spec/unit/security/base_spec.rb

   1 #!/usr/bin/env rspec
   2
   3 require 'spec_helper'
   4
   5 module MCollective
   6   module Security
   7     describe Base do
   8       before do
   9         @config = mock("config")
  10         @config.stubs(:identity).returns("test")
  11         @config.stubs(:configured).returns(true)
  12         @config.stubs(:topicsep).returns(".")
  13
  14         @stats = mock("stats")
  15
  16         @time = Time.now
  17         ::Time.stubs(:now).returns(@time)
  18
  19         MCollective::Log.stubs(:debug).returns(true)
  20
  21         MCollective::PluginManager << {:type => "global_stats", :class => @stats}
  22         MCollective::Config.stubs("instance").returns(@config)
  23         MCollective::Util.stubs("empty_filter?").returns(false)
  24
  25         @plugin = Base.new
  26       end
  27
  28       describe "#should_process_msg?" do
  29         it "should correctly validate messages" do
  30           m = mock
  31           m.stubs(:expected_msgid).returns("rspec")
  32
  33           @plugin.should_process_msg?(m, "rspec").should == true
  34
  35           expect {
  36             @plugin.should_process_msg?(m, "fail").should == true
  37           }.to raise_error(MsgDoesNotMatchRequestID)
  38         end
  39
  40         it "should not test messages without expected_msgid" do
  41           m = mock
  42           m.stubs(:expected_msgid).returns(nil)
  43
  44           @plugin.should_process_msg?(m, "rspec").should == true
  45         end
  46       end
  47
  48       describe "#validate_filter?" do
  49         it "should pass on empty filter" do
  50           MCollective::Util.stubs("empty_filter?").returns(true)
  51
  52           @stats.stubs(:passed).once
  53           @stats.stubs(:filtered).never
  54           @stats.stubs(:passed).never
  55
  56           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
  57
  58           @plugin.validate_filter?({}).should == true
  59         end
  60
  61         it "should pass for known classes" do
  62           MCollective::Util.stubs("has_cf_class?").with("foo").returns(true)
  63
  64           @stats.stubs(:passed).once
  65           @stats.stubs(:filtered).never
  66
  67           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
  68           MCollective::Log.expects(:debug).with("Passing based on configuration management class foo").once
  69
  70           @plugin.validate_filter?({"cf_class" => ["foo"]}).should == true
  71         end
  72
  73         it "should fail for unknown classes" do
  74           MCollective::Util.stubs("has_cf_class?").with("foo").returns(false)
  75
  76           @stats.stubs(:filtered).once
  77           @stats.stubs(:passed).never
  78
  79           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
  80           MCollective::Log.expects(:debug).with("Failing based on configuration management class foo").once
  81
  82           @plugin.validate_filter?({"cf_class" => ["foo"]}).should == false
  83         end
  84
  85         it "should pass for known agents" do
  86           MCollective::Util.stubs("has_agent?").with("foo").returns(true)
  87
  88           @stats.stubs(:passed).once
  89           @stats.stubs(:filtered).never
  90
  91           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
  92           MCollective::Log.expects(:debug).with("Passing based on agent foo").once
  93
  94           @plugin.validate_filter?({"agent" => ["foo"]}).should == true
  95         end
  96
  97         it "should fail for unknown agents" do
  98           MCollective::Util.stubs("has_agent?").with("foo").returns(false)
  99
 100           @stats.stubs(:filtered).once
 101           @stats.stubs(:passed).never
 102
 103           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 104           MCollective::Log.expects(:debug).with("Failing based on agent foo").once
 105
 106           @plugin.validate_filter?({"agent" => ["foo"]}).should == false
 107         end
 108
 109         it "should pass for known facts" do
 110           MCollective::Util.stubs("has_fact?").with("fact", "value", "operator").returns(true)
 111
 112           @stats.stubs(:passed).once
 113           @stats.stubs(:filtered).never
 114
 115           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
 116           MCollective::Log.expects(:debug).with("Passing based on fact fact operator value").once
 117
 118           @plugin.validate_filter?({"fact" => [{:fact => "fact", :operator => "operator", :value => "value"}]}).should == true
 119         end
 120
 121         it "should fail for unknown facts" do
 122           MCollective::Util.stubs("has_fact?").with("fact", "value", "operator").returns(false)
 123
 124           @stats.stubs(:filtered).once
 125           @stats.stubs(:passed).never
 126
 127           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 128           MCollective::Log.expects(:debug).with("Failing based on fact fact operator value").once
 129
 130           @plugin.validate_filter?({"fact" => [{:fact => "fact", :operator => "operator", :value => "value"}]}).should == false
 131         end
 132
 133         it "should pass for known identity" do
 134           MCollective::Util.stubs("has_identity?").with("test").returns(true)
 135
 136           @stats.stubs(:passed).once
 137           @stats.stubs(:filtered).never
 138
 139           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
 140           MCollective::Log.expects(:debug).with("Passing based on identity").once
 141
 142           @plugin.validate_filter?({"identity" => ["test"]}).should == true
 143         end
 144
 145         it "should fail for known identity" do
 146           MCollective::Util.stubs("has_identity?").with("test").returns(false)
 147
 148           @stats.stubs(:passed).never
 149           @stats.stubs(:filtered).once
 150
 151           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 152           MCollective::Log.expects(:debug).with("Failed based on identity").once
 153
 154           @plugin.validate_filter?({"identity" => ["test"]}).should == false
 155         end
 156
 157         it "should treat multiple identity filters correctly" do
 158           MCollective::Util.stubs("has_identity?").with("foo").returns(false)
 159           MCollective::Util.stubs("has_identity?").with("bar").returns(true)
 160
 161           @stats.stubs(:passed).once
 162           @stats.stubs(:filtered).never
 163
 164           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
 165           MCollective::Log.expects(:debug).with("Passing based on identity").once
 166
 167           @plugin.validate_filter?({"identity" => ["foo", "bar"]}).should == true
 168         end
 169
 170         it "should fail if no identity matches are found" do
 171           MCollective::Util.stubs("has_identity?").with("foo").returns(false)
 172           MCollective::Util.stubs("has_identity?").with("bar").returns(false)
 173
 174           @stats.stubs(:passed).never
 175           @stats.stubs(:filtered).once
 176
 177           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 178           MCollective::Log.expects(:debug).with("Failed based on identity").once
 179
 180           @plugin.validate_filter?({"identity" => ["foo", "bar"]}).should == false
 181         end
 182       end
 183
 184       describe "#create_reply" do
 185         it "should return correct data" do
 186           expected = {:senderid => "test",
 187             :requestid => "reqid",
 188             :senderagent => "agent",
 189             :msgtime => @time.to_i,
 190             :body => "body"}
 191
 192           @plugin.create_reply("reqid", "agent", "body").should == expected
 193         end
 194       end
 195
 196       describe "#create_request" do
 197         it "should return correct data" do
 198           expected = {:body => "body",
 199             :senderid => "test",
 200             :requestid => "reqid",
 201             :callerid => "uid=#{Process.uid}",
 202             :agent => "discovery",
 203             :collective => "mcollective",
 204             :filter => "filter",
 205             :ttl => 20,
 206             :msgtime => @time.to_i}
 207
 208           @plugin.create_request("reqid", "filter", "body", :server, "discovery", "mcollective", 20).should == expected
 209         end
 210
 211         it "should set the callerid when appropriate" do
 212           expected = {:body => "body",
 213             :senderid => "test",
 214             :requestid => "reqid",
 215             :agent => "discovery",
 216             :collective => "mcollective",
 217             :filter => "filter",
 218             :callerid => "callerid",
 219             :ttl => 60,
 220             :msgtime => @time.to_i}
 221
 222           @plugin.stubs(:callerid).returns("callerid")
 223           @plugin.create_request("reqid", "filter", "body", :client, "discovery", "mcollective").should == expected
 224         end
 225       end
 226
 227       describe "#valid_callerid?" do
 228         it "should not pass invalid callerids" do
 229           @plugin.valid_callerid?("foo-bar").should == false
 230           @plugin.valid_callerid?("foo=bar=baz").should == false
 231           @plugin.valid_callerid?('foo=bar\baz').should == false
 232           @plugin.valid_callerid?("foo=bar/baz").should == false
 233           @plugin.valid_callerid?("foo=bar|baz").should == false
 234         end
 235
 236         it "should pass valid callerids" do
 237           @plugin.valid_callerid?("cert=foo-bar").should == true
 238           @plugin.valid_callerid?("uid=foo.bar").should == true
 239           @plugin.valid_callerid?("uid=foo.bar.123").should == true
 240         end
 241       end
 242
 243       describe "#callerid" do
 244         it "should return a unix UID based callerid" do
 245           @plugin.callerid.should == "uid=#{Process.uid}"
 246         end
 247       end
 248
 249       describe "#validrequest?" do
 250         it "should log an error when not implemented" do
 251           MCollective::Log.expects(:error).with("validrequest? is not implemented in MCollective::Security::Base")
 252           @plugin.validrequest?(nil)
 253         end
 254       end
 255
 256       describe "#encoderequest" do
 257         it "should log an error when not implemented" do
 258           MCollective::Log.expects(:error).with("encoderequest is not implemented in MCollective::Security::Base")
 259           @plugin.encoderequest(nil, nil, nil)
 260         end
 261       end
 262
 263       describe "#encodereply" do
 264         it "should log an error when not implemented" do
 265           MCollective::Log.expects(:error).with("encodereply is not implemented in MCollective::Security::Base")
 266           @plugin.encodereply(nil, nil, nil)
 267         end
 268       end
 269
 270       describe "#decodemsg" do
 271         it "should log an error when not implemented" do
 272           MCollective::Log.expects(:error).with("decodemsg is not implemented in MCollective::Security::Base")
 273           @plugin.decodemsg(nil)
 274         end
 275       end
 276     end
 277   end
 278 end