sshecret/tests/integration/admin/test_admin_api.py

"""Tests of the admin interface."""

import allure
import pytest

from allure_commons.types import Severity

from ..types import AdminServer
from .base import BaseAdminTests


@allure.title("Admin API")
class TestAdminAPI(BaseAdminTests):
    """Tests of the Admin REST API."""

    @allure.title("Test health test endpoint")
    @allure.severity(Severity.TRIVIAL)
    @pytest.mark.asyncio
    async def test_health_check(
        self, admin_server: tuple[str, tuple[str, str]]
    ) -> None:
        """Test admin login."""
        async with self.http_client(admin_server, False) as client:
            resp = await client.get("/health")
            assert resp.status_code == 200

    @allure.title("Test login over API")
    @allure.severity(Severity.BLOCKER)
    @pytest.mark.asyncio
    async def test_admin_login(self, admin_server: AdminServer) -> None:
        """Test admin login."""

        async with self.http_client(admin_server, False) as client:
            resp = await client.get("api/v1/clients/")
            assert resp.status_code == 401

        async with self.http_client(admin_server, True) as client:
            resp = await client.get("api/v1/clients/")
            assert resp.status_code == 200


@allure.title("Admin API Client API")
class TestAdminApiClients(BaseAdminTests):
    """Test client routes."""

    @allure.title("Test creating a client")
    @allure.description("Ensure we can create a new client.")
    @pytest.mark.asyncio
    async def test_create_client(self, admin_server: AdminServer) -> None:
        """Test create_client."""
        client = await self.create_client(admin_server, "testclient")

        assert client.id is not None
        assert client.name == "testclient"

    @allure.title("Test reading clients")
    @allure.description("Ensure we can retrieve a list of current clients.")
    @pytest.mark.asyncio
    async def test_get_clients(self, admin_server: AdminServer) -> None:
        """Test get_clients."""

        client_names = ["test-db", "test-app", "test-www"]
        for name in client_names:
            await self.create_client(admin_server, name)
        async with self.http_client(admin_server) as http_client:
            resp = await http_client.get("api/v1/clients/")
            assert resp.status_code == 200
            data = resp.json()
            assert isinstance(data, list)
            assert len(data) == 3
            for entry in data:
                assert isinstance(entry, dict)
                client_name = entry.get("name")
                assert client_name in client_names

    @allure.title("Test client deletion")
    @allure.description("Ensure we can delete a client.")
    @pytest.mark.asyncio
    async def test_delete_client(self, admin_server: AdminServer) -> None:
        """Test delete_client."""
        await self.create_client(admin_server, name="testclient")
        async with self.http_client(admin_server) as http_client:
            resp = await http_client.get("api/v1/clients/")
            assert resp.status_code == 200
            data = resp.json()
            assert isinstance(data, list)
            assert len(data) == 1
            assert data[0]["name"] == "testclient"

            resp = await http_client.delete("/api/v1/clients/testclient")
            assert resp.status_code == 200

            resp = await http_client.get("api/v1/clients/")
            assert resp.status_code == 200
            data = resp.json()
            assert isinstance(data, list)
            assert len(data) == 0


@allure.title("Test secret management")
class TestAdminApiSecrets(BaseAdminTests):
    """Test secret management."""

    @allure.title("Test adding a secret")
    @allure.description("Ensure that we can add a secret to a client.")
    @pytest.mark.asyncio
    async def test_add_secret(self, admin_server: AdminServer) -> None:
        """Test add_secret."""
        await self.create_client(admin_server, name="testclient")
        async with self.http_client(admin_server) as http_client:
            data = {
                "name": "testsecret",
                "clients": ["testclient"],
                "value": "secretstring",
            }
            resp = await http_client.post("api/v1/secrets/", json=data)
            assert resp.status_code == 200

    @allure.title("Test read a secret")
    @allure.description("Ensure that we can retrieve a secret we have stored.")
    @pytest.mark.asyncio
    async def test_get_secret(self, admin_server: AdminServer) -> None:
        """Test get_secret."""
        await self.test_add_secret(admin_server)
        async with self.http_client(admin_server) as http_client:
            resp = await http_client.get("api/v1/secrets/testsecret")
            assert resp.status_code == 200
            data = resp.json()
            assert isinstance(data, dict)
            assert data["name"] == "testsecret"
            assert data["secret"] == "secretstring"
            assert "testclient" in data["clients"]

    @allure.title("Test adding a secret with automatic value")
    @allure.description(
        "Test that we can add a secret where we let the system come up with the value of a given length."
    )
    @pytest.mark.asyncio
    async def test_add_secret_auto(self, admin_server: AdminServer) -> None:
        """Test adding a secret with an auto-generated value."""
        await self.create_client(admin_server, name="testclient")
        async with self.http_client(admin_server) as http_client:
            data = {
                "name": "testsecret",
                "clients": ["testclient"],
                "value": {"auto_generate": True, "length": 17},
            }
            resp = await http_client.post("api/v1/secrets/", json=data)
            assert resp.status_code == 200
            resp = await http_client.get("api/v1/secrets/testsecret")
            assert resp.status_code == 200
            data = resp.json()
            assert isinstance(data, dict)
            assert data["name"] == "testsecret"
            assert len(data["secret"]) == 17
            assert "testclient" in data["clients"]

    @allure.title("Test updating a secret")
    @allure.description("Test that we can update the value of a stored secret.")
    @pytest.mark.asyncio
    async def test_update_secret(self, admin_server: AdminServer) -> None:
        """Test updating secrets."""
        await self.test_add_secret_auto(admin_server)
        async with self.http_client(admin_server) as http_client:
            resp = await http_client.put(
                "api/v1/secrets/testsecret",
                json={"value": "secret"},
            )
            assert resp.status_code == 200
            resp = await http_client.get("api/v1/secrets/testsecret")
            assert resp.status_code == 200
            data = resp.json()
            assert data["secret"] == "secret"

            resp = await http_client.put(
                "api/v1/secrets/testsecret",
                json={"value": {"auto_generate": True, "length": 16}},
            )
            assert resp.status_code == 200

            resp = await http_client.get("api/v1/secrets/testsecret")
            assert resp.status_code == 200
            data = resp.json()
            assert len(data["secret"]) == 16