def testFilterConsidersOffsetAndCount(self):
client_id = self.client_ids[0]
# Create five approval requests without granting them.
for i in range(10):
with test_lib.FakeTime(42 + i):
self.RequestClientApproval(client_id, reason="Request reason %d" % i)
args = user_plugin.ApiListClientApprovalsArgs(
client_id=client_id, offset=0, count=5)
result = self.handler.Handle(args, context=self.context)
# Approvals are returned newest to oldest, so the first five approvals
# have reason 9 to 5.
self.assertLen(result.items, 5)
for item, i in zip(result.items, reversed(range(6, 10))):
self.assertEqual(item.reason, "Request reason %d" % i)
# When no count is specified, take all items from offset to the end.
args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id, offset=7)
result = self.handler.Handle(args, context=self.context)
self.assertLen(result.items, 3)
for item, i in zip(result.items, reversed(range(0, 3))):
self.assertEqual(item.reason, "Request reason %d" % i)
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser(u"approver")
clients = self.SetupClients(2)
if data_store.AFF4Enabled():
for client_id in clients:
# Delete the certificate as it's being regenerated every time the
# client is created.
with aff4.FACTORY.Open(
client_id, mode="rw", token=self.token) as grr_client:
grr_client.DeleteAttribute(grr_client.Schema.CERT)
with test_lib.FakeTime(44):
approval1_id = self.RequestClientApproval(
clients[0].Basename(),
reason=self.token.reason,
approver=u"approver",
requestor=self.token.username)
with test_lib.FakeTime(45):
approval2_id = self.RequestClientApproval(
clients[1].Basename(),
reason=self.token.reason,
approver=u"approver",
requestor=self.token.username)
with test_lib.FakeTime(84):
self.GrantClientApproval(
clients[1].Basename(),
requestor=self.token.username,
approval_id=approval2_id,
approver=u"approver")
with test_lib.FakeTime(126):
self.Check(
"ListClientApprovals",
args=user_plugin.ApiListClientApprovalsArgs(),
replace={
approval1_id: "approval:111111",
approval2_id: "approval:222222"
})
self.Check(
"ListClientApprovals",
args=user_plugin.ApiListClientApprovalsArgs(
client_id=clients[0].Basename()),
replace={
approval1_id: "approval:111111",
approval2_id: "approval:222222"
})
def testRendersRequestedClientApprovals(self):
self._RequestClientApprovals()
args = user_plugin.ApiListClientApprovalsArgs()
result = self.handler.Handle(args, context=self.context)
# All approvals should be returned.
self.assertLen(result.items, self.CLIENT_COUNT)
def testRendersRequestedClientApprovals(self):
self._RequestClientApprovals()
args = user_plugin.ApiListClientApprovalsArgs()
result = self.handler.Handle(args, token=self.token)
# All approvals should be returned.
self.assertEqual(len(result.items), self.CLIENT_COUNT)
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser(u"approver")
clients = self.SetupClients(2)
with test_lib.FakeTime(44):
approval1_id = self.RequestClientApproval(
clients[0],
reason="Running tests",
approver=u"approver",
requestor=self.test_username)
with test_lib.FakeTime(45):
approval2_id = self.RequestClientApproval(
clients[1],
reason="Running tests",
approver=u"approver",
requestor=self.test_username)
with test_lib.FakeTime(84):
self.GrantClientApproval(
clients[1],
requestor=self.test_username,
approval_id=approval2_id,
approver=u"approver")
with test_lib.FakeTime(126):
self.Check(
"ListClientApprovals",
args=user_plugin.ApiListClientApprovalsArgs(),
replace={
approval1_id: "approval:111111",
approval2_id: "approval:222222"
})
self.Check(
"ListClientApprovals",
args=user_plugin.ApiListClientApprovalsArgs(client_id=clients[0]),
replace={
approval1_id: "approval:111111",
approval2_id: "approval:222222"
})
def testFiltersApprovalsByClientId(self):
client_id = self.client_ids[0]
self._RequestClientApprovals()
# Get approvals for a specific client. There should be exactly one.
args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id)
result = self.handler.Handle(args, context=self.context)
self.assertLen(result.items, 1)
self.assertEqual(result.items[0].subject.client_id.ToString(), client_id)
def testFiltersApprovalsByInvalidState(self):
approval_ids = self._RequestClientApprovals()
# We only requested approvals so far, so all of them should be invalid.
args = user_plugin.ApiListClientApprovalsArgs(
state=user_plugin.ApiListClientApprovalsArgs.State.INVALID)
result = self.handler.Handle(args, context=self.context)
self.assertLen(result.items, self.CLIENT_COUNT)
# Grant access to one client. Now all but one should be invalid.
self.GrantClientApproval(self.client_ids[0],
requestor=self.context.username,
approval_id=approval_ids[0])
result = self.handler.Handle(args, context=self.context)
self.assertLen(result.items, self.CLIENT_COUNT - 1)
def testFiltersApprovalsByValidState(self):
approval_ids = self._RequestClientApprovals()
# We only requested approvals so far, so none of them is valid.
args = user_plugin.ApiListClientApprovalsArgs(
state=user_plugin.ApiListClientApprovalsArgs.State.VALID)
result = self.handler.Handle(args, token=self.token)
# We do not have any approved approvals yet.
self.assertEqual(len(result.items), 0)
# Grant access to one client. Now exactly one approval should be valid.
self.GrantClientApproval(self.client_ids[0].Basename(),
requestor=self.token.username,
approval_id=approval_ids[0])
result = self.handler.Handle(args, token=self.token)
self.assertEqual(len(result.items), 1)
self.assertEqual(result.items[0].subject.client_id, self.client_ids[0])
def testApproverInputShowsAutocompletion(self):
self.CreateUser("sanchezrick")
# add decoy user, to assure that autocompletion results are based on the
# query
self.CreateUser("aaa")
client_id = self.SetupClient(0)
self.Open("/#/clients/%s/host-info" % client_id)
# We do not have an approval, so we need to request one.
self.Click("css=button[name=requestApproval]")
input_selector = "css=grr-approver-input input"
self.Type(input_selector, "sanchez")
self.WaitUntil(self.IsElementPresent,
"css=[uib-typeahead-popup]:contains(sanchezrick)")
self.GetElement(input_selector).send_keys(keys.Keys.ENTER)
self.WaitUntilEqual("sanchezrick, ", self.GetValue,
input_selector + ":text")
self.Type("css=grr-request-approval-dialog input[name=acl_reason]",
"Test")
self.Click(
"css=grr-request-approval-dialog button[name=Proceed]:not([disabled])"
)
# "Request Approval" dialog should go away
self.WaitUntilNot(self.IsVisible, "css=.modal-open")
handler = user_plugin.ApiListClientApprovalsHandler()
args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id)
res = handler.Handle(args=args,
context=api_call_context.ApiCallContext(
self.test_username))
self.assertLen(res.items, 1)
self.assertLen(res.items[0].notified_users, 1)
self.assertEqual(res.items[0].notified_users[0], "sanchezrick")
def testFiltersApprovalsByClientIdAndState(self):
client_id = self.client_ids[0]
approval_ids = self._RequestClientApprovals()
# Grant approval to a certain client.
self.GrantClientApproval(
client_id, requestor=self.context.username, approval_id=approval_ids[0])
args = user_plugin.ApiListClientApprovalsArgs(
client_id=client_id,
state=user_plugin.ApiListClientApprovalsArgs.State.VALID)
result = self.handler.Handle(args, context=self.context)
# We have a valid approval for the requested client.
self.assertLen(result.items, 1)
args.state = user_plugin.ApiListClientApprovalsArgs.State.INVALID
result = self.handler.Handle(args, context=self.context)
# However, we do not have any invalid approvals for the client.
self.assertEmpty(result.items)
def ListClientApprovals(self, requestor=None):
requestor = requestor or self.token.username
handler = api_user.ApiListClientApprovalsHandler()
return handler.Handle(
api_user.ApiListClientApprovalsArgs(),
token=access_control.ACLToken(username=requestor)).items
def ListClientApprovals(self, requestor=None):
requestor = requestor or self.token.username
handler = api_user.ApiListClientApprovalsHandler()
return handler.Handle(
api_user.ApiListClientApprovalsArgs(),
context=api_call_context.ApiCallContext(username=requestor)).items
