Ejemplo n.º 1
0
    def __init__(self):
        user_folder = conan_expand_user("~")

        server_config = migrate_and_get_server_config(user_folder)

        authorizer = BasicAuthorizer(server_config.read_permissions,
                                     server_config.write_permissions)
        authenticator = BasicAuthenticator(dict(server_config.users))

        credentials_manager = JWTCredentialsManager(
            server_config.jwt_secret, server_config.jwt_expire_time)

        updown_auth_manager = JWTUpDownAuthManager(
            server_config.updown_secret, server_config.authorize_timeout)

        file_manager = get_file_manager(
            server_config, updown_auth_manager=updown_auth_manager)

        search_adapter = DiskSearchAdapter()
        search_manager = DiskSearchManager(
            SimplePaths(server_config.disk_storage_path), search_adapter)
        self.ra = ConanServer(server_config.port, server_config.ssl_enabled,
                              credentials_manager, updown_auth_manager,
                              authorizer, authenticator, file_manager,
                              search_manager, Version(SERVER_VERSION),
                              Version(MIN_CLIENT_COMPATIBLE_VERSION))
Ejemplo n.º 2
0
    def setUp(self):
        self.conan_reference = ConanFileReference.loads(
            "openssl/2.0.3@lasote/testing")
        self.package_reference = PackageReference(self.conan_reference,
                                                  "123123123")
        self.tmp_dir = temp_folder()

        read_perms = [("*/*@*/*", "*")]
        write_perms = []
        authorizer = BasicAuthorizer(read_perms, write_perms)

        self.fake_url = "http://url"
        updown_auth_manager = JWTUpDownAuthManager("secret",
                                                   timedelta(seconds=200))
        adapter = DiskAdapter(self.fake_url, self.tmp_dir, updown_auth_manager)
        self.paths = SimplePaths(self.tmp_dir)
        self.file_manager = FileManager(self.paths, adapter)

        self.service = ConanService(authorizer, self.file_manager, "lasote")

        files = hello_source_files("test")
        save_files(self.paths.export(self.conan_reference), files)
        self.conan_digest = FileTreeManifest.create(
            self.paths.export(self.conan_reference))
        conan_digest_path = os.path.join(
            self.paths.export(self.conan_reference), CONAN_MANIFEST)
        save(conan_digest_path, str(self.conan_digest))

        files = hello_source_files("package")
        save_files(self.paths.package(self.package_reference), files)
Ejemplo n.º 3
0
    def __init__(self):
        user_folder = conan_expand_user("~")
        server_folder = os.path.join(user_folder, '.conan_server')

        server_config = migrate_and_get_server_config(user_folder)
        custom_auth = server_config.custom_authenticator
        if custom_auth:
            authenticator = load_authentication_plugin(server_folder,
                                                       custom_auth)
        else:
            authenticator = BasicAuthenticator(dict(server_config.users))

        authorizer = BasicAuthorizer(server_config.read_permissions,
                                     server_config.write_permissions)
        credentials_manager = JWTCredentialsManager(
            server_config.jwt_secret, server_config.jwt_expire_time)

        updown_auth_manager = JWTUpDownAuthManager(
            server_config.updown_secret, server_config.authorize_timeout)

        file_manager = get_file_manager(
            server_config, updown_auth_manager=updown_auth_manager)

        search_adapter = DiskSearchAdapter()
        search_manager = DiskSearchManager(
            SimplePaths(server_config.disk_storage_path), search_adapter)

        server_capabilities = SERVER_CAPABILITIES
        self.ra = ConanServer(server_config.port, credentials_manager,
                              updown_auth_manager, authorizer, authenticator,
                              file_manager, search_manager,
                              Version(SERVER_VERSION),
                              Version(MIN_CLIENT_COMPATIBLE_VERSION),
                              server_capabilities)
Ejemplo n.º 4
0
    def __init__(self):
        user_folder = conan_expand_user("~")
        server_folder = os.path.join(user_folder, '.conan_server')

        server_config = migrate_and_get_server_config(user_folder)
        custom_auth = server_config.custom_authenticator
        if custom_auth:
            authenticator = load_authentication_plugin(server_folder, custom_auth)
        else:
            authenticator = BasicAuthenticator(dict(server_config.users))

        authorizer = BasicAuthorizer(server_config.read_permissions,
                                     server_config.write_permissions)
        credentials_manager = JWTCredentialsManager(server_config.jwt_secret,
                                                    server_config.jwt_expire_time)

        updown_auth_manager = JWTUpDownAuthManager(server_config.updown_secret,
                                                   server_config.authorize_timeout)

        server_store = get_server_store(server_config.disk_storage_path,
                                        server_config.public_url,
                                        updown_auth_manager=updown_auth_manager)

        server_capabilities = SERVER_CAPABILITIES
        server_capabilities.append(REVISIONS)

        self.ra = ConanServer(server_config.port, credentials_manager, updown_auth_manager,
                              authorizer, authenticator, server_store,
                              Version(SERVER_VERSION), Version(MIN_CLIENT_COMPATIBLE_VERSION),
                              server_capabilities, only_v1=False)
Ejemplo n.º 5
0
    def setUp(self):
        self.ref = ConanFileReference.loads("openssl/2.0.3@lasote/testing#%s" % DEFAULT_REVISION_V1)

        self.pref = PackageReference(self.ref, "123123123", DEFAULT_REVISION_V1)
        self.tmp_dir = temp_folder()

        read_perms = [("*/*@*/*", "*")]
        write_perms = []
        authorizer = BasicAuthorizer(read_perms, write_perms)

        self.fake_url = "http://url"
        updown_auth_manager = JWTUpDownAuthManager("secret", timedelta(seconds=200))
        adapter = ServerDiskAdapter(self.fake_url, self.tmp_dir, updown_auth_manager)
        self.server_store = ServerStore(storage_adapter=adapter)
        self.service = ConanService(authorizer, self.server_store, "lasote")
        self.search_service = SearchService(authorizer, self.server_store, "lasote")

        files = hello_source_files("test")
        save_files(self.server_store.export(self.ref), files)
        self.server_store.update_last_revision(self.ref)
        self.conan_digest = FileTreeManifest.create(self.server_store.export(self.ref))
        conan_digest_path = os.path.join(self.server_store.export(self.ref), CONAN_MANIFEST)
        save(conan_digest_path, str(self.conan_digest))

        files = hello_source_files("package")
        save_files(self.server_store.package(self.pref), files)
Ejemplo n.º 6
0
    def __init__(self, base_path=None, read_permissions=None,
                 write_permissions=None, users=None, base_url=None, plugins=None,
                 server_version=None,
                 min_client_compatible_version=None,
                 server_capabilities=None):

        plugins = plugins or []
        if not base_path:
            base_path = temp_folder()

        if server_capabilities is None:
            server_capabilities = SERVER_CAPABILITIES  # Default enabled

        if not os.path.exists(base_path):
            raise Exception("Base path not exist! %s")

        # Define storage_folder, if not, it will be readed from conf file and pointed to real user home
        self.storage_folder = os.path.join(base_path, ".conan_server", "data")
        mkdir(self.storage_folder)

        server_config = migrate_and_get_server_config(base_path, self.storage_folder)

        if TestServerLauncher.port == 0:
            TestServerLauncher.port = server_config.port

        # Encode and Decode signature for Upload and Download service
        updown_auth_manager = JWTUpDownAuthManager(server_config.updown_secret,
                                                   server_config.authorize_timeout)
        self.file_manager = get_file_manager(server_config, public_url=base_url,
                                             updown_auth_manager=updown_auth_manager)

        self.search_manager = DiskSearchManager(SimplePaths(server_config.disk_storage_path))
        # Prepare some test users
        if not read_permissions:
            read_permissions = server_config.read_permissions
            read_permissions.append(("private_library/1.0.0@private_user/testing", "*"))
            read_permissions.append(("*/*@*/*", "*"))

        if not write_permissions:
            write_permissions = server_config.write_permissions

        if not users:
            users = dict(server_config.users)

        users[TESTING_REMOTE_PRIVATE_USER] = TESTING_REMOTE_PRIVATE_PASS

        authorizer = BasicAuthorizer(read_permissions, write_permissions)
        authenticator = BasicAuthenticator(users)
        credentials_manager = JWTCredentialsManager(server_config.jwt_secret,
                                                    server_config.jwt_expire_time)

        logger.debug("Storage path: %s" % self.storage_folder)
        self.port = TestServerLauncher.port

        self.ra = ConanServer(self.port, credentials_manager, updown_auth_manager,
                              authorizer, authenticator, self.file_manager, self.search_manager,
                              server_version, min_client_compatible_version,
                              server_capabilities)
        for plugin in plugins:
            self.ra.api_v1.install(plugin)
Ejemplo n.º 7
0
    def __init__(self,
                 base_path=None,
                 read_permissions=None,
                 write_permissions=None,
                 users=None,
                 base_url=None,
                 plugins=None,
                 server_capabilities=None):

        plugins = plugins or []
        if not base_path:
            base_path = temp_folder()

        if not os.path.exists(base_path):
            raise Exception("Base path not exist! %s")

        self._base_path = base_path

        server_config = migrate_and_get_server_config(base_path)
        if server_capabilities is None:
            server_capabilities = set(SERVER_CAPABILITIES)

        if TestServerLauncher.port == 0:
            TestServerLauncher.port = server_config.port

        # Encode and Decode signature for Upload and Download service
        updown_auth_manager = JWTUpDownAuthManager(
            server_config.updown_secret, server_config.authorize_timeout)
        base_url = base_url or server_config.public_url
        self.server_store = get_server_store(server_config.disk_storage_path,
                                             base_url, updown_auth_manager)

        # Prepare some test users
        if not read_permissions:
            read_permissions = server_config.read_permissions
            read_permissions.append(
                ("private_library/1.0.0@private_user/testing", "*"))
            read_permissions.append(("*/*@*/*", "*"))

        if not write_permissions:
            write_permissions = server_config.write_permissions

        if not users:
            users = dict(server_config.users)

        users[TESTING_REMOTE_PRIVATE_USER] = TESTING_REMOTE_PRIVATE_PASS

        authorizer = BasicAuthorizer(read_permissions, write_permissions)
        authenticator = BasicAuthenticator(users)
        credentials_manager = JWTCredentialsManager(
            server_config.jwt_secret, server_config.jwt_expire_time)

        self.port = TestServerLauncher.port
        self.ra = ConanServer(self.port, credentials_manager,
                              updown_auth_manager, authorizer, authenticator,
                              self.server_store, server_capabilities)
        for plugin in plugins:
            self.ra.api_v1.install(plugin)
            self.ra.api_v2.install(plugin)
Ejemplo n.º 8
0
    def invalid_rule_test(self):
        """Invalid rule input"""
        read_perms = ["invalid_reference", "lasote", ("*/*@*/*", "")]
        write_perms = []

        authorizer = BasicAuthorizer(read_perms, write_perms)
        self.assertRaises(InternalErrorException, authorizer.check_read_conan,
                          "pepe", self.openssl_ref)
Ejemplo n.º 9
0
    def test_authenticated_user_wildcard_permissions(self):
        """Check that authenciated user wildcard permissions logic is ok"""
        # Only authenticated users can read openssl
        read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")]
        # Authenticated users can write any
        write_perms = [("*/*@*/*", "?")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Authenticated user can read conan
        authorizer.check_read_conan("pepe", self.openssl_ref)

        # Authenticated user can read package
        authorizer.check_read_package("pepe", self.openssl_pref)

        # Anonymous user can not read conan, they must authenticate
        self.assertRaises(AuthenticationException, authorizer.check_read_conan,
                          None, self.openssl_ref)

        # Anonymous user can not read package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_read_package, None,
                          self.openssl_pref)

        # WRITE PERMISSIONS

        # Authenticated user can write conan
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Authenticated user can write package
        authorizer.check_write_package("pepe", self.openssl_pref)

        # Anonymous user can not write conan, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_conan, None, self.openssl_ref)

        # Anonymous user can not write package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_package, None,
                          self.openssl_pref)
Ejemplo n.º 10
0
    def test_users(self):
        """Check that lists of user names are parsed correctly"""

        # Simple user list
        read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1', 'user2', 'user3']:
            authorizer.check_read_conan(u, self.openssl_ref)

        # Spaces bewteen user names should be ignored
        read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1', 'user2', 'user3']:
            authorizer.check_read_conan(u, self.openssl_ref)
Ejemplo n.º 11
0
    def authenticated_user_wildcard_permissions_test(self):
        """Check that authenciated user wildcard permissions logic is ok"""
        # Only authenticated users can read openssl
        read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")]
        # Authenticated users can write any
        write_perms = [("*/*@*/*", "?")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Authenticated user can read conan
        authorizer.check_read_conan("pepe", self.openssl_ref)

        # Authenticated user can read package
        authorizer.check_read_package("pepe", self.package_reference)

        # Anonymous user can not read conan, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_read_conan, None, self.openssl_ref)

        # Anonymous user can not read package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_read_package, None, self.package_reference)

        # WRITE PERMISSIONS

        # Authenticated user can write conan
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Authenticated user can write package
        authorizer.check_write_package("pepe", self.package_reference)

        # Anonymous user can not write conan, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_conan, None, self.openssl_ref)

        # Anonymous user can not write package, they must authenticate
        self.assertRaises(AuthenticationException,
                          authorizer.check_write_package, None, self.package_reference)
Ejemplo n.º 12
0
    def __init__(self, force_migration=False, server_dir=None):
        if sys.version_info.major == 2:
            raise Exception("The conan_server needs Python>=3 for running")
        self.force_migration = force_migration
        if server_dir:
            user_folder = server_folder = server_dir
        else:
            user_folder = conan_expand_user("~")
            server_folder = os.path.join(user_folder, '.conan_server')

        server_config = migrate_and_get_server_config(user_folder,
                                                      self.force_migration,
                                                      server_dir is not None)
        custom_auth = server_config.custom_authenticator
        if custom_auth:
            authenticator = load_authentication_plugin(server_folder,
                                                       custom_auth)
        else:
            authenticator = BasicAuthenticator(dict(server_config.users))

        authorizer = BasicAuthorizer(server_config.read_permissions,
                                     server_config.write_permissions)
        credentials_manager = JWTCredentialsManager(
            server_config.jwt_secret, server_config.jwt_expire_time)

        updown_auth_manager = JWTUpDownAuthManager(
            server_config.updown_secret, server_config.authorize_timeout)

        server_store = get_server_store(
            server_config.disk_storage_path,
            server_config.public_url,
            updown_auth_manager=updown_auth_manager)

        server_capabilities = SERVER_CAPABILITIES
        server_capabilities.append(REVISIONS)

        self.server = ConanServer(server_config.port, credentials_manager,
                                  updown_auth_manager, authorizer,
                                  authenticator, server_store,
                                  server_capabilities)
        if not self.force_migration:
            print("***********************")
            print("Using config: %s" % server_config.config_filename)
            print("Storage: %s" % server_config.disk_storage_path)
            print("Public URL: %s" % server_config.public_url)
            print("PORT: %s" % server_config.port)
            print("***********************")
Ejemplo n.º 13
0
    def __init__(self, force_migration=False):
        self.force_migration = force_migration
        user_folder = conan_expand_user("~")
        server_folder = os.path.join(user_folder, '.conan_server')

        server_config = migrate_and_get_server_config(user_folder, None,
                                                      self.force_migration)
        custom_auth = server_config.custom_authenticator
        if custom_auth:
            authenticator = load_authentication_plugin(server_folder,
                                                       custom_auth)
        else:
            authenticator = BasicAuthenticator(dict(server_config.users))

        authorizer = BasicAuthorizer(server_config.read_permissions,
                                     server_config.write_permissions)
        credentials_manager = JWTCredentialsManager(
            server_config.jwt_secret, server_config.jwt_expire_time)

        updown_auth_manager = JWTUpDownAuthManager(
            server_config.updown_secret, server_config.authorize_timeout)

        server_store = get_server_store(
            server_config.disk_storage_path,
            server_config.public_url,
            updown_auth_manager=updown_auth_manager)

        server_capabilities = SERVER_CAPABILITIES
        server_capabilities.append(REVISIONS)

        self.server = ConanServer(server_config.port, credentials_manager,
                                  updown_auth_manager, authorizer,
                                  authenticator, server_store,
                                  Version(SERVER_VERSION),
                                  Version(MIN_CLIENT_COMPATIBLE_VERSION),
                                  server_capabilities)
        if not self.force_migration:
            print("***********************")
            print("Using config: %s" % server_config.config_filename)
            print("Storage: %s" % server_config.disk_storage_path)
            print("Public URL: %s" % server_config.public_url)
            print("PORT: %s" % server_config.port)
            print("***********************")
Ejemplo n.º 14
0
    def users_test(self):
        """Check that lists of user names are parsed correctly"""

        # Simple user list
        read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1','user2','user3']:
            authorizer.check_read_conan(u, self.openssl_ref)

        # Spaces bewteen user names should be ignored
        read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")]
        authorizer = BasicAuthorizer(read_perms, [])
        for u in ['user1','user2','user3']:
            authorizer.check_read_conan(u, self.openssl_ref)
Ejemplo n.º 15
0
    def permissions_test(self):
        """Check that permissions logic is ok"""
        # Only lasote can read it but other conans can be readed
        read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Pepe can't read conans
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "pepe", self.openssl_ref)

        # Owner can read conans
        authorizer.check_read_conan("lasote", self.openssl_ref)

        # Pepe can read other conans
        authorizer.check_read_conan("pepe", self.openssl_ref2)

        # Pepe can't read package
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_package, "pepe", self.package_reference)

        # Owner can read package
        authorizer.check_read_package("lasote", self.package_reference)

        # Pepe can read other package
        authorizer.check_read_package("pepe", self.package_reference2)

        # WRITE PERMISSIONS

        # Pepe can write conans
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Juan can't write conans
        self.assertRaises(ForbiddenException,
                          authorizer.check_write_conan, "juan", self.openssl_ref)

        # Owner can write conans
        authorizer.check_write_conan("lasote", self.openssl_ref)

        # Pepe can't write other conans
        self.assertRaises(ForbiddenException,
                          authorizer.check_write_conan, "pepe", self.openssl_ref2)

        # Owner can write package
        authorizer.check_write_package("lasote", self.package_reference)

        # Pepe can write package
        authorizer.check_write_package("pepe", self.package_reference)

        # Pepe can't write other package
        self.assertRaises(ForbiddenException,
                          authorizer.check_write_package, "pepe", self.package_reference2)
Ejemplo n.º 16
0
    def check_wildcards_test(self):
        # Only pepe can read openssl versions
        read_perms = [("openssl/*@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read all openssl versions
        authorizer.check_read_conan("pepe", self.openssl_ref)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref2)

        # Only pepe can read versions 2.0.1 of lasote/testing
        read_perms = [("*/2.0.2@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl 2.0.1 version and 2.0.2 (only matches 2.0.2, so other is allowed)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't read 2.0.2
        authorizer.check_read_conan("juan", self.openssl_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref2)

        # Only pepe can read openssl version 2.0.1 from any owner
        read_perms = [("openssl/2.0.1@*/testing", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read any openssl/2.0.1
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        authorizer.check_read_conan("pepe", tmp_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "juan", tmp_ref)

        # Only pepe can read openssl version 2.0.1 from lasote/any channel
        read_perms = [("openssl/2.0.1@lasote/*", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl/2.0.1 from any channel but only from lasote
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        self.assertRaises(ForbiddenException,
                          authorizer.check_read_conan, "pepe", tmp_ref)

        tmp_ref = ConanFileReference.loads("openssl/2.0.1@lasote/otherchannel")
        authorizer.check_read_conan("pepe", tmp_ref)
Ejemplo n.º 17
0
    def permissions_test(self):
        """Check that permissions logic is ok"""
        # Only lasote can read it but other conans can be readed
        read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)

        # READ PERMISSIONS

        # Pepe can't read conans
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "pepe", self.openssl_ref)

        # Owner can read conans
        authorizer.check_read_conan("lasote", self.openssl_ref)

        # Pepe can read other conans
        authorizer.check_read_conan("pepe", self.openssl_ref2)

        # Pepe can't read package
        self.assertRaises(ForbiddenException, authorizer.check_read_package,
                          "pepe", self.package_reference)

        # Owner can read package
        authorizer.check_read_package("lasote", self.package_reference)

        # Pepe can read other package
        authorizer.check_read_package("pepe", self.package_reference2)

        # WRITE PERMISSIONS

        # Pepe can write conans
        authorizer.check_write_conan("pepe", self.openssl_ref)

        # Juan can't write conans
        self.assertRaises(ForbiddenException, authorizer.check_write_conan,
                          "juan", self.openssl_ref)

        # Owner can write conans
        authorizer.check_write_conan("lasote", self.openssl_ref)

        # Pepe can't write other conans
        self.assertRaises(ForbiddenException, authorizer.check_write_conan,
                          "pepe", self.openssl_ref2)

        # Owner can write package
        authorizer.check_write_package("lasote", self.package_reference)

        # Pepe can write package
        authorizer.check_write_package("pepe", self.package_reference)

        # Pepe can't write other package
        self.assertRaises(ForbiddenException, authorizer.check_write_package,
                          "pepe", self.package_reference2)
Ejemplo n.º 18
0
    def check_wildcards_test(self):
        # Only pepe can read openssl versions
        read_perms = [("openssl/*@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read all openssl versions
        authorizer.check_read_conan("pepe", self.openssl_ref)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref2)

        # Only pepe can read versions 2.0.1 of lasote/testing
        read_perms = [("*/2.0.2@lasote/testing", "pepe"), ("*/*@*/*", "*")]
        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl 2.0.1 version and 2.0.2 (only matches 2.0.2, so other is allowed)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        authorizer.check_read_conan("pepe", self.openssl_ref2)
        # Other user can't read 2.0.2
        authorizer.check_read_conan("juan", self.openssl_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref2)

        # Only pepe can read openssl version 2.0.1 from any owner
        read_perms = [("openssl/2.0.1@*/testing", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read any openssl/2.0.1
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        authorizer.check_read_conan("pepe", tmp_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", self.openssl_ref)
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "juan", tmp_ref)

        # Only pepe can read openssl version 2.0.1 from lasote/any channel
        read_perms = [("openssl/2.0.1@lasote/*", "pepe")]
        # Only pepe (and lasote because its owner) can write it and no more users can write
        write_perms = [(str(self.openssl_ref), "pepe")]

        authorizer = BasicAuthorizer(read_perms, write_perms)
        # Pepe can read openssl/2.0.1 from any channel but only from lasote
        authorizer.check_read_conan("pepe", self.openssl_ref)
        tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing")
        self.assertRaises(ForbiddenException, authorizer.check_read_conan,
                          "pepe", tmp_ref)

        tmp_ref = ConanFileReference.loads("openssl/2.0.1@lasote/otherchannel")
        authorizer.check_read_conan("pepe", tmp_ref)