Ejemplos de ApiListClientApprovalsArgs en Python

Ejemplo n.º 1

    def testFilterConsidersOffsetAndCount(self):
        client_id = self.client_ids[0]

        # Create five approval requests without granting them.
        for i in range(10):
            with test_lib.FakeTime(42 + i):
                self.RequestClientApproval(client_id.Basename(),
                                           reason="Request reason %d" % i)

        args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id,
                                                      offset=0,
                                                      count=5)
        result = self.handler.Handle(args, token=self.token)

        # Approvals are returned newest to oldest, so the first five approvals
        # have reason 9 to 5.
        self.assertEqual(len(result.items), 5)
        for item, i in zip(result.items, reversed(range(6, 10))):
            self.assertEqual(item.reason, "Request reason %d" % i)

        # When no count is specified, take all items from offset to the end.
        args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id,
                                                      offset=7)
        result = self.handler.Handle(args, token=self.token)

        self.assertEqual(len(result.items), 4)
        for item, i in zip(result.items, reversed(range(0, 4))):
            self.assertEqual(item.reason, "Request reason %d" % i)

Ejemplo n.º 2

    def Run(self):
        with test_lib.FakeTime(42):
            self.CreateAdminUser("approver")

            clients = self.SetupClients(2)
            for client_id in clients:
                # Delete the certificate as it's being regenerated every time the
                # client is created.
                with aff4.FACTORY.Open(client_id, mode="rw",
                                       token=self.token) as grr_client:
                    grr_client.DeleteAttribute(grr_client.Schema.CERT)

        with test_lib.FakeTime(44):
            approval_urn = security.ClientApprovalRequestor(
                reason=self.token.reason,
                subject_urn=clients[0],
                approver="approver",
                token=self.token).Request()
            approval1_id = approval_urn.Basename()

        with test_lib.FakeTime(45):
            approval_urn = security.ClientApprovalRequestor(
                reason=self.token.reason,
                subject_urn=clients[1],
                approver="approver",
                token=self.token).Request()
            approval2_id = approval_urn.Basename()

        with test_lib.FakeTime(84):
            approver_token = access_control.ACLToken(username="******")
            security.ClientApprovalGrantor(reason=self.token.reason,
                                           delegate=self.token.username,
                                           subject_urn=clients[1],
                                           token=approver_token).Grant()

        with test_lib.FakeTime(126):
            self.Check("ListClientApprovals",
                       args=user_plugin.ApiListClientApprovalsArgs(),
                       replace={
                           approval1_id: "approval:111111",
                           approval2_id: "approval:222222"
                       })
            self.Check("ListClientApprovals",
                       args=user_plugin.ApiListClientApprovalsArgs(
                           client_id=clients[0].Basename()),
                       replace={
                           approval1_id: "approval:111111",
                           approval2_id: "approval:222222"
                       })

Ejemplo n.º 3

    def testRendersRequestedClientApprovals(self):
        self._RequestClientApprovals()

        args = user_plugin.ApiListClientApprovalsArgs()
        result = self.handler.Handle(args, token=self.token)

        # All approvals should be returned.
        self.assertEqual(len(result.items), self.CLIENT_COUNT)

Ejemplo n.º 4

Archivo: user_regression_test.py Proyecto: yeyingtomorrow/grr

    def Run(self):
        with test_lib.FakeTime(42):
            self.CreateAdminUser("approver")

            clients = self.SetupClients(2)
            for client_id in clients:
                # Delete the certificate as it's being regenerated every time the
                # client is created.
                with aff4.FACTORY.Open(client_id, mode="rw",
                                       token=self.token) as grr_client:
                    grr_client.DeleteAttribute(grr_client.Schema.CERT)

        with test_lib.FakeTime(44):
            approval1_id = self.RequestClientApproval(
                clients[0].Basename(),
                reason=self.token.reason,
                approver="approver",
                requestor=self.token.username)

        with test_lib.FakeTime(45):
            approval2_id = self.RequestClientApproval(
                clients[1].Basename(),
                reason=self.token.reason,
                approver="approver",
                requestor=self.token.username)

        with test_lib.FakeTime(84):
            self.GrantClientApproval(clients[1].Basename(),
                                     requestor=self.token.username,
                                     reason=self.token.reason,
                                     approver="approver")

        with test_lib.FakeTime(126):
            self.Check("ListClientApprovals",
                       args=user_plugin.ApiListClientApprovalsArgs(),
                       replace={
                           approval1_id: "approval:111111",
                           approval2_id: "approval:222222"
                       })
            self.Check("ListClientApprovals",
                       args=user_plugin.ApiListClientApprovalsArgs(
                           client_id=clients[0].Basename()),
                       replace={
                           approval1_id: "approval:111111",
                           approval2_id: "approval:222222"
                       })

Ejemplo n.º 5

    def testFiltersApprovalsByClientId(self):
        client_id = self.client_ids[0]

        self._RequestClientApprovals()

        # Get approvals for a specific client. There should be exactly one.
        args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id)
        result = self.handler.Handle(args, token=self.token)

        self.assertEqual(len(result.items), 1)
        self.assertEqual(result.items[0].subject.client_id, client_id)

Ejemplo n.º 6

  def Layout(self, request, response):
    """Checks the level of access the user has to this client."""
    self.subject = request.REQ.get("subject", "")
    self.silent = request.REQ.get("silent", "")

    token = request.token

    # When silent=True, we don't show ACLDialog in case of failure.
    # This is useful when we just want to make an access check and set
    # the correct reason (if found) without asking for a missing approval.
    if self.silent:
      self.layout_template = self.silent_template

    self.refresh_after_form_submit = True

    subject_urn = rdfvalue.RDFURN(self.subject)
    namespace, _ = subject_urn.Split(2)
    if self.CheckObjectAccess(subject_urn, token):
      return self.CallJavascript(
          response,
          "CheckAccess.AccessOk",
          reason=self.reason,
          silent=self.silent)

    self.cc_address = config_lib.CONFIG["Email.approval_optional_cc_address"]

    recent_reasons_list = api_user.ApiListClientApprovalsHandler().Handle(
        api_user.ApiListClientApprovalsArgs(count=5), token=request.token)
    self.recent_reasons = [x.reason for x in recent_reasons_list.items]

    if namespace == "hunts":
      self.approval_renderer = "HuntApprovalRequestRenderer"
      self.refresh_after_form_submit = False
    elif namespace == "cron":
      self.approval_renderer = "CronJobApprovalRequestRenderer"
      self.refresh_after_form_submit = False
    elif aff4_grr.VFSGRRClient.CLIENT_ID_RE.match(namespace):
      self.approval_renderer = "ClientApprovalRequestRenderer"
      self.show_keepalive_option = True
    else:
      raise RuntimeError(
          "Unexpected namespace for access check: %s (subject=%s)." %
          (namespace, self.subject))

    response = super(CheckAccess, self).Layout(request, response)
    if not self.silent:
      return self.CallJavascript(
          response,
          "CheckAccess.Layout",
          subject=self.subject,
          refresh_after_form_submit=self.refresh_after_form_submit,
          approval_renderer=self.approval_renderer)
    else:
      return response

Ejemplo n.º 7

Archivo: user_test.py Proyecto: mlynchcogent/grr

  def testFiltersApprovalsByInvalidState(self):
    self._RequestClientApprovals()

    # We only requested approvals so far, so all of them should be invalid.
    args = user_plugin.ApiListClientApprovalsArgs(
        state=user_plugin.ApiListClientApprovalsArgs.State.INVALID)
    result = self.handler.Handle(args, token=self.token)

    self.assertEqual(len(result.items), self.CLIENT_COUNT)

    # Grant access to one client. Now all but one should be invalid.
    self.GrantClientApproval(
        self.client_ids[0], self.token.username, reason=self.token.reason)
    result = self.handler.Handle(args, token=self.token)
    self.assertEqual(len(result.items), self.CLIENT_COUNT - 1)

Ejemplo n.º 8

Archivo: user_test.py Proyecto: mlynchcogent/grr

  def testFiltersApprovalsByValidState(self):
    self._RequestClientApprovals()

    # We only requested approvals so far, so none of them is valid.
    args = user_plugin.ApiListClientApprovalsArgs(
        state=user_plugin.ApiListClientApprovalsArgs.State.VALID)
    result = self.handler.Handle(args, token=self.token)

    # We do not have any approved approvals yet.
    self.assertEqual(len(result.items), 0)

    # Grant access to one client. Now exactly one approval should be valid.
    self.GrantClientApproval(
        self.client_ids[0], self.token.username, reason=self.token.reason)
    result = self.handler.Handle(args, token=self.token)
    self.assertEqual(len(result.items), 1)
    self.assertEqual(result.items[0].subject.client_id, self.client_ids[0])

Ejemplo n.º 9

Archivo: user_test.py Proyecto: mlynchcogent/grr

  def testFiltersApprovalsByClientIdAndState(self):
    client_id = self.client_ids[0]

    self._RequestClientApprovals()

    # Grant approval to a certain client.
    self.GrantClientApproval(
        client_id, self.token.username, reason=self.token.reason)

    args = user_plugin.ApiListClientApprovalsArgs(
        client_id=client_id,
        state=user_plugin.ApiListClientApprovalsArgs.State.VALID)
    result = self.handler.Handle(args, token=self.token)

    # We have a valid approval for the requested client.
    self.assertEqual(len(result.items), 1)

    args.state = user_plugin.ApiListClientApprovalsArgs.State.INVALID
    result = self.handler.Handle(args, token=self.token)

    # However, we do not have any invalid approvals for the client.
    self.assertEqual(len(result.items), 0)

Ejemplo n.º 10

 def ListClientApprovals(self, requestor=None):
     requestor = requestor or self.token.username
     handler = api_user.ApiListClientApprovalsHandler()
     return handler.Handle(
         api_user.ApiListClientApprovalsArgs(),
         token=access_control.ACLToken(username=requestor)).items