def test_default_roles(self):
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0]
creds = fts3auth.UserCredentials(env, TestUserCredentials.ROLES)
self.assertEqual(fts3auth.VO, creds.getGrantedLevelFor(fts3auth.TRANSFER))
self.assertEqual(fts3auth.PRIVATE, creds.getGrantedLevelFor(fts3auth.DELEGATION))
self.assertEqual(fts3auth.NONE, creds.getGrantedLevelFor(fts3auth.CONFIG))
def test_roles(self):
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0]
env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1]
env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2]
env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3]
creds = UserCredentials(env, TestUserCredentials.ROLES)
self.assertEqual(fts3auth.ALL, creds.getGrantedLevelFor(fts3auth.CONFIG))
self.assertEqual(fts3auth.ALL, creds.getGrantedLevelFor(fts3auth.TRANSFER))
self.assertEqual(fts3auth.ALL, creds.getGrantedLevelFor(fts3auth.DELEGATION))
def get_user_credentials(self):
"""
Get the user credentials from the environment
"""
return fts3auth.UserCredentials(self.app.extra_environ,
{'public': {
'*': 'all'
}})
def test_authorize_root(self):
"""
If the credentials are those of the server (hostcert.pem), then grant full
access
"""
env = dict()
env['SSL_SERVER_S_DN'] = '/DN=test'
env['GRST_CRED_AURI_0'] = 'dn:/DN=notme'
env['fts3.User.Credentials'] = fts3auth.UserCredentials(env, TestAuthorization.ROLES)
self.assertFalse(fts3auth.authorized(fts3auth.CONFIG, env=env))
self.assertTrue(fts3auth.authorized(fts3auth.DELEGATION, env=env))
self.assertFalse(fts3auth.authorized(fts3auth.TRANSFER, env=env, resource_vo='atlas'))
env['GRST_CRED_AURI_0'] = 'dn:/DN=test'
env['fts3.User.Credentials'] = fts3auth.UserCredentials(env, TestAuthorization.ROLES)
self.assertTrue(fts3auth.authorized(fts3auth.CONFIG, env=env))
self.assertTrue(fts3auth.authorized(fts3auth.DELEGATION, env=env))
self.assertTrue(fts3auth.authorized(fts3auth.TRANSFER, env=env, resource_vo='atlas'))
def test_basic_ssl(self):
"""
Plain mod_ssl must work. No VO, though.
"""
creds = fts3auth.UserCredentials(
{'SSL_CLIENT_S_DN': TestUserCredentials.DN})
self.assertEqual(TestUserCredentials.DN, creds.user_dn)
self.assertEqual([], creds.voms_cred)
self.assertEqual(['*****@*****.**'], creds.vos)
def setUp(self):
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestAuthorization.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestAuthorization.FQANS[0]
env['GRST_CRED_AURI_2'] = 'fqan:' + TestAuthorization.FQANS[1]
env['GRST_CRED_AURI_3'] = 'fqan:' + TestAuthorization.FQANS[2]
self.creds = fts3auth.UserCredentials(env, TestAuthorization.ROLES)
env['fts3.User.Credentials'] = self.creds
self.env = env
def test_authorize_config_via_db(self):
"""
Credentials with no vo extensions, if the DN is in the database as authorized,
configuration should be allowed
"""
del self.creds
del self.env['fts3.User.Credentials']
env = dict(GRST_CRED_AURI_0='dn:' + TestAuthorization.DN)
self.creds = fts3auth.UserCredentials(env, TestAuthorization.ROLES)
self.env['fts3.User.Credentials'] = self.creds
self.assertFalse(fts3auth.authorized(fts3auth.CONFIG, env = self.env))
authz = AuthorizationByDn(dn=TestAuthorization.DN, operation=fts3auth.CONFIG)
Session.merge(authz)
Session.commit()
# Force reload of creds
self.creds = fts3auth.UserCredentials(env, TestAuthorization.ROLES)
self.env['fts3.User.Credentials'] = self.creds
self.assertTrue(fts3auth.authorized(fts3auth.CONFIG, env = self.env))
def test_gridsite(self):
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0]
env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1]
env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2]
env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3]
creds = fts3auth.UserCredentials(env)
self.assertEqual(TestUserCredentials.DN, creds.user_dn)
self.assertEqual(['testvo', 'testvo/group'], creds.vos)
self.assertEqual(TestUserCredentials.FQANS, creds.voms_cred)
self.assertEqual(['myrole', 'admin'], creds.roles)
def test_default_roles(self):
"""
Set environment as mod_gridsite would do, but with no roles
present.
"""
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0]
creds = fts3auth.UserCredentials(env, TestUserCredentials.ROLES)
self.assertEqual(fts3auth.VO,
creds.get_granted_level_for(fts3auth.TRANSFER))
self.assertEqual(fts3auth.PRIVATE,
creds.get_granted_level_for(fts3auth.DELEGATION))
self.assertEqual(fts3auth.NONE,
creds.get_granted_level_for(fts3auth.CONFIG))
def test_gridsite(self):
"""
Set environment as mod_gridsite would do, and check the vos,
roles and so on are set up properly.
"""
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0]
env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1]
env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2]
env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3]
creds = fts3auth.UserCredentials(env)
self.assertEqual(TestUserCredentials.DN, creds.user_dn)
self.assertEqual(['testvo', 'testvo/group'], creds.vos)
self.assertEqual(TestUserCredentials.FQANS, creds.voms_cred)
self.assertEqual(['myrole', 'admin'], creds.roles)
def test_roles(self):
"""
Set environment as mod_gridsite would do, and then check that
the granted levels are set up properly.
"""
env = {}
env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN
env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0]
env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1]
env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2]
env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3]
creds = fts3auth.UserCredentials(env, TestUserCredentials.ROLES)
self.assertEqual(fts3auth.ALL,
creds.get_granted_level_for(fts3auth.CONFIG))
self.assertEqual(fts3auth.VO,
creds.get_granted_level_for(fts3auth.TRANSFER))
self.assertEqual(fts3auth.PRIVATE,
creds.get_granted_level_for(fts3auth.DELEGATION))
def getUserCredentials(self):
return fts3auth.UserCredentials(self.app.extra_environ,
{'public': {
'*': 'all'
}})
def test_basic_ssl(self):
creds = fts3auth.UserCredentials({'SSL_CLIENT_S_DN': TestUserCredentials.DN})
self.assertEqual(TestUserCredentials.DN, creds.user_dn)
self.assertEqual([], creds.voms_cred)
self.assertEqual([], creds.vos)
