-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathtest_api_keys.py
252 lines (214 loc) · 8.39 KB
/
test_api_keys.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
import uuid
import pytest
import os
from labelbox.schema.timeunit import TimeUnit
from labelbox.schema.api_key import ApiKey
from lbox.exceptions import LabelboxError
# The creation of API keys requires a feature flag to be enabled.
@pytest.mark.skipif(
condition=os.environ["LABELBOX_TEST_ENVIRON"] != "prod",
reason="Admin permissions are required to create API keys",
)
def test_create_api_key_success(client):
# Create a test API key
key_name = f"Test Key {uuid.uuid4()}"
user_email = client.get_user().email
assert (
client.get_user().org_role().name == "Admin"
), "User must be an admin to create API keys"
# Get available roles and use the first one
available_roles = ApiKey._get_available_api_key_roles(client)
assert (
len(available_roles) > 0
), "No available roles found for API key creation"
# Create the API key with a short validity period
api_key_result = client.create_api_key(
name=key_name,
user=user_email,
role=available_roles[0],
validity=5,
time_unit=TimeUnit.MINUTE,
)
# Verify the response format
assert isinstance(
api_key_result, dict
), "API key result should be a dictionary"
assert "id" in api_key_result, "API key result should contain an 'id' field"
assert (
"jwt" in api_key_result
), "API key result should contain a 'jwt' field"
# Verify the JWT token format (should be a JWT string)
jwt = api_key_result["jwt"]
assert isinstance(jwt, str), "JWT should be a string"
assert jwt.count(".") == 2, "JWT should have three parts separated by dots"
def test_create_api_key_failed(client):
# Test with invalid role
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=client.get_user().email,
role="LABELER", # This string should fail since role strings are case sensitive
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "Invalid role specified" in str(excinfo.value)
# Test with non-existent email
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user="[email protected]", # Non-existent email
role="Admin",
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "does not exist in the organization" in str(excinfo.value)
# Test with maximum validity exceeded
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=client.get_user().email,
role="Admin",
validity=30, # Beyond the 25 week maximum
time_unit=TimeUnit.WEEK,
)
assert "Maximum validity period is 6 months" in str(excinfo.value)
def test_get_api_keys(client):
"""Test that we can retrieve API keys without creating new ones."""
# Test getting all keys
all_keys = client.get_api_keys()
# Verify that we got a non-empty list of API keys
assert len(all_keys) > 0, "Expected at least one API key to exist"
# Verify that all returned items are ApiKey objects
assert all(isinstance(key, ApiKey) for key in all_keys)
def test_create_api_key_invalid_role_formats(client):
"""Test that providing invalid role formats causes failure."""
user_email = client.get_user().email
# Test with misspelled role
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Lablr", # Misspelled
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "invalid role" in str(excinfo.value).lower()
# Test with non-existent role
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="SuperAdmin", # Non-existent role
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "invalid role" in str(excinfo.value).lower()
def test_create_api_key_invalid_email_formats(client):
"""Test that providing invalid email formats causes failure."""
# Test with random labelbox domain email that likely doesn't exist
random_email = f"nonexistent_{uuid.uuid4()}@labelbox.com"
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=random_email,
role="Admin",
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "does not exist in the organization" in str(excinfo.value).lower()
# Test with malformed email
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user="not-an-email",
role="Admin",
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "does not exist" in str(excinfo.value).lower()
def test_create_api_key_invalid_validity_values(client):
"""Test that providing invalid validity values causes failure."""
user_email = client.get_user().email
# Test with negative validity
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=-1,
time_unit=TimeUnit.MINUTE,
)
assert "validity" in str(excinfo.value).lower()
# Test with zero validity
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=0,
time_unit=TimeUnit.MINUTE,
)
assert "minimum validity period is 1 minute" in str(excinfo.value).lower()
# Days (exceeding 6 months)
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=185, # Slightly over 6 months
time_unit=TimeUnit.DAY,
)
assert "maximum validity" in str(excinfo.value).lower()
# Test with validity period less than 1 minute
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=30, # 30 seconds
time_unit=TimeUnit.SECOND,
)
assert "Minimum validity period is 1 minute" in str(excinfo.value)
def test_create_api_key_invalid_time_unit(client):
"""Test that providing invalid time unit causes failure."""
user_email = client.get_user().email
# Test with None time unit
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=5,
time_unit=None,
)
assert "time_unit must be a valid TimeUnit enum value" in str(excinfo.value)
# Test with invalid string instead of TimeUnit enum
# Note: This also raises ValueError, not TypeError
with pytest.raises(ValueError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=5,
time_unit="days", # String instead of TimeUnit enum
)
assert "valid TimeUnit" in str(excinfo.value)
@pytest.mark.skipif(
condition=os.environ["LABELBOX_TEST_ENVIRON"] == "prod",
reason="Accounts with admin permission can create API keys",
)
def test_create_api_key_insufficient_permissions(client):
"""Test that creating an API key fails when the user has insufficient permissions."""
user_email = client.get_user().email
if client.get_user().org_role().name != "Admin":
# Attempt to create another API key using the limited permissions client
# This should fail due to insufficient permissions
with pytest.raises(LabelboxError) as excinfo:
client.create_api_key(
name=f"Test Key {uuid.uuid4()}",
user=user_email,
role="Admin",
validity=5,
time_unit=TimeUnit.MINUTE,
)
assert "192" in str(excinfo.value)