From c3f5b5b1243c3d8e43ede0457355659d0331a1d2 Mon Sep 17 00:00:00 2001
From: Mike McLean <mikem@redhat.com>
Date: Dec 07 2017 23:16:03 +0000
Subject: unit tests for gssapi auth


---

diff --git a/tests/test_lib/test_gssapi.py b/tests/test_lib/test_gssapi.py
new file mode 100644
index 0000000..4927f96
--- /dev/null
+++ b/tests/test_lib/test_gssapi.py
@@ -0,0 +1,67 @@
+from __future__ import absolute_import
+import mock
+import os
+import unittest
+
+import koji
+
+
+class TestGSSAPI(unittest.TestCase):
+
+    def setUp(self):
+        self.session = koji.ClientSession('https://koji.example.com/kojihub', {})
+        self.session._callMethod = mock.MagicMock(name='_callMethod')
+
+    def tearDown(self):
+        mock.patch.stopall()
+
+    maxDiff = None
+
+    @mock.patch('koji.HTTPKerberosAuth', new=None)
+    def test_gssapi_disabled(self):
+        with self.assertRaises(ImportError):
+            self.session.gssapi_login()
+
+    def test_gssapi_login(self):
+        old_environ = dict(**os.environ)
+        self.session.gssapi_login()
+        self.session._callMethod.assert_called_once_with('sslLogin', [None],
+                retry=False)
+        self.assertEqual(old_environ, dict(**os.environ))
+
+    def test_gssapi_login_keytab(self):
+        principal = 'user@EXAMPLE.COM'
+        keytab = '/path/to/keytab'
+        ccache = '/path/to/cache'
+        old_environ = dict(**os.environ)
+        self.session.gssapi_login(principal, keytab, ccache)
+        self.session._callMethod.assert_called_once_with('sslLogin', [None],
+                retry=False)
+        self.assertEqual(old_environ, dict(**os.environ))
+
+    def test_gssapi_login_error(self):
+        old_environ = dict(**os.environ)
+        self.session._callMethod.side_effect = Exception('login failed')
+        with self.assertRaises(koji.AuthError):
+            self.session.gssapi_login()
+        self.session._callMethod.assert_called_once_with('sslLogin', [None],
+                retry=False)
+        self.assertEqual(old_environ, dict(**os.environ))
+
+    def test_gssapi_login_http(self):
+        old_environ = dict(**os.environ)
+        url1 = 'http://koji.example.com/kojihub'
+        url2 = 'https://koji.example.com/kojihub'
+
+        # successful gssapi auth should force https
+        self.session.baseurl = url1
+        self.session.gssapi_login()
+        self.assertEqual(self.session.baseurl, url2)
+
+        # failed gssapi auth should leave the url alone
+        self.session.baseurl = url1
+        self.session._callMethod.side_effect = Exception('login failed')
+        with self.assertRaises(koji.AuthError):
+            self.session.gssapi_login()
+        self.assertEqual(self.session.baseurl, url1)
+        self.assertEqual(old_environ, dict(**os.environ))