nexgen_mirrors
015c622016
Add 162 integration tests covering authentication flows, TOTP MFA, SSH key/certificate management, organization workflows, multi-org access, self-service features, admin operations, authorization, security edge cases, department/principal management, CA management, policy compliance, WebAuthn passkeys, and ZeroTier network access. Includes: - Reusable API client library with session management - Test fixtures for users, organizations, memberships, and CAs - Helper functions for SSH key generation and verification - Documentation for running and writing tests Also update test configuration to disable conflicting maas plugins and configure WebAuthn/session settings for localhost testing.
1 line
5.6 KiB
Python
1 line
5.6 KiB
Python
[['email'], ['ssh-keygen', '-t', 'ed25519', '-f', 'key_path, "-N'], {'.pub", "r': 'as pub_f:\n public_key = pub_f.read().strip()\n\n # Add the public key\n add_result = integration_client.ssh.add_key(public_key', 'Cert Test Key")\n key_id = add_result["data"]["id"]\n\n # Get challenge\n challenge_result = integration_client.ssh.get_challenge(key_id)\n challenge_text = challenge_result["data"]["challenge_text"]\n\n # Sign challenge with ssh-keygen\n sig_path = key_path + ".sig"\n sign_proc = subprocess.run(\n ["ssh-keygen", "-Y", "sign", "-f", key_path, "-n", "file': 'sig_path]', 'pytest.skip(f': 'sh-keygen sign failed: {sign_proc.stderr.decode()'}, ['id'], ['id'], ['id'], ['data'], ['id'], ['id'], ['email'], ['id'], ['serial'], ['principals'], ['deploy'], ['serial'], ['principals'], ['email'], ['ssh-keygen', '-t', 'ed25519', '-f', 'key_path, "-N'], {'.pub", "r': "as pub_f:\n public_key = pub_f.read().strip()\n\n # Add the public key (but don't verify it)\n add_result = integration_client.ssh.add_key(public_key", 'Unverified Key")\n unverified_key_id = add_result["data"]["id"]\n\n # Create an org and add user as member\n org = create_test_org(name="Test Org for Cert Signing")\n create_test_membership(user["id"], org["id"])\n\n # Create a principal and add user to it via email\n princ_result = integration_client.orgs.create_principal(org["id"], "deploy", "Deployment principal")\n princ_id = princ_result["data"]["id"]\n integration_client.orgs.add_principal_member(org["id"], princ_id, user["email"])\n\n # Create a user CA for the org\n integration_client.orgs.create_ca(org["id"], "Test User CA", ca_type="user", key_type="ed25519': 'Try to sign certificate with unverified key\n with pytest.raises(ApiError) as exc_info:\n integration_client.ssh.sign_certificate(key_id=unverified_key_id)\n\n assert_error(exc_info.value', 'KEY_NOT_VERIFIED': 'def test_sign_certificate_no_principals_negative(self', 'create_test_membership)': '', 'TEST': 'SSH-CERT-05 — Reject signing when user has no principals.\n\n WHAT: User with verified key', 'WHY': 'Principals are required for certificate signing to control\n access permissions.\n EXPECTED: 400 Bad Request with error_type=', '\n import tempfile\n import subprocess\n import os\n import base64\n\n # Create a user and login\n user = create_test_user(password="MyPassword123!")\n integration_client.auth.login(email=user["email"], password="MyPassword123!': 'Generate a fresh Ed25519 key pair and verify it\n with tempfile.TemporaryDirectory() as tmpdir:\n key_path = os.path.join(tmpdir', 'test_key")\n gen_proc = subprocess.run(\n ["ssh-keygen", "-t", "ed25519", "-f", key_path, "-N", "': '-C', 'test@example.com': 'capture_output=True', 'pytest.skip(f': 'sh-keygen not available: {gen_proc.stderr.decode()'}, ['data'], ['id'], ['data'], ['challenge_text'], ['ssh-keygen', '-Y', 'sign', '-f', 'key_path, "-n', 'file', 'sig_path],\n input=challenge_text.encode(),\n capture_output=True,\n )\n if sign_proc.returncode != 0:\n pytest.skip(f"ssh-keygen sign failed: {sign_proc.stderr.decode()}', 'with open(sig_path, "rb', 'as sf:\n signature_b64 = base64.b64encode(sf.read()).decode()\n\n # Verify the key\n integration_client.ssh.verify_key(key_id, signature_b64)\n\n # Create an org and add user as member (but no principals)\n org = create_test_org(name="Test Org for Cert Signing")\n create_test_membership(user["id'], ['id'], ['id'], ['unauthorized'], ['id'], ['email'], ['ssh-keygen', '-t', 'ed25519', '-f', 'key_path, "-N'], {'.pub", "r': 'as pub_f:\n public_key = pub_f.read().strip()\n\n # Add the public key\n add_result = integration_client.ssh.add_key(public_key', 'Cert Test Key")\n key_id = add_result["data"]["id"]\n\n # Get challenge\n challenge_result = integration_client.ssh.get_challenge(key_id)\n challenge_text = challenge_result["data"]["challenge_text"]\n\n # Sign challenge with ssh-keygen\n sig_path = key_path + ".sig"\n sign_proc = subprocess.run(\n ["ssh-keygen", "-Y", "sign", "-f", key_path, "-n", "file': 'sig_path]', 'pytest.skip(f': 'sh-keygen sign failed: {sign_proc.stderr.decode()'}, ['id'], ['id'], ['id'], ['data'], ['id'], ['id'], ['email'], ['email'], ['ssh-keygen', '-t', 'ed25519', '-f', 'key_path, "-N'], {'.pub", "r': 'as pub_f:\n public_key_a = pub_f.read().strip()\n\n # Add the public key for User A\n add_result = integration_client.ssh.add_key(public_key_a', 'User A Key")\n key_id_a = add_result["data"]["id"]\n\n # Get challenge for User A\'s key\n challenge_result = integration_client.ssh.get_challenge(key_id_a)\n challenge_text = challenge_result["data"]["challenge_text"]\n\n # Sign challenge with ssh-keygen\n sig_path = key_path + ".sig"\n sign_proc = subprocess.run(\n ["ssh-keygen", "-Y", "sign", "-f", key_path, "-n", "file': 'sig_path]', 'pytest.skip(f': 'sh-keygen sign failed: {sign_proc.stderr.decode()'}, ['email'], ['id'], ['id'], ['id'], ['id'], ['id'], ['data'], ['id'], ['id'], ['email'], ['id']] |