Beispiel #1
0
    def permissions_test(self):
        """Check that permissions logic is ok"""
        # Only lasote can read it but other conans can be readed
        read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Pepe can't read conans
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "pepe", self.openssl_ref)

        # Owner can read conans
        authorizer.check_read_conan("lasote", self.openssl_ref)

        # Pepe can read other conans
        authorizer.check_read_conan("pepe", self.openssl_ref2)

        # Pepe can't read package
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_package, "pepe", self.package_reference)

        # Owner can read package
        authorizer.check_read_package("lasote", self.package_reference)

        # Pepe can read other package
        authorizer.check_read_package("pepe", self.package_reference2)

        # WRITE PERMISSIONS

        # Pepe can write conans
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Juan can't write conans
        self.assertRaises(ForbiddenException,
                          authorizer.check_write_conan, "juan", self.openssl_ref)

        # Owner can write conans
        authorizer.check_write_conan("lasote", self.openssl_ref)

        # Pepe can't write other conans
        self.assertRaises(ForbiddenException,
                          authorizer.check_write_conan, "pepe", self.openssl_ref2)

        # Owner can write package
        authorizer.check_write_package("lasote", self.package_reference)

        # Pepe can write package
        authorizer.check_write_package("pepe", self.package_reference)

        # Pepe can't write other package
        self.assertRaises(ForbiddenException,
                          authorizer.check_write_package, "pepe", self.package_reference2)
Beispiel #2
0
    def permissions_test(self):
        """Check that permissions logic is ok"""
        # Only lasote can read it but other conans can be readed
        read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Pepe can't read conans
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "pepe", self.openssl_ref)

        # Owner can read conans
        authorizer.check_read_conan("lasote", self.openssl_ref)

        # Pepe can read other conans
        authorizer.check_read_conan("pepe", self.openssl_ref2)

        # Pepe can't read package
        self.assertRaises(ForbiddenException, authorizer.check_read_package,
                          "pepe", self.package_reference)

        # Owner can read package
        authorizer.check_read_package("lasote", self.package_reference)

        # Pepe can read other package
        authorizer.check_read_package("pepe", self.package_reference2)

        # WRITE PERMISSIONS

        # Pepe can write conans
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Juan can't write conans
        self.assertRaises(ForbiddenException, authorizer.check_write_conan,
                          "juan", self.openssl_ref)

        # Owner can write conans
        authorizer.check_write_conan("lasote", self.openssl_ref)

        # Pepe can't write other conans
        self.assertRaises(ForbiddenException, authorizer.check_write_conan,
                          "pepe", self.openssl_ref2)

        # Owner can write package
        authorizer.check_write_package("lasote", self.package_reference)

        # Pepe can write package
        authorizer.check_write_package("pepe", self.package_reference)

        # Pepe can't write other package
        self.assertRaises(ForbiddenException, authorizer.check_write_package,
                          "pepe", self.package_reference2)
Beispiel #3
0
    def users_test(self):
        """Check that lists of user names are parsed correctly"""

        # Simple user list
        read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1','user2','user3']:
            authorizer.check_read_conan(u, self.openssl_ref)

        # Spaces bewteen user names should be ignored
        read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1','user2','user3']:
            authorizer.check_read_conan(u, self.openssl_ref)
Beispiel #4
0
    def test_users(self):
        """Check that lists of user names are parsed correctly"""

        # Simple user list
        read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1', 'user2', 'user3']:
            authorizer.check_read_conan(u, self.openssl_ref)

        # Spaces bewteen user names should be ignored
        read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1', 'user2', 'user3']:
            authorizer.check_read_conan(u, self.openssl_ref)
Beispiel #5
0
    def test_authenticated_user_wildcard_permissions(self):
        """Check that authenciated user wildcard permissions logic is ok"""
        # Only authenticated users can read openssl
        read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")]
        # Authenticated users can write any
        write_perms = [("*/*@*/*", "?")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Authenticated user can read conan
        authorizer.check_read_conan("pepe", self.openssl_ref)

        # Authenticated user can read package
        authorizer.check_read_package("pepe", self.openssl_pref)

        # Anonymous user can not read conan, they must authenticate
        self.assertRaises(AuthenticationException, authorizer.check_read_conan,
                          None, self.openssl_ref)

        # Anonymous user can not read package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_read_package, None,
                          self.openssl_pref)

        # WRITE PERMISSIONS

        # Authenticated user can write conan
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Authenticated user can write package
        authorizer.check_write_package("pepe", self.openssl_pref)

        # Anonymous user can not write conan, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_conan, None, self.openssl_ref)

        # Anonymous user can not write package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_package, None,
                          self.openssl_pref)
Beispiel #6
0
    def authenticated_user_wildcard_permissions_test(self):
        """Check that authenciated user wildcard permissions logic is ok"""
        # Only authenticated users can read openssl
        read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")]
        # Authenticated users can write any
        write_perms = [("*/*@*/*", "?")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Authenticated user can read conan
        authorizer.check_read_conan("pepe", self.openssl_ref)

        # Authenticated user can read package
        authorizer.check_read_package("pepe", self.package_reference)

        # Anonymous user can not read conan, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_read_conan, None, self.openssl_ref)

        # Anonymous user can not read package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_read_package, None, self.package_reference)

        # WRITE PERMISSIONS

        # Authenticated user can write conan
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Authenticated user can write package
        authorizer.check_write_package("pepe", self.package_reference)

        # Anonymous user can not write conan, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_conan, None, self.openssl_ref)

        # Anonymous user can not write package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_package, None, self.package_reference)
Beispiel #7
0
    def check_wildcards_test(self):
        # Only pepe can read openssl versions
        read_perms = [("openssl/*@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read all openssl versions
        authorizer.check_read_conan("pepe", self.openssl_ref)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref2)

        # Only pepe can read versions 2.0.1 of lasote/testing
        read_perms = [("*/2.0.2@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl 2.0.1 version and 2.0.2 (only matches 2.0.2, so other is allowed)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't read 2.0.2
        authorizer.check_read_conan("juan", self.openssl_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref2)

        # Only pepe can read openssl version 2.0.1 from any owner
        read_perms = [("openssl/2.0.1@*/testing", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read any openssl/2.0.1
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        authorizer.check_read_conan("pepe", tmp_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", tmp_ref)

        # Only pepe can read openssl version 2.0.1 from lasote/any channel
        read_perms = [("openssl/2.0.1@lasote/*", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl/2.0.1 from any channel but only from lasote
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "pepe", tmp_ref)

        tmp_ref = ConanFileReference.loads("openssl/2.0.1@lasote/otherchannel")
        authorizer.check_read_conan("pepe", tmp_ref)
Beispiel #8
0
    def check_wildcards_test(self):
        # Only pepe can read openssl versions
        read_perms = [("openssl/*@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read all openssl versions
        authorizer.check_read_conan("pepe", self.openssl_ref)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref2)

        # Only pepe can read versions 2.0.1 of lasote/testing
        read_perms = [("*/2.0.2@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl 2.0.1 version and 2.0.2 (only matches 2.0.2, so other is allowed)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't read 2.0.2
        authorizer.check_read_conan("juan", self.openssl_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref2)

        # Only pepe can read openssl version 2.0.1 from any owner
        read_perms = [("openssl/2.0.1@*/testing", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read any openssl/2.0.1
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        authorizer.check_read_conan("pepe", tmp_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", tmp_ref)

        # Only pepe can read openssl version 2.0.1 from lasote/any channel
        read_perms = [("openssl/2.0.1@lasote/*", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl/2.0.1 from any channel but only from lasote
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "pepe", tmp_ref)

        tmp_ref = ConanFileReference.loads("openssl/2.0.1@lasote/otherchannel")
        authorizer.check_read_conan("pepe", tmp_ref)