diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-04-06 11:25:03 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-04-06 11:25:03 +0200 |
commit | d321a62815aa09ef3a200f1e621d33870b7de627 (patch) | |
tree | c9135c05337e55edd1aaf9efcac92b9cdab69fb5 /smoketest/scripts/cli/test_service_https.py | |
parent | 2e4b965cb235e242e1ee1ca0f0193ccc5b6d4140 (diff) | |
download | vyos-1x-d321a62815aa09ef3a200f1e621d33870b7de627.tar.gz vyos-1x-d321a62815aa09ef3a200f1e621d33870b7de627.zip |
smoketest: http: test API authentication
Diffstat (limited to 'smoketest/scripts/cli/test_service_https.py')
-rwxr-xr-x | smoketest/scripts/cli/test_service_https.py | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py index 287a2e143..2901cafa8 100755 --- a/smoketest/scripts/cli/test_service_https.py +++ b/smoketest/scripts/cli/test_service_https.py @@ -15,12 +15,17 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import unittest +import urllib3 + +from requests import request from base_vyostest_shim import VyOSUnitTestSHIM +from vyos.util import read_file from vyos.util import run -base_path = ['service', 'https'] +urllib3.disable_warnings() +base_path = ['service', 'https'] pki_base = ['pki'] cert_data = """ @@ -95,5 +100,37 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase): ret = run('sudo /usr/sbin/nginx -t') self.assertEqual(ret, 0) + def test_api_auth(self): + vhost_id = 'example' + address = '127.0.0.1' + port = '443' + name = 'localhost' + + key = 'MySuperSecretVyOS' + self.cli_set(base_path + ['api', 'keys', 'id', 'key-01', 'key', key]) + + test_path = base_path + ['virtual-host', vhost_id] + self.cli_set(test_path + ['listen-address', address]) + self.cli_set(test_path + ['listen-port', port]) + self.cli_set(test_path + ['server-name', name]) + + self.cli_commit() + + nginx_config = read_file('/etc/nginx/sites-enabled/default') + self.assertIn(f'listen {address}:{port} ssl;', nginx_config) + self.assertIn(f'ssl_protocols TLSv1.2 TLSv1.3;', nginx_config) + + url = f'https://{address}/retrieve' + payload = {'data': '{"op": "showConfig", "path": []}', 'key': f'{key}'} + headers = {} + r = request('POST', url, verify=False, headers=headers, data=payload) + # Must get HTTP code 200 on success + self.assertEqual(r.status_code, 200) + + payload_invalid = {'data': '{"op": "showConfig", "path": []}', 'key': 'invalid'} + r = request('POST', url, verify=False, headers=headers, data=payload_invalid) + # Must get HTTP code 401 on invalid key (Unauthorized) + self.assertEqual(r.status_code, 401) + if __name__ == '__main__': unittest.main(verbosity=2) |