github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/authentication/agent_test.go

github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/authentication/agent_test.go (about)

     1  // Copyright 2014 Canonical Ltd. All rights reserved.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package authentication_test
     5  
     6  import (
     7  	jc "github.com/juju/testing/checkers"
     8  	"github.com/juju/utils"
     9  	gc "gopkg.in/check.v1"
    10  
    11  	"github.com/juju/juju/apiserver/authentication"
    12  	"github.com/juju/juju/apiserver/params"
    13  	"github.com/juju/juju/juju/testing"
    14  	"github.com/juju/juju/state"
    15  	"github.com/juju/juju/testing/factory"
    16  )
    17  
    18  type agentAuthenticatorSuite struct {
    19  	testing.JujuConnSuite
    20  	machinePassword string
    21  	machineNonce    string
    22  	unitPassword    string
    23  	machine         *state.Machine
    24  	user            *state.User
    25  	unit            *state.Unit
    26  	relation        *state.Relation
    27  }
    28  
    29  var _ = gc.Suite(&agentAuthenticatorSuite{})
    30  
    31  func (s *agentAuthenticatorSuite) SetUpTest(c *gc.C) {
    32  	s.JujuConnSuite.SetUpTest(c)
    33  
    34  	s.user = s.Factory.MakeUser(c, &factory.UserParams{
    35  		Name:        "bobbrown",
    36  		DisplayName: "Bob Brown",
    37  		Password:    "password",
    38  	})
    39  
    40  	// add machine for testing machine agent authentication
    41  	machine, err := s.State.AddMachine("quantal", state.JobHostUnits)
    42  	c.Assert(err, jc.ErrorIsNil)
    43  	nonce, err := utils.RandomPassword()
    44  	c.Assert(err, jc.ErrorIsNil)
    45  	err = machine.SetProvisioned("foo", nonce, nil)
    46  	c.Assert(err, jc.ErrorIsNil)
    47  	password, err := utils.RandomPassword()
    48  	c.Assert(err, jc.ErrorIsNil)
    49  	err = machine.SetPassword(password)
    50  	c.Assert(err, jc.ErrorIsNil)
    51  	s.machine = machine
    52  	s.machinePassword = password
    53  	s.machineNonce = nonce
    54  
    55  	// add a unit for testing unit agent authentication
    56  	wordpress := s.AddTestingService(c, "wordpress", s.AddTestingCharm(c, "wordpress"))
    57  	c.Assert(err, jc.ErrorIsNil)
    58  	unit, err := wordpress.AddUnit()
    59  	c.Assert(err, jc.ErrorIsNil)
    60  	s.unit = unit
    61  	password, err = utils.RandomPassword()
    62  	c.Assert(err, jc.ErrorIsNil)
    63  	err = unit.SetPassword(password)
    64  	c.Assert(err, jc.ErrorIsNil)
    65  	s.unitPassword = password
    66  
    67  	// add relation
    68  	wordpressEP, err := wordpress.Endpoint("db")
    69  	c.Assert(err, jc.ErrorIsNil)
    70  	mysql := s.AddTestingService(c, "mysql", s.AddTestingCharm(c, "mysql"))
    71  	mysqlEP, err := mysql.Endpoint("server")
    72  	c.Assert(err, jc.ErrorIsNil)
    73  	s.relation, err = s.State.AddRelation(wordpressEP, mysqlEP)
    74  	c.Assert(err, jc.ErrorIsNil)
    75  }
    76  
    77  // testCase is used for structured table based tests
    78  type testCase struct {
    79  	entity       state.Entity
    80  	credentials  string
    81  	nonce        string
    82  	about        string
    83  	errorMessage string
    84  }
    85  
    86  func (s *agentAuthenticatorSuite) TestValidLogins(c *gc.C) {
    87  	testCases := []testCase{{
    88  		entity:      s.user,
    89  		credentials: "password",
    90  		about:       "user login",
    91  	}, {
    92  		entity:      s.machine,
    93  		credentials: s.machinePassword,
    94  		nonce:       s.machineNonce,
    95  		about:       "machine login",
    96  	}, {
    97  		entity:      s.unit,
    98  		credentials: s.unitPassword,
    99  		about:       "unit login",
   100  	}}
   101  
   102  	for i, t := range testCases {
   103  		c.Logf("test %d: %s", i, t.about)
   104  		var authenticator authentication.AgentAuthenticator
   105  		entity, err := authenticator.Authenticate(s.State, t.entity.Tag(), params.LoginRequest{
   106  			Credentials: t.credentials,
   107  			Nonce:       t.nonce,
   108  		})
   109  		c.Assert(err, jc.ErrorIsNil)
   110  		c.Assert(entity.Tag(), gc.DeepEquals, t.entity.Tag())
   111  	}
   112  }
   113  
   114  func (s *agentAuthenticatorSuite) TestInvalidLogins(c *gc.C) {
   115  	testCases := []testCase{{
   116  		entity:       s.relation,
   117  		credentials:  "dummy-secret",
   118  		about:        "relation login",
   119  		errorMessage: "invalid request",
   120  	}, {
   121  		entity:       s.user,
   122  		credentials:  "wrongpassword",
   123  		about:        "user login for nonexistant user",
   124  		errorMessage: "invalid entity name or password",
   125  	}, {
   126  		entity:       s.machine,
   127  		credentials:  s.machinePassword,
   128  		nonce:        "123",
   129  		about:        "machine login",
   130  		errorMessage: "machine 0 not provisioned",
   131  	}, {
   132  		entity:       s.user,
   133  		credentials:  "wrong-secret",
   134  		about:        "user login for nonexistant user",
   135  		errorMessage: "invalid entity name or password",
   136  	}}
   137  
   138  	for i, t := range testCases {
   139  		c.Logf("test %d: %s", i, t.about)
   140  		var authenticator authentication.AgentAuthenticator
   141  		entity, err := authenticator.Authenticate(s.State, t.entity.Tag(), params.LoginRequest{
   142  			Credentials: t.credentials,
   143  			Nonce:       t.nonce,
   144  		})
   145  		c.Assert(err, gc.ErrorMatches, t.errorMessage)
   146  		c.Assert(entity, gc.IsNil)
   147  	}
   148  }