def testCheckACL(self):
access_manager = access_control.FullAccessControlManager()
# Supervisor can do anything
token = access_control.ACLToken(username="******", supervisor=True)
self.assertTrue(access_manager.CheckACL(token, "aff4:/C.0000000000000001"))
# No target should raise
token = access_control.ACLToken(username="******")
with self.assertRaises(access_control.UnauthorizedAccess):
access_manager.CheckACL(token, "")
# Unless it is a system user
token = access_control.ACLToken(username="******", reason="bcause")
self.assertTrue(access_manager.CheckACL(token, None))
# No reason should raise
token = access_control.ACLToken(username="******")
with self.assertRaises(access_control.UnauthorizedAccess):
access_manager.CheckACL(token, "aff4:/C.0000000000000001")
def setUp(self):
super(ClientApprovalByLabelTests, self).setUp()
# Set up clients and labels before we turn on the FullACM. We need to create
# the client because to check labels the client needs to exist.
client_ids = self.SetupClients(3)
self.client_nolabel = rdf_client.ClientURN(client_ids[0])
self.client_legal = rdf_client.ClientURN(client_ids[1])
self.client_prod = rdf_client.ClientURN(client_ids[2])
with aff4.FACTORY.Open(self.client_legal,
aff4_type="VFSGRRClient",
mode="rw",
token=self.token) as client_obj:
client_obj.AddLabels("legal_approval")
with aff4.FACTORY.Open(self.client_prod,
aff4_type="VFSGRRClient",
mode="rw",
token=self.token) as client_obj:
client_obj.AddLabels("legal_approval", "prod_admin_approval")
self.db_manager_stubber = utils.Stubber(
data_store.DB, "security_manager",
access_control.FullAccessControlManager())
self.db_manager_stubber.Start()
self.approver = test_lib.ConfigOverrider({
"ACL.approvers_config_file":
os.path.join(self.base_path, "approvers.yaml")
})
self.approver.Start()
# Get a fresh approval manager object and reload with test approvers.
self.approval_manager_stubber = utils.Stubber(
client_approval_auth, "CLIENT_APPROVAL_AUTH_MGR",
client_approval_auth.ClientApprovalAuthorizationManager())
self.approval_manager_stubber.Start()
def setUp(self):
super(FullAccessControlManagerIntegrationTest, self).setUp()
data_store.DB.security_manager = access_control.FullAccessControlManager(
)
def setUp(self):
super(AccessControlTest, self).setUp()
# We want to test the FullAccessControlManager
data_store.DB.security_manager = access_control.FullAccessControlManager(
)
