def load_config_section(self, configuration_file, configuration, bot_root, subs: Substitutions = None): securities = configuration_file.get_section(self.section_name, configuration) if securities is not None: self._authentication = BrainSecurityAuthenticationConfiguration() self._authentication.load_config_section(configuration_file, securities, bot_root, subs=subs) self._authorisation = BrainSecurityAuthorisationConfiguration() self._authorisation.load_config_section(configuration_file, securities, bot_root, subs=subs) self._account_linker = BrainSecurityAccountLinkerConfiguration() self._account_linker.load_config_section(configuration_file, securities, bot_root, subs=subs)
class BrainSecuritiesConfiguration(BaseSectionConfigurationData): def __init__(self): BaseSectionConfigurationData.__init__(self, "security") self._authorisation = None self._authentication = None @property def authorisation(self): return self._authorisation @property def authentication(self): return self._authentication def load_config_section(self, configuration_file, configuration, bot_root): securities = configuration_file.get_section(self.section_name, configuration) if securities is not None: self._authentication = BrainSecurityAuthenticationConfiguration() self._authentication.load_config_section(configuration_file, securities, bot_root) self._authorisation = BrainSecurityAuthorisationConfiguration() self._authorisation.load_config_section(configuration_file, securities, bot_root) def to_yaml(self, data, defaults=True): self.config_to_yaml(data, BrainSecurityAuthenticationConfiguration(), defaults) self.config_to_yaml(data, BrainSecurityAuthorisationConfiguration(), defaults)
class BrainSecuritiesConfiguration(BaseSectionConfigurationData): def __init__(self): BaseSectionConfigurationData.__init__(self, "security") self._authorisation = None self._authentication = None self._account_linker = None @property def authorisation(self): return self._authorisation @property def authentication(self): return self._authentication @property def account_linker(self): return self._account_linker def load_config_section(self, configuration_file, configuration, bot_root): securities = configuration_file.get_section(self.section_name, configuration) if securities is not None: self._authentication = BrainSecurityAuthenticationConfiguration() self._authentication.load_config_section(configuration_file, securities, bot_root) self._authorisation = BrainSecurityAuthorisationConfiguration() self._authorisation.load_config_section(configuration_file, securities, bot_root) self._account_linker = BrainSecurityAccountLinkerConfiguration() self._account_linker.load_config_section(configuration_file, securities, bot_root) def to_yaml(self, data, defaults=True): self.config_to_yaml(data, BrainSecurityAuthenticationConfiguration(), defaults) self.config_to_yaml(data, BrainSecurityAuthorisationConfiguration(), defaults) self.config_to_yaml(data, BrainSecurityAccountLinkerConfiguration(), defaults)
def test_authorisation_with_data_denied_srai(self): yaml = YamlConfigurationFile() self.assertIsNotNone(yaml) yaml.load_from_text( """ brain: security: authorisation: classname: programy.security.authorise.passthrough.PassThroughAuthorisationService denied_srai: AUTHORISATION_FAILED """, ConsoleConfiguration(), ".") brain_config = yaml.get_section("brain") self.assertIsNotNone(brain_config) services_config = yaml.get_section("security", brain_config) self.assertIsNotNone(services_config) service_config = BrainSecurityAuthorisationConfiguration() service_config.load_config_section(yaml, services_config, ".") self.assertEqual( "programy.security.authorise.passthrough.PassThroughAuthorisationService", service_config.classname) self.assertEqual("AUTHORISATION_FAILED", service_config.denied_srai) self.assertEqual( BrainSecurityAuthorisationConfiguration.DEFAULT_ACCESS_DENIED, service_config.denied_text)
def load_config_section(self, configuration_file, configuration, bot_root): securities = configuration_file.get_section(self.section_name, configuration) if securities is not None: self._authentication = BrainSecurityAuthenticationConfiguration() self._authentication.load_config_section(configuration_file, securities, bot_root) self._authorisation = BrainSecurityAuthorisationConfiguration() self._authorisation.load_config_section(configuration_file, securities, bot_root)
def test_usersgroups(self): service_config = BrainSecurityAuthorisationConfiguration("authorisation") service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml" service = BasicUserGroupAuthorisationService(service_config) self.assertIsNotNone(service) self.assertTrue(service.authorise("console", "root")) self.assertFalse(service.authorise("console", "uber")) with self.assertRaises(AuthorisationException): service.authorise("anyone", "root")
def test_usersgroups(self): service_config = BrainSecurityAuthorisationConfiguration( "authorisation") service_config._usergroups = os.path.dirname( __file__) + os.sep + "test_usergroups.yaml" service = BasicUserGroupAuthorisationService(service_config) self.assertIsNotNone(service) self.assertTrue(service.authorise("console", "root")) self.assertFalse(service.authorise("console", "uber")) with self.assertRaises(AuthorisationException): service.authorise("anyone", "root")
def test_load_groups_no_groups(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" others: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 group2: roles: role4, role5 groups: group3 users: user3 """, Loader=yaml.FullLoader) store._load_groups(yaml_data,authorisor) self.assertFalse("group1" in authorisor.groups) self.assertFalse("group2" in authorisor.groups)
def test_load_users(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" users: console: roles: user groups: sysadmin, local viewer: roles: user groups: local """, Loader=yaml.FullLoader) store._load_users(yaml_data,authorisor) self.assertTrue("console" in authorisor.users.keys()) self.assertIsInstance(authorisor.users['console'], User) self.assertTrue("user" in authorisor.users['console'].roles) self.assertTrue("sysadmin" in authorisor.users['console'].groups) self.assertTrue("local" in authorisor.users['console'].groups) self.assertTrue("viewer" in authorisor.users.keys()) self.assertIsInstance(authorisor.users['viewer'], User) self.assertTrue("user" in authorisor.users['viewer'].roles) self.assertTrue("local" in authorisor.users['viewer'].groups)
def test_overall_load_missing_groups(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" users: user1: groups: group1 user2: groups: group4 groups: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 group2: roles: role4, role5 groups: group5 users: user3 group3: roles: role6 """, Loader=yaml.FullLoader) store.load_users_and_groups_from_yaml(yaml_data, authorisor)
def to_yaml(self, data, defaults=True): self.config_to_yaml(data, BrainSecurityAuthenticationConfiguration(), defaults) self.config_to_yaml(data, BrainSecurityAuthorisationConfiguration(), defaults) self.config_to_yaml(data, BrainSecurityAccountLinkerConfiguration(), defaults)
def test_load_groups_no_group_users(self): config = SQLStorageConfiguration() engine = SQLStorageEngine(config) engine.initialise() store = SQLUserGroupStore(engine) yaml_data = yaml.load(""" groups: group1: roles: role1, role2, role3 groups: group1, group2 group2: roles: role4, role5 groups: group3 """, Loader=yaml.FullLoader) store._upload_groups(yaml_data, verbose=False) authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store.load_usergroups(authorisor)
def test_load_users_no_groups(self): config = SQLStorageConfiguration() engine = SQLStorageEngine(config) engine.initialise() store = SQLUserGroupStore(engine) yaml_data = yaml.load(""" users: console: roles: user viewer: roles: user """, Loader=yaml.FullLoader) store._upload_users(yaml_data, verbose=True) authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store.load_usergroups(authorisor) self.assertTrue("console" in authorisor.users) self.assertTrue("viewer" in authorisor.users) self.assertFalse("sysadmin" in authorisor.groups) self.assertFalse("local" in authorisor.groups) self.assertTrue(authorisor.authorise("console", "user")) self.assertTrue(authorisor.authorise("viewer", "user"))
def test_load_groups_group(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" groups: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 """, Loader=yaml.FullLoader) store._load_groups_group(yaml_data, "group1", authorisor) self.assertTrue("group1" in authorisor.groups) self.assertTrue("role1" in authorisor.groups['group1'].roles) self.assertTrue("role2" in authorisor.groups['group1'].roles) self.assertTrue("role2" in authorisor.groups['group1'].roles) self.assertTrue("group1" in authorisor.groups['group1'].groups) self.assertTrue("group2" in authorisor.groups['group1'].groups) self.assertTrue("user1" in authorisor.groups['group1'].users) self.assertTrue("user2" in authorisor.groups['group1'].users)
def load_config_section(self, configuration_file, configuration, bot_root): securities = configuration_file.get_section(self.section_name, configuration) if securities is not None: self._authentication = BrainSecurityAuthenticationConfiguration() self._authentication.load_config_section(configuration_file, securities, bot_root) self._authorisation = BrainSecurityAuthorisationConfiguration() self._authorisation.load_config_section(configuration_file, securities, bot_root)
def test_load_usergroups(self): config = SQLStorageConfiguration() engine = SQLStorageEngine(config) engine.initialise() store = SQLUserGroupStore(engine) yaml_data = yaml.load(""" users: user1: groups: group1 user2: groups: group4 user3: groups: group1 groups: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 group2: roles: role4, role5 groups: group5 users: user3 group3: roles: role6 """, Loader=yaml.FullLoader) store.load_from_yaml(yaml_data, verbose=False) store.commit() authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store.load_usergroups(authorisor) self.assertTrue("user1" in authorisor.users) self.assertTrue("user2" in authorisor.users) self.assertTrue("user3" in authorisor.users) self.assertTrue("group1" in authorisor.groups) self.assertTrue("group2" in authorisor.groups) self.assertTrue("group3" in authorisor.groups) self.assertTrue(authorisor.authorise("user3", "role3"))
def test_defaults(self): authenticate_config = BrainSecurityAuthenticationConfiguration() data = {} authenticate_config.to_yaml(data, True) BrainSecurityConfigurationTests.assert_authenticate_defaults( self, data) authorise_config = BrainSecurityAuthorisationConfiguration() data = {} authorise_config.to_yaml(data, True) BrainSecurityConfigurationTests.assert_authorise_defaults(self, data) accountlinker_config = BrainSecurityAccountLinkerConfiguration() data = {} accountlinker_config.to_yaml(data, True) BrainSecurityConfigurationTests.assert_accountlinker_defaults( self, data)
def test_authorisation_with_data_neither_denied_srai_or_text(self): yaml = YamlConfigurationFile() self.assertIsNotNone(yaml) yaml.load_from_text(""" brain: security: authorisation: classname: programy.security.authorise.passthrough.PassThroughAuthorisationService """, ConsoleConfiguration(), ".") brain_config = yaml.get_section("brain") self.assertIsNotNone(brain_config) services_config = yaml.get_section("security", brain_config) self.assertIsNotNone(services_config) service_config = BrainSecurityAuthorisationConfiguration() service_config.load_config_section(yaml, services_config, ".") self.assertEqual("programy.security.authorise.passthrough.PassThroughAuthorisationService", service_config.classname) self.assertEqual(BrainSecurityAuthorisationConfiguration.DEFAULT_ACCESS_DENIED, service_config.denied_text) self.assertIsNone(service_config.denied_srai)
def load_configuration(self, arguments, subs: Substitutions = None): super(AuthoriseTestClient, self).load_configuration(arguments) self.configuration.client_configuration.configurations[0].configurations[ 0].security._authorisation = BrainSecurityAuthorisationConfiguration( ) self.configuration.client_configuration.configurations[0].configurations[0].security.authorisation._classname = \ "programy.security.authorise.usergroupsauthorisor.BasicUserGroupAuthorisationService" self.configuration.client_configuration.configurations[ 0].configurations[ 0].security.authorisation._denied_srai = "ACCESS_DENIED" self.configuration.client_configuration.configurations[ 0].configurations[ 0].security.authorisation._usergroups = os.path.dirname( __file__) + os.sep + "usergroups.yaml"
def test_fail_load_authorisation_class(self): config = BrainSecuritiesConfiguration() config._authorisation = BrainSecurityAuthorisationConfiguration() config._authentication = BrainSecurityAuthenticationConfiguration() config._account_linker = BrainSecurityAccountLinkerConfiguration() mgr = MockSecurityManager(config, fail_authorise=True) self.assertIsNotNone(mgr) client = TestClient() mgr.load_security_services(client) self.assertIsNone(mgr.authorisation) self.assertIsNotNone(mgr.authentication) self.assertIsNotNone(mgr.account_linker)
def test_fail_load_account_linking_class_missing(self): config = BrainSecuritiesConfiguration() config._authorisation = BrainSecurityAuthorisationConfiguration() config._authentication = BrainSecurityAuthenticationConfiguration() config._account_linker = BrainSecurityAccountLinkerConfiguration() config._account_linker._classname = None mgr = SecurityManager(config) self.assertIsNotNone(mgr) client = TestClient() mgr.load_security_services(client) self.assertIsNotNone(mgr.authorisation) self.assertIsNotNone(mgr.authentication) self.assertIsNone(mgr.account_linker)
def test_load_users_no_users(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" others: console: roles: user groups: sysadmin, local viewer: roles: user groups: local """, Loader=yaml.FullLoader) store._load_users(yaml_data,authorisor) self.assertFalse("console" in authorisor.users.keys()) self.assertFalse("viewer" in authorisor.users.keys())
def test_authorisor(self): service = PassThroughAuthorisationService( BrainSecurityAuthorisationConfiguration("authorisation")) self.assertIsNotNone(service) self.assertTrue(service.authorise("console", "sysadmin")) self.assertTrue(service.authorise("anyone", "sysadmin"))