def test_delete_expired_service_account_keys_both_user_and_client(
cloud_manager, app, db_session, test_user_a, oauth_client):
"""
Test deleting all expired service account keys
"""
import fence
fence.settings = MagicMock()
cloud_manager.return_value.__enter__.return_value.delete_service_account_key.return_value = (
{})
current_time = int(time.time())
service_account = GoogleServiceAccount(
google_unique_id="1",
user_id=test_user_a["user_id"],
google_project_id="test",
email="*****@*****.**",
)
client_service_account = GoogleServiceAccount(
google_unique_id="1",
user_id=test_user_a["user_id"],
client_id=oauth_client["client_id"],
google_project_id="test",
email="*****@*****.**",
)
db_session.add(service_account)
db_session.add(client_service_account)
db_session.commit()
# Add 2 expired and 1 not expired accounts
service_account_key1 = GoogleServiceAccountKey(
key_id=1,
service_account_id=service_account.id,
expires=current_time - 3600)
service_account_key2 = GoogleServiceAccountKey(
key_id=2,
service_account_id=client_service_account.id,
expires=current_time - 3600,
)
service_account_key3 = GoogleServiceAccountKey(
key_id=3,
service_account_id=service_account.id,
expires=current_time + 3600)
db_session.add(service_account_key1)
db_session.add(service_account_key2)
db_session.add(service_account_key3)
db_session.commit()
records = db_session.query(GoogleServiceAccountKey).all()
assert len(records) == 3
# call function to delete expired service account
remove_expired_google_service_account_keys(config["DB"])
# check database. Expect 2 deleted
records = db_session.query(GoogleServiceAccountKey).all()
assert len(records) == 1
assert records[0].id == service_account_key3.id
def add_custom_service_account_key_expiration(
key_id, service_account_id, expires, private_key=None
):
"""
Add db entry of user service account key and its custom expiration.
"""
sa_key = GoogleServiceAccountKey(
key_id=key_id,
service_account_id=service_account_id,
expires=expires,
private_key=private_key,
)
current_session.add(sa_key)
current_session.commit()
def load_google_specific_user_data(db_session, test_user_d):
"""Add Google-specific user data to Fence db."""
gpg = GoogleProxyGroup(id=userd_dict["gpg_id"],
email=userd_dict["gpg_email"])
gsak = GoogleServiceAccountKey(
id=userd_dict["gsak_id"],
key_id=userd_dict["gsak_key_id"],
service_account_id=userd_dict["gsa_id"],
)
gsa = GoogleServiceAccount(
id=userd_dict["gsa_id"],
google_unique_id="d_gui",
user_id=userd_dict["user_id"],
google_project_id="d_gpid",
email=userd_dict["gsa_email"],
)
bkt = Bucket(id=userd_dict["bucket_id"])
gbag = GoogleBucketAccessGroup(
id=userd_dict["gbag_id"],
bucket_id=userd_dict["bucket_id"],
email=userd_dict["gbag_email"],
)
gpg_gbag = GoogleProxyGroupToGoogleBucketAccessGroup(
id=userd_dict["gpg_to_gbag_id"],
proxy_group_id=userd_dict["gpg_id"],
access_group_id=userd_dict["gbag_id"],
)
uga = UserGoogleAccount(
id=userd_dict["uga_id"],
email=userd_dict["uga_email"],
user_id=userd_dict["user_id"],
)
uga_pg = UserGoogleAccountToProxyGroup(
user_google_account_id=userd_dict["uga_id"],
proxy_group_id=userd_dict["gpg_id"])
db_session.add_all([gpg, gsak, gsa, bkt, gbag, gpg_gbag, uga, uga_pg])
user = (db_session.query(User).filter_by(
username=userd_dict["user_username"]).first())
user.google_proxy_group_id = userd_dict["gpg_id"]
db_session.commit()