority_post(client):
|
||||||
assert client.post(api.url_for(Authorities, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Authorities, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_put(client):
|
def test_admin_authority_put(client):
|
||||||
|
@ -136,11 +136,11 @@ def test_admin_authorities_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authorities_post(client):
|
def test_admin_authorities_post(client):
|
||||||
assert client.post(api.url_for(AuthoritiesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
assert client.post(api.url_for(AuthoritiesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authorities_put(client):
|
def test_admin_authorities_put(client):
|
||||||
assert client.put(api.url_for(AuthoritiesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(AuthoritiesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authorities_delete(client):
|
def test_admin_authorities_delete(client):
|
||||||
|
|
|
@ -1,18 +1,6 @@
|
||||||
import os
|
|
||||||
import pytest
|
import pytest
|
||||||
from mock import mock_open, patch
|
|
||||||
from lemur.certificates.views import *
|
from lemur.certificates.views import *
|
||||||
|
|
||||||
#def test_crud(session):
|
|
||||||
# role = create('role1')
|
|
||||||
# assert role.id > 0
|
|
||||||
#
|
|
||||||
# role = update(role.id, 'role_new', None, [])
|
|
||||||
# assert role.name == 'role_new'
|
|
||||||
# delete(role.id)
|
|
||||||
# assert get(role.id) == None
|
|
||||||
|
|
||||||
|
|
||||||
def test_valid_authority(session):
|
def test_valid_authority(session):
|
||||||
assert 1 == 2
|
assert 1 == 2
|
||||||
|
|
||||||
|
@ -33,28 +21,26 @@ def test_private_key_str():
|
||||||
private_key_str('dfsdfsdf', 'test')
|
private_key_str('dfsdfsdf', 'test')
|
||||||
|
|
||||||
|
|
||||||
def test_create_csr():
|
def test_create_basic_csr():
|
||||||
from lemur.tests.certs import CSR_CONFIG
|
|
||||||
from lemur.certificates.service import create_csr
|
from lemur.certificates.service import create_csr
|
||||||
m = mock_open()
|
csr_config = dict(
|
||||||
with patch('lemur.certificates.service.open', m, create=True):
|
commonName=u'example.com',
|
||||||
path = create_csr(CSR_CONFIG)
|
organization=u'Example, Inc.',
|
||||||
assert path == ''
|
organizationalUnit=u'Operations',
|
||||||
|
country=u'US',
|
||||||
|
state=u'CA',
|
||||||
|
location=u'A place',
|
||||||
|
extensions=dict(subAltNames=[u'test.example.com', u'test2.example.com'])
|
||||||
|
)
|
||||||
|
csr, pem = create_csr(csr_config)
|
||||||
|
|
||||||
|
private_key = serialization.load_pem_private_key(pem, password=None, backend=default_backend())
|
||||||
|
csr = x509.load_pem_x509_csr(csr, default_backend())
|
||||||
|
for name in csr.subject:
|
||||||
|
assert name.value in csr_config.values()
|
||||||
|
|
||||||
|
|
||||||
def test_create_path():
|
def test_import_certificate():
|
||||||
assert 1 == 2
|
|
||||||
|
|
||||||
|
|
||||||
def test_load_ssl_pack():
|
|
||||||
assert 1 == 2
|
|
||||||
|
|
||||||
|
|
||||||
def test_delete_ssl_path():
|
|
||||||
assert 1 == 2
|
|
||||||
|
|
||||||
|
|
||||||
def test_import_certificate(session):
|
|
||||||
assert 1 == 2
|
assert 1 == 2
|
||||||
|
|
||||||
|
|
||||||
|
@ -137,20 +123,17 @@ def test_create_name():
|
||||||
True
|
True
|
||||||
) == 'SAN-example.com-ExampleInc-20150507-20150512'
|
) == 'SAN-example.com-ExampleInc-20150507-20150512'
|
||||||
|
|
||||||
def test_is_expired():
|
|
||||||
assert 1 == 2
|
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_get(client):
|
def test_certificate_get(client):
|
||||||
assert client.get(api.url_for(Certificates, certificate_id=1)).status_code == 401
|
assert client.get(api.url_for(Certificates, certificate_id=1)).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_post(client):
|
def test_certificate_post(client):
|
||||||
assert client.post(api.url_for(Certificates, certificate_id=1), {}).status_code == 405
|
assert client.post(api.url_for(Certificates, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_put(client):
|
def test_certificate_put(client):
|
||||||
assert client.put(api.url_for(Certificates, certificate_id=1), {}).status_code == 401
|
assert client.put(api.url_for(Certificates, certificate_id=1), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_delete(client):
|
def test_certificate_delete(client):
|
||||||
|
@ -158,7 +141,7 @@ def test_certificate_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_patch(client):
|
def test_certificate_patch(client):
|
||||||
assert client.patch(api.url_for(Certificates, certificate_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(Certificates, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_get(client):
|
def test_certificates_get(client):
|
||||||
|
@ -166,11 +149,11 @@ def test_certificates_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_post(client):
|
def test_certificates_post(client):
|
||||||
assert client.post(api.url_for(CertificatesList), {}).status_code == 401
|
assert client.post(api.url_for(CertificatesList), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_put(client):
|
def test_certificates_put(client):
|
||||||
assert client.put(api.url_for(CertificatesList), {}).status_code == 405
|
assert client.put(api.url_for(CertificatesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_delete(client):
|
def test_certificates_delete(client):
|
||||||
|
@ -178,7 +161,7 @@ def test_certificates_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_patch(client):
|
def test_certificates_patch(client):
|
||||||
assert client.patch(api.url_for(CertificatesList), {}).status_code == 405
|
assert client.patch(api.url_for(CertificatesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_credentials_get(client):
|
def test_certificate_credentials_get(client):
|
||||||
|
@ -186,11 +169,11 @@ def test_certificate_credentials_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_credentials_post(client):
|
def test_certificate_credentials_post(client):
|
||||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405
|
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_credentials_put(client):
|
def test_certificate_credentials_put(client):
|
||||||
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405
|
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_credentials_delete(client):
|
def test_certificate_credentials_delete(client):
|
||||||
|
@ -198,7 +181,7 @@ def test_certificate_credentials_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_credentials_patch(client):
|
def test_certificate_credentials_patch(client):
|
||||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_upload_get(client):
|
def test_certificates_upload_get(client):
|
||||||
|
@ -206,11 +189,11 @@ def test_certificates_upload_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_upload_post(client):
|
def test_certificates_upload_post(client):
|
||||||
assert client.post(api.url_for(CertificatesUpload), {}).status_code == 401
|
assert client.post(api.url_for(CertificatesUpload), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_upload_put(client):
|
def test_certificates_upload_put(client):
|
||||||
assert client.put(api.url_for(CertificatesUpload), {}).status_code == 405
|
assert client.put(api.url_for(CertificatesUpload), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_upload_delete(client):
|
def test_certificates_upload_delete(client):
|
||||||
|
@ -218,7 +201,7 @@ def test_certificates_upload_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificates_upload_patch(client):
|
def test_certificates_upload_patch(client):
|
||||||
assert client.patch(api.url_for(CertificatesUpload), {}).status_code == 405
|
assert client.patch(api.url_for(CertificatesUpload), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_USER_HEADER_TOKEN = {
|
VALID_USER_HEADER_TOKEN = {
|
||||||
|
@ -230,7 +213,7 @@ def test_auth_certificate_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_post_(client):
|
def test_auth_certificate_post_(client):
|
||||||
assert client.post(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_put(client):
|
def test_auth_certificate_put(client):
|
||||||
|
@ -242,7 +225,7 @@ def test_auth_certificate_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_patch(client):
|
def test_auth_certificate_patch(client):
|
||||||
assert client.patch(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_get(client):
|
def test_auth_certificates_get(client):
|
||||||
|
@ -250,7 +233,7 @@ def test_auth_certificates_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_post(client):
|
def test_auth_certificates_post(client):
|
||||||
assert client.post(api.url_for(CertificatesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
assert client.post(api.url_for(CertificatesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_credentials_get(client):
|
def test_auth_certificate_credentials_get(client):
|
||||||
|
@ -258,11 +241,11 @@ def test_auth_certificate_credentials_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_credentials_post(client):
|
def test_auth_certificate_credentials_post(client):
|
||||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_credentials_put(client):
|
def test_auth_certificate_credentials_put(client):
|
||||||
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_credentials_delete(client):
|
def test_auth_certificate_credentials_delete(client):
|
||||||
|
@ -270,7 +253,7 @@ def test_auth_certificate_credentials_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_credentials_patch(client):
|
def test_auth_certificate_credentials_patch(client):
|
||||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_upload_get(client):
|
def test_auth_certificates_upload_get(client):
|
||||||
|
@ -278,11 +261,11 @@ def test_auth_certificates_upload_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_upload_post(client):
|
def test_auth_certificates_upload_post(client):
|
||||||
assert client.post(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
assert client.post(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 400
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_upload_put(client):
|
def test_auth_certificates_upload_put(client):
|
||||||
assert client.put(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_upload_delete(client):
|
def test_auth_certificates_upload_delete(client):
|
||||||
|
@ -290,7 +273,7 @@ def test_auth_certificates_upload_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificates_upload_patch(client):
|
def test_auth_certificates_upload_patch(client):
|
||||||
assert client.patch(api.url_for(CertificatesUpload), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(CertificatesUpload), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_ADMIN_HEADER_TOKEN = {
|
VALID_ADMIN_HEADER_TOKEN = {
|
||||||
|
@ -302,7 +285,7 @@ def test_admin_certificate_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificate_post(client):
|
def test_admin_certificate_post(client):
|
||||||
assert client.post(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificate_put(client):
|
def test_admin_certificate_put(client):
|
||||||
|
@ -314,7 +297,7 @@ def test_admin_certificate_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificate_patch(client):
|
def test_admin_certificate_patch(client):
|
||||||
assert client.patch(api.url_for(Certificates, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Certificates, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificates_get(client):
|
def test_admin_certificates_get(client):
|
||||||
|
@ -328,7 +311,7 @@ def test_admin_certificate_credentials_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificate_credentials_post(client):
|
def test_admin_certificate_credentials_post(client):
|
||||||
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificate_credentials_put(client):
|
def test_admin_certificate_credentials_put(client):
|
||||||
|
@ -340,5 +323,5 @@ def test_admin_certificate_credentials_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_certificate_credentials_patch(client):
|
def test_admin_certificate_credentials_patch(client):
|
||||||
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(CertificatePrivateKey, certificate_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,11 @@ def test_domain_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_domain_post(client):
|
def test_domain_post(client):
|
||||||
assert client.post(api.url_for(Domains, domain_id=1), {}).status_code == 405
|
assert client.post(api.url_for(Domains, domain_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_domain_put(client):
|
def test_domain_put(client):
|
||||||
assert client.put(api.url_for(Domains, domain_id=1), {}).status_code == 405
|
assert client.put(api.url_for(Domains, domain_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_domain_delete(client):
|
def test_domain_delete(client):
|
||||||
|
@ -17,7 +17,7 @@ def test_domain_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_domain_patch(client):
|
def test_domain_patch(client):
|
||||||
assert client.patch(api.url_for(Domains, domain_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(Domains, domain_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_USER_HEADER_TOKEN = {
|
VALID_USER_HEADER_TOKEN = {
|
||||||
|
@ -28,7 +28,7 @@ def test_auth_domain_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_domain_post_(client):
|
def test_auth_domain_post_(client):
|
||||||
assert client.post(api.url_for(Domains, domain_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Domains, domain_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_domain_put(client):
|
def test_auth_domain_put(client):
|
||||||
|
@ -40,7 +40,7 @@ def test_auth_domain_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_domain_patch(client):
|
def test_auth_domain_patch(client):
|
||||||
assert client.patch(api.url_for(Domains, domain_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Domains, domain_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_ADMIN_HEADER_TOKEN = {
|
VALID_ADMIN_HEADER_TOKEN = {
|
||||||
|
@ -51,7 +51,7 @@ def test_admin_domain_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_domain_post(client):
|
def test_admin_domain_post(client):
|
||||||
assert client.post(api.url_for(Domains, domain_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Domains, domain_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_domain_put(client):
|
def test_admin_domain_put(client):
|
||||||
|
@ -63,7 +63,7 @@ def test_admin_domain_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_domain_patch(client):
|
def test_admin_domain_patch(client):
|
||||||
assert client.patch(api.url_for(Domains, domain_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Domains, domain_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_domains_get(client):
|
def test_domains_get(client):
|
||||||
|
@ -71,11 +71,11 @@ def test_domains_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_domains_post(client):
|
def test_domains_post(client):
|
||||||
assert client.post(api.url_for(DomainsList), {}).status_code == 405
|
assert client.post(api.url_for(DomainsList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_domains_put(client):
|
def test_domains_put(client):
|
||||||
assert client.put(api.url_for(DomainsList), {}).status_code == 405
|
assert client.put(api.url_for(DomainsList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_domains_delete(client):
|
def test_domains_delete(client):
|
||||||
|
@ -83,7 +83,7 @@ def test_domains_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_domains_patch(client):
|
def test_domains_patch(client):
|
||||||
assert client.patch(api.url_for(DomainsList), {}).status_code == 405
|
assert client.patch(api.url_for(DomainsList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_domains_get(client):
|
def test_auth_domains_get(client):
|
||||||
|
@ -101,11 +101,11 @@ def test_certificate_domains_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_domains_post(client):
|
def test_certificate_domains_post(client):
|
||||||
assert client.post(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405
|
assert client.post(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_domains_put(client):
|
def test_certificate_domains_put(client):
|
||||||
assert client.put(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405
|
assert client.put(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_domains_delete(client):
|
def test_certificate_domains_delete(client):
|
||||||
|
@ -113,7 +113,7 @@ def test_certificate_domains_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_domains_patch(client):
|
def test_certificate_domains_patch(client):
|
||||||
assert client.patch(api.url_for(CertificateDomains, certificate_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(CertificateDomains, certificate_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_certificate_domains_get(client):
|
def test_auth_certificate_domains_get(client):
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
KRPZPA&*!_~%dbnuzf153594
|
|
|
@ -1,38 +0,0 @@
|
||||||
|
|
||||||
# Configuration for standard CSR generation for Netflix
|
|
||||||
# Used for procuring VeriSign certificates
|
|
||||||
# Author: jachan
|
|
||||||
# Contact: cloudsecurity@netflix.com
|
|
||||||
|
|
||||||
[ req ]
|
|
||||||
# Use a 2048 bit private key
|
|
||||||
default_bits = 2048
|
|
||||||
default_keyfile = key.pem
|
|
||||||
prompt = no
|
|
||||||
encrypt_key = no
|
|
||||||
|
|
||||||
# base request
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
|
|
||||||
# extensions
|
|
||||||
# Uncomment the following line if you are requesting a SAN cert
|
|
||||||
#req_extensions = req_ext
|
|
||||||
|
|
||||||
# distinguished_name
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
countryName = "US" # C=
|
|
||||||
stateOrProvinceName = "CALIFORNIA" # ST=
|
|
||||||
localityName = "Los Gatos" # L=
|
|
||||||
organizationName = "Netflix, Inc." # O=
|
|
||||||
organizationalUnitName = "Operations" # OU=
|
|
||||||
# This is the hostname/subject name on the certificate
|
|
||||||
commonName = "dfdsflkj.net" # CN=
|
|
||||||
|
|
||||||
[ req_ext ]
|
|
||||||
# Uncomment the following line if you are requesting a SAN cert
|
|
||||||
#subjectAltName = @alt_names
|
|
||||||
|
|
||||||
[alt_names]
|
|
||||||
# Put your SANs here
|
|
||||||
|
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEogIBAAKCAQEAvNudwW+UeQqkpY71MIdEg501AFlPKuOXG2xU8DZhvZS6dKv+
|
|
||||||
kDmIWdEqodDgkQiy0jyTgTwxwRqDSw96R6ZgrXefUoJJo66aCsosTBZtVaE85f1L
|
|
||||||
bj2+3U678c+rekUdkrnGcGCo6b8QtdvBpiDy2clneox8tSvmffAdcR1uCv/790/k
|
|
||||||
PzQ/djWDX9JcBRyDkcTJwYC0/ek7URvA/+MXmgUL13T+gWKqduaKuIBlFetonDjn
|
|
||||||
nO11QUBiusIuHV62wzKn8m5Nc+4XoaBR0YWMFn/g6qXDYrwfCsMpka7vSWJFv5Ff
|
|
||||||
yf+7kY3wU4xIwU2vXlIDcCsdUu6b/pYoQ0YOsQIDAQABAoIBAGbFH6iWnnXrq8MH
|
|
||||||
8zcQNOFmF+RztRgCt0TOA76f6TowB/LbcXBsTl2J7CgYMUvbLuwm2KHX7r9FPTMI
|
|
||||||
XiNFT5C16rYMfiQbLGo4sDhLb/3L+wawem6oHQfzA2VH++lSWRByFaEriF+CgIZl
|
|
||||||
6pALl/uZlLzkXCx+kjPwCSV3vV0wFkDnNs6+wPrz2IhkePsuC8J0QKQLlwsES2It
|
|
||||||
Gizzhpehdv9lc9MyZC//1QlD9gMDl5ok5Bt1Xm2c12XUEEcLlKQkJxiOrBOfXPmV
|
|
||||||
PHCdLc7gZO30hc6dyQ1SSnLpywhz/a0ir2GMvkMbS5hculpcZmwEcdZl1HYD8ObP
|
|
||||||
yOMbPE0CgYEA4LVGJKGtbM8RiBB0MstxNstMYVJ4mXB0lSQ0RazdO3S3ojn+oLpF
|
|
||||||
b2pvV6m9WnHiCGigWkzhqtGGCo6aqE0MoiR4jTN8GhiZz4ggDDaVgc4Px5reUD+r
|
|
||||||
tRsTpBHseGQ+ODGgkMI8eJYkdyqkECkYjAOrdy6uorvgxUAZecRIfJMCgYEA1yhM
|
|
||||||
7NidTNRuA+huS5GcQwQweTM6P1qF7Kfk1JYQMVu4gibLZiLHlWCyHI9lrbI7IaMm
|
|
||||||
g/4jXXoewv7IvyrrSEFulkPeVWxCe3mjfQ8JANfUj4kuR915LSn4lX2pbUgUS66K
|
|
||||||
vJSUJtnzLUmb8khLEcOmDbmTFZl8D/bTHFFZlisCgYAeelfWNhuoq3lMRDcOgKuN
|
|
||||||
bAujE6WJ4kfdxrhUTvr+ynjxxv3zXPB4CS6q7Dnjn5ix3UcKmGzvV1Xf7rGpbDHv
|
|
||||||
eBTlyfrmKzoJfQQjw++JWKKpRycqKUin2tFSKqAxQB90Tb7ig4XiMTMm+qCgFILg
|
|
||||||
0sqZ8rn7FpKJDoWmD2ppgwKBgG2Dl9QeVcKbhfv7PNi+HvmFkl6+knFY1D4nHzSN
|
|
||||||
xWQ6OWoV8QXlwgzokQA0hR6qT6rJbntUyg90b1/1a5zSbbvzgiR+GxcD6bsLqQmo
|
|
||||||
s354XTtKKgJuWpWAfYUp1ylGvP3gs8FVJyu3WC2+/9+MqJk8KrNlt9YQr7M4gTAy
|
|
||||||
wBTNAoGAGU7Po4uI3xDKGLLK/ot3D3P8U9ByfeLlrUZtTz1PASsMOr92bkXmUPlE
|
|
||||||
DYUd5uFfwwlvbMNT1Ooeyrzg3bARd9B6ATyMkOaJeGoQwFAI468iucnm9rNXB+/t
|
|
||||||
U2rbIi1pXSm8zSNEY85tf6C8DU/5YbcAPf47a2UYhwCpYAJfMk0=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,17 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE REQUEST-----
|
|
||||||
MIICvzCCAacCAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNBTElGT1JOSUEx
|
|
||||||
EjAQBgNVBAcTCUxvcyBHYXRvczEWMBQGA1UEChMNTmV0ZmxpeCwgSW5jLjETMBEG
|
|
||||||
A1UECxMKT3BlcmF0aW9uczEVMBMGA1UEAxMMZGZkc2Zsa2oubmV0MIIBIjANBgkq
|
|
||||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNudwW+UeQqkpY71MIdEg501AFlPKuOX
|
|
||||||
G2xU8DZhvZS6dKv+kDmIWdEqodDgkQiy0jyTgTwxwRqDSw96R6ZgrXefUoJJo66a
|
|
||||||
CsosTBZtVaE85f1Lbj2+3U678c+rekUdkrnGcGCo6b8QtdvBpiDy2clneox8tSvm
|
|
||||||
ffAdcR1uCv/790/kPzQ/djWDX9JcBRyDkcTJwYC0/ek7URvA/+MXmgUL13T+gWKq
|
|
||||||
duaKuIBlFetonDjnnO11QUBiusIuHV62wzKn8m5Nc+4XoaBR0YWMFn/g6qXDYrwf
|
|
||||||
CsMpka7vSWJFv5Ffyf+7kY3wU4xIwU2vXlIDcCsdUu6b/pYoQ0YOsQIDAQABoAAw
|
|
||||||
DQYJKoZIhvcNAQEFBQADggEBAE8b0+IYGiR64Me/L0/njYvSR5WR4EnjW99Sc8X5
|
|
||||||
k93zpk4hExrZhrlkDBA/jUHhBZcPNV9w/YkhSu5ubPjRp9gRM2d4B9gGJFAs+bwe
|
|
||||||
LS9hCOxWIMKgvaBMEDQFcwqAv6kEJzmrIa7LtWS39wNfdko2hANtm7z9qskc8bPr
|
|
||||||
265+Z48DwSNCF4RPhVp9eDifjHrj0I//GMXYa92uvgj1BlPo/SGMS+XFQF779p2b
|
|
||||||
622HmUCop3pYeIyYd6rirvl9+KwqvIhm2MqHk62eHOK7Bn/FPev8OUDeV6pIvvSV
|
|
||||||
UxsEHjjLm0V/lOD65lROc7dTq4jO5PkpoKnFQDgV5v0Bf/k=
|
|
||||||
-----END CERTIFICATE REQUEST-----
|
|
|
@ -1,21 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDcDCCAlgCCQC8msHu/aa61zANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJV
|
|
||||||
UzETMBEGA1UECBMKQ0FMSUZPUk5JQTESMBAGA1UEBxMJTG9zIEdhdG9zMRYwFAYD
|
|
||||||
VQQKEw1OZXRmbGl4LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMRUwEwYDVQQD
|
|
||||||
EwxkZmRzZmxrai5uZXQwHhcNMTQwNTI1MTczMDMzWhcNMTUwNTI1MTczMDMzWjB6
|
|
||||||
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ0FMSUZPUk5JQTESMBAGA1UEBxMJTG9z
|
|
||||||
IEdhdG9zMRYwFAYDVQQKEw1OZXRmbGl4LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRp
|
|
||||||
b25zMRUwEwYDVQQDEwxkZmRzZmxrai5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
|
||||||
DwAwggEKAoIBAQC8253Bb5R5CqSljvUwh0SDnTUAWU8q45cbbFTwNmG9lLp0q/6Q
|
|
||||||
OYhZ0Sqh0OCRCLLSPJOBPDHBGoNLD3pHpmCtd59SgkmjrpoKyixMFm1VoTzl/Utu
|
|
||||||
Pb7dTrvxz6t6RR2SucZwYKjpvxC128GmIPLZyWd6jHy1K+Z98B1xHW4K//v3T+Q/
|
|
||||||
ND92NYNf0lwFHIORxMnBgLT96TtRG8D/4xeaBQvXdP6BYqp25oq4gGUV62icOOec
|
|
||||||
7XVBQGK6wi4dXrbDMqfybk1z7hehoFHRhYwWf+DqpcNivB8KwymRru9JYkW/kV/J
|
|
||||||
/7uRjfBTjEjBTa9eUgNwKx1S7pv+lihDRg6xAgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
|
||||||
ggEBAJHwa4l2iSiFBb6wVFBJEWEt31qp+njiVCoTg2OJzCT60Xb26hkrsiTldIIh
|
|
||||||
eB9+y+fwdfwopzWhkNbIOlCfudx/uxtpor8/3BRbjSlNwDUg2L8pfAircJMFLQUM
|
|
||||||
O6nqPOBWCe8hXwe9FQM/oFOavf/AAw/FED+892xlytjirK9u3B28O20W11+fY7hp
|
|
||||||
8LQVBrMoVxFeLWmmwETAltJ7HEYutplRzYTM0vLBARl4Vd5kLJlY3j2Dp1ZpRGcg
|
|
||||||
CrQp26UD/oaAPGtiZQSC4LJ+4JfOuuqbm3CI24QMCh9rxv3ZoOQnFuC+7cZgqrat
|
|
||||||
V4bxCrVvWhrrDSgy9+A80NVzQ3k=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -18,11 +18,11 @@ def test_role_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_role_post(client):
|
def test_role_post(client):
|
||||||
assert client.post(api.url_for(Roles, role_id=1), {}).status_code == 405
|
assert client.post(api.url_for(Roles, role_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_role_put(client):
|
def test_role_put(client):
|
||||||
assert client.put(api.url_for(Roles, role_id=1), {}).status_code == 401
|
assert client.put(api.url_for(Roles, role_id=1), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_role_delete(client):
|
def test_role_delete(client):
|
||||||
|
@ -30,7 +30,7 @@ def test_role_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_role_patch(client):
|
def test_role_patch(client):
|
||||||
assert client.patch(api.url_for(Roles, role_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(Roles, role_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_roles_get(client):
|
def test_roles_get(client):
|
||||||
|
@ -38,11 +38,11 @@ def test_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_roles_post(client):
|
def test_roles_post(client):
|
||||||
assert client.post(api.url_for(RolesList), {}).status_code == 401
|
assert client.post(api.url_for(RolesList), data={}).status_code == 401
|
||||||
|
|
||||||
|
|
||||||
def test_roles_put(client):
|
def test_roles_put(client):
|
||||||
assert client.put(api.url_for(RolesList), {}).status_code == 405
|
assert client.put(api.url_for(RolesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_roles_delete(client):
|
def test_roles_delete(client):
|
||||||
|
@ -50,7 +50,7 @@ def test_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_roles_patch(client):
|
def test_roles_patch(client):
|
||||||
assert client.patch(api.url_for(RolesList), {}).status_code == 405
|
assert client.patch(api.url_for(RolesList), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_role_credentials_get(client):
|
def test_role_credentials_get(client):
|
||||||
|
@ -58,11 +58,11 @@ def test_role_credentials_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_role_credentials_post(client):
|
def test_role_credentials_post(client):
|
||||||
assert client.post(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405
|
assert client.post(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_role_credentials_put(client):
|
def test_role_credentials_put(client):
|
||||||
assert client.put(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405
|
assert client.put(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_role_credentials_delete(client):
|
def test_role_credentials_delete(client):
|
||||||
|
@ -70,7 +70,7 @@ def test_role_credentials_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_role_credentials_patch(client):
|
def test_role_credentials_patch(client):
|
||||||
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_user_roles_get(client):
|
def test_user_roles_get(client):
|
||||||
|
@ -78,11 +78,11 @@ def test_user_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_user_roles_post(client):
|
def test_user_roles_post(client):
|
||||||
assert client.post(api.url_for(UserRolesList, user_id=1), {}).status_code == 405
|
assert client.post(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_user_roles_put(client):
|
def test_user_roles_put(client):
|
||||||
assert client.put(api.url_for(UserRolesList, user_id=1), {}).status_code == 405
|
assert client.put(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_user_roles_delete(client):
|
def test_user_roles_delete(client):
|
||||||
|
@ -90,7 +90,7 @@ def test_user_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_user_roles_patch(client):
|
def test_user_roles_patch(client):
|
||||||
assert client.patch(api.url_for(UserRolesList, user_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(UserRolesList, user_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_authority_roles_get(client):
|
def test_authority_roles_get(client):
|
||||||
|
@ -98,11 +98,11 @@ def test_authority_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_authority_roles_post(client):
|
def test_authority_roles_post(client):
|
||||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405
|
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_authority_roles_put(client):
|
def test_authority_roles_put(client):
|
||||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405
|
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_authority_roles_delete(client):
|
def test_authority_roles_delete(client):
|
||||||
|
@ -110,7 +110,7 @@ def test_authority_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_authority_roles_patch(client):
|
def test_authority_roles_patch(client):
|
||||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}).status_code == 405
|
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_USER_HEADER_TOKEN = {
|
VALID_USER_HEADER_TOKEN = {
|
||||||
|
@ -122,7 +122,7 @@ def test_auth_role_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_post_(client):
|
def test_auth_role_post_(client):
|
||||||
assert client.post(api.url_for(Roles, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Roles, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_put(client):
|
def test_auth_role_put(client):
|
||||||
|
@ -134,7 +134,7 @@ def test_auth_role_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_patch(client):
|
def test_auth_role_patch(client):
|
||||||
assert client.patch(api.url_for(Roles, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Roles, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_roles_get(client):
|
def test_auth_roles_get(client):
|
||||||
|
@ -142,7 +142,7 @@ def test_auth_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_roles_post(client):
|
def test_auth_roles_post(client):
|
||||||
assert client.post(api.url_for(RolesList), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
assert client.post(api.url_for(RolesList), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 403
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_credentials_get(client):
|
def test_auth_role_credentials_get(client):
|
||||||
|
@ -150,11 +150,11 @@ def test_auth_role_credentials_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_credentials_post(client):
|
def test_auth_role_credentials_post(client):
|
||||||
assert client.post(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_credentials_put(client):
|
def test_auth_role_credentials_put(client):
|
||||||
assert client.put(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_credentials_delete(client):
|
def test_auth_role_credentials_delete(client):
|
||||||
|
@ -162,7 +162,7 @@ def test_auth_role_credentials_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_role_credentials_patch(client):
|
def test_auth_role_credentials_patch(client):
|
||||||
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(RoleViewCredentials, role_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_user_roles_get(client):
|
def test_auth_user_roles_get(client):
|
||||||
|
@ -170,11 +170,11 @@ def test_auth_user_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_user_roles_post(client):
|
def test_auth_user_roles_post(client):
|
||||||
assert client.post(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_user_roles_put(client):
|
def test_auth_user_roles_put(client):
|
||||||
assert client.put(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_user_roles_delete(client):
|
def test_auth_user_roles_delete(client):
|
||||||
|
@ -182,7 +182,7 @@ def test_auth_user_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_user_roles_patch(client):
|
def test_auth_user_roles_patch(client):
|
||||||
assert client.patch(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_roles_get(client):
|
def test_auth_authority_roles_get(client):
|
||||||
|
@ -190,11 +190,11 @@ def test_auth_authority_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_roles_post(client):
|
def test_auth_authority_roles_post(client):
|
||||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_roles_put(client):
|
def test_auth_authority_roles_put(client):
|
||||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_roles_delete(client):
|
def test_auth_authority_roles_delete(client):
|
||||||
|
@ -202,7 +202,7 @@ def test_auth_authority_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_auth_authority_roles_patch(client):
|
def test_auth_authority_roles_patch(client):
|
||||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_USER_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
VALID_ADMIN_HEADER_TOKEN = {
|
VALID_ADMIN_HEADER_TOKEN = {
|
||||||
|
@ -214,7 +214,7 @@ def test_admin_role_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_post(client):
|
def test_admin_role_post(client):
|
||||||
assert client.post(api.url_for(Roles, role_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(Roles, role_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_put(client):
|
def test_admin_role_put(client):
|
||||||
|
@ -226,7 +226,7 @@ def test_admin_role_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_patch(client):
|
def test_admin_role_patch(client):
|
||||||
assert client.patch(api.url_for(Roles, role_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(Roles, role_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_roles_get(client):
|
def test_admin_roles_get(client):
|
||||||
|
@ -240,11 +240,11 @@ def test_admin_role_credentials_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_credentials_post(client):
|
def test_admin_role_credentials_post(client):
|
||||||
assert client.post(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
assert client.post(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 400
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_credentials_put(client):
|
def test_admin_role_credentials_put(client):
|
||||||
assert client.put(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_credentials_delete(client):
|
def test_admin_role_credentials_delete(client):
|
||||||
|
@ -252,7 +252,7 @@ def test_admin_role_credentials_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_role_credentials_patch(client):
|
def test_admin_role_credentials_patch(client):
|
||||||
assert client.patch(api.url_for(RolesList), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(RolesList), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_user_roles_get(client):
|
def test_admin_user_roles_get(client):
|
||||||
|
@ -260,11 +260,11 @@ def test_admin_user_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_user_roles_post(client):
|
def test_admin_user_roles_post(client):
|
||||||
assert client.post(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_user_roles_put(client):
|
def test_admin_user_roles_put(client):
|
||||||
assert client.put(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_user_roles_delete(client):
|
def test_admin_user_roles_delete(client):
|
||||||
|
@ -272,7 +272,7 @@ def test_admin_user_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_user_roles_patch(client):
|
def test_admin_user_roles_patch(client):
|
||||||
assert client.patch(api.url_for(UserRolesList, user_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(UserRolesList, user_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_roles_get(client):
|
def test_admin_authority_roles_get(client):
|
||||||
|
@ -280,11 +280,11 @@ def test_admin_authority_roles_get(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_roles_post(client):
|
def test_admin_authority_roles_post(client):
|
||||||
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.post(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_roles_put(client):
|
def test_admin_authority_roles_put(client):
|
||||||
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.put(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_roles_delete(client):
|
def test_admin_authority_roles_delete(client):
|
||||||
|
@ -292,7 +292,7 @@ def test_admin_authority_roles_delete(client):
|
||||||
|
|
||||||
|
|
||||||
def test_admin_authority_roles_patch(client):
|
def test_admin_authority_roles_patch(client):
|
||||||
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), {}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
assert client.patch(api.url_for(AuthorityRolesList, authority_id=1), data={}, headers=VALID_ADMIN_HEADER_TOKEN).status_code == 405
|
||||||
|
|
||||||
|
|
||||||
def test_admin_roles_crud(client):
|
def test_admin_roles_crud(client):
|
||||||
|
|
Loading…
Reference in New Issue