Beispiel #1
0
def user(user_password):
    user = User(username="******")
    user.set_password(user_password)
    user.save()

    yield user
    user.delete()
    def get_user(self, request: HTTPServerRequest) -> Optional[User]:
        """Gets the User based on certificates supplied with in the request body

        Args:
            request: tornado HTTPServerRequest object

        Returns:
            User: The User object for the user specified by the certificates
            None: If no User was found
        """
        authenticated_user: Optional[User] = None

        if request.headers and self.group_mapping:
            username = request.headers.get(self.username_header)
            groups = self._groups_from_headers(request.headers)

            if username and groups:
                try:
                    authenticated_user = User.objects.get(username=username)
                except User.DoesNotExist:
                    if self.create_users:
                        authenticated_user = User(username=username)

                        # TODO: Really we should just have an option on User to disable
                        # password logins. For now, just set a random-ish value.
                        authenticated_user.set_password(str(uuid4()))

                if authenticated_user:
                    authenticated_user.role_assignments = (
                        self._role_assignments_from_groups(groups))

                    authenticated_user.save()

        return authenticated_user
Beispiel #3
0
    def test_initiate_user_sync_routes_to_each_running_garden(
            self, monkeypatch, gardens):
        monkeypatch.setattr(beer_garden.router, "route", Mock())
        User(username="******").save()
        initiate_user_sync()

        assert beer_garden.router.route.call_count == len(
            Garden.objects.filter(status="RUNNING"))
Beispiel #4
0
    def user_to_sync(self):
        role = Role(name="role1").save()
        role_assignment = RoleAssignment(role=role, domain={"scope": "Global"})
        user = User(username="******",
                    password="******",
                    role_assignments=[role_assignment])

        yield user
        role.delete()
Beispiel #5
0
def user_admin(user_admin_role):
    role_assignment = RoleAssignment(role=user_admin_role,
                                     domain={"scope": "Global"})
    user = User(username="******")
    user.set_password("password")
    user.role_assignments = [role_assignment]
    user.save()

    yield user
    user.delete()
Beispiel #6
0
    def user_token(self):
        user = User(username="******").save()
        user_token = UserToken(
            expires_at=datetime.utcnow() + timedelta(minutes=10),
            user=user,
            uuid=uuid4(),
        ).save()

        yield user_token
        user_token.delete()
        user.delete()
Beispiel #7
0
def user_with_permission(event_forward_role):
    role_assignment = RoleAssignment(
        role=event_forward_role,
        domain={
            "scope": "Global",
        },
    )

    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
Beispiel #8
0
def user_with_role_assignments():
    role = Role(name="assignedrole1", permissions=["garden:read"]).save()
    role_assignment = RoleAssignment(domain={
        "scope": "Garden",
        "identifiers": {
            "name": "garden1"
        }
    },
                                     role=role)
    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
    role.delete()
Beispiel #9
0
def read_only_user(garden_permitted, garden_read_role):
    role_assignment = RoleAssignment(
        role=garden_read_role,
        domain={
            "scope": "Garden",
            "identifiers": {
                "name": garden_permitted.name,
            },
        },
    )

    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
Beispiel #10
0
def user_with_permission(garden, garden_admin_role):
    role_assignment = RoleAssignment(
        role=garden_admin_role,
        domain={
            "scope": "Garden",
            "identifiers": {
                "name": garden.name
            },
        },
    )

    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
Beispiel #11
0
    def _anonymous_superuser(self) -> "User":
        """Return a User object with all permissions for all gardens"""
        anonymous_superuser = User(username="******")

        # Manually set the permissions cache (to all permissions for all gardens) since
        # the anonymous user has no actual role assignments from which the permissions
        # could be calculated
        permissions = {"global_permissions": [], "domain_permissions": {}}

        for permission in Permissions:
            permissions["global_permissions"].append(permission.value)

        anonymous_superuser.set_permissions_cache(permissions)

        return anonymous_superuser
Beispiel #12
0
def ensure_users():
    """Create the default admin user if necessary"""
    if User.objects.count() == 0:
        username = config.get("auth.default_admin.username")
        password = config.get("auth.default_admin.password")
        superuser_role = Role.objects.get(name="superuser")

        logger.info("Creating default admin user with username: %s", username)

        admin = User(username=username)
        admin.set_password(password)
        admin.role_assignments = [
            RoleAssignment(role=superuser_role, domain={"scope": "Global"})
        ]
        admin.save()
Beispiel #13
0
def user_with_permission(garden_permitted, queue_manager_role):
    role_assignment = RoleAssignment(
        role=queue_manager_role,
        domain={
            "scope": "Garden",
            "identifiers": {
                "name": garden_permitted.name,
            },
        },
    )

    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
Beispiel #14
0
def user(request_permitted, operator_role):
    role_assignment = RoleAssignment(
        role=operator_role,
        domain={
            "scope": "System",
            "identifiers": {
                "name": request_permitted.system,
                "namespace": request_permitted.namespace,
            },
        },
    )

    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
Beispiel #15
0
def user_with_role_assignments(
    role_assignment_for_garden_scope,
    role_assignment_for_system_scope,
    role_assignment_for_global_scope,
):
    user = User(
        username="******",
        role_assignments=[
            role_assignment_for_garden_scope,
            role_assignment_for_system_scope,
            role_assignment_for_global_scope,
        ],
    ).save()

    yield user
    user.delete()
Beispiel #16
0
    def test_user_has_permission_for_object_request_through_user(
        self,
        test_request,
    ):
        """user_has_permission_for_object returns true for a System in which the
        user has Garden level access for the required permission
        """
        # Set the requester of the request to be our "owner" test user
        owner = User(username="******")
        test_request.requester = owner.username
        test_request.save()

        assert user_has_permission_for_object(
            owner, OBJECT_OWNER_PERMISSIONS[0], test_request
        )
        assert not user_has_permission_for_object(owner, "noaccess", test_request)
Beispiel #17
0
def user(system_permitted, system_read_role):
    role_assignment = RoleAssignment(
        role=system_read_role,
        domain={
            "scope": "System",
            "identifiers": {
                "name": system_permitted.name,
                "namespace": system_permitted.namespace,
            },
        },
    )

    user = User(username="******", role_assignments=[role_assignment]).save()

    yield user
    user.delete()
Beispiel #18
0
    def test_update_user(self):
        user = User(username="******", password="******")
        user.save()

        prev_password = user.password

        updated_user = update_user(user,
                                   username="******",
                                   password="******")

        assert type(updated_user) is User
        assert User.objects.filter(username="******").count() == 0
        assert User.objects.filter(username="******").count() == 1
        assert updated_user.username == "differentuser"

        # Check for differences rather than actual values to avoid making these
        # assertions dependent on our specific hashing algorithm. We check that:
        # 1) The password changed
        # 2) It is not the plaintext password we provided
        assert updated_user.password != prev_password
        assert updated_user.password != "badpassword"
Beispiel #19
0
def user(garden_permitted, garden_admin_role, garden_create_role):
    role_assignments = [
        RoleAssignment(
            role=garden_admin_role,
            domain={
                "scope": "Garden",
                "identifiers": {
                    "name": garden_permitted.name,
                },
            },
        ),
        RoleAssignment(
            role=garden_create_role,
            domain={
                "scope": "Global",
            },
        ),
    ]

    user = User(username="******", role_assignments=role_assignments).save()

    yield user
    user.delete()
Beispiel #20
0
    def existing_user(self):
        user = User(username="******").save()

        yield user
        user.delete()
Beispiel #21
0
    def test_user_synced_with_garden_returns_true_for_no_relevant_assignments(
            self):
        user = User(username="******")
        garden = Garden(name="garden")

        assert user_synced_with_garden(user, garden) is True
Beispiel #22
0
    def user(self, role_assignment):
        user = User(username="******",
                    role_assignments=[role_assignment]).save()

        yield user
        user.delete()
Beispiel #23
0
def user_without_permission():
    user = User(username="******").save()

    yield user
    user.delete()
Beispiel #24
0
def user_without_permission(event_forward_role):
    user = User(username="******").save()

    yield user
    user.delete()