forked from vmware/govmomi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsession.bats
executable file
·242 lines (173 loc) · 6.03 KB
/
session.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
#!/usr/bin/env bats
load test_helper
@test "session.ls" {
vcsim_env
run govc session.ls
assert_success
run govc session.ls -json
assert_success
# Test User-Agent
govc session.ls | grep "$(govc version | tr ' ' /)"
run govc session.ls -S
assert_success
run govc session.ls -u "$(govc env GOVC_USERNAME)@$(govc env GOVC_URL)" -S
assert_failure # no password
}
@test "session.rm" {
vcsim_env
dir=$($mktemp --tmpdir -d govc-test-XXXXX)
export GOVMOMI_HOME="$dir"
export GOVC_PERSIST_SESSION=true
run govc session.rm enoent
assert_failure # NotFound
# Can't remove the current session
id=$(govc session.ls -json | jq -r .CurrentSession.Key)
run govc session.rm "$id"
assert_failure
thumbprint=$(govc about.cert -thumbprint)
id=$(govc session.ls -json -k=false -tls-known-hosts <(echo "$thumbprint") | jq -r .CurrentSession.Key)
rm -rf "$dir"
run govc session.rm "$id"
assert_success
}
@test "session.persist" {
vcsim_env
dir=$($mktemp --tmpdir -d govc-test-XXXXX)
export GOVMOMI_HOME="$dir"
export GOVC_PERSIST_SESSION=true
run govc role.ls
assert_success
run govc session.ls -r
assert_success
grep -v REST <<<"$output" # should not have a cached REST session
run govc tags.ls
assert_success # created a REST session
run govc session.ls -r
assert_success
grep REST <<<"$output" # now we should have a cached REST session
host=$(govc env GOVC_URL)
user=$(govc env GOVC_USERNAME)
run govc role.ls -u "$host" # url w/o user:pass
assert_failure # NotAuthenticated
run govc role.ls -u "$user@$host" # url w/o pass
assert_success # authenticated via persisted session
rm -rf "$dir"
}
@test "session.login" {
vcsim_env
# Remove username/password
host=$(govc env GOVC_URL)
# Validate auth is not required for service content
run govc about -u "$host"
assert_success
# Auth is required here
run govc ls -u "$host"
assert_failure
cookie=$(govc session.login -l)
ticket=$(govc session.login -cookie "$cookie" -clone)
run govc session.login -u "$host" -ticket "$ticket"
assert_success
cookie=$(govc session.login -r -l)
run govc session.login -r -u "$host" -cookie "$cookie"
assert_success
user=$(govc env GOVC_USERNAME)
dir=$($mktemp --tmpdir -d govc-test-XXXXX)
export GOVMOMI_HOME="$dir"
export GOVC_PERSIST_SESSION=true
run govc session.login
assert_success
run govc role.ls -u "$user@$host" # url w/o pass
assert_success # authenticated via persisted SOAP session
run govc tags.ls -u "$user@$host" # url w/o pass
assert_failure # no persisted REST session yet
run govc session.login -r
assert_success
run govc tags.ls -u "$user@$host" # url w/o pass
assert_success # authenticated via persisted REST session
run govc session.logout -r
assert_success
run govc role.ls -u "$user@$host"
assert_failure # logged out of persisted session
run govc tags.ls -u "$user@$host"
assert_failure # logged out of persisted session
rm -rf "$dir"
}
@test "session.loginbytoken" {
vcsim_env
user=$(govc env GOVC_USERNAME)
dir=$($mktemp --tmpdir -d govc-test-XXXXX)
export GOVMOMI_HOME="$dir"
export GOVC_PERSIST_SESSION=true
# Remove username/password
host=$(govc env GOVC_URL)
# Token template, vcsim just checks Assertion.Subject.NameID
token="<Assertion><Subject><NameID>%s</NameID></Subject></Assertion>"
# shellcheck disable=2059
run govc session.login -l -token "$(printf $token "")"
assert_failure # empty NameID is a InvalidLogin fault
# shellcheck disable=2059
run govc session.login -l -token "$(printf $token root@localos)"
assert_success # non-empty NameID is enough to login
run govc role.ls -u "$user@$host" # url w/o pass
assert_success # authenticated via persisted SOAP session
run govc tags.ls -u "$user@$host" # url w/o pass
assert_failure # no persisted REST session yet
run govc session.login -r -token "$(printf $token root@localos)"
assert_success
run govc tags.ls -u "$user@$host" # url w/o pass
assert_success # authenticated via persisted REST session
id=$(new_id)
run govc extension.setcert -cert-pem ++ "$id" # generate a cert for testing
assert_success
# Test with STS simulator issued token
token="$(govc session.login -issue)"
run govc session.login -cert "$id.crt" -key "$id.key" -l -token "$token"
assert_success
run govc session.login -cert "$id.crt" -key "$id.key" -l -renew
assert_failure # missing -token
run govc session.login -cert "$id.crt" -key "$id.key" -l -renew -lifetime 24h -token "$token"
assert_success
# remove generated cert and key
rm "$id".{crt,key}
rm -rf "$dir"
}
@test "session.loginextension" {
vcsim_env -tunnel 0
run govc session.login -extension com.vmware.vsan.health
assert_failure # no certificate
id=$(new_id)
run govc extension.setcert -cert-pem ++ "$id" # generate a cert for testing
assert_success
# vcsim will login if any certificate is provided
run govc session.login -extension com.vmware.vsan.health -cert "$id.crt" -key "$id.key"
assert_success
# remove generated cert and key
rm "$id".{crt,key}
}
@test "session.curl" {
vcsim_env
run govc session.login /sdk/vimServiceVersions.xml
assert_success
run govc session.login /enoent
assert_failure
run govc session.login -r /rest/com/vmware/cis/session
assert_success
run govc session.login -r /enoent
assert_failure
cluster=$(govc find -i / -type c -name DC0_C0 | cut -d: -f2)
run govc session.login -r -X POST "/rest/vcenter/cluster/modules" <<EOF
{"spec": {"cluster": "$cluster"}}
EOF
assert_success
module=$(jq -r .value <<<"$output")
members="/rest/vcenter/cluster/modules/vm/$module/members"
vms=$(govc find -i /DC0/host/DC0_C0 -type m | cut -d: -f2 | jq --raw-input --slurp 'split("\n") | map(select(. != ""))')
run govc session.login -r -X POST "$members?action=invalid" <<EOF
{"vms": $vms}
EOF
assert_failure # action=invalid
run govc session.login -r -X POST "$members?action=add" <<EOF
{"vms": $vms}
EOF
assert_success
}