def test_default_roles(self): env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0] creds = fts3auth.UserCredentials(env, TestUserCredentials.ROLES) self.assertEqual(fts3auth.VO, creds.getGrantedLevelFor(fts3auth.TRANSFER)) self.assertEqual(fts3auth.PRIVATE, creds.getGrantedLevelFor(fts3auth.DELEGATION)) self.assertEqual(fts3auth.NONE, creds.getGrantedLevelFor(fts3auth.CONFIG)) def test_roles(self): env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0] env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1] env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2] env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3] creds = UserCredentials(env, TestUserCredentials.ROLES) self.assertEqual(fts3auth.ALL, creds.getGrantedLevelFor(fts3auth.CONFIG)) self.assertEqual(fts3auth.ALL, creds.getGrantedLevelFor(fts3auth.TRANSFER)) self.assertEqual(fts3auth.ALL, creds.getGrantedLevelFor(fts3auth.DELEGATION))
def get_user_credentials(self): """ Get the user credentials from the environment """ return fts3auth.UserCredentials(self.app.extra_environ, {'public': { '*': 'all' }})
def test_authorize_root(self): """ If the credentials are those of the server (hostcert.pem), then grant full access """ env = dict() env['SSL_SERVER_S_DN'] = '/DN=test' env['GRST_CRED_AURI_0'] = 'dn:/DN=notme' env['fts3.User.Credentials'] = fts3auth.UserCredentials(env, TestAuthorization.ROLES) self.assertFalse(fts3auth.authorized(fts3auth.CONFIG, env=env)) self.assertTrue(fts3auth.authorized(fts3auth.DELEGATION, env=env)) self.assertFalse(fts3auth.authorized(fts3auth.TRANSFER, env=env, resource_vo='atlas')) env['GRST_CRED_AURI_0'] = 'dn:/DN=test' env['fts3.User.Credentials'] = fts3auth.UserCredentials(env, TestAuthorization.ROLES) self.assertTrue(fts3auth.authorized(fts3auth.CONFIG, env=env)) self.assertTrue(fts3auth.authorized(fts3auth.DELEGATION, env=env)) self.assertTrue(fts3auth.authorized(fts3auth.TRANSFER, env=env, resource_vo='atlas'))
def test_basic_ssl(self): """ Plain mod_ssl must work. No VO, though. """ creds = fts3auth.UserCredentials( {'SSL_CLIENT_S_DN': TestUserCredentials.DN}) self.assertEqual(TestUserCredentials.DN, creds.user_dn) self.assertEqual([], creds.voms_cred) self.assertEqual(['*****@*****.**'], creds.vos)
def setUp(self): env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestAuthorization.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestAuthorization.FQANS[0] env['GRST_CRED_AURI_2'] = 'fqan:' + TestAuthorization.FQANS[1] env['GRST_CRED_AURI_3'] = 'fqan:' + TestAuthorization.FQANS[2] self.creds = fts3auth.UserCredentials(env, TestAuthorization.ROLES) env['fts3.User.Credentials'] = self.creds self.env = env
def test_authorize_config_via_db(self): """ Credentials with no vo extensions, if the DN is in the database as authorized, configuration should be allowed """ del self.creds del self.env['fts3.User.Credentials'] env = dict(GRST_CRED_AURI_0='dn:' + TestAuthorization.DN) self.creds = fts3auth.UserCredentials(env, TestAuthorization.ROLES) self.env['fts3.User.Credentials'] = self.creds self.assertFalse(fts3auth.authorized(fts3auth.CONFIG, env = self.env)) authz = AuthorizationByDn(dn=TestAuthorization.DN, operation=fts3auth.CONFIG) Session.merge(authz) Session.commit() # Force reload of creds self.creds = fts3auth.UserCredentials(env, TestAuthorization.ROLES) self.env['fts3.User.Credentials'] = self.creds self.assertTrue(fts3auth.authorized(fts3auth.CONFIG, env = self.env))
def test_gridsite(self): env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0] env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1] env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2] env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3] creds = fts3auth.UserCredentials(env) self.assertEqual(TestUserCredentials.DN, creds.user_dn) self.assertEqual(['testvo', 'testvo/group'], creds.vos) self.assertEqual(TestUserCredentials.FQANS, creds.voms_cred) self.assertEqual(['myrole', 'admin'], creds.roles)
def test_default_roles(self): """ Set environment as mod_gridsite would do, but with no roles present. """ env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0] creds = fts3auth.UserCredentials(env, TestUserCredentials.ROLES) self.assertEqual(fts3auth.VO, creds.get_granted_level_for(fts3auth.TRANSFER)) self.assertEqual(fts3auth.PRIVATE, creds.get_granted_level_for(fts3auth.DELEGATION)) self.assertEqual(fts3auth.NONE, creds.get_granted_level_for(fts3auth.CONFIG))
def test_gridsite(self): """ Set environment as mod_gridsite would do, and check the vos, roles and so on are set up properly. """ env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0] env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1] env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2] env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3] creds = fts3auth.UserCredentials(env) self.assertEqual(TestUserCredentials.DN, creds.user_dn) self.assertEqual(['testvo', 'testvo/group'], creds.vos) self.assertEqual(TestUserCredentials.FQANS, creds.voms_cred) self.assertEqual(['myrole', 'admin'], creds.roles)
def test_roles(self): """ Set environment as mod_gridsite would do, and then check that the granted levels are set up properly. """ env = {} env['GRST_CRED_AURI_0'] = 'dn:' + TestUserCredentials.DN env['GRST_CRED_AURI_1'] = 'fqan:' + TestUserCredentials.FQANS[0] env['GRST_CRED_AURI_2'] = 'fqan:' + TestUserCredentials.FQANS[1] env['GRST_CRED_AURI_3'] = 'fqan:' + TestUserCredentials.FQANS[2] env['GRST_CRED_AURI_4'] = 'fqan:' + TestUserCredentials.FQANS[3] creds = fts3auth.UserCredentials(env, TestUserCredentials.ROLES) self.assertEqual(fts3auth.ALL, creds.get_granted_level_for(fts3auth.CONFIG)) self.assertEqual(fts3auth.VO, creds.get_granted_level_for(fts3auth.TRANSFER)) self.assertEqual(fts3auth.PRIVATE, creds.get_granted_level_for(fts3auth.DELEGATION))
def getUserCredentials(self): return fts3auth.UserCredentials(self.app.extra_environ, {'public': { '*': 'all' }})
def test_basic_ssl(self): creds = fts3auth.UserCredentials({'SSL_CLIENT_S_DN': TestUserCredentials.DN}) self.assertEqual(TestUserCredentials.DN, creds.user_dn) self.assertEqual([], creds.voms_cred) self.assertEqual([], creds.vos)