def test_secret_serialization(self):
"""Serializing snapshot with non-trivial AuthSecret."""
secret = model.AuthSecret(
id='secret key',
parent=model.secret_scope_key('global'),
values=['\x00' * 100, ''],
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
snapshot = make_snapshot_obj(secrets=[secret])
self.assert_serialization_works(snapshot)
def test_secret_serialization(self):
"""Serializing snapshot with non-trivial AuthSecret."""
secret = model.AuthSecret(
id='secret key',
parent=model.secret_scope_key('global'),
values=['\x00' * 100, ''],
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
snapshot = make_snapshot_obj(secrets=[secret])
self.assert_serialization_works(snapshot)
def test_non_empty(self):
self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))
state = model.AuthReplicationState(
key=model.replication_state_key(),
primary_id='blah',
primary_url='https://blah',
auth_db_rev=123)
state.put()
global_config = model.AuthGlobalConfig(
key=model.root_key(),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'),
oauth_client_id='oauth_client_id',
oauth_client_secret='oauth_client_secret',
oauth_additional_client_ids=['a', 'b'])
global_config.put()
group = model.AuthGroup(
key=model.group_key('Some group'),
members=[model.Identity.from_bytes('user:[email protected]')],
globs=[model.IdentityGlob.from_bytes('user:*@example.com')],
nested=[],
description='Some description',
created_ts=utils.utcnow(),
created_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
group.put()
another = model.AuthGroup(
key=model.group_key('Another group'),
nested=['Some group'])
another.put()
global_secret = model.AuthSecret(
id='global_secret',
parent=model.secret_scope_key('global'),
values=['1234', '5678'],
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
global_secret.put()
# Local secret should not appear in a snapshot.
local_secret = model.AuthSecret(
id='local_secret',
parent=model.secret_scope_key('local'),
values=['1234', '5678'],
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
local_secret.put()
ip_whitelist = model.AuthIPWhitelist(
key=model.ip_whitelist_key('bots'),
subnets=['127.0.0.1/32'],
description='Some description',
created_ts=utils.utcnow(),
created_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
ip_whitelist.put()
ip_whitelist_assignments = model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key(),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'),
assignments=[
model.AuthIPWhitelistAssignments.Assignment(
identity=model.Identity.from_bytes('user:[email protected]'),
ip_whitelist='bots',
comment='some comment',
created_ts=utils.utcnow(),
created_by=model.Identity.from_bytes('user:[email protected]')),
])
ip_whitelist_assignments.put()
captured_state, snapshot = replication.new_auth_db_snapshot()
expected_state = {
'auth_db_rev': 123,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'primary_id': u'blah',
'primary_url': u'https://blah',
}
self.assertEqual(expected_state, captured_state.to_dict())
expected_snapshot = {
'global_config': {
'__id__': 'root',
'__parent__': None,
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': model.Identity(kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'oauth_additional_client_ids': [u'a', u'b'],
'oauth_client_id': u'oauth_client_id',
'oauth_client_secret': u'oauth_client_secret',
},
'groups': [
{
'__id__': 'Another group',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': None,
'description': '',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': None,
'nested': [u'Some group'],
},
{
'__id__': 'Some group',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': model.Identity(kind='user', name='*****@*****.**'),
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'Some description',
'globs': [model.IdentityGlob(kind='user', pattern='*@example.com')],
'members': [model.Identity(kind='user', name='*****@*****.**')],
'modified_by': model.Identity(
kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
},
],
'secrets': [
{
'__id__': 'global_secret',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': model.Identity(
kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': ['1234', '5678'],
},
],
'ip_whitelists': [
{
'__id__': 'bots',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': model.Identity(kind='user', name='*****@*****.**'),
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'Some description',
'modified_by': model.Identity(
kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': ['127.0.0.1/32'],
},
],
'ip_whitelist_assignments': {
'__id__': 'default',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'assignments': [
{
'comment': 'some comment',
'created_by': model.Identity(
kind='user', name='*****@*****.**'),
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(
kind='user', name='*****@*****.**'),
'ip_whitelist': 'bots',
},
],
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': model.Identity(kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
},
}
self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))
def secret(name, scope, **kwargs):
return model.AuthSecret(
id=name, parent=model.secret_scope_key(scope), **kwargs)
def test_works(self):
self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))
self.configure_as_replica(0)
# Prepare auth db state.
model.AuthGlobalConfig(
key=model.root_key(),
modified_ts=utils.utcnow(),
oauth_client_id='oauth_client_id',
oauth_client_secret='oauth_client_secret',
oauth_additional_client_ids=['a', 'b']).put()
def group(name, **kwargs):
return model.AuthGroup(
key=model.group_key(name),
created_ts=utils.utcnow(),
modified_ts=utils.utcnow(),
**kwargs)
group('Modify').put()
group('Delete').put()
group('Keep').put()
def secret(name, scope, **kwargs):
return model.AuthSecret(
id=name, parent=model.secret_scope_key(scope), **kwargs)
secret('modify', 'global').put()
secret('delete', 'global').put()
secret('keep', 'global').put()
secret('local', 'local').put()
def ip_whitelist(name, **kwargs):
return model.AuthIPWhitelist(
key=model.ip_whitelist_key(name),
created_ts=utils.utcnow(),
modified_ts=utils.utcnow(),
**kwargs)
ip_whitelist('modify').put()
ip_whitelist('delete').put()
ip_whitelist('keep').put()
def assignment(ident, ip_whitelist):
return model.AuthIPWhitelistAssignments.Assignment(
identity=model.Identity.from_bytes(ident),
ip_whitelist=ip_whitelist,
created_ts=utils.utcnow(),
comment='comment')
model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key(),
modified_ts=utils.utcnow(),
assignments=[
assignment('user:[email protected]', 'modify'),
assignment('user:[email protected]', 'delete'),
assignment('user:[email protected]', 'keep'),
]).put()
# Prepare snapshot.
snapshot = replication.AuthDBSnapshot(
global_config=model.AuthGlobalConfig(
key=model.root_key(),
modified_ts=utils.utcnow(),
oauth_client_id='another_oauth_client_id',
oauth_client_secret='another_oauth_client_secret',
oauth_additional_client_ids=[]),
groups=[
group('New'),
group('Modify', description='blah'),
group('Keep'),
],
secrets=[
secret('new', 'global'),
secret('modify', 'global', values=['1234']),
secret('keep', 'global'),
],
ip_whitelists=[
ip_whitelist('new', subnets=['1.1.1.1/32']),
ip_whitelist('modify', subnets=['127.0.0.1/32', '192.168.0.1/32']),
ip_whitelist('keep'),
],
ip_whitelist_assignments=model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key(),
assignments=[
assignment('user:[email protected]', 'new'),
assignment('user:[email protected]', 'modify'),
assignment('user:[email protected]', 'keep'),
],
),
)
# Push it.
updated, state = replication.replace_auth_db(
auth_db_rev=1234,
modified_ts=datetime.datetime(2014, 1, 1, 1, 1, 1),
snapshot=snapshot)
self.assertTrue(updated)
expected_state = {
'auth_db_rev': 1234,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'primary_id': u'primary',
'primary_url': u'https://primary',
}
self.assertEqual(expected_state, state.to_dict())
# Verify expected Auth db state.
current_state, current_snapshot = replication.new_auth_db_snapshot()
self.assertEqual(expected_state, current_state.to_dict())
expected_auth_db = {
'global_config': {
'__id__': 'root',
'__parent__': None,
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'oauth_additional_client_ids': [],
'oauth_client_id': u'another_oauth_client_id',
'oauth_client_secret': u'another_oauth_client_secret'},
'groups': [
{
'__id__': 'Keep',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': '',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
},
{
'__id__': 'Modify',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'blah',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
},
{
'__id__': 'New',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': '',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
},
],
'secrets': [
{
'__id__': 'keep',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': [],
},
{
'__id__': 'modify',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': ['1234'],
},
{
'__id__': 'new',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': [],
},
],
'ip_whitelists': [
{
'__id__': 'keep',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': '',
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': [],
},
{
'__id__': 'modify',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': '',
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': ['127.0.0.1/32', '192.168.0.1/32'],
},
{
'__id__': 'new',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': '',
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': ['1.1.1.1/32'],
},
],
'ip_whitelist_assignments': {
'__id__': 'default',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'assignments': [
{
'comment': 'comment',
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist': 'new',
},
{
'comment': 'comment',
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist': 'modify',
},
{
'comment': 'comment',
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist': 'keep',
},
],
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': None,
'modified_ts': None, # not transfered currently in proto
},
}
self.assertEqual(expected_auth_db, snapshot_to_dict(current_snapshot))
# Ensure local secret was left intact.
local_secrets = model.AuthSecret.query(
ancestor=model.secret_scope_key('local'))
expected_local_secrets = [
{
'__id__': 'local',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'local'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': [],
},
]
self.assertEqual(
expected_local_secrets, [entity_to_dict(s) for s in local_secrets])
def test_non_empty(self):
self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))
state = model.AuthReplicationState(
key=model.replication_state_key(),
primary_id='blah',
primary_url='https://blah',
auth_db_rev=123)
state.put()
global_config = model.AuthGlobalConfig(
key=model.root_key(),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'),
oauth_client_id='oauth_client_id',
oauth_client_secret='oauth_client_secret',
oauth_additional_client_ids=['a', 'b'])
global_config.put()
group = model.AuthGroup(
key=model.group_key('Some group'),
members=[model.Identity.from_bytes('user:[email protected]')],
globs=[model.IdentityGlob.from_bytes('user:*@example.com')],
nested=[],
description='Some description',
owners='owning-group',
created_ts=utils.utcnow(),
created_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
group.put()
another = model.AuthGroup(
key=model.group_key('Another group'),
nested=['Some group'])
another.put()
global_secret = model.AuthSecret(
id='global_secret',
parent=model.secret_scope_key('global'),
values=['1234', '5678'],
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
global_secret.put()
# Local secret should not appear in a snapshot.
local_secret = model.AuthSecret(
id='local_secret',
parent=model.secret_scope_key('local'),
values=['1234', '5678'],
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
local_secret.put()
ip_whitelist = model.AuthIPWhitelist(
key=model.ip_whitelist_key('bots'),
subnets=['127.0.0.1/32'],
description='Some description',
created_ts=utils.utcnow(),
created_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'))
ip_whitelist.put()
ip_whitelist_assignments = model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key(),
modified_ts=utils.utcnow(),
modified_by=model.Identity.from_bytes('user:[email protected]'),
assignments=[
model.AuthIPWhitelistAssignments.Assignment(
identity=model.Identity.from_bytes('user:[email protected]'),
ip_whitelist='bots',
comment='some comment',
created_ts=utils.utcnow(),
created_by=model.Identity.from_bytes('user:[email protected]')),
])
ip_whitelist_assignments.put()
captured_state, snapshot = replication.new_auth_db_snapshot()
expected_state = {
'auth_db_rev': 123,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'primary_id': u'blah',
'primary_url': u'https://blah',
}
self.assertEqual(expected_state, captured_state.to_dict())
expected_snapshot = {
'global_config': {
'__id__': 'root',
'__parent__': None,
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': model.Identity(kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'oauth_additional_client_ids': [u'a', u'b'],
'oauth_client_id': u'oauth_client_id',
'oauth_client_secret': u'oauth_client_secret',
},
'groups': [
{
'__id__': 'Another group',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': None,
'description': u'',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': None,
'nested': [u'Some group'],
'owners': u'administrators',
},
{
'__id__': 'Some group',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': model.Identity(kind='user', name='*****@*****.**'),
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'Some description',
'globs': [model.IdentityGlob(kind='user', pattern='*@example.com')],
'members': [model.Identity(kind='user', name='*****@*****.**')],
'modified_by': model.Identity(
kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
'owners': u'owning-group',
},
],
'secrets': [
{
'__id__': 'global_secret',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': model.Identity(
kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': ['1234', '5678'],
},
],
'ip_whitelists': [
{
'__id__': 'bots',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': model.Identity(kind='user', name='*****@*****.**'),
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'Some description',
'modified_by': model.Identity(
kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': [u'127.0.0.1/32'],
},
],
'ip_whitelist_assignments': {
'__id__': 'default',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'assignments': [
{
'comment': u'some comment',
'created_by': model.Identity(
kind='user', name='*****@*****.**'),
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(
kind='user', name='*****@*****.**'),
'ip_whitelist': u'bots',
},
],
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': model.Identity(kind='user', name='*****@*****.**'),
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
},
}
self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))
def secret(name, scope, **kwargs):
return model.AuthSecret(
id=name, parent=model.secret_scope_key(scope), **kwargs)
def test_works(self):
self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))
self.configure_as_replica(0)
# Prepare auth db state.
model.AuthGlobalConfig(
key=model.root_key(),
modified_ts=utils.utcnow(),
oauth_client_id='oauth_client_id',
oauth_client_secret='oauth_client_secret',
oauth_additional_client_ids=['a', 'b']).put()
def group(name, **kwargs):
return model.AuthGroup(
key=model.group_key(name),
created_ts=utils.utcnow(),
modified_ts=utils.utcnow(),
**kwargs)
group('Modify').put()
group('Delete').put()
group('Keep').put()
def secret(name, scope, **kwargs):
return model.AuthSecret(
id=name, parent=model.secret_scope_key(scope), **kwargs)
secret('modify', 'global').put()
secret('delete', 'global').put()
secret('keep', 'global').put()
secret('local', 'local').put()
def ip_whitelist(name, **kwargs):
return model.AuthIPWhitelist(
key=model.ip_whitelist_key(name),
created_ts=utils.utcnow(),
modified_ts=utils.utcnow(),
**kwargs)
ip_whitelist('modify').put()
ip_whitelist('delete').put()
ip_whitelist('keep').put()
def assignment(ident, ip_whitelist):
return model.AuthIPWhitelistAssignments.Assignment(
identity=model.Identity.from_bytes(ident),
ip_whitelist=ip_whitelist,
created_ts=utils.utcnow(),
comment='comment')
model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key(),
modified_ts=utils.utcnow(),
assignments=[
assignment('user:[email protected]', 'modify'),
assignment('user:[email protected]', 'delete'),
assignment('user:[email protected]', 'keep'),
]).put()
# Prepare snapshot.
snapshot = replication.AuthDBSnapshot(
global_config=model.AuthGlobalConfig(
key=model.root_key(),
modified_ts=utils.utcnow(),
oauth_client_id='another_oauth_client_id',
oauth_client_secret='another_oauth_client_secret',
oauth_additional_client_ids=[]),
groups=[
group('New'),
group('Modify', description='blah', owners='some-other-owners'),
group('Keep'),
],
secrets=[
secret('new', 'global'),
secret('modify', 'global', values=['1234']),
secret('keep', 'global'),
],
ip_whitelists=[
ip_whitelist('new', subnets=['1.1.1.1/32']),
ip_whitelist('modify', subnets=['127.0.0.1/32', '192.168.0.1/32']),
ip_whitelist('keep'),
],
ip_whitelist_assignments=model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key(),
assignments=[
assignment('user:[email protected]', 'new'),
assignment('user:[email protected]', 'modify'),
assignment('user:[email protected]', 'keep'),
],
),
)
# Push it.
updated, state = replication.replace_auth_db(
auth_db_rev=1234,
modified_ts=datetime.datetime(2014, 1, 1, 1, 1, 1),
snapshot=snapshot)
self.assertTrue(updated)
expected_state = {
'auth_db_rev': 1234,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'primary_id': u'primary',
'primary_url': u'https://primary',
}
self.assertEqual(expected_state, state.to_dict())
# Verify expected Auth db state.
current_state, current_snapshot = replication.new_auth_db_snapshot()
self.assertEqual(expected_state, current_state.to_dict())
expected_auth_db = {
'global_config': {
'__id__': 'root',
'__parent__': None,
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'oauth_additional_client_ids': [],
'oauth_client_id': u'another_oauth_client_id',
'oauth_client_secret': u'another_oauth_client_secret'},
'groups': [
{
'__id__': 'Keep',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
'owners': u'administrators',
},
{
'__id__': 'Modify',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'blah',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
'owners': u'some-other-owners',
},
{
'__id__': 'New',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'',
'globs': [],
'members': [],
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'nested': [],
'owners': u'administrators',
},
],
'secrets': [
{
'__id__': 'keep',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': [],
},
{
'__id__': 'modify',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': ['1234'],
},
{
'__id__': 'new',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': [],
},
],
'ip_whitelists': [
{
'__id__': 'keep',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'',
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': [],
},
{
'__id__': 'modify',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'',
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': [u'127.0.0.1/32', u'192.168.0.1/32'],
},
{
'__id__': 'new',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'auth_db_rev': None,
'auth_db_prev_rev': None,
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'description': u'',
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'subnets': [u'1.1.1.1/32'],
},
],
'ip_whitelist_assignments': {
'__id__': 'default',
'__parent__': ndb.Key('AuthGlobalConfig', 'root'),
'assignments': [
{
'comment': u'comment',
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist': u'new',
},
{
'comment': u'comment',
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist': u'modify',
},
{
'comment': u'comment',
'created_by': None,
'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'identity': model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist': u'keep',
},
],
'auth_db_rev': None,
'auth_db_prev_rev': None,
'modified_by': None,
'modified_ts': None, # not transfered currently in proto
},
}
self.assertEqual(expected_auth_db, snapshot_to_dict(current_snapshot))
# Ensure local secret was left intact.
local_secrets = model.AuthSecret.query(
ancestor=model.secret_scope_key('local'))
expected_local_secrets = [
{
'__id__': 'local',
'__parent__': ndb.Key(
'AuthGlobalConfig', 'root', 'AuthSecretScope', 'local'),
'modified_by': None,
'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
'values': [],
},
]
self.assertEqual(
expected_local_secrets, [entity_to_dict(s) for s in local_secrets])
