def test_application_calls():
# application_list
app_list = ep.application_list()
ldap_app_list = inst.get_objs_of_type('OpenLDAPapplication')
real_app_list = ldap_tools.parse_ldap_list(ldap_app_list)
assert json.loads(app_list) == real_app_list
def test_user_calls():
# user_list
user_list = ep.user_list()
ldap_user_list = inst.get_objs_of_type('OpenLDAPuser')
real_user_list = ldap_tools.parse_ldap_list(ldap_user_list)
assert user_list == json.dumps(real_user_list)
# user_get
assert json.dumps(
ErrorCodes.admin['invalidUsername']) == ep.user_get('DoesNotExist')
user = ep.user_get('slapd')
ldap_user = inst.get_obj('cusername',
'slapd',
objectClass='OpenLDAPuser',
throw_error=True)
assert ldap_user != ()
ldap_tools.parse_ldap(ldap_user)
assert json.loads(user) == ldap_user
# user_virtue_list
assert json.dumps(
ErrorCodes.admin['invalidUsername']) == ep.user_virtue_list(
'DoesNotExist')
virtue_list = ep.user_virtue_list('slapd')
ldap_virtue_list = inst.get_objs_of_type('OpenLDAPvirtue')
parsed_virtue_list = ldap_tools.parse_ldap_list(ldap_virtue_list)
real_virtue_list = []
for v in parsed_virtue_list:
if (v['username'] == 'slapd'):
real_virtue_list.append(v)
assert json.loads(virtue_list) == real_virtue_list
def test_objs_of_type():
users = inst.get_objs_of_type('OpenLDAPuser')
slapd_name = ad_inst.query_ad('cn', 'slapd')[0][1]['sAMAccountName'][0]
assert ('cusername=slapd,cn=users,ou=virtue,dc=canvas,dc=virtue,dc=com', {
'cusername': ['slapd'],
'cauthRoleIds': ['[]'],
'ou': ['virtue'],
'objectClass': ['OpenLDAPuser'],
'name': [json.dumps(slapd_name)]
}) in users
fpatwa_name = ad_inst.query_ad('cn', 'fpatwa')[0][1]['sAMAccountName'][0]
assert ('cusername=fpatwa,cn=users,ou=virtue,dc=canvas,dc=virtue,dc=com', {
'cusername': ['fpatwa'],
'cauthRoleIds': ['[]'],
'ou': ['virtue'],
'objectClass': ['OpenLDAPuser'],
'name': [json.dumps(fpatwa_name)]
}) in users
jbenson_name = ad_inst.query_ad('cn', 'jbenson')[0][1]['sAMAccountName'][0]
assert ('cusername=jbenson,cn=users,ou=virtue,dc=canvas,dc=virtue,dc=com',
{
'cusername': ['jbenson'],
'cauthRoleIds': ['[]'],
'ou': ['virtue'],
'objectClass': ['OpenLDAPuser'],
'name': [json.dumps(jbenson_name)]
}) in users
users_parsed = ldap_tools.parse_ldap_list(users)
assert {
'username': '******',
'authorizedRoleIds': [],
'name': slapd_name
} in users_parsed
assert {
'username': '******',
'authorizedRoleIds': [],
'name': fpatwa_name
} in users_parsed
assert {
'username': '******',
'authorizedRoleIds': [],
'name': jbenson_name
} in users_parsed
def test_resource_calls():
# resource_get
assert json.dumps(
ErrorCodes.admin['invalidId']) == ep.resource_get('DoesNotExist')
res = ep.resource_get('fileshare1')
ldap_res = inst.get_obj(
'cid', 'fileshare1', objectClass='OpenLDAPresource', throw_error=True)
assert ldap_res != ()
ldap_tools.parse_ldap(ldap_res)
assert res == json.dumps(ldap_res)
# resource_list
res_list = ep.resource_list()
ldap_res_list = inst.get_objs_of_type('OpenLDAPresource')
real_res_list = ldap_tools.parse_ldap_list(ldap_res_list)
assert res_list == json.dumps(real_res_list)
def test_role_calls():
# role_create
good_role = {
'id': 'NotRelevant',
'name': 'browsing',
'version': '1.0',
'applicationIds': ['firefox', 'thunderbird'],
'startingResourceIds': ['fileshare1'],
'startingTransducerIds': [],
'networkRules': []
}
bad_role_1 = {
'id': 'NotRelevant',
'version': '1.0',
'applicationIds': ['firefox', 'thunderbird'],
'startingResourceIds': ['fileshare1'],
'startingTransducerIds': [],
'networkRules': []
}
bad_role_2 = {
'id': 'NotRelevant',
'name': 'browsing',
'version': '1.0',
'applicationIds': "['firefox', 'thunderbird']",
'startingResourceIds': "['fileshare1']",
'startingTransducerIds': "[]",
'networkRules': []
}
bad_role_3 = {
'id': 'NotRelevant',
'name': 'browsing',
'version': '1.0',
'applicationIds': ['firefox', 'thunderbird', 'DoesNotExist'],
'startingResourceIds': ['fileshare1'],
'startingTransducerIds': [],
'networkRules': []
}
bad_role_4 = {
'id': 'NotRelevant',
'name': 'browsing',
'version': '1.0',
'applicationIds': ['firefox', 'thunderbird'],
'startingResourceIds': ['fileshare1', 'DoesNotExist'],
'startingTransducerIds': [],
'networkRules': []
}
bad_role_5 = {
'id': 'NotRelevant',
'name': 'browsing',
'version': '1.0',
'applicationIds': ['firefox', 'thunderbird'],
'startingResourceIds': ['fileshare1'],
'startingTransducerIds': ['DoesNotExist'],
'networkRules': []
}
bad_role_6 = {
'id': 'NotRelevant',
'name': 'browsing',
'version': '1.0',
'applicationIds': [],
'startingResourceIds': ['fileshare1'],
'startingTransducerIds': ['DoesNotExist'],
'networkRules': []
}
assert json.dumps(ErrorCodes.admin['invalidFormat']) == ep.role_create(
bad_role_1, use_ssh=False)
assert json.dumps(ErrorCodes.admin['invalidFormat']) == ep.role_create(
bad_role_2, use_ssh=False)
assert json.dumps(
ErrorCodes.admin['invalidApplicationId']) == ep.role_create(
bad_role_3, use_ssh=False)
assert json.dumps(ErrorCodes.admin['invalidResourceId']) == ep.role_create(
bad_role_4, use_ssh=False)
assert json.dumps(
ErrorCodes.admin['invalidTransducerId']) == ep.role_create(
bad_role_5, use_ssh=False)
assert json.dumps(
ErrorCodes.admin['NoApplicationId']) == ep.role_create(
bad_role_6, use_ssh=False)
result_role_json = ep.role_create(good_role, use_ssh=False)
result_role = json.loads(result_role_json)
# role create should ignore the ID provided
assert result_role['id'] != 'NotRelevant'
assert result_role == {'id': result_role['id'], 'name': good_role['name']}
good_role['id'] = result_role['id']
good_role['state'] = 'CREATED'
good_role['startingTransducerIds'] = [
'path_mkdir', 'bprm_set_creds', 'task_create', 'task_alloc',
'inode_create', 'socket_connect', 'socket_bind', 'socket_accept',
'socket_listen', 'create_process', 'process_start', 'process_died',
'srv_create_proc', 'open_fd'
]
time.sleep(1)
ldap_role = inst.get_obj('cid', result_role['id'],
objectClass='OpenLDAProle')
assert ldap_role != ()
ldap_tools.parse_ldap(ldap_role)
# TODO: Make sure loops like these don't continue forever.
while (ldap_role['state'] == 'CREATING'):
time.sleep(5)
ldap_role = inst.get_obj('cid', result_role['id'])
ldap_tools.parse_ldap(ldap_role)
assert ldap_role == good_role
assert os.path.exists(('/mnt/efs/images/non_provisioned_virtues/'
'{0}.img').format(result_role['id']))
# This will be used in teardown_module()
global test_role_id
test_role_id = result_role['id']
# role_list
role_list = ep.role_list()
ldap_role_list = inst.get_objs_of_type('OpenLDAProle')
real_role_list = ldap_tools.parse_ldap_list(ldap_role_list)
assert role_list == json.dumps(real_role_list)
# user_role_authorize
assert json.dumps(
ErrorCodes.admin['invalidUsername']) == ep.user_role_authorize(
'DoesNotExist', test_role_id)
assert json.dumps(
ErrorCodes.admin['invalidRoleId']) == ep.user_role_authorize(
'slapd', 'DoesNotExist')
assert ep.user_role_authorize('slapd', test_role_id) == json.dumps(
ErrorCodes.admin['success'])
# Make sure LDAP has been updated
user = inst.get_obj(
'cusername', 'slapd', objectClass='OpenLDAPuser', throw_error=True)
ldap_tools.parse_ldap(user)
assert test_role_id in user['authorizedRoleIds']
# Try to authorize twice
assert json.dumps(
ErrorCodes.admin['userAlreadyAuthorized']) == ep.user_role_authorize(
'slapd', test_role_id)
# user_role_unauthorize
assert json.dumps(
ErrorCodes.admin['invalidUsername']) == ep.user_role_unauthorize(
'DoesNotExist', test_role_id)
assert json.dumps(
ErrorCodes.admin['invalidRoleId']) == ep.user_role_unauthorize(
'slapd', 'DoesNotExist')
# Todo: Check return when user is using a virtue
assert ep.user_role_unauthorize('slapd', test_role_id) == json.dumps(
ErrorCodes.admin['success'])
# Make sure LDAP has been updated
user = inst.get_obj(
'cusername', 'slapd', objectClass='OpenLDAPuser', throw_error=True)
ldap_tools.parse_ldap(user)
assert test_role_id not in user['authorizedRoleIds']
# Try to unauthorize twice
assert json.dumps(ErrorCodes.admin[
'userNotAlreadyAuthorized']) == ep.user_role_unauthorize(
'slapd', test_role_id)
inst = LDAP('', '')
dn = 'cn=admin,dc=canvas,dc=virtue,dc=com'
inst.get_ldap_connection()
inst.conn.simple_bind_s(dn, 'Test123!')
if args.delete_user:
msg = input("This is a permanent change and cannot be undone. Are you "
"sure you want to continue?\n[Y/N]")
if msg != "Y":
print("Aborted Deletion...")
sys.exit()
print('Deleting user [{}]'.format(args.delete_user))
inst.del_obj('cusername', args.delete_user, objectClass='OpenLDAPUser')
else:
users = inst.get_objs_of_type('OpenLDAPUser')
users = ldap_tools.parse_ldap_list(users)
if args.delete_all_users:
msg = input(
"This is a permanent change and cannot be undone. Are you "
"sure you want to continue?\n[Y/N]")
if msg != "Y":
print("Aborted Deletion...")
sys.exit()
print('Deleting ALL users')
for user in users:
print('Deleting user [{}]'.format(user['username']))
inst.del_obj('cusername',
user['username'],
objectClass='OpenLDAPUser')
elif args.list_users: