def test_bad_ip_whitelist_name(self):
cfg = bots_pb2.BotsCfg(bot_group=[
bots_pb2.BotGroup(auth=bots_pb2.BotAuth(
ip_whitelist='bad ## name'))
])
self.validator_test(
cfg, ['bot_group #0: invalid ip_whitelist name "bad ## name"'])
def _bot_group_proto_to_tuple(msg, trusted_dimensions):
"""bots_pb2.BotGroup => BotGroupConfig.
Assumes body of bots_pb2.BotGroup is already validated (logs inconsistencies,
but does not fail).
"""
dimensions = {unicode(k): set() for k in trusted_dimensions}
for dim_kv_pair in msg.dimensions:
# In validated config 'dim_kv_pair' is always 'key:value', but be cautious.
parts = unicode(dim_kv_pair).split(':', 1)
if len(parts) != 2:
logging.error('Invalid dimension in bots.cfg - "%s"', dim_kv_pair)
continue
k, v = parts[0], parts[1]
dimensions.setdefault(k, set()).add(v)
auth_cfg = msg.auth or bots_pb2.BotAuth()
return _make_bot_group_config(
require_luci_machine_token=auth_cfg.require_luci_machine_token,
require_service_account=list(auth_cfg.require_service_account),
ip_whitelist=auth_cfg.ip_whitelist,
owners=tuple(msg.owners),
dimensions={k: sorted(v)
for k, v in dimensions.iteritems()},
bot_config_script=msg.bot_config_script or '',
bot_config_script_content=msg.bot_config_script_content or '',
system_service_account=msg.system_service_account or '')
def test_bad_auth_cfg_no_ip_whitelist(self):
cfg = bots_pb2.BotsCfg(
bot_group=[bots_pb2.BotGroup(auth=bots_pb2.BotAuth())])
self.validator_test(cfg, [
'bot_group #0: if both require_luci_machine_token and '
'require_service_account are unset, ip_whitelist is required'
])
def test_bad_required_service_account(self):
cfg = bots_pb2.BotsCfg(bot_group=[
bots_pb2.BotGroup(auth=bots_pb2.BotAuth(
require_service_account='not-an-email'))
])
self.validator_test(
cfg,
['bot_group #0: invalid service account email "not-an-email"'])
def test_bad_auth_cfg_two_methods(self):
cfg = bots_pb2.BotsCfg(bot_group=[
bots_pb2.BotGroup(auth=bots_pb2.BotAuth(
require_luci_machine_token=True,
require_service_account='*****@*****.**',
))
])
self.validator_test(cfg, [
'bot_group #0: require_luci_machine_token and require_service_account '
'can\'t both be used at the same time'
])
test_env.setup_test_env()
from components import config
from components import utils
from components.config import validation
from test_support import test_case
from proto import bots_pb2
from server import bot_groups_config
TEST_CONFIG = bots_pb2.BotsCfg(
trusted_dimensions=['pool'],
bot_group=[
bots_pb2.BotGroup(
bot_id=['bot1', 'bot{2..3}'],
auth=bots_pb2.BotAuth(require_luci_machine_token=True),
owners=['*****@*****.**'],
dimensions=['pool:A', 'pool:B', 'other:D'],
),
bots_pb2.BotGroup(
bot_id=['other_bot'],
bot_id_prefix=['bot'],
auth=bots_pb2.BotAuth(require_service_account='*****@*****.**')),
bots_pb2.BotGroup(auth=bots_pb2.BotAuth(ip_whitelist='bots'),
dimensions=['pool:default']),
],
)
EXPECTED_GROUP_1 = bot_groups_config._make_bot_group_config(
require_luci_machine_token=True,
require_service_account=u'',
from components import auth_testing
from components import config
from components.auth import ipaddr
from test_support import test_case
from proto import bots_pb2
from server import bot_auth
from server import bot_groups_config
from server import config as srv_cfg
TEST_CONFIG = bots_pb2.BotsCfg(
trusted_dimensions=['pool'],
bot_group=[
bots_pb2.BotGroup(
bot_id=['bot_with_token'],
auth=bots_pb2.BotAuth(require_luci_machine_token=True),
dimensions=['pool:with_token']),
bots_pb2.BotGroup(bot_id=['bot_with_service_account'],
auth=bots_pb2.BotAuth(require_service_account=[
'*****@*****.**',
'*****@*****.**',
]),
dimensions=['pool:with_service_account']),
bots_pb2.BotGroup(bot_id=['bot_with_ip_whitelist'],
auth=bots_pb2.BotAuth(ip_whitelist='ip_whitelist'),
dimensions=['pool:with_ip_whitelist']),
bots_pb2.BotGroup(
bot_id=['bot_with_service_account_and_ip_whitelist'],
auth=bots_pb2.BotAuth(
require_service_account=['*****@*****.**'],
ip_whitelist='ip_whitelist',