def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("requestor")
client_id = self.SetupClient(0)
# Delete the certificate as it's being regenerated every time the
# client is created.
with aff4.FACTORY.Open(client_id, mode="rw",
token=self.token) as grr_client:
grr_client.DeleteAttribute(grr_client.Schema.CERT)
with test_lib.FakeTime(44):
approval_id = self.RequestClientApproval(
client_id.Basename(),
reason="foo",
approver=self.token.username,
requestor="requestor")
with test_lib.FakeTime(126):
self.Check("GrantClientApproval",
args=user_plugin.ApiGrantClientApprovalArgs(
client_id=client_id.Basename(),
approval_id=approval_id,
username="******"),
replace={approval_id: "approval:111111"})
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("requestor")
clients = self.SetupClients(1)
for client_id in clients:
# Delete the certificate as it's being regenerated every time the
# client is created.
with aff4.FACTORY.Open(client_id, mode="rw",
token=self.token) as grr_client:
grr_client.DeleteAttribute(grr_client.Schema.CERT)
with test_lib.FakeTime(44):
requestor_token = access_control.ACLToken(username="******")
approval_urn = security.ClientApprovalRequestor(
reason="foo",
subject_urn=clients[0],
approver=self.token.username,
token=requestor_token).Request()
approval_id = approval_urn.Basename()
with test_lib.FakeTime(126):
self.Check("GrantClientApproval",
args=user_plugin.ApiGrantClientApprovalArgs(
client_id=clients[0].Basename(),
approval_id=approval_id,
username="******"),
replace={approval_id: "approval:111111"})
def GrantClientApproval(self,
client_id,
requestor=None,
approval_id=None,
approver="approver",
admin=True):
"""Grant an approval from approver to delegate.
Args:
client_id: ClientURN
requestor: username string of the user receiving approval.
approval_id: id of the approval to grant.
approver: username string of the user granting approval.
admin: If True, make approver an admin user.
Raises:
ValueError: if approval_id is empty.
"""
if not approval_id:
raise ValueError("approval_id can't be empty.")
if hasattr(client_id, "Basename"):
client_id = client_id.Basename()
if not requestor:
requestor = self.token.username
self.CreateUser(requestor)
if admin:
self.CreateAdminUser(approver)
else:
self.CreateUser(approver)
if not requestor:
requestor = self.token.username
args = api_user.ApiGrantClientApprovalArgs(client_id=client_id,
username=requestor,
approval_id=approval_id)
handler = api_user.ApiGrantClientApprovalHandler()
handler.Handle(args, token=access_control.ACLToken(username=approver))