-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* feature: add auth settings to aetos * feature: enable auth checks in `export_metrics` view * test: add e2e tests for auth checks in `export_metrics` view * change: add vscode folders to gitignore * fix: settings as properties in `AppSettings` class to be able to change them during runtime, this is important for tests * change: linting all changed files in this branch * change: linted test cases * change: differentiated response when auth or ip validation fails * docs: added tiny info for usage behind reverse proxy --------- Co-authored-by: Bokan Mohammad Assad <[email protected]>
- Loading branch information
1 parent
853baf1
commit 50df023
Showing
6 changed files
with
259 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,162 @@ | ||
import pytest | ||
from django.test import override_settings | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_e2e(client): | ||
resp = client.get("/metrics") | ||
assert ( | ||
resp.content.decode() | ||
== """# HELP books_count Total number of books | ||
expected_output = """# HELP books_count Total number of books | ||
# TYPE books_count counter | ||
books_count 0 | ||
# HELP universes_count Total number of universes | ||
# TYPE universes_count counter | ||
universes_count 1 | ||
""" | ||
) | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_e2e(client): | ||
resp = client.get("/metrics") | ||
assert resp.content.decode() == expected_output | ||
|
||
|
||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, | ||
AETOS_IP_ALLOWLIST=["127.0.0.1"], | ||
AETOS_ENABLE_AUTH=True, | ||
AETOS_AUTH_TOKENLIST=["AhGei6ohghooDae"], | ||
) | ||
def test_settings(): | ||
from django_aetos import app_settings | ||
|
||
assert app_settings.ENABLE_IP_ALLOWLIST | ||
assert app_settings.IP_ALLOWLIST == ["127.0.0.1"] | ||
assert app_settings.ENABLE_AUTH | ||
assert app_settings.AUTH_TOKENLIST == ["AhGei6ohghooDae"] | ||
|
||
|
||
def test_settings_defaults(): | ||
from django_aetos import app_settings | ||
|
||
assert not app_settings.ENABLE_IP_ALLOWLIST | ||
assert app_settings.IP_ALLOWLIST == [] | ||
assert not app_settings.ENABLE_AUTH | ||
assert app_settings.AUTH_TOKENLIST == [] | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings(AETOS_ENABLE_IP_ALLOWLIST=True, AETOS_IP_ALLOWLIST=["127.0.0.1"]) | ||
def test_enable_allowed_ips(client): | ||
resp = client.get("/metrics") | ||
assert resp.content.decode() == expected_output | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings(AETOS_ENABLE_IP_ALLOWLIST=True, AETOS_IP_ALLOWLIST=["255.0.0.1"]) | ||
def test_enable_allowed_ips_not_allowed(client): | ||
resp = client.get("/metrics") | ||
assert resp.content.decode() == "IP not allowed" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings(AETOS_ENABLE_AUTH=True, AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"]) | ||
def test_enable_auth(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer aquee4ro4Theeth"}) | ||
assert resp.content.decode() == expected_output | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings(AETOS_ENABLE_AUTH=True, AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"]) | ||
def test_enable_auth_token_not_allowed(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer wr0ngt0kenf"}) | ||
assert resp.content.decode() == "Invalid auth token" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, | ||
AETOS_IP_ALLOWLIST=["127.0.0.1"], | ||
AETOS_ENABLE_AUTH=True, | ||
AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"], | ||
) | ||
def test_enable_all(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer aquee4ro4Theeth"}) | ||
assert resp.content.decode() == expected_output | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, | ||
AETOS_IP_ALLOWLIST=["255.0.0.1"], | ||
AETOS_ENABLE_AUTH=True, | ||
AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"], | ||
) | ||
def test_enable_all_wrong_ip(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer aquee4ro4Theeth"}) | ||
assert resp.content.decode() == "IP not allowed" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, | ||
AETOS_IP_ALLOWLIST=["127.0.0.1"], | ||
AETOS_ENABLE_AUTH=True, | ||
AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"], | ||
) | ||
def test_enable_all_wrong_token(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer wr0ngt0ken"}) | ||
assert resp.content.decode() == "Invalid auth token" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, | ||
AETOS_IP_ALLOWLIST=["255.0.0.1"], | ||
AETOS_ENABLE_AUTH=True, | ||
AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"], | ||
) | ||
def test_enable_all_wrong_token_ip(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer wr0ngt0ken"}) | ||
assert resp.content.decode() == "Invalid auth token and IP not allowed" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, AETOS_ENABLE_AUTH=True, AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"] | ||
) | ||
def test_enable_all_empty_ip(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer aquee4ro4Theeth"}) | ||
assert resp.content.decode() == "IP not allowed" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, AETOS_IP_ALLOWLIST=["127.0.0.1"], AETOS_ENABLE_AUTH=True | ||
) | ||
def test_enable_all_empty_token(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer aquee4ro4Theeth"}) | ||
assert resp.content.decode() == "Invalid auth token" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings(AETOS_ENABLE_IP_ALLOWLIST=True, AETOS_ENABLE_AUTH=True) | ||
def test_enable_all_empty_token_ip(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Bearer aquee4ro4Theeth"}) | ||
assert resp.content.decode() == "Invalid auth token and IP not allowed" | ||
assert resp.status_code == 401 | ||
|
||
|
||
@pytest.mark.django_db | ||
@override_settings( | ||
AETOS_ENABLE_IP_ALLOWLIST=True, | ||
AETOS_IP_ALLOWLIST=["127.0.0.1"], | ||
AETOS_ENABLE_AUTH=True, | ||
AETOS_AUTH_TOKENLIST=["aquee4ro4Theeth"], | ||
) | ||
def test_enable_all_wrong_auth_header(client): | ||
resp = client.get("/metrics", headers={"Authorization": "Basic aquee4ro4Theeth"}) | ||
assert resp.content.decode() == "Invalid auth token" | ||
assert resp.status_code == 401 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
class AppSettings: | ||
def __init__(self, prefix): | ||
self.prefix = prefix | ||
|
||
def _setting(self, name, dflt): | ||
from django.conf import settings | ||
|
||
return getattr(settings, self.prefix + name, dflt) | ||
|
||
@property | ||
def ENABLE_IP_ALLOWLIST(self): | ||
return self._setting("ENABLE_IP_ALLOWLIST", False) | ||
|
||
@property | ||
def IP_ALLOWLIST(self): | ||
return self._setting("IP_ALLOWLIST", []) | ||
|
||
@property | ||
def ENABLE_AUTH(self): | ||
return self._setting("ENABLE_AUTH", False) | ||
|
||
@property | ||
def AUTH_TOKENLIST(self): | ||
return self._setting("AUTH_TOKENLIST", []) | ||
|
||
|
||
_app_settings = AppSettings("AETOS_") | ||
|
||
|
||
def __getattr__(name): | ||
# See https://peps.python.org/pep-0562/ | ||
return getattr(_app_settings, name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters