def test_remove_user_from_namespace_fail_no_such_namespace(idstorage): idstorage.create_namespace(NamespaceID('foo')) idstorage.add_user_to_namespace(NamespaceID('foo'), User(AuthsourceID('as'), Username('u'))) fail_remove_namespace_user(idstorage, NamespaceID('bar'), User(AuthsourceID('as'), Username('u')), NoSuchNamespaceError('bar'))
def test_add_user_to_namespace_fail_duplicate(idstorage): idstorage.create_namespace(NamespaceID('foo')) idstorage.add_user_to_namespace(NamespaceID('foo'), User(AuthsourceID('as'), Username('u'))) fail_add_namespace_user( idstorage, NamespaceID('foo'), User(AuthsourceID('as'), Username('u')), UserExistsError('User as/u already administrates namespace foo'))
def check_set_namespace_publicly_mappable(pub_value, log_collector): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set([AuthsourceID('asone')]), storage) handlers.get_user.return_value = (User(AuthsourceID('asone'), Username('u')), False) storage.get_namespace.return_value = Namespace(NamespaceID('n'), False, set([ User(AuthsourceID('astwo'), Username('u2')), User(AuthsourceID('asone'), Username('u')), User(AuthsourceID('asthree'), Username('u'))])) idm.set_namespace_publicly_mappable( AuthsourceID('asone'), Token('t'), NamespaceID('n'), pub_value) assert handlers.get_user.call_args_list == [((AuthsourceID('asone'), Token('t'),), {})] assert storage.get_namespace.call_args_list == [((NamespaceID('n'),), {})] assert storage.set_namespace_publicly_mappable.call_args_list == \ [((NamespaceID('n'), pub_value), {})] print(log_collector) assert_logs_correct(log_collector, 'User asone/u set namespace n public map property to ' + str(pub_value))
def set_up_data_for_get_namespaces(idstorage): idstorage.create_namespace(NamespaceID('ns1')) idstorage.set_namespace_publicly_mappable(NamespaceID('ns1'), True) idstorage.add_user_to_namespace(NamespaceID('ns1'), User(AuthsourceID('as'), Username('u'))) idstorage.create_namespace(NamespaceID('ns2')) idstorage.create_namespace(NamespaceID('ns3')) idstorage.add_user_to_namespace(NamespaceID('ns3'), User(AuthsourceID('as'), Username('u'))) idstorage.add_user_to_namespace( NamespaceID('ns3'), User(AuthsourceID('astwo'), Username('u3'))) expected = [ Namespace(NamespaceID('ns1'), True, set([User(AuthsourceID('as'), Username('u'))])), Namespace(NamespaceID('ns2'), False), Namespace( NamespaceID('ns3'), False, set([ User(AuthsourceID('as'), Username('u')), User(AuthsourceID('astwo'), Username('u3')) ])) ] return expected
def get_mappings(ns): """ Find mappings. """ ns_filter = request.args.get('namespace_filter') separate = request.args.get('separate') if ns_filter and ns_filter.strip(): ns_filter = [NamespaceID(n.strip()) for n in ns_filter.split(',')] else: ns_filter = [] ids = _get_object_id_list_from_json(request) if len(ids) > 1000: raise IllegalParameterError('A maximum of 1000 ids are allowed') ret = {} for id_ in ids: id_ = id_.strip() a, o = app.config[_APP].get_mappings( ObjectID(NamespaceID(ns), id_), ns_filter) if separate is not None: # empty string if in query with no value ret[id_] = { 'admin': _objids_to_jsonable(a), 'other': _objids_to_jsonable(o) } else: a.update(o) ret[id_] = {'mappings': _objids_to_jsonable(a)} return flask.jsonify(ret)
def test_namespace_id_slots(): assert NamespaceID('foo').__slots__ == ['id'] with raises(Exception) as got: NamespaceID('foo').attrib = 'whoops' assert_exception_correct( got.value, AttributeError("'NamespaceID' object has no attribute 'attrib'"))
def test_remove_user_from_namespace_fail_no_such_user(idstorage): idstorage.create_namespace(NamespaceID('foo')) idstorage.add_user_to_namespace(NamespaceID('foo'), User(AuthsourceID('as'), Username('u'))) fail_remove_namespace_user( idstorage, NamespaceID('foo'), User(AuthsourceID('as'), Username('u1')), NoSuchUserError('User as/u1 does not administrate namespace foo'))
def test_object_id_init_pass(): a = 'abcdefghijklmnopqrstuvwxyz' oidstr = a + a.upper() + r'0123456789!@#$%^&*()_+`~{}[]\|/<>,.?' + ('a' * 912) oid = ObjectID(NamespaceID('foo'), oidstr) assert oid.namespace_id == NamespaceID('foo') assert oid.id == oidstr
def test_namespace_id_init_pass(): ns = NamespaceID('abcdefghijklmnopqrstuvwxyz0123456789_') assert ns.id == 'abcdefghijklmnopqrstuvwxyz0123456789_' ns = NamespaceID('abcdefghijklmnopqrstuvwxyz0123456789_'.upper()) assert ns.id == 'abcdefghijklmnopqrstuvwxyz0123456789_'.upper() ns = NamespaceID('a' * 256) assert ns.id == 'a' * 256
def test_namespace_without_users(): ns = Namespace( NamespaceID('n'), True, set([ User(AuthsourceID('a'), Username('u')), User(AuthsourceID('b'), Username('b')) ])) assert ns.without_users() == Namespace(NamespaceID('n'), True, set()) assert ns.without_users() == Namespace(NamespaceID('n'), True, None)
def test_add_and_remove_namespace_users(idstorage): nsid = NamespaceID('foo') idstorage.create_namespace(nsid) assert idstorage.get_namespace(NamespaceID('foo')) == Namespace( NamespaceID('foo'), False) idstorage.add_user_to_namespace( nsid, User(AuthsourceID('asone'), Username('u1'))) users = set([User(AuthsourceID('asone'), Username('u1'))]) assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'), False, users) idstorage.add_user_to_namespace( nsid, User(AuthsourceID('astwo'), Username('u2'))) users.add(User(AuthsourceID('astwo'), Username('u2'))) assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'), False, users) idstorage.remove_user_from_namespace( NamespaceID('foo'), User(AuthsourceID('asone'), Username('u1'))) users = set([User(AuthsourceID('astwo'), Username('u2'))]) assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'), False, users) idstorage.remove_user_from_namespace( NamespaceID('foo'), User(AuthsourceID('astwo'), Username('u2'))) assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'), False)
def test_get_namespaces_only_private(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set(), storage) storage.get_namespaces.return_value = set([Namespace(NamespaceID('n3'), False), Namespace(NamespaceID('n4'), False)]) assert idm.get_namespaces() == (set(), set([NamespaceID('n3'), NamespaceID('n4')])) assert storage.get_namespaces.call_args_list == [((), {})]
def test_get_namespace_no_auth(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set(), storage) storage.get_namespace.return_value = Namespace(NamespaceID('n'), True, set([ User(AuthsourceID('a'), Username('u')), User(AuthsourceID('a'), Username('u1'))])) assert idm.get_namespace(NamespaceID('n')) == Namespace(NamespaceID('n'), True) assert storage.get_namespace.call_args_list == [((NamespaceID('n'), ), {})]
def test_get_mappings_fail_None_inputs(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set(), storage) oid = ObjectID(NamespaceID('n'), 'o') n = NamespaceID('n') fail_get_mappings(idm, None, set([n]), TypeError('oid cannot be None')) fail_get_mappings(idm, oid, set([n, None]), TypeError('None item in ns_filter'))
def test_get_namespaces_fail_no_such_namepsace(idstorage): idstorage.create_namespace(NamespaceID('foo')) fail_get_namespaces( idstorage, { NamespaceID('zoo'), NamespaceID('foo'), NamespaceID('baz'), NamespaceID('aioli_compote_drizzled_on_artisian_tater_tots') }, NoSuchNamespaceError( "['aioli_compote_drizzled_on_artisian_tater_tots', 'baz', 'zoo']"))
def remove_mapping(admin_ns, other_ns): """ Remove a mapping. """ authsource, token = _get_auth(request) ids = _get_object_id_dict_from_json(request) if len(ids) > 10000: raise IllegalParameterError('A maximum of 10000 ids are allowed') for id_ in ids: app.config[_APP].remove_mapping( authsource, token, ObjectID(NamespaceID(admin_ns), id_.strip()), ObjectID(NamespaceID(other_ns), ids[id_].strip())) return ('', 204)
def test_get_namespaces_with_nids(idstorage): assert idstorage.get_namespaces() == set() expected = set_up_data_for_get_namespaces(idstorage) assert idstorage.get_namespaces([NamespaceID('ns1')]) == set([expected[0]]) assert idstorage.get_namespaces(nids=set([NamespaceID('ns1')])) == set( [expected[0]]) nids = {NamespaceID('ns2'), NamespaceID('ns3')} assert idstorage.get_namespaces(nids) == set([expected[1], expected[2]]) assert idstorage.get_namespaces(nids=nids) == set( [expected[1], expected[2]])
def test_create_namespace(log_collector): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set([AuthsourceID('as')]), storage) handlers.get_user.return_value = (User(AuthsourceID('as'), Username('foo')), True) idm.create_namespace(AuthsourceID('as'), Token('bar'), NamespaceID('baz')) assert handlers.get_user.call_args_list == [((AuthsourceID('as'), Token('bar'),), {})] assert storage.create_namespace.call_args_list == [((NamespaceID('baz'),), {})] assert_logs_correct(log_collector, 'Admin as/foo created namespace baz')
def test_set_namespace_publicly_mappable_fail_unauthed(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set([AuthsourceID('asone')]), storage) handlers.get_user.return_value = (User(AuthsourceID('asone'), Username('u')), False) storage.get_namespace.return_value = Namespace(NamespaceID('n'), False, set([ User(AuthsourceID('asone'), Username('u2')), User(AuthsourceID('asthree'), Username('u'))])) fail_set_namespace_publicly_mappable( idm, AuthsourceID('asone'), Token('t'), NamespaceID('n'), UnauthorizedError('User asone/u may not administrate namespace n'))
def test_remove_mapping_fail_unauthed_for_admin_namespace(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set(), storage) handlers.get_user.return_value = (User(AuthsourceID('a'), Username('n')), False) storage.get_namespace.return_value = Namespace(NamespaceID('n1'), True, set([ User(AuthsourceID('a'), Username('n1')), User(AuthsourceID('a'), Username('n2'))])) fail_remove_mapping(idm, AuthsourceID('a'), Token('t'), ObjectID(NamespaceID('n1'), 'o1'), ObjectID(NamespaceID('n2'), 'o2'), UnauthorizedError('User a/n may not administrate namespace n1'))
def test_set_public_and_list_namespaces(service_port, mongo): storage = get_storage_instance(mongo) lut = Token('foobar') u = Username('lu') storage.create_local_user(u, lut.get_hashed_token()) priv = NamespaceID('priv') storage.create_namespace(priv) storage.add_user_to_namespace(priv, User(AuthsourceID('local'), u)) storage.set_namespace_publicly_mappable(priv, True) pub = NamespaceID('pub') storage.create_namespace(pub) storage.add_user_to_namespace(pub, User(AuthsourceID('local'), u)) r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/priv/set?publicly_mappable=false', headers={'Authorization': 'local ' + lut.token}) assert r.status_code == 204 r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/pub/set?publicly_mappable=true', headers={'Authorization': 'local ' + lut.token}) assert r.status_code == 204 r = requests.get('http://localhost:' + service_port + '/api/v1/namespace') assert r.json() == { 'publicly_mappable': ['pub'], 'privately_mappable': ['priv'] } r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/missing/set?publicly_mappable=false', headers={'Authorization': 'local ' + lut.token}) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 404, 'httpstatus': 'Not Found', 'appcode': 50010, 'apperror': 'No such namespace', 'message': '50010 No such namespace: missing' } }) assert r.status_code == 404
def test_object_id_equals(): assert ObjectID(NamespaceID('foo'), 'baz') == ObjectID(NamespaceID('foo'), 'baz') assert ObjectID(NamespaceID('foo'), 'baz') != ObjectID( NamespaceID('bar'), 'baz') assert ObjectID(NamespaceID('foo'), 'baz') != ObjectID( NamespaceID('foo'), 'bar') assert ObjectID(NamespaceID('foo'), 'baz') != NamespaceID('foo')
def test_remove_mapping_fail_None_input(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set(), storage) a = AuthsourceID('a') t = Token('t') o1 = ObjectID(NamespaceID('n2'), 'o1') o2 = ObjectID(NamespaceID('n2'), 'o2') # authsource id is checked by the handler set fail_remove_mapping(idm, a, None, o1, o2, TypeError('token cannot be None')) fail_remove_mapping(idm, a, t, None, o2, TypeError('administrative_oid cannot be None')) fail_remove_mapping(idm, a, t, o1, None, TypeError('oid cannot be None'))
def add_user_to_namespace(namespace, authsource, user): """ Add a user to a namespace. """ admin_authsource, token = _get_auth(request) app.config[_APP].add_user_to_namespace( admin_authsource, token, NamespaceID(namespace), User(AuthsourceID(authsource), Username(user))) return ('', 204)
def test_remove_user_from_namespace_fail_inputs_None(idstorage): u = User(AuthsourceID('as'), 'u') n = NamespaceID('n') fail_remove_namespace_user(idstorage, None, u, TypeError('namespace_id cannot be None')) fail_remove_namespace_user(idstorage, n, None, TypeError('admin_user cannot be None'))
def test_create_namespace_fail_no_admin_authsource_provider(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set([AuthsourceID('bs')]), storage) fail_create_namespace(idm, AuthsourceID('as'), Token('t'), NamespaceID('n'), UnauthorizedError( 'Auth source as is not configured as a provider of system administration status'))
def remove_user_from_namespace(namespace, authsource, user): """ Remove a user from a namespace. Removing a non-existant user throws an error. """ admin_authsource, token = _get_auth(request) app.config[_APP].remove_user_from_namespace( admin_authsource, token, NamespaceID(namespace), User(AuthsourceID(authsource), Username(user))) return ('', 204)
def test_namespace_hash(): # string hashes will change from instance to instance of the python interpreter, and therefore # tests can't be written that directly test the hash value. See # https://docs.python.org/3/reference/datamodel.html#object.__hash__ asid = AuthsourceID('as') assert hash(Namespace(NamespaceID('foo'), True, None)) == \ hash(Namespace(NamespaceID('foo'), True, set())) assert hash(Namespace(NamespaceID('foo'), False, set([User(asid, 'foo'), User(asid, 'baz')]))) == \ hash(Namespace(NamespaceID('foo'), False, set([User(asid, 'baz'), User(asid, 'foo')]))) assert hash(Namespace(NamespaceID('bar'), True, set())) != \ hash(Namespace(NamespaceID('foo'), True, set())) assert hash(Namespace(NamespaceID('foo'), False, set())) != \ hash(Namespace(NamespaceID('foo'), True, set())) assert hash(Namespace(NamespaceID('foo'), False, set([User(asid, 'foo'), User(asid, 'baz')]))) != \ hash(Namespace(NamespaceID('foo'), False, set([User(asid, 'baz'), User(asid, 'fob')])))
def test_object_id_init_fail(): ns = NamespaceID('foo') fail_object_id_init(None, 'o', TypeError('namespace_id cannot be None')) fail_object_id_init(ns, None, MissingParameterError('data id')) fail_object_id_init(ns, ' \t \n ', MissingParameterError('data id')) fail_object_id_init( ns, 'a' * 1001, IllegalParameterError('data id ' + ('a' * 1001) + ' exceeds maximum length of 1000'))
def test_get_mappings_fail_no_namespace(): storage = create_autospec(IDMappingStorage, spec_set=True, instance=True) handlers = create_autospec(UserLookupSet, spec_set=True, instance=True) idm = IDMapper(handlers, set(), storage) storage.get_namespaces.side_effect = NoSuchNamespaceError('n3') fail_get_mappings(idm, ObjectID(NamespaceID('n'), 'o'), [ NamespaceID('n1'), NamespaceID('n2'), NamespaceID('n4'), NamespaceID('n4')], NoSuchNamespaceError('n3')) assert storage.get_namespaces.call_args_list == [(([NamespaceID('n'), NamespaceID('n1'), NamespaceID('n2'), NamespaceID('n4'), NamespaceID('n4')],), {})]