# Test all the endpoints authentication

On cluster mode, all the HTTP endpoints need an API Key authentication.

In [1]:
import os
import requests

# Test only on cluster mode
if os.getenv("RSPY_LOCAL_MODE") == "0":

    # Read configuration
    RSPY_WEBSITE = os.environ["RSPY_WEBSITE"]
    HEADERS={"headers": {"x-api-key": os.environ["RSPY_APIKEY"]}}

    # For each endpoint and associated method.
    # Use dummy params, it's not important.
    for method, endpoint in [
        ["GET", "/adgs/aux/search"],
        ["GET", "/adgs/aux"],
        ["GET", "/adgs/aux/status"],
        ["GET", "/cadip/{station}/cadu/search"],
        ["GET", "/cadip/{station}/cadu"],
        ["GET", "/cadip/{station}/cadu/status"],
        ["GET", "/catalog/{owner_id}"],
        ["GET", "/catalog/{owner_id}/conformance"],
        ["GET", "/catalog/{owner_id}/collections/{collection_id}/items/{item_id}"],
        ["PUT", "/catalog/{owner_id}/collections/{collection_id}/items/{item_id}"],
        ["DELETE", "/catalog/{owner_id}/collections/{collection_id}/items/{item_id}"],
        ["GET", "/catalog/search"],
        ["POST", "/catalog/search"],
        ["GET", "/catalog/{owner_id}/collections"],
        ["PUT", "/catalog/{owner_id}/collections"],
        ["POST", "/catalog/{owner_id}/collections"],
        ["GET", "/catalog/{owner_id}/collections/{collection_id}"],
        ["DELETE", "/catalog/{owner_id}/collections/{collection_id}"],
        ["GET", "/catalog/{owner_id}/collections/{collection_id}/items"],
        ["POST", "/catalog/{owner_id}/collections/{collection_id}/items"],
        ["GET", "/catalog/{owner_id}/queryables"],
        ["GET", "/catalog/{owner_id}/collections/{collection_id}/queryables"],
        ["POST", "/catalog/{owner_id}/collections/{collection_id}/bulk_items"],
    ]:
        print(f"Test: [{method}] {endpoint}")
        
        # Assert that we have a 403: Not authenticated
        response = requests.request (method, f"{RSPY_WEBSITE}{endpoint}")
        #print (response.status_code, response.content)
        assert (response.status_code == 403) or ("403: Not authenticated" in str(response.content))

        # With the right API key, we should be authenticated
        response = requests.request (method, f"{RSPY_WEBSITE}{endpoint}", **HEADERS)
        # print (response.status_code, response.content)
        # We have non-OK responses which is normal because we passed dummy parameters, but 
        # we should be authenticated. 
        # 401 = unauthorized
        assert (response.status_code not in (401, 403)) and ("403: Not authenticated" not in str(response.content))

    print ("All endpoints were tested")

Test: [GET] /adgs/aux/search
Test: [GET] /adgs/aux
Test: [GET] /adgs/aux/status
Test: [GET] /cadip/{station}/cadu/search
Test: [GET] /cadip/{station}/cadu
Test: [GET] /cadip/{station}/cadu/status
Test: [GET] /catalog/{owner_id}
Test: [GET] /catalog/{owner_id}/conformance
Test: [GET] /catalog/{owner_id}/collections/{collection_id}/items/{item_id}
Test: [PUT] /catalog/{owner_id}/collections/{collection_id}/items/{item_id}
Test: [DELETE] /catalog/{owner_id}/collections/{collection_id}/items/{item_id}
Test: [GET] /catalog/search
Test: [POST] /catalog/search
Test: [GET] /catalog/{owner_id}/collections
Test: [PUT] /catalog/{owner_id}/collections
Test: [POST] /catalog/{owner_id}/collections
Test: [GET] /catalog/{owner_id}/collections/{collection_id}
Test: [DELETE] /catalog/{owner_id}/collections/{collection_id}
Test: [GET] /catalog/{owner_id}/collections/{collection_id}/items
Test: [POST] /catalog/{owner_id}/collections/{collection_id}/items
Test: [GET] /catalog/{owner_id}/queryables
Test: [G