def test_duplicate_delegatee_peer_id(self):
cfg = pools_pb2.PoolsCfg(pool=[
pools_pb2.Pool(name=['abc'],
schedulers=pools_pb2.Schedulers(trusted_delegation=[
pools_pb2.TrustedDelegation(
peer_id='*****@*****.**'),
pools_pb2.TrustedDelegation(
peer_id='*****@*****.**'),
], )),
])
self.validator_test(cfg, [
'pool #0 (abc): trusted_delegation #0 ([email protected]): peer '
'"*****@*****.**" was specified twice',
])
def test_no_delegatee_peer_id(self):
cfg = pools_pb2.PoolsCfg(pool=[
pools_pb2.Pool(name=['abc'],
schedulers=pools_pb2.Schedulers(trusted_delegation=[
pools_pb2.TrustedDelegation()
], )),
])
self.validator_test(cfg, [
'pool #0 (abc): trusted_delegation #0 (): "peer_id" is required',
])
def test_wildcard_delegation_tag_ok(self):
cfg = pools_pb2.PoolsCfg(pool=[
pools_pb2.Pool(name=['abc'],
schedulers=pools_pb2.Schedulers(trusted_delegation=[
pools_pb2.TrustedDelegation(
peer_id='*****@*****.**',
require_any_of=pools_pb2.TrustedDelegation.
TagList(tag=['k:tag1/*'], ),
)
], )),
])
self.validator_test(cfg, [])
def test_bad_delegatee_peer_id(self):
cfg = pools_pb2.PoolsCfg(pool=[
pools_pb2.Pool(name=['abc'],
schedulers=pools_pb2.Schedulers(trusted_delegation=[
pools_pb2.TrustedDelegation(
peer_id='not valid email', )
], )),
])
self.validator_test(cfg, [
'pool #0 (abc): trusted_delegation #0 (not valid email): bad peer_id '
'value "not valid email" - Identity has invalid format: not valid email',
])
def test_bad_delegation_tag(self):
cfg = pools_pb2.PoolsCfg(pool=[
pools_pb2.Pool(name=['abc'],
schedulers=pools_pb2.Schedulers(trusted_delegation=[
pools_pb2.TrustedDelegation(
peer_id='*****@*****.**',
require_any_of=pools_pb2.TrustedDelegation.
TagList(tag=['not kv'], ),
)
], )),
])
self.validator_test(cfg, [
'pool #0 (abc): trusted_delegation #0 ([email protected]): bad tag #0 '
'"not kv" - must be <key>:<value>',
])
from server import pools_config
from server import task_request
from google.protobuf import text_format
TEST_CONFIG = pools_pb2.PoolsCfg(
pool=[
pools_pb2.Pool(
name=['pool_name', 'another_name'],
schedulers=pools_pb2.Schedulers(
user=['user:[email protected]', '*****@*****.**'],
group=['group1', 'group2'],
trusted_delegation=[
pools_pb2.TrustedDelegation(
peer_id='*****@*****.**',
require_any_of=pools_pb2.TrustedDelegation.TagList(
tag=['k:tag1', 'k:tag2'], ),
),
],
),
allowed_service_account=[
'*****@*****.**',
'*****@*****.**',
],
allowed_service_account_group=[
'accounts_group1',
'accounts_group2',
],
realm='test:pool/realm',
enforced_realm_permissions=[
realms_pb2.REALM_PERMISSION_POOLS_CREATE_TASK,