def test_delete_group_with_auth_but_no_perms(self): grp = Group(name='freddy') db.session.add(grp) db.session.commit() response = self.client.delete( '/api/v1/groups/freddy', headers={ 'Authorization': 'Basic {}'.format( base64.b64encode(b'AKIDEXAMPLE2:password').decode('utf-8')) }, content_type='application/json', ) assert response.status_code == 403 assert json.loads(response.get_data(as_text=True)) == { 'errors': { 'authorization': 'NotPermitted' } } args, kwargs = self.audit_log.call_args_list[0] assert args[0] == 'DeleteGroup' assert kwargs['extra'] == { 'request-id': 'a823a206-95a0-4666-b464-93b9f0606d7b', 'http.status': 403, 'errors': { 'authorization': 'NotPermitted' }, 'request.group': 'freddy', }
def setUp(self): super().setUp() group = Group(name='test-group') group.users.append(self.user2) db.session.add(group) db.session.commit()
def test_get_group_with_auth(self): grp = Group(name='devs') db.session.add(grp) db.session.commit() response = self.client.get( '/api/v1/groups/devs', headers={ 'Authorization': 'Basic {}'.format( base64.b64encode(b'AKIDEXAMPLE:password').decode('utf-8')) }, content_type='application/json', ) assert response.status_code == 200 assert json.loads(response.get_data(as_text=True)) == { 'id': 'devs', 'name': 'devs' } args, kwargs = self.audit_log.call_args_list[0] assert args[0] == 'GetGroup' assert kwargs['extra'] == { 'request-id': 'a823a206-95a0-4666-b464-93b9f0606d7b', 'http.status': 200, 'request.group': 'devs', }
def setUp(self): super().setUp() group = Group(name='test-group') db.session.add(group) gp = GroupPolicy(name='test-policy', policy={}, group=group) db.session.add(gp) db.session.commit()
def post(self, audit_ctx): args = group_parser.parse_args() audit_ctx['request.group'] = args['name'] internal_authorize('CreateGroup', format_arn('groups', args['name'])) group = Group( name=args['name'], ) db.session.add(group) db.session.commit() return jsonify(marshal(group, group_fields))
def test_authorize_service_by_group(self): with self.backend.app_context(): group = Group(name='team') group.users.append(self.user) db.session.add(group) policy = GroupPolicy(name='myserver', group=group, policy={ 'Version': '2012-10-17', 'Statement': [{ 'Action': 'myservice:*', 'Resource': '*', 'Effect': 'Allow', }] }) db.session.add(policy) db.session.commit() response = self.client.post( '/api/v1/services/myservice/authorize-by-token', data=json.dumps({ 'region': 'europe', 'permit': { 'LaunchRocket': ['arn:myservice:rockets/thrift'], }, 'headers': [('Authorization', 'Basic {}'.format( base64.b64encode(b'AKIDEXAMPLE:password').decode('utf-8'))) ], 'context': {}, }), headers={ 'Authorization': 'Basic {}'.format( base64.b64encode(b'AKIDEXAMPLE:password').decode('utf-8')) }, content_type='application/json', ) assert response.status_code == 200 assert json.loads(response.get_data(as_text=True)) == { 'Authorized': True, 'Identity': 'charles', 'Permitted': { 'LaunchRocket': ['arn:myservice:rockets/thrift'] }, 'NotPermitted': {}, } args, kwargs = self.audit_log.call_args_list[-1] assert args[0] == 'AuthorizeByToken' assert kwargs['extra'] == { 'request-id': 'a823a206-95a0-4666-b464-93b9f0606d7b', 'http.status': 200, 'request.service': 'myservice', 'request.permit': format_json({ 'LaunchRocket': ['arn:myservice:rockets/thrift'], }), 'request.region': 'europe', 'request.actions': ['myservice:LaunchRocket'], 'request.resources': ['arn:myservice:rockets/thrift'], 'request.headers': ['Authorization: ** NOT LOGGED **'], 'request.context': {}, 'response.authorized': True, 'response.identity': 'charles', 'response.permitted': format_json({'LaunchRocket': ['arn:myservice:rockets/thrift']}), 'response.not-permitted': format_json({}), }
def test_repr(self): group = Group(name='my-user') assert str(group) == '<Group \'my-user\'>'