def create_user(self, display_name, id, pw, opts):
pycb.log(logging.INFO, "===== def create_user of cbAuthzSecurity.py")
db_obj = DB(con_str=self.con_str)
user = User(db_obj, friendly=display_name)
user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
db_obj.commit()
db_obj.close()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
if len(args) > 0:
u_pattern = args[0]
else:
u_pattern = ""
if opts.bya:
usa = User.find_alias(db_obj, u_pattern)
users = []
for ua in usa:
users.append(ua.get_canonical_user())
else:
users = User.find_user(db_obj, u_pattern)
if users == None:
pynimbusauthz.print_msg(opts, 0, "No users in list")
return 1
for u in users:
list_user(opts, u)
except AuthzException, ae:
print ae
return ae.get_rc()
class TestTouchCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_touch(self):
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertEqual(f, None)
rc = pynimbusauthz.touch.main([self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertNotEqual(f, None)
def test_bucket_touch(self):
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main(["-t", pynimbusauthz.object_type_s3, self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertNotEqual(f, None)
def test_under_bucket_touch(self):
bname = str(uuid.uuid1())
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main(["-t", pynimbusauthz.object_type_s3, self.user1.get_id(), bname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.touch.main(["-p", bname, self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
b1 = File.get_file(self.db, bname, pynimbusauthz.object_type_s3)
f1 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
self.assertNotEqual(b1, None)
self.assertNotEqual(f1, None)
def test_bad_opts(self):
bname = str(uuid.uuid1())
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main([bname, data])
self.assertEqual(rc, 32, "CLI should return failure %d" % (rc))
rc = pynimbusauthz.touch.main(["-p", bname, self.user1.get_id(), fname, data])
self.assertEqual(rc, 33, "CLI should return failure %d" % (rc))
def test_alias_lookup_simple(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name1@")
alias2 = user1.get_alias("/name/", pynimbusauthz.alias_type_s3)
self.assertEqual(alias1.get_name(), alias2.get_name(), "Alias names should be the same")
self.assertEqual(alias1.get_type(), alias2.get_type(), "Alias types should be the same")
self.assertEqual(alias1.get_data(), alias2.get_data(), "Alias data should be the same")
def test_create_same_alias(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
try:
alias2 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
self.fail("This should have caused an conflict on insert")
except:
pass
def remove_user(self, force=False):
try:
if force:
uc = User(self.db_obj, uu=self.get_canonical_id(), create=False)
uc.destroy_brutally()
else:
self.alias.remove()
finally:
self.db_obj.commit()
def test_destroy_user(self):
user1 = User(self.db)
uu = user1.get_id()
user1.destroy_brutally()
try:
user1 = User(self.db, uu)
self.fail("The uuid should have been deleted %s" % (uu))
except:
pass
def remove_user(self, force=False):
pycb.log(logging.INFO, "===== def remove_user of cbAuthzSecurity.py")
try:
if force:
uc = User(self.db_obj, uu=self.get_canonical_id(), create=False)
uc.destroy_brutally()
else:
self.alias.remove()
finally:
self.db_obj.commit()
def test_basic_stat(self):
user2 = User(self.db)
self.db.commit()
rc = pynimbusauthz.chmod.main([user2.get_id(), self.name, "Rrw"])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main([self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["-a", self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_create_alias_simple(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "testname@")
user2 = alias1.get_canonical_user()
self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
alias1 = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "name2@", "pooP")
user2 = alias1.get_canonical_user()
self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
print alias1
def test_set_alias_data(self):
user1 = User(self.db)
self.db.commit()
alias_name = "helloname"
alias1 = user1.create_alias(alias_name, pynimbusauthz.alias_type_s3, alias_name)
key = "helloworld"
alias1.set_data(key)
self.db.commit()
alias2 = user1.get_alias(alias_name, pynimbusauthz.alias_type_s3)
self.assertEqual(alias1.get_data(), alias2.get_data(), "alias not equal")
self.assertEqual(key, alias2.get_data(), "alias not equal")
def test_basic_alias(self):
user = User(self.db)
uu = user.get_id()
aname = "alias1"
self.db.commit()
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.assertNotEqual(ua, None, "alias not found")
rc = pynimbusauthz.add_user.main(["-x", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.assertEqual(ua, None, "alias should not be found")
def test_set_key(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
rc = pynimbusauthz.add_user.main(["-g", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
key = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-k", key, "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.db.commit()
k2 = ua.get_data()
self.assertEqual(k2, key)
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user = User(self.db)
def tearDown(self):
self.user.destroy_brutally()
self.db.close()
def test_get_no_quota(self):
q = self.user.get_quota()
self.assertEqual(q, User.UNLIMITED)
def test_set_quota(self):
q = 100
self.user.set_quota(q)
qrc = self.user.get_quota()
self.assertEqual(q, qrc)
def test_get_no_usage(self):
u = self.user.get_quota_usage()
self.assertEqual(u, 0)
def test_add_file_usage_one_file(self):
size1 = 100
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, self.user, data, pynimbusauthz.object_type_s3, size=size1)
self.db.commit()
u = self.user.get_quota_usage()
self.assertEqual(u, size1)
def test_add_file_usage_many_files(self):
size1 = 100
name = "/file/name"
data = "/etc/group"
total = 0
for i in range(0, 10):
file1 = File.create_file(self.db, name+str(i), self.user, data, pynimbusauthz.object_type_s3, size=size1)
total = total + size1
self.db.commit()
u = self.user.get_quota_usage()
self.assertEqual(u, total)
def __init__(self, alias_name, con_str):
self.db_obj = DB(con_str=con_str)
alias = User.find_alias(self.db_obj, alias_name, pynimbusauthz.alias_type_s3)
a_list = list(alias)
if len(a_list) < 1:
raise cbException('AccessDenied')
# pick the first one, hmmm XXX
self.alias = a_list[0]
self.user = self.alias.get_canonical_user()
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
user = User(db_obj, args[0], create=False)
if opts.quota != None:
q = opts.quota
if opts.quota == "UNLIMITED":
q = User.UNLIMITED
user.set_quota(q, object_type=opts.type)
if opts.report:
q = user.get_quota(object_type=opts.type)
u = user.get_quota_usage(object_type=opts.type)
if q != User.UNLIMITED:
r = q - u
rstr = pynimbusauthz.pretty_number(r)
qstr = pynimbusauthz.pretty_number(q)
ustr = pynimbusauthz.pretty_number(u)
pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Quota", qstr))
pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Usage", ustr))
pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Remaining", rstr))
if r < 0:
pynimbusauthz.print_msg(opts, 0, "OVER LIMIT!")
elif r == 0:
pynimbusauthz.print_msg(opts, 0, "At Limit")
else:
p = (float(r) / float(q)) * 100.0
pynimbusauthz.print_msg(opts, 0, "%-10s %5.1f%%" % ("Available", p))
else:
pynimbusauthz.print_msg(opts, 0, "Quota UNLIMITED")
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def test_alias_lookup(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "1")
aliasX = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "2")
aliasX = user1.create_alias("/name3", pynimbusauthz.alias_type_s3, "3")
aliasX = user1.create_alias("/name4", pynimbusauthz.alias_type_s3, "4")
all_alias = user1.get_all_alias()
found = False
for a in all_alias:
if a.get_name() == alias1.get_name() and a.get_type() == alias1.get_type():
found = True
self.assertTrue(found, "We should have found the alias")
all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
found = False
for a in all_alias:
if a.get_name() == alias1.get_name() and a.get_type() == alias1.get_type():
found = True
self.assertTrue(found, "We should have found the alias")
def get_user_object_by_access_id(self, access_id):
"""Get a new connection every time this is called to make sure it is cleaned up"""
db = DB(self._cumulus_db)
user_alias = User.find_alias(db, access_id)
if not user_alias:
raise PhantomAWSException('InvalidClientTokenId')
l = list(user_alias)
db.close()
if l < 1:
raise PhantomAWSException('InvalidClientTokenId')
return PhantomUserObject(access_id, l[0].get_data(), l[0].get_friendly_name())
def grant(self, user_id, bucketName, objectName=None, perms="Rr"):
try:
uf = self.get_uf(bucketName, objectName)
new_alias_iter = User.find_alias(self.db_obj, user_id, pynimbusauthz.alias_type_s3)
new_alias_list = list(new_alias_iter)
new_alias = new_alias_list[0]
new_user = new_alias.get_canonical_user()
uf.chmod(perms, user=new_user)
finally:
self.db_obj.commit()
def grant(self, user_id, bucketName, objectName=None, perms="Rr"):
pycb.log(logging.INFO, "===== def grant of cbAuthzSecurity.py")
try:
uf = self.get_uf(bucketName, objectName)
new_alias_iter = User.find_alias(self.db_obj, user_id, pynimbusauthz.alias_type_s3)
new_alias_list = list(new_alias_iter)
new_alias = new_alias_list[0]
new_user = new_alias.get_canonical_user()
uf.chmod(perms, user=new_user)
finally:
self.db_obj.commit()
def test_user_alias_remove(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
rc = pynimbusauthz.add_user.main(["-x", aname, "-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
try:
user = User(self.db, uu)
self.fail("should have had an exception loading user")
except:
pass
try:
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.fail("should have had an exception loading user")
except:
pass
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def reset_users(nh, clean_pattern='%'):
dbobj = pynimbusauthz.get_db_connection_string()
users_to_delete = User.find_user_by_friendly(dbobj, clean_pattern)
for user in users_to_delete:
files = File.get_user_files(dbobj, user)
for f in files:
name = f.get_data_key()
f.delete()
# commit every file delete before removing the actual file
dbobj.commit()
pycb.config.bucket.delete_object(name)
user.destroy_brutally()
# commit after every user because otherwise the file delete inner
# loop will commit in less obvious ways
dbobj.commit()
def test_find_user_alias(self):
user1 = User(self.db)
self.db.commit()
alias_name = "helloname"
alias1 = user1.create_alias(alias_name, pynimbusauthz.alias_type_s3, alias_name)
self.db.commit()
fid = "%%" + alias_name[1:]
lid = alias_name[:-1] + "%%"
mid = "%%" + alias_name[1:-1] + "%%"
# find by exact id
u_all = UserAlias.find_alias(self.db, alias_name)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(alias1, u_all))
# find by exact partial 1
u_all = UserAlias.find_alias(self.db, fid)
self.assertTrue(self.find_user_id(alias1, u_all))
# find by exact partial 1
u_all = UserAlias.find_alias(self.db, lid)
self.assertTrue(self.find_user_id(alias1, u_all))
# find by exact partial 1
u_all = UserAlias.find_alias(self.db, mid)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(alias1, u_all))
def test_list_alias(self):
uu = str(uuid.uuid1())
user = User(self.db, uu, create=True)
# add a few alias
self.db.commit()
alias_a = []
for i in range(0, 10):
aname = str(uuid.uuid1())
alias_a.append(aname)
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
rc = pynimbusauthz.list_user.main(["-a", "-O", self.outFileName])
self.assertEqual(rc, 0, "CLI should return success")
rc = self.find_out_string(uu)
self.assertTrue(rc, "Username not found")
for a in alias_a:
rc = self.find_out_string(a)
self.assertTrue(rc, "Username not found")
def main(argv=sys.argv[1:]):
try:
repo_dir = argv[0]
repo_dir = str(repo_dir).strip()
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
user = User(db_obj, uu="CumulusPublicUser")
if user == None:
raise Exception("No public user")
File.create_file(db_obj, repo_dir, user, repo_dir,
pynimbusauthz.alias_type_s3)
db_obj.commit()
except:
raise
return 0
def test_create_alias_simple(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3,
"testname@")
user2 = alias1.get_canonical_user()
self.assertEqual(user1.get_id(), user2.get_id(),
"User IDs should be equal")
alias1 = user1.create_alias("/name2", pynimbusauthz.alias_type_s3,
"name2@", "pooP")
user2 = alias1.get_canonical_user()
self.assertEqual(user1.get_id(), user2.get_id(),
"User IDs should be equal")
print alias1
def test_change_key(self):
user1 = User(self.db)
name = "/file/name"
old_base = "/old/path/base"
fname = "/etc/group"
new_base = "/new/base/location/dir"
f = File.create_file(self.db, name, user1, old_base + fname, pynimbusauthz.object_type_s3)
self.assertEqual(old_base + fname, f.get_data_key(), "old value not euqal")
new_key = new_base + fname
f.set_data_key(new_key)
self.db.commit()
tst_new_key = f.get_data_key()
self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))
f2 = File.get_file(self.db, name, pynimbusauthz.object_type_s3)
tst_new_key = f2.get_data_key()
self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) != 3:
raise AuthzException(
'CLI_PARAMETER',
"You must specify a username filename permssions")
user_name = args[0]
object_name = args[1]
requested_perms = args[2]
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS',
"parent %s not found" % (opts.parent))
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
raise AuthzException(
'FILE_EXISTS',
"file %s:%s not found" % (opts.type, object_name))
user = User(db_obj, uu=user_name)
uf = UserFile(file1) # create a uesrfile with owner so we can chmod
uf.chmod(requested_perms, user=user)
pynimbusauthz.print_msg(
opts, 0, "changed %s to %s for %s" %
(str(file1), requested_perms, str(user)))
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def test_file_children(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
self.db.commit()
p2 = child1.get_parent()
self.assertEqual(p2, file1, "parent not set properly")
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = file1.get_all_children()
found = False
for f in x:
if f == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
def test_find_user(self):
user1 = User(self.db)
self.db.commit()
id = user1.get_id()
fid = id[1:]
lid = id[:-1]
mid = id[1:-1]
# find by exact id
u_all = User.find_user(self.db, id)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, fid)
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, lid)
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, mid)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(user1, u_all))
def test_alias_lookup(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "1")
aliasX = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "2")
aliasX = user1.create_alias("/name3", pynimbusauthz.alias_type_s3, "3")
aliasX = user1.create_alias("/name4", pynimbusauthz.alias_type_s3, "4")
all_alias = user1.get_all_alias()
found = False
for a in all_alias:
if a.get_name() == alias1.get_name() and a.get_type(
) == alias1.get_type():
found = True
self.assertTrue(found, "We should have found the alias")
all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
found = False
for a in all_alias:
if a.get_name() == alias1.get_name() and a.get_type(
) == alias1.get_type():
found = True
self.assertTrue(found, "We should have found the alias")
def test_find_user(self):
user1 = User(self.db)
self.db.commit()
id = user1.get_id()
fid = id[1:]
lid = id[:-1]
mid = id[1:-1]
# find by exact id
u_all = User.find_user(self.db, id)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, fid)
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, lid)
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, mid)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(user1, u_all))
def test_user_alias_remove(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
rc = pynimbusauthz.add_user.main(["-x", aname, "-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
try:
user = User(self.db, uu)
self.fail("should have had an exception loading user")
except:
pass
try:
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.fail("should have had an exception loading user")
except:
pass
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user = User(self.db)
def test_basic_user(self):
user1 = User(self.db)
user2 = User(self.db, user1.get_id())
self.assertEqual(user1.get_id(), user2.get_id(),
"User IDs should be equal")
def test_delete_alias(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
alias1.remove()
alias2 = user1.get_alias("/name/", pynimbusauthz.alias_type_s3)
self.assertEqual(alias2, None, "The alias should be gone")
def test_user_to_string(self):
user1 = User(self.db)
uu = user1.get_id()
self.assertEqual(str(user1), uu,
"toString function not working for user")
def create_user(self, display_name, id, pw, opts):
db_obj = DB(con_str=self.con_str)
user = User(db_obj, friendly=display_name)
user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
db_obj.commit()
db_obj.close()
def _convert_object_row_to_UserFile(db, row, args):
user_id = str(row[0])
f = args[0]
u = User(db, user_id)
return UserFile(f, u)
def create_user(self, display_name, id, pw, opts):
db_obj = DB(con_str=self.con_str)
user = User(db_obj, friendly=display_name)
user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
db_obj.commit()
db_obj.close()
class TestTouchCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_touch(self):
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertEqual(f, None)
rc = pynimbusauthz.touch.main([self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertNotEqual(f, None)
def test_bucket_touch(self):
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main([
"-t", pynimbusauthz.object_type_s3,
self.user1.get_id(), fname, data
])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertNotEqual(f, None)
def test_under_bucket_touch(self):
bname = str(uuid.uuid1())
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main([
"-t", pynimbusauthz.object_type_s3,
self.user1.get_id(), bname, data
])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.touch.main(
["-p", bname, self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
b1 = File.get_file(self.db, bname, pynimbusauthz.object_type_s3)
f1 = File.get_file(self.db,
fname,
pynimbusauthz.object_type_s3,
parent=b1)
self.assertNotEqual(b1, None)
self.assertNotEqual(f1, None)
def test_bad_opts(self):
bname = str(uuid.uuid1())
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main([bname, data])
self.assertEqual(rc, 32, "CLI should return failure %d" % (rc))
rc = pynimbusauthz.touch.main(
["-p", bname, self.user1.get_id(), fname, data])
self.assertEqual(rc, 33, "CLI should return failure %d" % (rc))
def test_null_alias(self):
user1 = User(self.db)
all_alias = user1.get_all_alias()
self.assertEqual(len(list(all_alias)), 0, "No alias should be in DB for new user")
all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
self.assertEqual(len(list(all_alias)), 0, "No alias should be in DB for new user")
class TestChmodCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def validate_perms(self, new):
f = File.get_file_from_db_id(self.db, self.file1.get_id())
uf = UserFile(f, self.user1)
perms = uf.get_perms(force=True)
for p in new:
self.assertTrue(p in perms,
"bad perms set %s != %s" % (new, perms))
self.assertEqual(len(perms), len(new),
"perms dont match %s != %s" % (new, perms))
def test_basic_chmod(self):
uu = str(uuid.uuid1())
new_perms = "WR"
rc = pynimbusauthz.chmod.main(
[self.user1.get_id(),
self.file1.get_name(), new_perms])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
self.validate_perms(new_perms)
def test_type_chmod(self):
uu = str(uuid.uuid1())
new_perms = "WRr"
rc = pynimbusauthz.chmod.main([
"-t",
self.file1.get_object_type(),
self.user1.get_id(),
self.file1.get_name(), new_perms
])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
self.validate_perms(new_perms)
def test_badopts(self):
new_perms = "WR"
rc = pynimbusauthz.chmod.main(
["-t", self.file1.get_object_type(),
self.user1.get_id()])
self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
rc = pynimbusauthz.chmod.main(
[self.user1.get_id(), "notafile", new_perms])
self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
rc = pynimbusauthz.chmod.main([
"-t",
self.file1.get_object_type(), "-p", "nobucket",
self.user1.get_id(),
self.file1.get_name(), new_perms
])
self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
def test_bucket(self):
# create a file and a bucket
b1 = File.create_file(self.db, "bucket", self.user1, self.data,
pynimbusauthz.object_type_s3)
f2 = File.create_file(self.db,
self.name,
self.user1,
self.data,
pynimbusauthz.object_type_s3,
parent=b1)
self.db.commit()
new_perms = "WR"
rc = pynimbusauthz.chmod.main([
"-t",
f2.get_object_type(), "-p",
b1.get_name(),
self.user1.get_id(),
f2.get_name(), new_perms
])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_basic(self):
id = uuid.uuid1()
user1 = User(self.db, id, create=True)
self.db.rollback()
user1 = User(self.db, id, create=True)
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
user_uu = None
if len(args) == 1:
user_uu = args[0]
if opts.new:
user = User(db_obj,
user_uu,
friendly=opts.friendlyname,
create=True)
pynimbusauthz.print_msg(opts, 0, "User %s added" % (user.get_id()))
else:
user = User(db_obj, user_uu)
pynimbusauthz.print_msg(opts, 0, "User %s" % (user.get_id()))
if opts.alias != None:
user_alias = user.get_alias(opts.alias, opts.type)
if user_alias == None:
user_alias = user.create_alias(opts.alias, opts.type,
opts.friendlyname)
pynimbusauthz.print_msg(
opts, 0,
"Creating new alias %s:%s" % (opts.type, opts.alias))
if opts.genkey:
data = pynimbusauthz.random_string_gen(42)
pynimbusauthz.print_msg(opts, 0, "Key generated %s" % (data))
user_alias.set_data(data)
elif opts.setkey != None:
data = opts.setkey
user_alias.set_data(data)
pynimbusauthz.print_msg(opts, 0, "updated the alias key")
if opts.remove_alias != None:
user_alias = user.get_alias(opts.remove_alias, opts.type)
user_alias.remove()
if opts.remove:
pynimbusauthz.print_msg(opts, 1,
"Removing user %s" % (user.get_id()))
if opts.force:
pynimbusauthz.print_msg(opts, 1, "Removing all references")
user.destroy_brutally()
else:
user.destroy()
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()