Skip to content

Commit

Permalink
fix: [AAP-30827] - validate the event_stream_type with credential_typ…
Browse files Browse the repository at this point in the history 
…e in creating event streams (#1081)
  • Loading branch information
@hsong-rh
hsong-rh authored Oct 3, 2024
1 parent fb04499 commit 335066b
Show file tree
Hide file tree
Showing 8 changed files with 90 additions and 67 deletions.
17 changes: 17 additions & 0 deletions src/aap_eda/api/serializers/event_stream.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,23 @@ class EventStreamInSerializer(serializers.ModelSerializer):
],
)

def validate(self, data):
eda_credential_id = data.get("eda_credential_id")
if not eda_credential_id:
return data

credential = models.EdaCredential.objects.get(id=eda_credential_id)
kind = credential.credential_type.kind

event_stream_type = data.get("event_stream_type")
if kind != event_stream_type:
raise serializers.ValidationError(
f"The input event stream type {event_stream_type} does not "
f"match with the credential type {kind}"
)

return data

class Meta:
model = models.EventStream
fields = [
Expand Down
30 changes: 30 additions & 0 deletions tests/integration/api/test_event_stream.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ def test_create_event_stream(
):
data_in = {
"name": "test_event_stream",
"event_stream_type": default_hmac_credential.credential_type.kind,
"eda_credential_id": default_hmac_credential.id,
"organization_id": default_organization.id,
}
Expand All @@ -86,6 +87,34 @@ def test_create_event_stream_without_credentials(
}


@pytest.mark.django_db
def test_create_event_stream_with_mismatched_types(
admin_client: APIClient,
default_organization: models.Organization,
default_hmac_credential: models.EdaCredential,
):
invalid_event_stream_type = "invalid_type"
data_in = {
"name": "test_es",
"event_stream_type": invalid_event_stream_type,
"eda_credential_id": default_hmac_credential.id,
"organization_id": default_organization.id,
}
with override_settings(
EVENT_STREAM_BASE_URL="https://www.example.com/",
):
response = admin_client.post(
f"{api_url_v1}/event-streams/", data=data_in
)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert (
f"The input event stream type {invalid_event_stream_type} does "
"not match with the credential type "
f"{default_hmac_credential.credential_type.kind}"
in response.data["non_field_errors"]
)


@pytest.mark.django_db
def test_delete_event_stream(
admin_client: APIClient,
Expand Down Expand Up @@ -223,6 +252,7 @@ def create_event_stream_credential(
data_in = {
"name": name,
"inputs": inputs,
"event_stream_type": credential_type.kind,
"credential_type_id": credential_type.id,
"organization_id": get_default_test_org().id,
}
Expand Down
1 change: 1 addition & 0 deletions tests/integration/api/test_event_stream_basic.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ def test_post_event_stream_with_basic_auth(
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
Expand Down
1 change: 1 addition & 0 deletions tests/integration/api/test_event_stream_ecdsa.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ def test_post_event_stream_with_ecdsa(
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
Expand Down
104 changes: 37 additions & 67 deletions tests/integration/api/test_event_stream_hmac.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
from rest_framework import status
from rest_framework.test import APIClient

from aap_eda.core import enums
from aap_eda.core import enums, models
from tests.integration.api.test_event_stream import (
create_event_stream,
create_event_stream_credential,
Expand Down Expand Up @@ -60,6 +60,7 @@ def test_post_event_stream(
obj = _create_hmac_credential(admin_client, secret, hash_algorithm)
data_in = {
"name": "test-es-1",
"event_stream_type": obj["credential_type"]["kind"],
"eda_credential_id": obj["id"],
"organization_id": get_default_test_org().id,
}
Expand All @@ -82,14 +83,9 @@ def test_post_event_stream_bad_secret(
preseed_credential_types,
):
secret = secrets.token_hex(32)
obj = _create_hmac_credential(admin_client, secret)
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
event_stream = create_event_stream(admin_client, data_in)
event_stream = _prepare_credential(
admin_client, secret, "", DEFAULT_TEST_HMAC_ENCODING
)
bad_secret = secrets.token_hex(32)
data = {"a": 1, "b": 2}
headers = {
Expand All @@ -115,22 +111,9 @@ def test_post_event_stream_with_prefix(
):
secret = secrets.token_hex(32)
signature_prefix = "sha256="
obj = _create_hmac_credential(
admin_client,
secret,
DEFAULT_TEST_HMAC_ALGORITHM,
DEFAULT_TEST_HMAC_HEADER,
DEFAULT_TEST_HMAC_ENCODING,
signature_prefix,
event_stream = _prepare_credential(
admin_client, secret, signature_prefix, DEFAULT_TEST_HMAC_ENCODING
)

data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
event_stream = create_event_stream(admin_client, data_in)
data = {"a": 1, "b": 2}
digest = hash_digest(data, secret, hashlib.sha256)
headers = {DEFAULT_TEST_HMAC_HEADER: f"{signature_prefix}{digest}"}
Expand All @@ -149,21 +132,9 @@ def test_post_event_stream_with_test_mode(
):
secret = secrets.token_hex(32)
signature_prefix = "sha256="
obj = _create_hmac_credential(
admin_client,
secret,
DEFAULT_TEST_HMAC_ALGORITHM,
DEFAULT_TEST_HMAC_HEADER,
DEFAULT_TEST_HMAC_ENCODING,
signature_prefix,
event_stream = _prepare_credential(
admin_client, secret, signature_prefix, DEFAULT_TEST_HMAC_ENCODING
)
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
event_stream = create_event_stream(admin_client, data_in)
data = {"a": 1, "b": 2}
digest = hash_digest(data, secret, hashlib.sha256)
headers = {DEFAULT_TEST_HMAC_HEADER: (f"{signature_prefix}{digest}")}
Expand All @@ -188,22 +159,9 @@ def test_post_event_stream_with_form_urlencoded(
):
secret = secrets.token_hex(32)
signature_prefix = "sha256="
obj = _create_hmac_credential(
admin_client,
secret,
DEFAULT_TEST_HMAC_ALGORITHM,
DEFAULT_TEST_HMAC_HEADER,
DEFAULT_TEST_HMAC_ENCODING,
signature_prefix,
event_stream = _prepare_credential(
admin_client, secret, signature_prefix, DEFAULT_TEST_HMAC_ENCODING
)

data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
event_stream = create_event_stream(admin_client, data_in)
data = {"a": 1, "b": 2}
content_type = "application/x-www-form-urlencoded"
data_bytes = urlencode(data).encode()
Expand Down Expand Up @@ -232,21 +190,9 @@ def test_post_event_stream_with_base64_format(
):
secret = secrets.token_hex(32)
signature_prefix = "sha256="
obj = _create_hmac_credential(
admin_client,
secret,
DEFAULT_TEST_HMAC_ALGORITHM,
DEFAULT_TEST_HMAC_HEADER,
"base64",
signature_prefix,
event_stream = _prepare_credential(
admin_client, secret, signature_prefix, "base64"
)
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
event_stream = create_event_stream(admin_client, data_in)
data = {"a": 1, "b": 2}
content_type = "application/x-www-form-urlencoded"
data_bytes = urlencode(data).encode()
Expand All @@ -267,6 +213,30 @@ def test_post_event_stream_with_base64_format(
assert response.status_code == status.HTTP_200_OK


def _prepare_credential(
admin_client: APIClient,
secret: str = "",
signature_prefix: str = "",
encoding: str = "",
) -> models.EdaCredential:
obj = _create_hmac_credential(
admin_client,
secret,
DEFAULT_TEST_HMAC_ALGORITHM,
DEFAULT_TEST_HMAC_HEADER,
encoding,
signature_prefix,
)
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
return create_event_stream(admin_client, data_in)


def _create_hmac_credential(
admin_client,
secret: str,
Expand Down
1 change: 1 addition & 0 deletions tests/integration/api/test_event_stream_oauth2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ def test_post_event_stream_with_oauth2(
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
Expand Down
1 change: 1 addition & 0 deletions tests/integration/api/test_event_stream_oauth2_jwt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ def test_post_event_stream_with_oauth2_jwt(
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
Expand Down
2 changes: 2 additions & 0 deletions tests/integration/api/test_event_stream_token.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ def test_post_event_stream_with_token(
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
}
Expand Down Expand Up @@ -102,6 +103,7 @@ def test_post_event_stream_with_test_mode_extra_headers(
data_in = {
"name": "test-es-1",
"eda_credential_id": obj["id"],
"event_stream_type": obj["credential_type"]["kind"],
"organization_id": get_default_test_org().id,
"test_mode": True,
"additional_data_headers": additional_data_headers,
Expand Down

0 comments on commit 335066b

Please sign in to comment.