diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-02-09 13:53:33 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-02-09 13:56:43 +0200 |
commit | f1f291b270b96fe1511286cb807f02c9741b0d71 (patch) | |
tree | 509a7f697685e9282fbdc6838fb037ff6cb5e4dd /yarns | |
parent | 3b208da0461f5a129fcbc527fbfdd9ed8309d077 (diff) | |
download | qvisqve-f1f291b270b96fe1511286cb807f02c9741b0d71.tar.gz |
Rename: to Qvisqve
Diffstat (limited to 'yarns')
-rw-r--r-- | yarns/100-version.yarn | 17 | ||||
-rw-r--r-- | yarns/200-client-creds.yarn | 24 | ||||
-rw-r--r-- | yarns/900-local.yarn | 20 | ||||
-rw-r--r-- | yarns/900-remote.yarn | 8 | ||||
-rw-r--r-- | yarns/lib.py | 20 |
5 files changed, 45 insertions, 44 deletions
diff --git a/yarns/100-version.yarn b/yarns/100-version.yarn index 7786ee0..af28837 100644 --- a/yarns/100-version.yarn +++ b/yarns/100-version.yarn @@ -1,5 +1,5 @@ --- -title: Salami integration tests +title: Qvisqve integration tests author: Lars Wirzenius / QvarnLabs Ab date: work in progress ... @@ -7,21 +7,22 @@ date: work in progress # Introduction -This is an integration test suite for Salami, an authorization server. +This is an integration test suite for Qvisqve, an authorization server +and identity provider. # Version checking -This scenario tests whether Salami reports it version. This is not -useful as such, but it makes sure we can start and stop Salami, and +This scenario tests whether Qvisqve reports it version. This is not +useful as such, but it makes sure we can start and stop Qvisqve, and that all the request routing works, and so on. - SCENARIO Salami reports its version + SCENARIO Qvisqve reports its version - GIVEN a Salami configuration for "https://salami.example.com" - AND a running salami instance + GIVEN a Qvisqve configuration for "https://qvisqve.example.com" + AND a running Qvisqve instance WHEN client requests GET /version without token THEN HTTP status code is 200 OK - FINALLY salami is stopped + FINALLY Qvisqve is stopped diff --git a/yarns/200-client-creds.yarn b/yarns/200-client-creds.yarn index 78b082c..f251c71 100644 --- a/yarns/200-client-creds.yarn +++ b/yarns/200-client-creds.yarn @@ -6,7 +6,7 @@ See [RFC8252][] for a description of the client credentials grant. [RFC8252]: https://tools.ietf.org/html/rfc8252 In the client credentials grant flow, the API client makes the -following request to the authentication server (Salami): +following request to the authentication server: EXAMPLE client credentials access token request POST /token HTTP/1.1 @@ -20,13 +20,13 @@ The `USERPASS` has the client id and secret encoded as is usual for [HTTP Basic authentication]: https://en.wikipedia.org/wiki/Basic_access_authentication -Salami checks the `grant_type` parameter, and extracts `USERPASS` to +Qvisqve checks the `grant_type` parameter, and extracts `USERPASS` to get the client id and secret. It compares them against a static list of clients, which it reads at startup from its configuration file: - EXAMPLE Salami configuration file in YAML + EXAMPLE Qvisqve configuration file in YAML config: - issuer: https://salami.example.com + issuer: https://qvisqve.example.com lifetime: 3600 signing_key: | -----BEGIN RSA PRIVATE KEY----- @@ -48,18 +48,18 @@ of clients, which it reads at startup from its configuration file: - foo - bar -Salami checks that the client id given by the client is found, and +Qvisqve checks that the client id given by the client is found, and that the offered client secret matches what's in the configuration file for the client id. It also takes the list of requested scopes, and drops any requested scopes that are not in the list of allowed scopes (in the example, it drops `foobar`). -If all these checks pass, Salami will create a JWT with the following +If all these checks pass, Qvisqve will create a JWT with the following claims: EXAMPLE sample access token claims { - "iss": "https://salami.example.com", + "iss": "https://qvisqve.example.com", "sub": "", "aud": "test-api", "exp": 123456, @@ -79,9 +79,9 @@ scopes, as described above. AND API client has secret "secrit" AND API client has allowed scopes "read write" - AND a Salami configuration for "https://salami.example.com" - AND Salami configuration has a token lifetime of 3600 - AND a running Salami instance + AND a Qvisqve configuration for "https://qvisqve.example.com" + AND Qvisqve configuration has a token lifetime of 3600 + AND a running Qvisqve instance WHEN client requests POST /token ... with client_id "bigco", client_secret "secrit", and @@ -90,10 +90,10 @@ scopes, as described above. THEN HTTP status code is 200 OK AND Content-Type is application/json AND body is a correctly signed JWT token - AND token has claim iss as "https://salami.example.com" + AND token has claim iss as "https://qvisqve.example.com" AND token has claim sub as "" AND token has claim aud as "bigco" AND token has claim scope as "read write" AND token expires in an hour - FINALLY Salami is stopped + FINALLY Qvisqve is stopped diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn index 09add3c..d5492d0 100644 --- a/yarns/900-local.yarn +++ b/yarns/900-local.yarn @@ -17,9 +17,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. --> -# Scenario step implementations for locally managed Salami +# Scenario step implementations for locally managed Qvisqve -## Configure Salami and its API client +## Configure Qvisqve and its API client IMPLEMENTS GIVEN an API client "(\S+)" V['client_id'] = get_next_match() @@ -31,10 +31,10 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. scopes = get_next_match() V['allowed_scopes'] = scopes.split() - IMPLEMENTS GIVEN a Salami configuration for "(.+)" + IMPLEMENTS GIVEN a Qvisqve configuration for "(.+)" V['iss'] = get_next_match() - IMPLEMENTS GIVEN Salami configuration has a token lifetime of (\d+) + IMPLEMENTS GIVEN Qvisqve configuration has a token lifetime of (\d+) V['lifetime'] = int(get_next_match()) @@ -58,13 +58,13 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. token = cliapp.runcmd(argv, feed_stdin=key) store_token(user, token) -## Start Salami +## Start Qvisqve - IMPLEMENTS GIVEN a running salami instance - start_salami() + IMPLEMENTS GIVEN a running Qvisqve instance + start_qvisqve() assert V['API_URL'] is not None -## Stop a Salami we started +## Stop a Qvisqve we started - IMPLEMENTS FINALLY salami is stopped - stop_salami() + IMPLEMENTS FINALLY Qvisqve is stopped + stop_qvisqve() diff --git a/yarns/900-remote.yarn b/yarns/900-remote.yarn index e4d8852..0f53b97 100644 --- a/yarns/900-remote.yarn +++ b/yarns/900-remote.yarn @@ -17,7 +17,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. --> -# Scenario step implementations for remote Salami +# Scenario step implementations for remote Qvisqve ## Authentication setup @@ -36,11 +36,11 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. token = cliapp.runcmd(argv, feed_stdin=key) store_token(user, token) -## Start and stop Salami +## Start and stop Qvisqve - IMPLEMENTS GIVEN a running salami instance + IMPLEMENTS GIVEN a running Qvisqve instance V['API_URL'] = os.environ['API_URL'] assert 0 - IMPLEMENTS FINALLY salami is stopped + IMPLEMENTS FINALLY Qvisqve is stopped pass diff --git a/yarns/lib.py b/yarns/lib.py index 8379b16..a9e1b87 100644 --- a/yarns/lib.py +++ b/yarns/lib.py @@ -31,7 +31,7 @@ import yaml from yarnutils import * -import salami_secrets +import qvisqve_secrets srcdir = os.environ['SRCDIR'] @@ -162,21 +162,21 @@ def values_match(wanted, actual): return True -def start_salami(): +def start_qvisqve(): privkey, pubkey = create_token_signing_key_pair() open('key', 'w').write(privkey) V['aud'] = 'http://api.test.example.com' V['privkey'] = privkey V['pubkey'] = pubkey - V['api.log'] = 'salami.log' + V['api.log'] = 'qvisqve.log' V['gunicorn3.log'] = 'gunicorn3.log' - V['pid-file'] = 'salami.pid' + V['pid-file'] = 'qvisqve.pid' V['port'] = cliapp.runcmd([os.path.join(srcdir, 'randport' )]).strip() V['API_URL'] = 'http://127.0.0.1:{}'.format(V['port']) clients = {} if V['client_id'] and V['client_secret']: - sh = salami_secrets.SecretHasher() + sh = qvisqve_secrets.SecretHasher() clients = { V['client_id']: { 'client_secret': sh.hash(V['client_secret']), @@ -201,11 +201,11 @@ def start_salami(): 'clients': clients, } env = dict(os.environ) - env['SALAMI_CONFIG'] = os.path.join(datadir, 'salami.yaml') - yaml.safe_dump(config, open(env['SALAMI_CONFIG'], 'w')) + env['QVISQVE_CONFIG'] = os.path.join(datadir, 'qvisqve.yaml') + yaml.safe_dump(config, open(env['QVISQVE_CONFIG'], 'w')) argv = [ - os.path.join(srcdir, 'start_salami'), - env['SALAMI_CONFIG'], + os.path.join(srcdir, 'start_qvisqve'), + env['QVISQVE_CONFIG'], ] cliapp.runcmd(argv, env=env, stdout=None, stderr=None) until = time.time() + 2.0 @@ -214,7 +214,7 @@ def start_salami(): assert os.path.exists(V['pid-file']) -def stop_salami(): +def stop_qvisqve(): filename = V['pid-file'] if os.path.exists(filename): pid = int(cat(filename)) |