mirror of
https://github.com/valitydev/salt.git
synced 2024-11-08 17:33:54 +00:00
b93392dfb7
When calling an incorrectly formatted wheel or runner function, we should be raising a SaltInvocationError with a hint to check function syntax rather that raising an Eauth authentication error. This PR does several things: - Adds a dictionary error return when the function syntax passed through to `utils.minions.CkMinions.spec_check` does not match the expected `module.function` syntax - Handles the return of this new dictionary error (instead of previous `False` return) wherever the spec_check function is called. This is handled up the stack in `master.py` and `masterapi.py`. - Reworks the runner and wheel functions in `master.py` and `masterapi.py` to help make those functions more DRY (see `salt.auth.check_authentication` function). - Adds tests for all of these changes (written before the runner and wheel functions were moved to use the new salt.auth.check_authentication function) to help prevent regressions. - Fixes a couple of places where unit tests exposed potential stacktraces. - Adjusts one previous unit test concerning the dictionary error change from spec_check
210 lines
9.5 KiB
Python
210 lines
9.5 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# Import Python libs
|
|
from __future__ import absolute_import
|
|
|
|
# Import Salt libs
|
|
import salt.config
|
|
import salt.master
|
|
|
|
# Import Salt Testing Libs
|
|
from tests.support.unit import TestCase
|
|
from tests.support.mock import (
|
|
patch,
|
|
MagicMock,
|
|
)
|
|
|
|
|
|
class ClearFuncsTestCase(TestCase):
|
|
'''
|
|
TestCase for salt.master.ClearFuncs class
|
|
'''
|
|
|
|
def setUp(self):
|
|
opts = salt.config.master_config(None)
|
|
self.clear_funcs = salt.master.ClearFuncs(opts, {})
|
|
|
|
def test_runner_token_not_authenticated(self):
|
|
'''
|
|
Asserts that a TokenAuthenticationError is returned when the token can't authenticate.
|
|
'''
|
|
mock_ret = {u'error': {u'name': u'TokenAuthenticationError',
|
|
u'message': u'Authentication failure of type "token" occurred.'}}
|
|
ret = self.clear_funcs.runner({u'token': u'asdfasdfasdfasdf'})
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_runner_token_authorization_error(self):
|
|
'''
|
|
Asserts that a TokenAuthenticationError is returned when the token authenticates, but is
|
|
not authorized.
|
|
'''
|
|
token = u'asdfasdfasdfasdf'
|
|
clear_load = {u'token': token, u'fun': u'test.arg'}
|
|
mock_token = {u'token': token, u'eauth': u'foo', u'name': u'test'}
|
|
mock_ret = {u'error': {u'name': u'TokenAuthenticationError',
|
|
u'message': u'Authentication failure of type "token" occurred '
|
|
u'for user test.'}}
|
|
|
|
with patch('salt.auth.LoadAuth.authenticate_token', MagicMock(return_value=mock_token)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.runner(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_runner_token_salt_invocation_error(self):
|
|
'''
|
|
Asserts that a SaltInvocationError is returned when the token authenticates, but the
|
|
command is malformed.
|
|
'''
|
|
token = u'asdfasdfasdfasdf'
|
|
clear_load = {u'token': token, u'fun': u'badtestarg'}
|
|
mock_token = {u'token': token, u'eauth': u'foo', u'name': u'test'}
|
|
mock_ret = {u'error': {u'name': u'SaltInvocationError',
|
|
u'message': u'A command invocation error occurred: Check syntax.'}}
|
|
|
|
with patch('salt.auth.LoadAuth.authenticate_token', MagicMock(return_value=mock_token)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.runner(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_runner_eauth_not_authenticated(self):
|
|
'''
|
|
Asserts that an EauthAuthenticationError is returned when the user can't authenticate.
|
|
'''
|
|
mock_ret = {u'error': {u'name': u'EauthAuthenticationError',
|
|
u'message': u'Authentication failure of type "eauth" occurred for '
|
|
u'user UNKNOWN.'}}
|
|
ret = self.clear_funcs.runner({u'eauth': u'foo'})
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_runner_eauth_authorization_error(self):
|
|
'''
|
|
Asserts that an EauthAuthenticationError is returned when the user authenticates, but is
|
|
not authorized.
|
|
'''
|
|
clear_load = {u'eauth': u'foo', u'username': u'test', u'fun': u'test.arg'}
|
|
mock_ret = {u'error': {u'name': u'EauthAuthenticationError',
|
|
u'message': u'Authentication failure of type "eauth" occurred for '
|
|
u'user test.'}}
|
|
with patch('salt.auth.LoadAuth.authenticate_eauth', MagicMock(return_value=True)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.runner(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_runner_eauth_salt_invocation_errpr(self):
|
|
'''
|
|
Asserts that an EauthAuthenticationError is returned when the user authenticates, but the
|
|
command is malformed.
|
|
'''
|
|
clear_load = {u'eauth': u'foo', u'username': u'test', u'fun': u'bad.test.arg.func'}
|
|
mock_ret = {u'error': {u'name': u'SaltInvocationError',
|
|
u'message': u'A command invocation error occurred: Check syntax.'}}
|
|
with patch('salt.auth.LoadAuth.authenticate_eauth', MagicMock(return_value=True)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.runner(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_runner_user_not_authenticated(self):
|
|
'''
|
|
Asserts that an UserAuthenticationError is returned when the user can't authenticate.
|
|
'''
|
|
mock_ret = {u'error': {u'name': u'UserAuthenticationError',
|
|
u'message': u'Authentication failure of type "user" occurred'}}
|
|
ret = self.clear_funcs.runner({})
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_token_not_authenticated(self):
|
|
'''
|
|
Asserts that a TokenAuthenticationError is returned when the token can't authenticate.
|
|
'''
|
|
mock_ret = {u'error': {u'name': u'TokenAuthenticationError',
|
|
u'message': u'Authentication failure of type "token" occurred.'}}
|
|
ret = self.clear_funcs.wheel({u'token': u'asdfasdfasdfasdf'})
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_token_authorization_error(self):
|
|
'''
|
|
Asserts that a TokenAuthenticationError is returned when the token authenticates, but is
|
|
not authorized.
|
|
'''
|
|
token = u'asdfasdfasdfasdf'
|
|
clear_load = {u'token': token, u'fun': u'test.arg'}
|
|
mock_token = {u'token': token, u'eauth': u'foo', u'name': u'test'}
|
|
mock_ret = {u'error': {u'name': u'TokenAuthenticationError',
|
|
u'message': u'Authentication failure of type "token" occurred '
|
|
u'for user test.'}}
|
|
|
|
with patch('salt.auth.LoadAuth.authenticate_token', MagicMock(return_value=mock_token)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.wheel(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_token_salt_invocation_error(self):
|
|
'''
|
|
Asserts that a SaltInvocationError is returned when the token authenticates, but the
|
|
command is malformed.
|
|
'''
|
|
token = u'asdfasdfasdfasdf'
|
|
clear_load = {u'token': token, u'fun': u'badtestarg'}
|
|
mock_token = {u'token': token, u'eauth': u'foo', u'name': u'test'}
|
|
mock_ret = {u'error': {u'name': u'SaltInvocationError',
|
|
u'message': u'A command invocation error occurred: Check syntax.'}}
|
|
|
|
with patch('salt.auth.LoadAuth.authenticate_token', MagicMock(return_value=mock_token)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.wheel(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_eauth_not_authenticated(self):
|
|
'''
|
|
Asserts that an EauthAuthenticationError is returned when the user can't authenticate.
|
|
'''
|
|
mock_ret = {u'error': {u'name': u'EauthAuthenticationError',
|
|
u'message': u'Authentication failure of type "eauth" occurred for '
|
|
u'user UNKNOWN.'}}
|
|
ret = self.clear_funcs.wheel({u'eauth': u'foo'})
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_eauth_authorization_error(self):
|
|
'''
|
|
Asserts that an EauthAuthenticationError is returned when the user authenticates, but is
|
|
not authorized.
|
|
'''
|
|
clear_load = {u'eauth': u'foo', u'username': u'test', u'fun': u'test.arg'}
|
|
mock_ret = {u'error': {u'name': u'EauthAuthenticationError',
|
|
u'message': u'Authentication failure of type "eauth" occurred for '
|
|
u'user test.'}}
|
|
with patch('salt.auth.LoadAuth.authenticate_eauth', MagicMock(return_value=True)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.wheel(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_eauth_salt_invocation_errpr(self):
|
|
'''
|
|
Asserts that an EauthAuthenticationError is returned when the user authenticates, but the
|
|
command is malformed.
|
|
'''
|
|
clear_load = {u'eauth': u'foo', u'username': u'test', u'fun': u'bad.test.arg.func'}
|
|
mock_ret = {u'error': {u'name': u'SaltInvocationError',
|
|
u'message': u'A command invocation error occurred: Check syntax.'}}
|
|
with patch('salt.auth.LoadAuth.authenticate_eauth', MagicMock(return_value=True)), \
|
|
patch('salt.auth.LoadAuth.get_auth_list', MagicMock(return_value=[])):
|
|
ret = self.clear_funcs.wheel(clear_load)
|
|
|
|
self.assertDictEqual(mock_ret, ret)
|
|
|
|
def test_wheel_user_not_authenticated(self):
|
|
'''
|
|
Asserts that an UserAuthenticationError is returned when the user can't authenticate.
|
|
'''
|
|
mock_ret = {u'error': {u'name': u'UserAuthenticationError',
|
|
u'message': u'Authentication failure of type "user" occurred'}}
|
|
ret = self.clear_funcs.wheel({})
|
|
self.assertDictEqual(mock_ret, ret)
|