def test04_session_permissions(self):
"""
Test the session_perms & check_access method
"""
print_ln('test session_perms')
try:
usr = User(uid="py-user*")
uList = review.find_users(usr)
for idx, entity in enumerate(uList):
if idx % 10 == 0:
sys.stdout.write('')
sys.stdout.flush()
entity.password = '******'
session = access.create_session(entity, False)
if session is None:
self.fail('test_session_permissions failed ' + entity.uid)
if session.user.roles is not None and len(
session.user.roles) > 0:
perms = access.session_perms(session)
for idx2, perm in enumerate(perms):
if idx2 % 10 == 0:
sys.stdout.write('`')
sys.stdout.flush()
result = access.check_access(session, perm)
if not result:
self.fail('test_session_permissions failed uid=' +
entity.uid + ', perm obj name=' +
perm.obj_name + ', op name=' +
perm.op_name + ', obj id=' + perm.obj_id)
print()
except Exception as e:
self.fail('test_session_permissions exception=' + e.msg)
def process_role(args):
role = load_entity(Role(), args)
print(args.entity + ' ' + args.operation)
if not args.name:
print("error --name required for entity role")
return False
elif args.operation == ADD:
constraint = load_entity(Constraint(), args)
role.constraint = constraint
admin.add_role(role)
elif args.operation == UPDATE:
constraint = load_entity(Constraint(), args)
role.constraint = constraint
admin.update_role(role)
elif args.operation == DELETE:
admin.delete_role(role)
elif args.operation == READ:
print_role(review.read_role(role), role.name)
pass
elif args.operation == SEARCH:
role.name += '*'
roles = review.find_roles(role)
if len(roles) > 0:
for idx, rle in enumerate(roles):
print_role(rle, role.name + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' + role.name)
else:
print('process_role failed, invalid operation=' + args.operation)
return False
return True
def test02_user_roles(self):
"""
Test the user_roles & is_user_in_role method
"""
print_ln('test user_roles')
try:
usr = User(uid="py-user*")
uList = review.find_users(usr)
for idx, entity in enumerate(uList):
if idx % 10 == 0:
sys.stdout.write('')
sys.stdout.flush()
entity.password = '******'
session = access.create_session(entity, False)
if session is None:
self.fail('test_user_roles failed ' + entity.uid)
if session.user.roles is not None and len(
session.user.roles) > 0:
roles = access.session_roles(session)
for role in roles:
result = access.is_user_in_role(session, role.name)
if not result:
self.fail('test_user_roles failed uid=' +
entity.uid + ', role=' + role)
print()
except Exception as e:
self.fail('test_user_roles exception=' + e)
def process_object(args):
pobject = load_entity(PermObj(), args)
print(args.entity + ' ' + args.operation)
if not args.obj_name:
print("error --obj_name required for entity object")
return False
elif args.operation == ADD:
admin.add_object(pobject)
elif args.operation == UPDATE:
admin.update_object(pobject)
elif args.operation == DELETE:
admin.delete_object(pobject)
elif args.operation == READ:
print_entity(review.read_object(pobject), pobject.obj_name)
pass
elif args.operation == SEARCH:
pobject.obj_name += '*'
objs = review.find_objects(pobject)
if len(objs) > 0:
for idx, obj in enumerate(objs):
print_entity(obj, pobject.obj_name + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' +
pobject.obj_name)
else:
print('process_object failed, invalid operation=' + args.operation)
return False
return True
def test_active_roles(self):
"""
Test the add_active_role & drop_active_role methods
"""
print_ln('test active_roles')
try:
u = userdao.read(User(uid="foouser1"))
u.password="******"
session=access.create_session (u, False)
if session.user.roles is not None and len(session.user.roles) > 0:
for role in list(access.session_roles(session)):
access.drop_active_role(session, role)
if session.user.roles is None or len(session.user.roles) > 0:
self.fail('test_active_roles did not inactivate all roles in session for uid=' + entity.uid)
for role in list(u.roles):
access.add_active_role(session, role)
if session.user.roles is None or len(session.user.roles) != len(u.roles):
self.fail('test_active_roles did not activate all roles in session for uid=' + entity.uid)
except Exception as e:
self.fail('test_active_roles exception=' + e.msg)
def test_search_roles(self):
"""
Test role search by name in file
"""
print_ln('test search role by name')
try:
rs = roledao.search(Role(name="test*"))
for r in rs:
print_entity(r, "Role")
except Exception as e:
self.fail('role search failed, exception=' + e.msg)
def test_search_perms(self):
"""
Test perm search by obj_name in file
"""
print_ln('test read perms by obj_name')
try:
perm = Perm(obj_name="test*")
p = permdao.read(perm)
print_entity(p, "Perm")
except Exception as e:
self.fail('perm search failed, exception=' + e.msg)
def test_search_users(self):
"""
Test the user search by uid in file
"""
print_ln('test search users by uid')
try:
for user in userdao.search(User(uid="foo*")):
print_entity(user, "search user")
print_entity(userdao.read(user), "read user")
except Exception as e:
self.fail('user search failed, exception=' + e.msg)
def test03_bootstrap(self):
"""
Create the DIT based on the config
"""
print_ln('test_bootstrap')
try:
ditdao.bootstrap()
print('test_bootstrap success')
except Exception as e:
error = 'test_bootstrap errpr=' + e.msg
print(error)
def test_create_roles(self):
"""
Test the role create
"""
print_ln('test create roles')
rls = role_test_data.get_test_roles('py-test', 10)
for rle in rls:
try:
rle = roledao.create(rle)
print_role(rle, "Role Create")
except Exception as e:
self.fail('role create failed, exception=' + e.msg)
def test02_del_suffix(self):
"""
Test the del suffix method
"""
print_ln('test_del_suffix')
try:
ditdao.delete_suffix()
print('test_del_suffix success')
except Exception as e:
error = 'test_del_suffix errpr=' + e.msg
print(error)
def test_create_users(self):
"""
Test the user create
"""
print_ln('test create users')
usrs = user_test_data.get_test_users('py-test', 10)
for usr in usrs:
try:
entity = userdao.create(usr)
print_user(entity, "User Create")
except Exception as e:
self.fail('user create failed, exception=' + e.msg)
def test08_add_object(self):
"""
Test the add object method
"""
print_ln('test_add_object')
objs = perm_test_data.get_test_objs('py-obj', 10)
for obj in objs:
try:
entity = admin.add_object(obj)
print_ln("Add Object=" + entity.obj_name)
except Exception as e:
self.fail('test_add_object failed, exception=' + e.msg)
def test07_add_role(self):
"""
Test the add role method
"""
print_ln('test_add_role')
rles = role_test_data.get_test_roles('py-role', 10)
for rle in rles:
try:
entity = admin.add_role(rle)
print_role(entity, "Add Role")
except Exception as e:
self.fail('test_add_role failed, exception=' + e.msg)
def test10_add_user(self):
"""
Test the add user method
"""
print_ln('test_add_user')
usrs = user_test_data.get_test_users('py-user', 10)
for usr in usrs:
try:
entity = admin.add_user(usr)
print_user(entity, "Add User")
except Exception as e:
self.fail('test_add_user failed, exception=' + e.msg)
def test_search_perms(self):
"""
Test the perm search by obj_name and op_name in ldap
"""
print_ln('test search perms by objNm')
try:
prm = Perm(obj_name = "TOB*", op_name = "TOP*")
pList = permdao.search(prm)
for idx, entity in enumerate(pList) :
print_entity (entity, "Perm[" + str(idx+1) + "]:", 1)
except Exception as e:
self.fail('perm search failed, exception=' + e.msg)
def test_search_roles(self):
"""
Test the role search by name in ldap
"""
print_ln('test search roles by name')
try:
rle = Role(name = 'oam*')
rList = roledao.search(rle)
for idx, entity in enumerate(rList) :
print_role(entity, "Role[" + str(idx+1) + "]:")
except Exception as e:
self.fail('role search failed, exception=' + e.msg)
def test_create_perms(self):
"""
Test the perm create
"""
print_ln('test create perms')
perms = perm_test_data.get_test_perms('py-test', 10)
for perm in perms:
try:
entity = permdao.create(perm)
print_ln("Create perm obj=" + entity.obj_name + ', op=' + entity.op_name + ', id=' + entity.obj_id)
except Exception as e:
self.fail('perm create failed, exception=' + e.msg)
def test_search_users(self):
"""
Test the user search by uid in ldap
"""
print_ln('test search users by uid')
try:
usr = User(uid = "jts*")
uList = userdao.search(usr)
for idx, entity in enumerate(uList) :
print_user(entity, "User[" + str(idx+1) + "]:")
except Exception as e:
self.fail('user search failed, exception=' + e.msg)
def test_create_objects(self):
"""
Test the object create
"""
print_ln('test create objects')
objs = perm_test_data.get_test_objs('py-test', 10)
for obj in objs:
try:
entity = permdao.create_obj(obj)
print_ln("Create object=" + entity.obj_name)
except Exception as e:
self.fail('perm object create failed, exception=' + e.msg)
def test_search_wild(self):
"""
Test wildcard match
"""
print_ln('test wildmatch users')
us = userdao.search(User(uid="test*"))
try:
us = sorted(map(lambda u: u.uid, us))
except Exception as e:
self.fail('exception ' + e.msg)
if us != ['testuser1', 'testuser2']:
self.fail('wrong set of users in match: ' + dumps(us))
def test09_add_perm(self):
"""
Test the add perm method
"""
print_ln('test_add_perm')
perms = perm_test_data.get_test_perms('py-obj', 10)
for perm in perms:
try:
entity = admin.add_perm(perm)
print_ln("Add Perm obj name=" + entity.obj_name + ', op=' + entity.op_name + ', id=' + entity.obj_id)
except Exception as e:
self.fail('test_add_perm failed, exception=' + e.msg)
def process_perm(args):
perm = load_entity(Perm(), args)
print(args.entity + ' ' + args.operation)
if args.operation == ADD:
admin.add_perm(perm)
elif args.operation == UPDATE:
admin.update_perm(perm)
elif args.operation == DELETE:
admin.delete_perm(perm)
elif args.operation == GRANT:
role_nm = args.role
print('role=' + role_nm)
admin.grant(perm, Role(name=role_nm))
elif args.operation == REVOKE:
role_nm = args.role
print('role=' + role_nm)
admin.revoke(perm, Role(name=role_nm))
elif args.operation == READ:
print_entity(review.read_perm(perm),
perm.obj_name + '.' + perm.op_name)
pass
elif args.operation == SEARCH:
role_nm = args.role
userid = args.uid
prms = []
label = ''
if userid:
label = userid
prms = review.user_perms(User(uid=userid))
elif role_nm:
label = role_nm
prms = review.role_perms(Role(name=role_nm))
else:
if perm.obj_name:
perm.obj_name += '*'
else:
perm.obj_name = '*'
if perm.op_name:
perm.op_name += '*'
else:
perm.op_name = '*'
label = perm.obj_name + '.' + perm.op_name
prms = review.find_perms(perm)
if len(prms) > 0:
for idx, prm in enumerate(prms):
print_entity(prm, label + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' + label)
else:
print('process_perm failed, invalid operation=' + args.operation)
return False
return True
def test06_delete_role(self):
"""
Test the role delete user method
"""
print_ln('test_delete_role')
try:
rList = review.find_roles(Role(name='py-role*'))
for rle in rList:
entity = admin.delete_role(rle)
print_ln("Delete role=" + entity.name)
except Exception as e:
self.fail('test_delete_role failed, exception=' + e.msg)
def test_delete_roles(self):
"""
Test the role delete
"""
print_ln('test delete roles')
try:
rList = roledao.search(Role(name='py-test*'))
for rle in rList:
rle = roledao.delete(rle)
print_ln("Role Delete role=" + rle.name)
except Exception as e:
self.fail('role delete failed, exception=' + e.msg)
def test03_delete_object(self):
"""
Test the role delete object method
"""
print_ln('test_delete_object')
try:
oList = review.find_objects(PermObj(obj_name='py-obj*'))
for obj in oList:
admin.delete_object(obj)
print_ln("Delete Object=" + obj.obj_name)
except Exception as e:
self.fail('test_delete_object failed, exception=' + e.msg)
def test_delete_users(self):
"""
Test the user delete
"""
print_ln('test delete users')
try:
uList = userdao.search(User(uid='py-test*'))
for usr in uList:
entity = userdao.delete(usr)
print_ln("Delete user=" + entity.uid)
except Exception as e:
self.fail('user delete failed, exception=' + e.msg)
def test_delete_perms(self):
"""
Test the perm delete
"""
print_ln('test delete perms')
try:
pList = permdao.search(Perm(obj_name='py-test*', op_name='*'))
for perm in pList:
entity = permdao.delete(perm)
print_ln("Delete perm obj=" + perm.obj_name + ', op=' + perm.op_name + ', id=' + perm.obj_id)
except Exception as e:
self.fail('perm delete failed, exception=' + e.msg)
def test_delete_objects(self):
"""
Test the object delete
"""
print_ln('test delete objects')
try:
oList = permdao.search_objs(PermObj(obj_name='py-test*'))
for obj in oList:
entity = permdao.delete_obj(obj)
print_ln("Delete object=" + obj.obj_name)
except Exception as e:
self.fail('perm obj delete failed, exception=' + e.msg)
def test_update_roles(self):
"""
Test the role update
"""
print_ln('test update roles')
rls = role_test_data.get_test_roles('py-test', 10)
for rle in rls:
rle.description += '-updated'
try:
rle = roledao.update(rle)
print_role(rle, "Role Update")
except Exception as e:
self.fail('role update failed, exception=' + e.msg)
