Ejemplo n.º 1
0
 def test_user_validation(self):
     valid_name = self._get_random_name(65535)
     usr = models.CassandraUser(valid_name, 'password')
     self.assertEqual(valid_name, usr.name)
     self.assertEqual('password', usr.password)
     with ExpectedException(ValueError):
         models.CassandraUser(self._get_random_name(65536))
Ejemplo n.º 2
0
    def test_get_listed_users(self, conn):
        usr1 = models.CassandraUser(self._get_random_name(1025))
        usr2 = models.CassandraUser(self._get_random_name(1025))
        usr3 = models.CassandraUser(self._get_random_name(1025))
        db1 = models.CassandraSchema('db1')
        db2 = models.CassandraSchema('db2')
        usr1.databases.append(db1.serialize())
        usr3.databases.append(db2.serialize())

        rv_1 = NonCallableMagicMock()
        rv_1.configure_mock(name=usr1.name, super=False)
        rv_2 = NonCallableMagicMock()
        rv_2.configure_mock(name=usr2.name, super=False)
        rv_3 = NonCallableMagicMock()
        rv_3.configure_mock(name=usr3.name, super=True)

        with patch.object(conn.return_value, 'execute', return_value=iter(
                [rv_1, rv_2, rv_3])):
            with patch.object(self.admin, '_get_acl',
                              return_value={usr1.name: {db1.name: {'SELECT'},
                                                        db2.name: {}},
                                            usr3.name: {db2.name: {'SELECT'}}}
                              ):
                usrs = self.manager.list_users(self.context)
                conn.return_value.execute.assert_has_calls([
                    call(self.__LIST_USR_FORMAT),
                ], any_order=True)
                self.assertIn(usr1.serialize(), usrs[0])
                self.assertIn(usr2.serialize(), usrs[0])
                self.assertIn(usr3.serialize(), usrs[0])
Ejemplo n.º 3
0
    def secure(self, update_user=None):
        """Configure the Trove administrative user.
        Update an existing user if given.
        Create a new one using the default database credentials
        otherwise and drop the built-in user when finished.
        """
        LOG.info(_('Configuring Trove superuser.'))

        current_superuser = update_user or models.CassandraUser(
            self.default_superuser_name, self.default_superuser_password)

        if update_user:
            os_admin = models.CassandraUser(update_user.name,
                                            utils.generate_random_password())
            CassandraAdmin(current_superuser).alter_user_password(os_admin)
        else:
            os_admin = models.CassandraUser(self._ADMIN_USER,
                                            utils.generate_random_password())
            CassandraAdmin(current_superuser)._create_superuser(os_admin)
            CassandraAdmin(os_admin).drop_user(current_superuser)

        self.__create_cqlsh_config({
            self._CONF_AUTH_SEC: {
                self._CONF_USR_KEY: os_admin.name,
                self._CONF_PWD_KEY: os_admin.password
            }
        })

        # Update the internal status with the new user.
        self.status = CassandraAppStatus(os_admin)

        return os_admin
Ejemplo n.º 4
0
    def test_create_user(self):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr2', '')
        usr3 = models.CassandraUser(self._get_random_name(1025), 'password')

        self.manager.create_user(self.context,
                                 self._serialize_collection(usr1, usr2, usr3))
        self.conn.execute.assert_has_calls([
            call(self.__CREATE_USR_FORMAT, (usr1.name, ), (usr1.password, )),
            call(self.__CREATE_USR_FORMAT, (usr2.name, ), (usr2.password, )),
            call(self.__CREATE_USR_FORMAT, (usr3.name, ), (usr3.password, ))
        ])
Ejemplo n.º 5
0
    def test_revoke_access(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr1', 'password')
        db1 = models.CassandraSchema('db1')
        db2 = models.CassandraSchema('db2')

        self.manager.revoke_access(self.context, usr1.name, None, db1.name)
        self.manager.revoke_access(self.context, usr2.name, None, db2.name)
        conn.return_value.execute.assert_has_calls([
            call(self.__REVOKE_FORMAT, (db1.name, usr1.name)),
            call(self.__REVOKE_FORMAT, (db2.name, usr2.name))
        ])
Ejemplo n.º 6
0
    def test_change_passwords(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr2', '')
        usr3 = models.CassandraUser(self._get_random_name(1025), 'password')

        self.manager.change_passwords(
            self.context, self._serialize_collection(usr1, usr2, usr3))
        conn.return_value.execute.assert_has_calls([
            call(self.__ALTER_USR_FORMAT, (usr1.name, ), (usr1.password, )),
            call(self.__ALTER_USR_FORMAT, (usr2.name, ), (usr2.password, )),
            call(self.__ALTER_USR_FORMAT, (usr3.name, ), (usr3.password, ))
        ])
Ejemplo n.º 7
0
    def test_alter_user_password(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr2', '')
        usr3 = models.CassandraUser(self._get_random_name(1025), 'password')

        self.admin.alter_user_password(usr1)
        self.admin.alter_user_password(usr2)
        self.admin.alter_user_password(usr3)
        conn.return_value.execute.assert_has_calls([
            call(self.__ALTER_USR_FORMAT, (usr1.name, ), (usr1.password, )),
            call(self.__ALTER_USR_FORMAT, (usr2.name, ), (usr2.password, )),
            call(self.__ALTER_USR_FORMAT, (usr3.name, ), (usr3.password, ))
        ])
Ejemplo n.º 8
0
    def test_get_user(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr2')
        usr3 = models.CassandraUser(self._get_random_name(1025), 'password')

        with patch.object(self.admin, self.__N_GLU, return_value={usr1, usr2,
                                                                  usr3}):
            found = self.manager.get_user(self.context, usr2.name, None)
            self.assertEqual(usr2.serialize(), found)

        with patch.object(self.admin, self.__N_GLU, return_value=set()):
            self.assertIsNone(
                self.manager.get_user(self.context, usr2.name, None))
Ejemplo n.º 9
0
    def setUp(self, *args, **kwargs):
        super(GuestAgentCassandraDBManagerTest, self).setUp()
        self.real_status = cass_service.CassandraAppStatus.set_status

        class FakeInstanceServiceStatus(object):
            status = ServiceStatuses.NEW

            def save(self):
                pass

        cass_service.CassandraAppStatus.set_status = MagicMock(
            return_value=FakeInstanceServiceStatus())
        self.context = trove_testtools.TroveTestContext(self)
        self.manager = cass_manager.Manager()
        self.manager._Manager__admin = cass_service.CassandraAdmin(
            models.CassandraUser('Test'))
        self.admin = self.manager._Manager__admin
        self.pkg = cass_service.packager
        self.origin_os_path_exists = os.path.exists
        self.origin_format = volume.VolumeDevice.format
        self.origin_migrate_data = volume.VolumeDevice.migrate_data
        self.origin_mount = volume.VolumeDevice.mount
        self.origin_mount_points = volume.VolumeDevice.mount_points
        self.origin_stop_db = cass_service.CassandraApp.stop_db
        self.origin_start_db = cass_service.CassandraApp.start_db
        self.origin_install_db = cass_service.CassandraApp._install_db
        self.original_get_ip = netutils.get_my_ipv4
        self.orig_make_host_reachable = (
            cass_service.CassandraApp.apply_initial_guestagent_configuration)
Ejemplo n.º 10
0
    def test_list_users(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr2')
        usr3 = models.CassandraUser(self._get_random_name(1025), 'password')

        with patch.object(self.admin, self.__N_GLU, return_value={usr1, usr2,
                                                                  usr3}):
            found = self.manager.list_users(self.context)
            self.assertEqual(2, len(found))
            self.assertEqual(3, len(found[0]))
            self.assertEqual(None, found[1])
            self.assertIn(usr1.serialize(), found[0])
            self.assertIn(usr2.serialize(), found[0])
            self.assertIn(usr3.serialize(), found[0])

        with patch.object(self.admin, self.__N_GLU, return_value=set()):
            self.assertEqual(([], None), self.manager.list_users(self.context))
Ejemplo n.º 11
0
 def revoke_access(self, context, username, hostname, database):
     """
     Revoke all permissions on any database resources from a given username.
     """
     user = models.CassandraUser(username)
     with CassandraLocalhostConnection(self.__admin_user) as client:
         self._revoke_all_access_on_keyspace(
             client, models.CassandraSchema(database), user)
Ejemplo n.º 12
0
 def grant_access(self, context, username, hostname, databases):
     """
     Grant full access on keyspaces to a given username.
     """
     user = models.CassandraUser(username)
     with CassandraLocalhostConnection(self.__admin_user) as client:
         for db in databases:
             self._grant_full_access_on_keyspace(client,
                                                 models.CassandraSchema(db),
                                                 user)
Ejemplo n.º 13
0
    def test_grant_access(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr1', 'password')
        db1 = models.CassandraSchema('db1')
        db2 = models.CassandraSchema('db2')
        db3 = models.CassandraSchema('db3')

        self.manager.grant_access(self.context, usr1.name, None,
                                  [db1.name, db2.name])
        self.manager.grant_access(self.context, usr2.name, None, [db3.name])

        expected = []
        for modifier in self.__ACCESS_MODIFIERS:
            expected.append(
                call(self.__GRANT_FORMAT, (modifier, db1.name, usr1.name)))
            expected.append(
                call(self.__GRANT_FORMAT, (modifier, db3.name, usr2.name)))

        conn.return_value.execute.assert_has_calls(expected, any_order=True)
Ejemplo n.º 14
0
 def _rename_user(self, client, user, new_username, new_password):
     """
     Rename a given user also updating its password.
     Transfer the current permissions to the new username.
     Drop the old username therefore revoking its permissions.
     """
     LOG.debug("Renaming user '%s' to '%s'" % (user.name, new_username))
     new_user = models.CassandraUser(new_username, new_password)
     new_user.databases.extend(user.databases)
     self._create_user_and_grant(client, new_user)
     self._drop_user(client, user)
Ejemplo n.º 15
0
    def _reset_user_password_to_default(self, username):
        LOG.debug("Resetting the password of user '%s' to '%s'." %
                  (username, self.default_superuser_password))

        user = models.CassandraUser(username, self.default_superuser_password)
        with community_service.CassandraLocalhostConnection(user) as client:
            client.execute(
                "UPDATE system_auth.roles SET salted_hash=%s "
                "WHERE role='{}';", (user.name, ),
                (self.default_superuser_pwd_hash, ))

            return user
Ejemplo n.º 16
0
    def test_rename_user(self, conn, ks_deserializer):
        usr = models.CassandraUser('usr')
        db1 = models.CassandraSchema('db1').serialize()
        db2 = models.CassandraSchema('db2').serialize()
        usr.databases.append(db1)
        usr.databases.append(db2)

        new_user = models.CassandraUser('new_user')
        with patch(self.__N_CAU, return_value=new_user):
            with patch.object(self.admin, self.__N_BU, return_value=usr):
                with patch.object(self.admin, self.__N_CU) as create:
                    with patch.object(self.admin, self.__N_GFA) as grant:
                        with patch.object(self.admin, self.__N_DU) as drop:
                            usr_attrs = {'name': 'user', 'password': '******'}
                            self.manager.update_attributes(
                                self.context, usr.name, None, usr_attrs)
                            create.assert_called_once_with(ANY, new_user)
                            grant.assert_has_calls(
                                [call(ANY, db1, ANY),
                                 call(ANY, db2, ANY)])
                            drop.assert_called_once_with(ANY, usr)
Ejemplo n.º 17
0
    def test_list_access(self, conn):
        usr1 = models.CassandraUser('usr1')
        usr2 = models.CassandraUser('usr2')
        usr3 = models.CassandraUser(self._get_random_name(1025), 'password')
        db1 = models.CassandraSchema('db1').serialize()
        db2 = models.CassandraSchema('db2').serialize()
        usr2.databases.append(db1)
        usr3.databases.append(db1)
        usr3.databases.append(db2)

        with patch.object(self.admin, self.__N_GLU, return_value={usr1, usr2,
                                                                  usr3}):
            usr1_dbs = self.manager.list_access(self.context, usr1.name, None)
            usr2_dbs = self.manager.list_access(self.context, usr2.name, None)
            usr3_dbs = self.manager.list_access(self.context, usr3.name, None)
            self.assertEqual([], usr1_dbs)
            self.assertEqual([db1], usr2_dbs)
            self.assertEqual([db1, db2], usr3_dbs)

        with patch.object(self.admin, self.__N_GLU, return_value=set()):
            with ExpectedException(exception.UserNotFound):
                self.manager.list_access(self.context, usr3.name, None)
Ejemplo n.º 18
0
    def get_current_superuser(self):
        """
        Build the Trove superuser.
        Use the stored credentials.
        If not available fall back to the defaults.
        """
        if self.has_user_config():
            return self._load_current_superuser()

        LOG.warn(
            _("Trove administrative user has not been configured yet. "
              "Using the built-in default: %s") % self.default_superuser_name)
        return models.CassandraUser(self.default_superuser_name,
                                    self.default_superuser_password)
Ejemplo n.º 19
0
 def get_cluster_admin(self):
     cluster_password = CouchbaseRootAccess.get_password()
     return models.CassandraUser(self._ADMIN_USER, cluster_password)
Ejemplo n.º 20
0
    def test_update_attributes(self, conn):
        usr = models.CassandraUser('usr', 'pwd')

        with patch.object(self.admin, self.__N_BU, return_value=usr):
            usr_attrs = {'name': usr.name, 'password': usr.password}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    self.manager.update_attributes(self.context, usr.name,
                                                   None, usr_attrs)
                    self.assertEqual(0, rename.call_count)
                    self.assertEqual(0, alter.call_count)

            usr_attrs = {'name': 'user', 'password': '******'}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    self.manager.update_attributes(self.context, usr.name,
                                                   None, usr_attrs)
                    rename.assert_called_once_with(ANY, usr, usr_attrs['name'],
                                                   usr_attrs['password'])
                    self.assertEqual(0, alter.call_count)

            usr_attrs = {'name': 'user', 'password': usr.password}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    self.manager.update_attributes(self.context, usr.name,
                                                   None, usr_attrs)
                    rename.assert_called_once_with(ANY, usr, usr_attrs['name'],
                                                   usr_attrs['password'])
                    self.assertEqual(0, alter.call_count)

            usr_attrs = {'name': 'user'}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    with ExpectedException(
                            exception.UnprocessableEntity, "Updating username "
                            "requires specifying a password as well."):
                        self.manager.update_attributes(self.context, usr.name,
                                                       None, usr_attrs)
                        self.assertEqual(0, rename.call_count)
                        self.assertEqual(0, alter.call_count)

            usr_attrs = {'name': usr.name, 'password': '******'}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    self.manager.update_attributes(self.context, usr.name,
                                                   None, usr_attrs)
                    alter.assert_called_once_with(ANY, usr)
                    self.assertEqual(0, rename.call_count)

            usr_attrs = {'password': usr.password}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    self.manager.update_attributes(self.context, usr.name,
                                                   None, usr_attrs)
                    self.assertEqual(0, rename.call_count)
                    self.assertEqual(0, alter.call_count)

            usr_attrs = {'password': '******'}
            with patch.object(self.admin, self.__N_RU) as rename:
                with patch.object(self.admin, self.__N_AUP) as alter:
                    self.manager.update_attributes(self.context, usr.name,
                                                   None, usr_attrs)
                    alter.assert_called_once_with(ANY, usr)
                    self.assertEqual(0, rename.call_count)
Ejemplo n.º 21
0
 def _load_current_superuser(self):
     config = operating_system.read_file(self._get_cqlsh_conf_path(),
                                         codec=IniCodec())
     return models.CassandraUser(
         config[self._CONF_AUTH_SEC][self._CONF_USR_KEY],
         config[self._CONF_AUTH_SEC][self._CONF_PWD_KEY])
Ejemplo n.º 22
0
 def _build_user(self, username, acl):
     user = models.CassandraUser(username)
     for ks, permissions in acl.get(username, {}).items():
         if permissions:
             user.databases.append(models.CassandraSchema(ks).serialize())
     return user
Ejemplo n.º 23
0
 def test_delete_user(self, conn):
     usr = models.CassandraUser(self._get_random_name(1025), 'password')
     self.manager.delete_user(self.context, usr.serialize())
     conn.return_value.execute.assert_called_once_with(
         self.__DROP_USR_FORMAT, (usr.name, ))