def testFilterConsidersOffsetAndCount(self): client_id = self.client_ids[0] # Create five approval requests without granting them. for i in range(10): with test_lib.FakeTime(42 + i): self.RequestClientApproval(client_id, reason="Request reason %d" % i) args = user_plugin.ApiListClientApprovalsArgs( client_id=client_id, offset=0, count=5) result = self.handler.Handle(args, context=self.context) # Approvals are returned newest to oldest, so the first five approvals # have reason 9 to 5. self.assertLen(result.items, 5) for item, i in zip(result.items, reversed(range(6, 10))): self.assertEqual(item.reason, "Request reason %d" % i) # When no count is specified, take all items from offset to the end. args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id, offset=7) result = self.handler.Handle(args, context=self.context) self.assertLen(result.items, 3) for item, i in zip(result.items, reversed(range(0, 3))): self.assertEqual(item.reason, "Request reason %d" % i)
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser(u"approver") clients = self.SetupClients(2) if data_store.AFF4Enabled(): for client_id in clients: # Delete the certificate as it's being regenerated every time the # client is created. with aff4.FACTORY.Open( client_id, mode="rw", token=self.token) as grr_client: grr_client.DeleteAttribute(grr_client.Schema.CERT) with test_lib.FakeTime(44): approval1_id = self.RequestClientApproval( clients[0].Basename(), reason=self.token.reason, approver=u"approver", requestor=self.token.username) with test_lib.FakeTime(45): approval2_id = self.RequestClientApproval( clients[1].Basename(), reason=self.token.reason, approver=u"approver", requestor=self.token.username) with test_lib.FakeTime(84): self.GrantClientApproval( clients[1].Basename(), requestor=self.token.username, approval_id=approval2_id, approver=u"approver") with test_lib.FakeTime(126): self.Check( "ListClientApprovals", args=user_plugin.ApiListClientApprovalsArgs(), replace={ approval1_id: "approval:111111", approval2_id: "approval:222222" }) self.Check( "ListClientApprovals", args=user_plugin.ApiListClientApprovalsArgs( client_id=clients[0].Basename()), replace={ approval1_id: "approval:111111", approval2_id: "approval:222222" })
def testRendersRequestedClientApprovals(self): self._RequestClientApprovals() args = user_plugin.ApiListClientApprovalsArgs() result = self.handler.Handle(args, context=self.context) # All approvals should be returned. self.assertLen(result.items, self.CLIENT_COUNT)
def testRendersRequestedClientApprovals(self): self._RequestClientApprovals() args = user_plugin.ApiListClientApprovalsArgs() result = self.handler.Handle(args, token=self.token) # All approvals should be returned. self.assertEqual(len(result.items), self.CLIENT_COUNT)
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser(u"approver") clients = self.SetupClients(2) with test_lib.FakeTime(44): approval1_id = self.RequestClientApproval( clients[0], reason="Running tests", approver=u"approver", requestor=self.test_username) with test_lib.FakeTime(45): approval2_id = self.RequestClientApproval( clients[1], reason="Running tests", approver=u"approver", requestor=self.test_username) with test_lib.FakeTime(84): self.GrantClientApproval( clients[1], requestor=self.test_username, approval_id=approval2_id, approver=u"approver") with test_lib.FakeTime(126): self.Check( "ListClientApprovals", args=user_plugin.ApiListClientApprovalsArgs(), replace={ approval1_id: "approval:111111", approval2_id: "approval:222222" }) self.Check( "ListClientApprovals", args=user_plugin.ApiListClientApprovalsArgs(client_id=clients[0]), replace={ approval1_id: "approval:111111", approval2_id: "approval:222222" })
def testFiltersApprovalsByClientId(self): client_id = self.client_ids[0] self._RequestClientApprovals() # Get approvals for a specific client. There should be exactly one. args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id) result = self.handler.Handle(args, context=self.context) self.assertLen(result.items, 1) self.assertEqual(result.items[0].subject.client_id.ToString(), client_id)
def testFiltersApprovalsByInvalidState(self): approval_ids = self._RequestClientApprovals() # We only requested approvals so far, so all of them should be invalid. args = user_plugin.ApiListClientApprovalsArgs( state=user_plugin.ApiListClientApprovalsArgs.State.INVALID) result = self.handler.Handle(args, context=self.context) self.assertLen(result.items, self.CLIENT_COUNT) # Grant access to one client. Now all but one should be invalid. self.GrantClientApproval(self.client_ids[0], requestor=self.context.username, approval_id=approval_ids[0]) result = self.handler.Handle(args, context=self.context) self.assertLen(result.items, self.CLIENT_COUNT - 1)
def testFiltersApprovalsByValidState(self): approval_ids = self._RequestClientApprovals() # We only requested approvals so far, so none of them is valid. args = user_plugin.ApiListClientApprovalsArgs( state=user_plugin.ApiListClientApprovalsArgs.State.VALID) result = self.handler.Handle(args, token=self.token) # We do not have any approved approvals yet. self.assertEqual(len(result.items), 0) # Grant access to one client. Now exactly one approval should be valid. self.GrantClientApproval(self.client_ids[0].Basename(), requestor=self.token.username, approval_id=approval_ids[0]) result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), 1) self.assertEqual(result.items[0].subject.client_id, self.client_ids[0])
def testApproverInputShowsAutocompletion(self): self.CreateUser("sanchezrick") # add decoy user, to assure that autocompletion results are based on the # query self.CreateUser("aaa") client_id = self.SetupClient(0) self.Open("/#/clients/%s/host-info" % client_id) # We do not have an approval, so we need to request one. self.Click("css=button[name=requestApproval]") input_selector = "css=grr-approver-input input" self.Type(input_selector, "sanchez") self.WaitUntil(self.IsElementPresent, "css=[uib-typeahead-popup]:contains(sanchezrick)") self.GetElement(input_selector).send_keys(keys.Keys.ENTER) self.WaitUntilEqual("sanchezrick, ", self.GetValue, input_selector + ":text") self.Type("css=grr-request-approval-dialog input[name=acl_reason]", "Test") self.Click( "css=grr-request-approval-dialog button[name=Proceed]:not([disabled])" ) # "Request Approval" dialog should go away self.WaitUntilNot(self.IsVisible, "css=.modal-open") handler = user_plugin.ApiListClientApprovalsHandler() args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id) res = handler.Handle(args=args, context=api_call_context.ApiCallContext( self.test_username)) self.assertLen(res.items, 1) self.assertLen(res.items[0].notified_users, 1) self.assertEqual(res.items[0].notified_users[0], "sanchezrick")
def testFiltersApprovalsByClientIdAndState(self): client_id = self.client_ids[0] approval_ids = self._RequestClientApprovals() # Grant approval to a certain client. self.GrantClientApproval( client_id, requestor=self.context.username, approval_id=approval_ids[0]) args = user_plugin.ApiListClientApprovalsArgs( client_id=client_id, state=user_plugin.ApiListClientApprovalsArgs.State.VALID) result = self.handler.Handle(args, context=self.context) # We have a valid approval for the requested client. self.assertLen(result.items, 1) args.state = user_plugin.ApiListClientApprovalsArgs.State.INVALID result = self.handler.Handle(args, context=self.context) # However, we do not have any invalid approvals for the client. self.assertEmpty(result.items)
def ListClientApprovals(self, requestor=None): requestor = requestor or self.token.username handler = api_user.ApiListClientApprovalsHandler() return handler.Handle( api_user.ApiListClientApprovalsArgs(), token=access_control.ACLToken(username=requestor)).items
def ListClientApprovals(self, requestor=None): requestor = requestor or self.token.username handler = api_user.ApiListClientApprovalsHandler() return handler.Handle( api_user.ApiListClientApprovalsArgs(), context=api_call_context.ApiCallContext(username=requestor)).items