def test_14_detach_token_without_machine(self):
detach_token(self.serialHotp, "offline")
# look at token, if we do not see the machine
tok = get_tokens(serial=self.serialHotp)[0]
machine_list = tok.token.machine_list
self.assertEqual(len(machine_list), 0)
def test_02_detach_token(self):
detach_token(self.serial, "luks", hostname="gandalf")
# look at token, if we do not see the machine
tok = get_tokens(serial=self.serial)[0]
machine_list = tok.token.machine_list
self.assertEqual(len(machine_list), 0)
# problem detaching token with incomplete machine definition (missing
# resolver)
self.assertRaises(Exception, detach_token, self.serial, "luks",
machine_id="192.168.0.1")
def test_02_detach_token(self):
detach_token(self.serial, "luks", hostname="gandalf")
# look at token, if we do not see the machine
tok = get_tokens(serial=self.serial)[0]
machine_list = tok.token.machine_list
self.assertEqual(len(machine_list), 0)
# problem detaching token with incomplete machine definition (missing
# resolver)
self.assertRaises(Exception, detach_token, self.serial, "luks",
machine_id="192.168.0.1")
def test_10_auth_items_ssh_ecdsa(self):
# create an SSH token
token_obj = init_token({
"serial": self.serial2,
"type": "sshkey",
"sshkey": SSHKEY_ecdsa
})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf",
serial=self.serial2,
application="ssh",
options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ecdsa-sha2-nistp256"), sshkey)
# fetch the auth_items for user testuser
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ecdsa-sha2-nistp256"), sshkey)
detach_token(self.serial2, application="ssh", hostname="gandalf")
remove_token(self.serial2)
def test_10_auth_items_ssh_rsa(self):
# create an SSH token
token_obj = init_token({
"serial": self.serial2,
"type": "sshkey",
"sshkey": SSHKEY
})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf",
serial=self.serial2,
application="ssh",
options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch the auth_items for user testuser
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch auth_items for testuser, but with mangle policy
# Remove everything that sounds like "SOMETHING\" in front of
# the username
set_policy(name="mangle1",
scope=SCOPE.AUTH,
action="{0!s}=user/.*\\\\(.*)/\\1/".format(ACTION.MANGLE))
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=DOMAIN\\testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
delete_policy("mangle1")
# Now that the policy is deleted, we will not get the auth_items
# anymore, since the username is not mangled.
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=DOMAIN\\testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkeys = result["value"].get("ssh")
# No user DOMAIN\\testuser and no SSH keys
self.assertFalse(sshkeys)
# fetch the auth_items on machine gandalf for all applications
with self.app.test_request_context(
'/machine/authitem?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
detach_token(self.serial2, application="ssh", hostname="gandalf")
remove_token(self.serial2)
def unassign_ssh_token(serial):
app = create_app(config_name='production',
config_file=PI_CONFIG,
silent=True)
with app.app_context():
detach_token(serial, 'ssh', hostname=SSH_HOST)