controller/rootfs/api/tests/deployments/test_certificate.py at edb0383a6446d048d2a9b14512534caccd74d2d1 · drycc/controller · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
from django.contrib.auth.models import User
from django.core.cache import cache
from django.test import override_settings
from rest_framework.test import APITestCase
from rest_framework.authtoken.models import Token
from django.core.exceptions import SuspiciousOperation

from api.models import App, Certificate
from api.tests import TEST_ROOT


@override_settings(DEIS_KUBERNETES_DEPLOYMENTS='1')
class CertificateTest(APITestCase):

    """Tests creation of domain SSL certificates"""

    fixtures = ['tests.json']

    def setUp(self):
        self.user = User.objects.get(username='autotest')
        self.token = Token.objects.get(user=self.user).key
        self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)

        self.url = '/v2/certs'
        self.app = App.objects.create(owner=self.user, id='test-app')
        self.domain = 'autotest.example.com'

        with open('{}/certs/{}.key'.format(TEST_ROOT, self.domain)) as f:
            self.key = f.read()

        with open('{}/certs/{}.cert'.format(TEST_ROOT, self.domain)) as f:
            self.cert = f.read()

    def tearDown(self):
        # make sure every test has a clean slate for k8s mocking
        cache.clear()

    def test_create_certificate_with_domain(self):
        """Tests creating a certificate."""
        response = self.client.post(
            self.url,
            {
                'name': 'random-test-cert',
                'certificate': self.cert,
                'key': self.key
            }
        )
        self.assertEqual(response.status_code, 201, response.data)

    def test_update_certificate(self):
        """Tests update of a certificate."""
        response = self.client.post(
            self.url,
            {
                'name': 'random-test-cert',
                'certificate': self.cert,
                'key': self.key
            }
        )
        self.assertEqual(response.status_code, 201, response.data)

    def test_create_certificate_with_different_common_name(self):
        """
        Make sure common_name is read-only
        """
        response = self.client.post(
            self.url,
            {
                'name': 'random-test-cert',
                'certificate': self.cert,
                'key': self.key,
                'common_name': 'foo.example.com'
            }
        )
        self.assertEqual(response.status_code, 201, response.data)
        self.assertEqual(response.data['common_name'], 'autotest.example.com')

    def test_get_certificate_screens_data(self):
        """
        When a user retrieves a certificate, only the common name and expiry date should be
        displayed.
        """
        response = self.client.post(
            self.url,
            {
                'name': 'random-test-cert',
                'certificate': self.cert,
                'key': self.key
            }
        )
        self.assertEqual(response.status_code, 201, response.data)

        response = self.client.get('{}/{}'.format(self.url, 'random-test-cert'))
        self.assertEqual(response.status_code, 200, response.data)

        expected = {
            'common_name': 'autotest.example.com',
            'expires': '2016-03-05T17:14:27Z',
            'fingerprint': '37:24:D8:EB:DC:A4:2C:DA:88:55:C5:19:71:D3:9B:43:BA:AC:3A:CE:33:8E:07:52:1C:51:01:A0:97:43:C9:4D',  # noqa
            'san': [],
            'domains': [],
        }
        for key, value in list(expected.items()):
            self.assertEqual(response.data[key], value, key)

    def test_certficate_denied_requests(self):
        """Disallow put/patch requests"""
        response = self.client.put(self.url)
        self.assertEqual(response.status_code, 405, response.content)
        response = self.client.patch(self.url)
        self.assertEqual(response.status_code, 405, response.content)

    def test_delete_certificate(self):
        """Destroying a certificate should generate a 204 response"""
        Certificate.objects.create(
            name='random-test-cert',
            owner=self.user,
            common_name='autotest.example.com',
            certificate=self.cert
        )
        url = '/v2/certs/random-test-cert'
        response = self.client.delete(url)
        self.assertEqual(response.status_code, 204, response.data)

    def test_create_invalid_cert(self):
        """Upload a cert that can't be loaded by pyopenssl"""
        response = self.client.post(
            self.url,
            {
                'name': 'random-test-cert',
                'certificate': 'i am bad data',
                'key': 'i am bad data as well'
            }
        )
        self.assertEqual(response.status_code, 400, response.data)
        # match partial since right now the rest is pyopenssl errors
        self.assertIn('Could not load certificate', response.data['certificate'][0])

    def test_load_invalid_cert(self):
        """Inject a cert that can't be loaded by pyopenssl"""

        with self.assertRaises(SuspiciousOperation):
            Certificate.objects.create(
                owner=self.user,
                name='random-test-cert',
                certificate='i am bad data',
                key='i am bad data as well'
            )