authentik.outposts.tests.test_sa
outpost tests
1"""outpost tests""" 2 3from django.apps import apps 4from django.contrib.auth.management import create_permissions 5from django.test import TestCase 6 7from authentik.core.tests.utils import create_test_cert, create_test_flow 8from authentik.outposts.models import Outpost, OutpostType 9from authentik.providers.proxy.models import ProxyProvider 10 11 12class OutpostTests(TestCase): 13 """Outpost Tests""" 14 15 def setUp(self) -> None: 16 create_permissions(apps.get_app_config("authentik_outposts")) 17 return super().setUp() 18 19 def test_service_account_permissions(self): 20 """Test that the service account has correct permissions""" 21 provider: ProxyProvider = ProxyProvider.objects.create( 22 name="test", 23 internal_host="http://localhost", 24 external_host="http://localhost", 25 authorization_flow=create_test_flow(), 26 ) 27 outpost: Outpost = Outpost.objects.create( 28 name="test", 29 type=OutpostType.PROXY, 30 ) 31 32 # Before we add a provider, the user should only have access to the outpost 33 permissions = outpost.user.get_all_obj_perms_on_managed_role() 34 self.assertEqual(len(permissions), 1) 35 self.assertEqual(permissions[0].object_pk, str(outpost.pk)) 36 37 # We add a provider, user should only have access to outpost and provider 38 outpost.providers.add(provider) 39 provider.refresh_from_db() 40 permissions = outpost.user.get_all_obj_perms_on_managed_role().order_by( 41 "content_type__model" 42 ) 43 self.assertEqual(len(permissions), 2) 44 self.assertEqual(permissions[0].object_pk, str(outpost.pk)) 45 self.assertEqual(permissions[1].object_pk, str(provider.pk)) 46 47 # Provider requires a certificate-key-pair, user should have permissions for it 48 keypair = create_test_cert() 49 provider.certificate = keypair 50 provider.save() 51 permissions = outpost.user.get_all_obj_perms_on_managed_role().order_by( 52 "content_type__model" 53 ) 54 self.assertEqual(len(permissions), 5) 55 self.assertEqual(permissions[0].object_pk, str(keypair.pk)) 56 self.assertEqual(permissions[1].object_pk, str(keypair.pk)) 57 self.assertEqual(permissions[2].object_pk, str(keypair.pk)) 58 self.assertEqual(permissions[3].object_pk, str(outpost.pk)) 59 self.assertEqual(permissions[4].object_pk, str(provider.pk)) 60 61 # Remove provider from outpost, user should only have access to outpost 62 outpost.providers.remove(provider) 63 permissions = outpost.user.get_all_obj_perms_on_managed_role() 64 self.assertEqual(len(permissions), 1) 65 self.assertEqual(permissions[0].object_pk, str(outpost.pk))
class
OutpostTests(django.test.testcases.TestCase):
13class OutpostTests(TestCase): 14 """Outpost Tests""" 15 16 def setUp(self) -> None: 17 create_permissions(apps.get_app_config("authentik_outposts")) 18 return super().setUp() 19 20 def test_service_account_permissions(self): 21 """Test that the service account has correct permissions""" 22 provider: ProxyProvider = ProxyProvider.objects.create( 23 name="test", 24 internal_host="http://localhost", 25 external_host="http://localhost", 26 authorization_flow=create_test_flow(), 27 ) 28 outpost: Outpost = Outpost.objects.create( 29 name="test", 30 type=OutpostType.PROXY, 31 ) 32 33 # Before we add a provider, the user should only have access to the outpost 34 permissions = outpost.user.get_all_obj_perms_on_managed_role() 35 self.assertEqual(len(permissions), 1) 36 self.assertEqual(permissions[0].object_pk, str(outpost.pk)) 37 38 # We add a provider, user should only have access to outpost and provider 39 outpost.providers.add(provider) 40 provider.refresh_from_db() 41 permissions = outpost.user.get_all_obj_perms_on_managed_role().order_by( 42 "content_type__model" 43 ) 44 self.assertEqual(len(permissions), 2) 45 self.assertEqual(permissions[0].object_pk, str(outpost.pk)) 46 self.assertEqual(permissions[1].object_pk, str(provider.pk)) 47 48 # Provider requires a certificate-key-pair, user should have permissions for it 49 keypair = create_test_cert() 50 provider.certificate = keypair 51 provider.save() 52 permissions = outpost.user.get_all_obj_perms_on_managed_role().order_by( 53 "content_type__model" 54 ) 55 self.assertEqual(len(permissions), 5) 56 self.assertEqual(permissions[0].object_pk, str(keypair.pk)) 57 self.assertEqual(permissions[1].object_pk, str(keypair.pk)) 58 self.assertEqual(permissions[2].object_pk, str(keypair.pk)) 59 self.assertEqual(permissions[3].object_pk, str(outpost.pk)) 60 self.assertEqual(permissions[4].object_pk, str(provider.pk)) 61 62 # Remove provider from outpost, user should only have access to outpost 63 outpost.providers.remove(provider) 64 permissions = outpost.user.get_all_obj_perms_on_managed_role() 65 self.assertEqual(len(permissions), 1) 66 self.assertEqual(permissions[0].object_pk, str(outpost.pk))
Outpost Tests
def
setUp(self) -> None:
16 def setUp(self) -> None: 17 create_permissions(apps.get_app_config("authentik_outposts")) 18 return super().setUp()
Hook method for setting up the test fixture before exercising it.
def
test_service_account_permissions(self):
20 def test_service_account_permissions(self): 21 """Test that the service account has correct permissions""" 22 provider: ProxyProvider = ProxyProvider.objects.create( 23 name="test", 24 internal_host="http://localhost", 25 external_host="http://localhost", 26 authorization_flow=create_test_flow(), 27 ) 28 outpost: Outpost = Outpost.objects.create( 29 name="test", 30 type=OutpostType.PROXY, 31 ) 32 33 # Before we add a provider, the user should only have access to the outpost 34 permissions = outpost.user.get_all_obj_perms_on_managed_role() 35 self.assertEqual(len(permissions), 1) 36 self.assertEqual(permissions[0].object_pk, str(outpost.pk)) 37 38 # We add a provider, user should only have access to outpost and provider 39 outpost.providers.add(provider) 40 provider.refresh_from_db() 41 permissions = outpost.user.get_all_obj_perms_on_managed_role().order_by( 42 "content_type__model" 43 ) 44 self.assertEqual(len(permissions), 2) 45 self.assertEqual(permissions[0].object_pk, str(outpost.pk)) 46 self.assertEqual(permissions[1].object_pk, str(provider.pk)) 47 48 # Provider requires a certificate-key-pair, user should have permissions for it 49 keypair = create_test_cert() 50 provider.certificate = keypair 51 provider.save() 52 permissions = outpost.user.get_all_obj_perms_on_managed_role().order_by( 53 "content_type__model" 54 ) 55 self.assertEqual(len(permissions), 5) 56 self.assertEqual(permissions[0].object_pk, str(keypair.pk)) 57 self.assertEqual(permissions[1].object_pk, str(keypair.pk)) 58 self.assertEqual(permissions[2].object_pk, str(keypair.pk)) 59 self.assertEqual(permissions[3].object_pk, str(outpost.pk)) 60 self.assertEqual(permissions[4].object_pk, str(provider.pk)) 61 62 # Remove provider from outpost, user should only have access to outpost 63 outpost.providers.remove(provider) 64 permissions = outpost.user.get_all_obj_perms_on_managed_role() 65 self.assertEqual(len(permissions), 1) 66 self.assertEqual(permissions[0].object_pk, str(outpost.pk))
Test that the service account has correct permissions