def testDoesNotRaiseWhenLabelMatches(self):
with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd:
fd.AddLabel("foo", owner="GRR")
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)
def testRaisesIfOwnerDoesNotMatch(self):
with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd:
fd.AddLabel("foo", owner="GRRother")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)
def testRaisesWhenLabelDoesNotMatchAmongManyLabels(self):
with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd:
fd.AddLabel("foo1", owner="GRR")
fd.AddLabel("2foo", owner="GRR")
fd.AddLabel("1foo2", owner="GRR")
fd.AddLabel("bar", owner="GRR")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)