Previously updating the credentials would delete values from the existing crednetials if they weren't also present in the update. This adds a method for merging credentials to the KeyVaultCredentials model and adds tests to both the cloud provider and model.
144 lines
4.3 KiB
Python
144 lines
4.3 KiB
Python
import pytest
|
|
|
|
from pydantic import ValidationError
|
|
|
|
from atst.domain.csp.cloud.models import (
|
|
AZURE_MGMNT_PATH,
|
|
KeyVaultCredentials,
|
|
ManagementGroupCSPPayload,
|
|
ManagementGroupCSPResponse,
|
|
UserCSPPayload,
|
|
)
|
|
|
|
|
|
def test_ManagementGroupCSPPayload_management_group_name():
|
|
# supplies management_group_name when absent
|
|
payload = ManagementGroupCSPPayload(
|
|
tenant_id="any-old-id",
|
|
display_name="Council of Naboo",
|
|
parent_id="Galactic_Senate",
|
|
)
|
|
assert payload.management_group_name
|
|
# validates management_group_name
|
|
with pytest.raises(ValidationError):
|
|
payload = ManagementGroupCSPPayload(
|
|
tenant_id="any-old-id",
|
|
management_group_name="council of Naboo 1%^&",
|
|
display_name="Council of Naboo",
|
|
parent_id="Galactic_Senate",
|
|
)
|
|
# shortens management_group_name to fit
|
|
name = "council_of_naboo".ljust(95, "1")
|
|
|
|
assert len(name) > 90
|
|
payload = ManagementGroupCSPPayload(
|
|
tenant_id="any-old-id",
|
|
management_group_name=name,
|
|
display_name="Council of Naboo",
|
|
parent_id="Galactic_Senate",
|
|
)
|
|
assert len(payload.management_group_name) == 90
|
|
|
|
|
|
def test_ManagementGroupCSPPayload_display_name():
|
|
# shortens display_name to fit
|
|
name = "Council of Naboo".ljust(95, "1")
|
|
assert len(name) > 90
|
|
payload = ManagementGroupCSPPayload(
|
|
tenant_id="any-old-id", display_name=name, parent_id="Galactic_Senate"
|
|
)
|
|
assert len(payload.display_name) == 90
|
|
|
|
|
|
def test_ManagementGroupCSPPayload_parent_id():
|
|
full_path = f"{AZURE_MGMNT_PATH}Galactic_Senate"
|
|
# adds full path
|
|
payload = ManagementGroupCSPPayload(
|
|
tenant_id="any-old-id",
|
|
display_name="Council of Naboo",
|
|
parent_id="Galactic_Senate",
|
|
)
|
|
assert payload.parent_id == full_path
|
|
# keeps full path
|
|
payload = ManagementGroupCSPPayload(
|
|
tenant_id="any-old-id", display_name="Council of Naboo", parent_id=full_path
|
|
)
|
|
assert payload.parent_id == full_path
|
|
|
|
|
|
def test_ManagementGroupCSPResponse_id():
|
|
full_id = "/path/to/naboo-123"
|
|
response = ManagementGroupCSPResponse(
|
|
**{"id": "/path/to/naboo-123", "other": "stuff"}
|
|
)
|
|
assert response.id == full_id
|
|
|
|
|
|
def test_KeyVaultCredentials_enforce_admin_creds():
|
|
with pytest.raises(ValidationError):
|
|
KeyVaultCredentials(tenant_id="an id", tenant_admin_username="C3PO")
|
|
assert KeyVaultCredentials(
|
|
tenant_id="an id",
|
|
tenant_admin_username="C3PO",
|
|
tenant_admin_password="beep boop",
|
|
)
|
|
|
|
|
|
def test_KeyVaultCredentials_enforce_sp_creds():
|
|
with pytest.raises(ValidationError):
|
|
KeyVaultCredentials(tenant_id="an id", tenant_sp_client_id="C3PO")
|
|
assert KeyVaultCredentials(
|
|
tenant_id="an id", tenant_sp_client_id="C3PO", tenant_sp_key="beep boop"
|
|
)
|
|
|
|
|
|
def test_KeyVaultCredentials_enforce_root_creds():
|
|
with pytest.raises(ValidationError):
|
|
KeyVaultCredentials(root_tenant_id="an id", root_sp_client_id="C3PO")
|
|
assert KeyVaultCredentials(
|
|
root_tenant_id="an id", root_sp_client_id="C3PO", root_sp_key="beep boop"
|
|
)
|
|
|
|
|
|
def test_KeyVaultCredentials_merge_credentials():
|
|
old_secret = KeyVaultCredentials(
|
|
tenant_id="foo",
|
|
tenant_admin_username="bar",
|
|
tenant_admin_password="baz", # pragma: allowlist secret
|
|
)
|
|
new_secret = KeyVaultCredentials(
|
|
tenant_id="foo", tenant_sp_client_id="bip", tenant_sp_key="bop"
|
|
)
|
|
|
|
expected_update = KeyVaultCredentials(
|
|
tenant_id="foo",
|
|
tenant_admin_username="bar",
|
|
tenant_admin_password="baz", # pragma: allowlist secret
|
|
tenant_sp_client_id="bip",
|
|
tenant_sp_key="bop",
|
|
)
|
|
assert old_secret.merge_credentials(new_secret) == expected_update
|
|
|
|
|
|
user_payload = {
|
|
"tenant_id": "123",
|
|
"display_name": "Han Solo",
|
|
"tenant_host_name": "rebelalliance",
|
|
"email": "han@moseisley.cantina",
|
|
}
|
|
|
|
|
|
def test_UserCSPPayload_mail_nickname():
|
|
payload = UserCSPPayload(**user_payload)
|
|
assert payload.mail_nickname == f"han.solo"
|
|
|
|
|
|
def test_UserCSPPayload_user_principal_name():
|
|
payload = UserCSPPayload(**user_payload)
|
|
assert payload.user_principal_name == f"han.solo@rebelalliance.onmicrosoft.com"
|
|
|
|
|
|
def test_UserCSPPayload_password():
|
|
payload = UserCSPPayload(**user_payload)
|
|
assert payload.password
|