def test_write_and_delete(loop, self): r = auth.EtcdRole(self.client, 'test_role') r.acls = {'/*': 'R', '/test/*': 'RW'} try: yield from r.write() except: self.fail("Writing a simple groups should not fail") r1 = auth.EtcdRole(self.client, 'test_role') yield from r1.read() self.assertEquals(r1.acls, r.acls) r.revoke('/test/*', 'W') yield from r.write() yield from r1.read() self.assertEquals(r1.acls, {'/*': 'R', '/test/*': 'R'}) r.grant('/pub/*', 'RW') yield from r.write() yield from r1.read() self.assertEquals(r1.acls['/pub/*'], 'RW') # All other exceptions are tested by the user tests r1.name = None with raises(etcd.EtcdException): yield from r1.write() # ditto for delete try: yield from r.delete() except: self.fail("A normal delete should not fail") with raises(etcd.EtcdKeyNotFound): yield from r.read()
def test_write_and_delete(loop,self): r = auth.EtcdRole(self.client, 'test_group') r.acls = {'/*': 'R', '/test/*': 'RW'} try: yield from r.write() except: self.fail("Writing a simple groups should not fail") # Create an user u = auth.EtcdUser(self.client, 'test_user') u.roles.add('guest') u.roles.add('root') # directly from my suitcase u.password = '******' try: yield from u.write() except: self.fail("creating a user doesn't work") # Password gets wiped self.assertEquals(u.password, None) yield from u.read() # Verify we can log in as this user and access the auth (it has the # root role) cl = etcd.Client(port=6001, username='******', password='******') ul = auth.EtcdUser(cl, 'root') try: yield from ul.read() except etcd.EtcdInsufficientPermissions: self.fail("Reading auth with the new user is not possible") self.assertEquals(u.name, "test_user") self.assertEquals(u.roles, set(['guest', 'root'])) # set roles as a list, it works! u.roles = ['guest', 'test_group'] try: yield from u.write() except: self.fail("updating a user you previously created fails") yield from u.read() self.assertIn('test_group', u.roles) # Unauthorized access is properly handled ua = auth.EtcdUser(self.unauth_client, 'test_user') with raises(etcd.EtcdInsufficientPermissions): yield from ua.write() # now let's test deletion du = auth.EtcdUser(self.client, 'user.does.not.exist') with raises(etcd.EtcdKeyNotFound): yield from du.delete() # Delete test_user yield from u.delete() with raises(etcd.EtcdKeyNotFound): yield from u.read() # Permissions are properly handled with raises(etcd.EtcdInsufficientPermissions): yield from ua.delete()
def test_read(loop, self): r = auth.EtcdRole(self.client, 'guest') try: yield from r.read() except: self.fail('Reading an existing role failed') self.assertEquals(r.acls, {'/*': 'RW'})
def test_read(loop,self): r = auth.EtcdRole(self.client, 'guest') try: yield from r.read() except: self.fail('Reading an existing role failed') # XXX The ACL path result changed from '*' to '/*' at some point # between etcd-2.2.2 and 2.2.5. They're equivalent so allow # for both. if '/*' in r.acls: self.assertEquals(r.acls, {'/*': 'RW'}) else: self.assertEquals(r.acls, {'*': 'RW'})
def tearDown(self): loop = asyncio.get_event_loop() u = auth.EtcdUser(self.client, 'test_user') r = auth.EtcdRole(self.client, 'test_role') try: loop.run_until_complete(u.delete()) except: pass try: loop.run_until_complete(r.delete()) except: pass a = auth.Auth(self.client) loop.run_until_complete(a.set_active(False))
def test_names(loop, self): r = auth.EtcdRole(self.client, 'guest') x = yield from r.get_names() print(x) self.assertListEqual((yield from r.get_names()), [{ 'role': 'guest', 'permissions': { 'kv': { 'read': ['/*'], 'write': ['/*'] } } }, { 'role': 'root', 'permissions': { 'kv': { 'read': ['/*'], 'write': ['/*'] } } }])
def test_names(loop,self): r = auth.EtcdRole(self.client, 'guest') self.assertListEqual((yield from r.get_names()), [u'guest', u'root'])