spec/unit/security/base_spec.rb

   1 #!/usr/bin/env rspec
   2
   3 require 'spec_helper'
   4
   5 module MCollective
   6   module Security
   7     describe Base do
   8       before do
   9         @config = mock("config")
  10         @config.stubs(:identity).returns("test")
  11         @config.stubs(:configured).returns(true)
  12         @config.stubs(:topicsep).returns(".")
  13         @config.stubs(:topicprefix).returns("/topic/")
  14
  15         @stats = mock("stats")
  16
  17         @time = Time.now
  18         ::Time.stubs(:now).returns(@time)
  19
  20         MCollective::Log.stubs(:debug).returns(true)
  21
  22         MCollective::PluginManager << {:type => "global_stats", :class => @stats}
  23         MCollective::Config.stubs("instance").returns(@config)
  24         MCollective::Util.stubs("empty_filter?").returns(false)
  25
  26         @plugin = Base.new
  27       end
  28
  29       describe "#should_process_msg?" do
  30         it "should correctly validate messages" do
  31           m = mock
  32           m.stubs(:expected_msgid).returns("rspec")
  33
  34           @plugin.should_process_msg?(m, "rspec").should == true
  35
  36           expect {
  37             @plugin.should_process_msg?(m, "fail").should == true
  38           }.to raise_error(MsgDoesNotMatchRequestID)
  39         end
  40
  41         it "should not test messages without expected_msgid" do
  42           m = mock
  43           m.stubs(:expected_msgid).returns(nil)
  44
  45           @plugin.should_process_msg?(m, "rspec").should == true
  46         end
  47       end
  48
  49       describe "#validate_filter?" do
  50         it "should pass on empty filter" do
  51           MCollective::Util.stubs("empty_filter?").returns(true)
  52
  53           @stats.stubs(:passed).once
  54           @stats.stubs(:filtered).never
  55           @stats.stubs(:passed).never
  56
  57           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
  58
  59           @plugin.validate_filter?({}).should == true
  60         end
  61
  62         it "should pass for known classes" do
  63           MCollective::Util.stubs("has_cf_class?").with("foo").returns(true)
  64
  65           @stats.stubs(:passed).once
  66           @stats.stubs(:filtered).never
  67
  68           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
  69           MCollective::Log.expects(:debug).with("Passing based on configuration management class foo").once
  70
  71           @plugin.validate_filter?({"cf_class" => ["foo"]}).should == true
  72         end
  73
  74         it "should fail for unknown classes" do
  75           MCollective::Util.stubs("has_cf_class?").with("foo").returns(false)
  76
  77           @stats.stubs(:filtered).once
  78           @stats.stubs(:passed).never
  79
  80           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
  81           MCollective::Log.expects(:debug).with("Failing based on configuration management class foo").once
  82
  83           @plugin.validate_filter?({"cf_class" => ["foo"]}).should == false
  84         end
  85
  86         it "should pass for known agents" do
  87           MCollective::Util.stubs("has_agent?").with("foo").returns(true)
  88
  89           @stats.stubs(:passed).once
  90           @stats.stubs(:filtered).never
  91
  92           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
  93           MCollective::Log.expects(:debug).with("Passing based on agent foo").once
  94
  95           @plugin.validate_filter?({"agent" => ["foo"]}).should == true
  96         end
  97
  98         it "should fail for unknown agents" do
  99           MCollective::Util.stubs("has_agent?").with("foo").returns(false)
 100
 101           @stats.stubs(:filtered).once
 102           @stats.stubs(:passed).never
 103
 104           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 105           MCollective::Log.expects(:debug).with("Failing based on agent foo").once
 106
 107           @plugin.validate_filter?({"agent" => ["foo"]}).should == false
 108         end
 109
 110         it "should pass for known facts" do
 111           MCollective::Util.stubs("has_fact?").with("fact", "value", "operator").returns(true)
 112
 113           @stats.stubs(:passed).once
 114           @stats.stubs(:filtered).never
 115
 116           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
 117           MCollective::Log.expects(:debug).with("Passing based on fact fact operator value").once
 118
 119           @plugin.validate_filter?({"fact" => [{:fact => "fact", :operator => "operator", :value => "value"}]}).should == true
 120         end
 121
 122         it "should fail for unknown facts" do
 123           MCollective::Util.stubs("has_fact?").with("fact", "value", "operator").returns(false)
 124
 125           @stats.stubs(:filtered).once
 126           @stats.stubs(:passed).never
 127
 128           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 129           MCollective::Log.expects(:debug).with("Failing based on fact fact operator value").once
 130
 131           @plugin.validate_filter?({"fact" => [{:fact => "fact", :operator => "operator", :value => "value"}]}).should == false
 132         end
 133
 134         it "should pass for known identity" do
 135           MCollective::Util.stubs("has_identity?").with("test").returns(true)
 136
 137           @stats.stubs(:passed).once
 138           @stats.stubs(:filtered).never
 139
 140           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
 141           MCollective::Log.expects(:debug).with("Passing based on identity").once
 142
 143           @plugin.validate_filter?({"identity" => ["test"]}).should == true
 144         end
 145
 146         it "should fail for known identity" do
 147           MCollective::Util.stubs("has_identity?").with("test").returns(false)
 148
 149           @stats.stubs(:passed).never
 150           @stats.stubs(:filtered).once
 151
 152           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 153           MCollective::Log.expects(:debug).with("Failed based on identity").once
 154
 155           @plugin.validate_filter?({"identity" => ["test"]}).should == false
 156         end
 157
 158         it "should treat multiple identity filters correctly" do
 159           MCollective::Util.stubs("has_identity?").with("foo").returns(false)
 160           MCollective::Util.stubs("has_identity?").with("bar").returns(true)
 161
 162           @stats.stubs(:passed).once
 163           @stats.stubs(:filtered).never
 164
 165           MCollective::Log.expects(:debug).with("Message passed the filter checks").once
 166           MCollective::Log.expects(:debug).with("Passing based on identity").once
 167
 168           @plugin.validate_filter?({"identity" => ["foo", "bar"]}).should == true
 169         end
 170
 171         it "should fail if no identity matches are found" do
 172           MCollective::Util.stubs("has_identity?").with("foo").returns(false)
 173           MCollective::Util.stubs("has_identity?").with("bar").returns(false)
 174
 175           @stats.stubs(:passed).never
 176           @stats.stubs(:filtered).once
 177
 178           MCollective::Log.expects(:debug).with("Message failed the filter checks").once
 179           MCollective::Log.expects(:debug).with("Failed based on identity").once
 180
 181           @plugin.validate_filter?({"identity" => ["foo", "bar"]}).should == false
 182         end
 183       end
 184
 185       describe "#create_reply" do
 186         it "should return correct data" do
 187           expected = {:senderid => "test",
 188             :requestid => "reqid",
 189             :senderagent => "agent",
 190             :msgtime => @time.to_i,
 191             :body => "body"}
 192
 193           @plugin.create_reply("reqid", "agent", "body").should == expected
 194         end
 195       end
 196
 197       describe "#create_request" do
 198         it "should return correct data" do
 199           expected = {:body => "body",
 200             :senderid => "test",
 201             :requestid => "reqid",
 202             :callerid => "uid=#{Process.uid}",
 203             :agent => "discovery",
 204             :collective => "mcollective",
 205             :filter => "filter",
 206             :ttl => 20,
 207             :msgtime => @time.to_i}
 208
 209           @plugin.create_request("reqid", "filter", "body", :server, "discovery", "mcollective", 20).should == expected
 210         end
 211
 212         it "should set the callerid when appropriate" do
 213           expected = {:body => "body",
 214             :senderid => "test",
 215             :requestid => "reqid",
 216             :agent => "discovery",
 217             :collective => "mcollective",
 218             :filter => "filter",
 219             :callerid => "callerid",
 220             :ttl => 60,
 221             :msgtime => @time.to_i}
 222
 223           @plugin.stubs(:callerid).returns("callerid")
 224           @plugin.create_request("reqid", "filter", "body", :client, "discovery", "mcollective").should == expected
 225         end
 226       end
 227
 228       describe "#valid_callerid?" do
 229         it "should not pass invalid callerids" do
 230           @plugin.valid_callerid?("foo-bar").should == false
 231           @plugin.valid_callerid?("foo=bar=baz").should == false
 232           @plugin.valid_callerid?('foo=bar\baz').should == false
 233           @plugin.valid_callerid?("foo=bar/baz").should == false
 234           @plugin.valid_callerid?("foo=bar|baz").should == false
 235         end
 236
 237         it "should pass valid callerids" do
 238           @plugin.valid_callerid?("cert=foo-bar").should == true
 239           @plugin.valid_callerid?("uid=foo.bar").should == true
 240           @plugin.valid_callerid?("uid=foo.bar.123").should == true
 241         end
 242       end
 243
 244       describe "#callerid" do
 245         it "should return a unix UID based callerid" do
 246           @plugin.callerid.should == "uid=#{Process.uid}"
 247         end
 248       end
 249
 250       describe "#validrequest?" do
 251         it "should log an error when not implemented" do
 252           MCollective::Log.expects(:error).with("validrequest? is not implemented in MCollective::Security::Base")
 253           @plugin.validrequest?(nil)
 254         end
 255       end
 256
 257       describe "#encoderequest" do
 258         it "should log an error when not implemented" do
 259           MCollective::Log.expects(:error).with("encoderequest is not implemented in MCollective::Security::Base")
 260           @plugin.encoderequest(nil, nil, nil)
 261         end
 262       end
 263
 264       describe "#encodereply" do
 265         it "should log an error when not implemented" do
 266           MCollective::Log.expects(:error).with("encodereply is not implemented in MCollective::Security::Base")
 267           @plugin.encodereply(nil, nil, nil)
 268         end
 269       end
 270
 271       describe "#decodemsg" do
 272         it "should log an error when not implemented" do
 273           MCollective::Log.expects(:error).with("decodemsg is not implemented in MCollective::Security::Base")
 274           @plugin.decodemsg(nil)
 275         end
 276       end
 277     end
 278   end
 279 end