class TestLsCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_ls(self):
rc = pynimbusauthz.ls.main([])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.ls.main(["-t", pynimbusauthz.object_type_s3])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.ls.main([self.name[0:-1]])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_fail_ls(self):
rc = pynimbusauthz.ls.main(["-p", "nobucket", self.name[0:-1]])
self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
if len(args) != 3:
raise AuthzException('CLI_PARAMETER', "You must specify a username filename and a datakey\nTry --help")
user_name = args[0]
object_name = args[1]
data = args[2]
user = User(db_obj, uu=user_name)
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS', "parent %s not found" % (opts.parent))
File.create_file(db_obj, object_name, user, data, opts.type, parent=parent)
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) != 3:
raise AuthzException(
'CLI_PARAMETER',
"You must specify a username filename and a datakey\nTry --help"
)
user_name = args[0]
object_name = args[1]
data = args[2]
user = User(db_obj, uu=user_name)
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS',
"parent %s not found" % (opts.parent))
File.create_file(db_obj,
object_name,
user,
data,
opts.type,
parent=parent)
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
class TestLsCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_ls(self):
rc = pynimbusauthz.ls.main([])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.ls.main(["-t", pynimbusauthz.object_type_s3])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.ls.main([self.name[0:-1]])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_fail_ls(self):
rc = pynimbusauthz.ls.main(["-p", "nobucket", self.name[0:-1]])
self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
if len(args) != 3:
raise AuthzException('CLI_PARAMETER', "You must specify a username filename permssions")
user_name = args[0]
object_name = args[1]
requested_perms = args[2]
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS', "parent %s not found" % (opts.parent))
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
raise AuthzException('FILE_EXISTS', "file %s:%s not found" % (opts.type, object_name))
user = User(db_obj, uu=user_name)
uf = UserFile(file1) # create a uesrfile with owner so we can chmod
uf.chmod(requested_perms, user=user)
pynimbusauthz.print_msg(opts, 0, "changed %s to %s for %s" % (str(file1), requested_perms, str(user)))
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def create_user(self, display_name, id, pw, opts):
pycb.log(logging.INFO, "===== def create_user of cbAuthzSecurity.py")
db_obj = DB(con_str=self.con_str)
user = User(db_obj, friendly=display_name)
user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
db_obj.commit()
db_obj.close()
class TestTouchCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_touch(self):
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertEqual(f, None)
rc = pynimbusauthz.touch.main([self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertNotEqual(f, None)
def test_bucket_touch(self):
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main(["-t", pynimbusauthz.object_type_s3, self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertNotEqual(f, None)
def test_under_bucket_touch(self):
bname = str(uuid.uuid1())
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main(["-t", pynimbusauthz.object_type_s3, self.user1.get_id(), bname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.touch.main(["-p", bname, self.user1.get_id(), fname, data])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
b1 = File.get_file(self.db, bname, pynimbusauthz.object_type_s3)
f1 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
self.assertNotEqual(b1, None)
self.assertNotEqual(f1, None)
def test_bad_opts(self):
bname = str(uuid.uuid1())
fname = str(uuid.uuid1())
data = str(uuid.uuid1())
rc = pynimbusauthz.touch.main([bname, data])
self.assertEqual(rc, 32, "CLI should return failure %d" % (rc))
rc = pynimbusauthz.touch.main(["-p", bname, self.user1.get_id(), fname, data])
self.assertEqual(rc, 33, "CLI should return failure %d" % (rc))
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def __init__(self, alias_name, con_str):
self.db_obj = DB(con_str=con_str)
alias = User.find_alias(self.db_obj, alias_name,
pynimbusauthz.alias_type_s3)
a_list = list(alias)
if len(a_list) < 1:
raise cbException('AccessDenied')
# pick the first one, hmmm XXX
self.alias = a_list[0]
self.user = self.alias.get_canonical_user()
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def get_user_object_by_access_id(self, access_id):
"""Get a new connection every time this is called to make sure it is cleaned up"""
db = DB(self._cumulus_db)
user_alias = User.find_alias(db, access_id)
if not user_alias:
raise PhantomAWSException('InvalidClientTokenId')
l = list(user_alias)
db.close()
if l < 1:
raise PhantomAWSException('InvalidClientTokenId')
return PhantomUserObject(access_id, l[0].get_data(), l[0].get_friendly_name())
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
user_uu = None
if len(args) == 1:
user_uu = args[0]
if opts.new:
user = User(db_obj,
user_uu,
friendly=opts.friendlyname,
create=True)
pynimbusauthz.print_msg(opts, 0, "User %s added" % (user.get_id()))
else:
user = User(db_obj, user_uu)
pynimbusauthz.print_msg(opts, 0, "User %s" % (user.get_id()))
if opts.alias != None:
user_alias = user.get_alias(opts.alias, opts.type)
if user_alias == None:
user_alias = user.create_alias(opts.alias, opts.type,
opts.friendlyname)
pynimbusauthz.print_msg(
opts, 0,
"Creating new alias %s:%s" % (opts.type, opts.alias))
if opts.genkey:
data = pynimbusauthz.random_string_gen(42)
pynimbusauthz.print_msg(opts, 0, "Key generated %s" % (data))
user_alias.set_data(data)
elif opts.setkey != None:
data = opts.setkey
user_alias.set_data(data)
pynimbusauthz.print_msg(opts, 0, "updated the alias key")
if opts.remove_alias != None:
user_alias = user.get_alias(opts.remove_alias, opts.type)
user_alias.remove()
if opts.remove:
pynimbusauthz.print_msg(opts, 1,
"Removing user %s" % (user.get_id()))
if opts.force:
pynimbusauthz.print_msg(opts, 1, "Removing all references")
user.destroy_brutally()
else:
user.destroy()
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def get_user_object_by_access_id(self, access_id):
"""Get a new connection every time this is called to make sure it is cleaned up"""
db = DB(self._cumulus_db)
user_alias = User.find_alias(db, access_id)
if not user_alias:
raise PhantomAWSException('InvalidClientTokenId')
l = list(user_alias)
db.close()
if l < 1:
raise PhantomAWSException('InvalidClientTokenId')
return PhantomUserObject(access_id, l[0].get_data(),
l[0].get_friendly_name())
class TestCommit(unittest.TestCase):
def setUp(self):
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
def tearDown(self):
self.db.close()
def test_basic(self):
id = uuid.uuid1()
user1 = User(self.db, id, create=True)
self.db.rollback()
user1 = User(self.db, id, create=True)
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) > 0:
u_pattern = args[0]
else:
u_pattern = ""
if opts.bya:
usa = User.find_alias(db_obj, u_pattern)
users = []
for ua in usa:
users.append(ua.get_canonical_user())
else:
users = User.find_user(db_obj, u_pattern)
if users == None:
pynimbusauthz.print_msg(opts, 0, "No users in list")
return 1
for u in users:
list_user(opts, u)
except AuthzException, ae:
print ae
return ae.get_rc()
def main(argv=sys.argv[1:]):
try:
(o, args, p) = setup_options(argv)
search_pattern = args[0]
con_str = pycb.config.authzdb
db = DB(con_str)
user_list = User.find_user_by_friendly(db, search_pattern)
for u in user_list:
report_results(db, u, o)
db.commit()
except CLIError, clie:
print clie
return clie.get_rc()
def delete_user(o):
con_str = pycb.config.authzdb
db = DB(con_str)
# create canonical user
user = User.get_user_by_friendly(db, o.emailaddr)
if user == None:
raise CLIError('EUSER', "No such user %s" % (o.emailaddr))
o.canonical_id = user.get_id()
dnu = user.get_alias_by_friendly(o.emailaddr,
pynimbusauthz.alias_type_x509)
if dnu == None:
print "WARNING! there is no x509 alias for user %s" % (o.emailaddr)
else:
dn = dnu.get_name()
remove_gridmap(dn)
nh = get_nimbus_home()
groupauthz_dir = os.path.join(
nh, "services/etc/nimbus/workspace-service/group-authz/")
try:
remove_member(groupauthz_dir, dn)
except Exception, ex:
print "WARNING %s" % (ex)
if o.web:
if o.web_id == None:
o.web_id = o.emailaddr.split("@")[0]
remove_web(o)
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) > 0:
u_pattern = args[0]
else:
u_pattern = ""
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException(['FILE_EXISTS'],
"parent %s not found" % (opts.parent))
if opts.type == "all":
types = pynimbusauthz.object_types.keys()
else:
types = [opts.type]
for t in types:
files = File.find_files(db_obj, u_pattern, t, parent)
for f in files:
print_file(opts, f)
except AuthzException, ae:
print ae
return ae.get_rc()
def main(argv=sys.argv[1:]):
try:
(o, args, p) = setup_options(argv)
search_pattern = args[0]
con_str = pycb.config.authzdb
db = DB(con_str)
user_list = User.find_user_by_friendly(db, search_pattern)
for u in user_list:
report_results(db, u, o)
db.commit()
except CLIError, clie:
print clie
return clie.get_rc()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
user_uu = None
if len(args) == 1:
user_uu = args[0]
if opts.new:
user = User(db_obj, user_uu, friendly=opts.friendlyname, create=True)
pynimbusauthz.print_msg(opts, 0, "User %s added" % (user.get_id()))
else:
user = User(db_obj, user_uu)
pynimbusauthz.print_msg(opts, 0, "User %s" % (user.get_id()))
if opts.alias != None:
user_alias = user.get_alias(opts.alias, opts.type)
if user_alias == None:
user_alias = user.create_alias(opts.alias, opts.type, opts.friendlyname)
pynimbusauthz.print_msg(opts, 0, "Creating new alias %s:%s" % (opts.type,opts.alias))
if opts.genkey:
data = pynimbusauthz.random_string_gen(42)
pynimbusauthz.print_msg(opts, 0, "Key generated %s" % (data))
user_alias.set_data(data)
elif opts.setkey != None:
data = opts.setkey
user_alias.set_data(data)
pynimbusauthz.print_msg(opts, 0, "updated the alias key")
if opts.remove_alias != None:
user_alias = user.get_alias(opts.remove_alias, opts.type)
user_alias.remove()
if opts.remove:
pynimbusauthz.print_msg(opts, 1, "Removing user %s" % (user.get_id()))
if opts.force:
pynimbusauthz.print_msg(opts, 1, "Removing all references")
user.destroy_brutally()
else:
user.destroy()
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def get_user_id_by_display(self, display_name):
db_obj = DB(con_str=self.con_str)
a_it = UserAlias.find_alias_by_friendly(db_obj, display_name)
a_list = list(a_it)
if len(a_list) < 1:
return None
alias = a_list[0]
return alias.get_name()
def main(argv=sys.argv[1:]):
try:
(o, args, p) = setup_options(argv)
con_str = pycb.config.authzdb
db = DB(con_str)
o.emailaddr = args[0]
create_user(o, db)
report_results(o, db)
db.close()
except CLIError, clie:
if DEBUG:
traceback.print_exc(file=sys.stdout)
print clie
return clie.get_rc()
def main(argv=sys.argv[1:]):
try:
(o, args, p) = setup_options(argv)
con_str = pycb.config.authzdb
db = DB(con_str)
o.emailaddr = args[0]
create_user(o, db)
report_results(o, db)
db.close()
except CLIError, clie:
if DEBUG:
traceback.print_exc(file=sys.stdout)
print clie
return clie.get_rc()
def main(argv=sys.argv[1:]):
try:
repo_dir = argv[0]
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
user = User(db_obj, uu="CumulusPublicUser")
if user == None:
raise Exception("No public user")
File.create_file(db_obj, repo_dir, user, repo_dir, pynimbusauthz.alias_type_s3)
db_obj.commit()
except:
raise
return 0
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def __init__(self, alias_name, con_str):
self.db_obj = DB(con_str=con_str)
alias = User.find_alias(self.db_obj, alias_name, pynimbusauthz.alias_type_s3)
a_list = list(alias)
if len(a_list) < 1:
raise cbException('AccessDenied')
# pick the first one, hmmm XXX
self.alias = a_list[0]
self.user = self.alias.get_canonical_user()
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
user = User(db_obj, args[0], create=False)
if opts.quota != None:
q = opts.quota
if opts.quota == "UNLIMITED":
q = User.UNLIMITED
user.set_quota(q, object_type=opts.type)
if opts.report:
q = user.get_quota(object_type=opts.type)
u = user.get_quota_usage(object_type=opts.type)
if q != User.UNLIMITED:
r = q - u
rstr = pynimbusauthz.pretty_number(r)
qstr = pynimbusauthz.pretty_number(q)
ustr = pynimbusauthz.pretty_number(u)
pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Quota", qstr))
pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Usage", ustr))
pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Remaining", rstr))
if r < 0:
pynimbusauthz.print_msg(opts, 0, "OVER LIMIT!")
elif r == 0:
pynimbusauthz.print_msg(opts, 0, "At Limit")
else:
p = (float(r) / float(q)) * 100.0
pynimbusauthz.print_msg(opts, 0, "%-10s %5.1f%%" % ("Available", p))
else:
pynimbusauthz.print_msg(opts, 0, "Quota UNLIMITED")
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def main(argv=sys.argv[1:]):
try:
repo_dir = argv[0]
repo_dir = str(repo_dir).strip()
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
user = User(db_obj, uu="CumulusPublicUser")
if user == None:
raise Exception("No public user")
File.create_file(db_obj, repo_dir, user, repo_dir,
pynimbusauthz.alias_type_s3)
db_obj.commit()
except:
raise
return 0
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ["NIMBUS_AUTHZ_DB"] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) != 3:
raise AuthzException(
'CLI_PARAMETER',
"You must specify a username filename permssions")
user_name = args[0]
object_name = args[1]
requested_perms = args[2]
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS',
"parent %s not found" % (opts.parent))
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
raise AuthzException(
'FILE_EXISTS',
"file %s:%s not found" % (opts.type, object_name))
user = User(db_obj, uu=user_name)
uf = UserFile(file1) # create a uesrfile with owner so we can chmod
uf.chmod(requested_perms, user=user)
pynimbusauthz.print_msg(
opts, 0, "changed %s to %s for %s" %
(str(file1), requested_perms, str(user)))
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def main(argv=sys.argv[1:]):
try:
(o, args, p) = setup_options(argv)
con_str = pycb.config.authzdb
db = DB(con_str)
o.emailaddr = args[0]
edit_user(o, db)
report_results(o, db)
except CLIError, clie:
print clie
return clie.get_rc()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
old_path = args[0]
new_path = args[1]
pattern = old_path + "%"
files = list(File.find_files_from_data(db_obj, pattern))
for f in files:
old_key = f.get_data_key()
new_key = old_key.replace(old_path, new_path, 1)
f.set_data_key(new_key)
db_obj.commit()
print "done - %d files rebased" % len(files)
except AuthzException, ae:
print ae
return ae.get_rc()
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user = User(self.db)
def tearDown(self):
self.user.destroy_brutally()
self.db.close()
def test_get_no_quota(self):
q = self.user.get_quota()
self.assertEqual(q, User.UNLIMITED)
def test_set_quota(self):
q = 100
self.user.set_quota(q)
qrc = self.user.get_quota()
self.assertEqual(q, qrc)
def test_get_no_usage(self):
u = self.user.get_quota_usage()
self.assertEqual(u, 0)
def test_add_file_usage_one_file(self):
size1 = 100
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, self.user, data, pynimbusauthz.object_type_s3, size=size1)
self.db.commit()
u = self.user.get_quota_usage()
self.assertEqual(u, size1)
def test_add_file_usage_many_files(self):
size1 = 100
name = "/file/name"
data = "/etc/group"
total = 0
for i in range(0, 10):
file1 = File.create_file(self.db, name+str(i), self.user, data, pynimbusauthz.object_type_s3, size=size1)
total = total + size1
self.db.commit()
u = self.user.get_quota_usage()
self.assertEqual(u, total)
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) == 0:
raise AuthzException('CLI_PARAMETER',
"You must specify a filename")
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS',
"bucket %s not found" % (opts.parent))
object_name = args[0]
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
pynimbusauthz.print_msg(opts, 0, "File not found")
return
uf = UserFile(file1)
msg = "%10s\t%10s\t%10s\t%10s\t%10s" % ("file", "type", "owner",
"user", "perms")
pynimbusauthz.print_msg(opts, 1, msg)
n = uf.get_file().get_name()
t = uf.get_file().get_object_type()
stat_print_uf(opts, uf, n, t)
if opts.all:
user_list = uf.get_file().get_all_users()
for u in user_list:
uf = UserFile(uf.get_file(), u)
stat_print_uf(opts, uf, " ", " ")
except AuthzException, ae:
print ae
return ae.get_rc()
class TestStatCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_stat(self):
rc = pynimbusauthz.stat.main([self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["-a", self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_bad_opts_stat(self):
rc = pynimbusauthz.stat.main([])
self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["nofile"])
self.assertNotEqual(rc, 0, "CLI should return success %s" % (str(rc)))
rc = pynimbusauthz.stat.main(["-p", "nobucket", self.name])
self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))
def test_basic_stat(self):
user2 = User(self.db)
self.db.commit()
rc = pynimbusauthz.chmod.main([user2.get_id(), self.name, "Rrw"])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main([self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["-a", self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
class TestStatCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ["NIMBUS_AUTHZ_DB"] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_stat(self):
rc = pynimbusauthz.stat.main([self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["-a", self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_bad_opts_stat(self):
rc = pynimbusauthz.stat.main([])
self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["nofile"])
self.assertNotEqual(rc, 0, "CLI should return success %s" % (str(rc)))
rc = pynimbusauthz.stat.main(["-p", "nobucket", self.name])
self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))
def test_basic_stat(self):
user2 = User(self.db)
self.db.commit()
rc = pynimbusauthz.chmod.main([user2.get_id(), self.name, "Rrw"])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main([self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
rc = pynimbusauthz.stat.main(["-a", self.name])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
class TestFile(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
def tearDown(self):
self.db.close()
def test_basic_file(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
x = file1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
n2 = file1.get_name()
self.assertEqual(name, n2, "Names not equal")
d2 = file1.get_data_key()
self.assertEqual(data, d2, "Data not equal")
o2 = file1.get_owner()
self.assertEqual(user1, o2, "Owner not equal")
p2 = file1.get_parent()
self.assertEqual(None, p2, "There should be no parent")
b2 = file1.get_object_type()
self.assertEqual(pynimbusauthz.object_type_s3, b2, "Type wrong")
def xtest_international_file(self):
user1 = User(self.db)
name = os.environ["CUMULUS_WORD"]
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
def test_file_children(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
self.db.commit()
p2 = child1.get_parent()
self.assertEqual(p2, file1, "parent not set properly")
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = file1.get_all_children()
found = False
for f in x:
if f == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
def test_find_no_file(self):
f = File.get_file_from_db_id(self.db, 1000)
self.assertEqual(f, None, "We should not have found that file")
f = File.get_file(self.db, "nofile", pynimbusauthz.object_type_s3)
self.assertEqual(f, None, "We should not have found that file")
def test_file_and_bucket(self):
user1 = User(self.db)
fname = "NAME"
data = "data"
b1 = File.create_file(self.db, "bucket", user1, data, pynimbusauthz.object_type_s3)
f1 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3, parent=b1)
f2 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
self.assertNotEqual(f1.get_id(), f2.get_id())
f3 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
f4 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertEqual(f1.get_id(), f3.get_id())
self.assertEqual(f2.get_id(), f4.get_id())
self.assertNotEqual(f3.get_id(), f4.get_id())
self.db.commit()
def test_change_key(self):
user1 = User(self.db)
name = "/file/name"
old_base = "/old/path/base"
fname = "/etc/group"
new_base = "/new/base/location/dir"
f = File.create_file(self.db, name, user1, old_base + fname, pynimbusauthz.object_type_s3)
self.assertEqual(old_base + fname, f.get_data_key(), "old value not euqal")
new_key = new_base + fname
f.set_data_key(new_key)
self.db.commit()
tst_new_key = f.get_data_key()
self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))
f2 = File.get_file(self.db, name, pynimbusauthz.object_type_s3)
tst_new_key = f2.get_data_key()
self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))
def test_find_by_key(self):
user1 = User(self.db)
name = "/file/name"
key = "/old/path/base"
f = File.create_file(self.db, name, user1, key, pynimbusauthz.object_type_s3)
self.db.commit()
f2a = File.find_files_from_data(self.db, key)
found = False
for f2 in f2a:
tst_key = f2.get_data_key()
if tst_key == key:
found = True
self.assertTrue(found, "key not found")
class TestRebaseCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_single_change(self):
name = "/file/name"
old_base = "/OLD"
new_base = "/NEW"
data = "/etc/group"
key = old_base + data
file1 = File.create_file(self.db, name, self.user1, key, pynimbusauthz.object_type_s3)
self.db.commit()
rc = pynimbusauthz.rebase.main([old_base, new_base])
self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))
f2a = File.find_files_from_data(self.db, key)
f2a = list(f2a)
self.assertEqual(len(f2a), 0, "should be no values with key %s len is %d" % (old_base, len(f2a)))
key = new_base + data
f2a = File.find_files_from_data(self.db, key)
f2a = list(f2a)
self.assertNotEqual(len(f2a), 0, "length should be greater than 0 is %d" % (len(f2a)))
found = False
for f2 in f2a:
tst_key = f2.get_data_key()
if tst_key == key:
found = True
self.assertTrue(found, "key not found")
def test_many_change(self):
name = "/file/name"
old_base = "/OLD"
new_base = "/NEW"
count = 10
for i in range(0, count):
keyname = str(uuid.uuid1())
oldkey = old_base + "/" + keyname
File.create_file(self.db, name+oldkey, self.user1, oldkey, pynimbusauthz.object_type_s3)
self.db.commit()
rc = pynimbusauthz.rebase.main([old_base, new_base])
self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))
f2a = File.find_files_from_data(self.db, new_base + "%")
f2a = list(f2a)
self.assertEqual(len(f2a), count, "length of the new items should be %d is %s" % (count, len(f2a)))
def test_many_change_but_not_all(self):
name = "/file/name"
old_base = "/OLD"
new_base = "/NEW"
other_base = "/NOTHERE"
count = 10
for i in range(0, count):
keyname = str(uuid.uuid1())
oldkey = old_base + "/" + keyname
File.create_file(self.db, name+oldkey, self.user1, oldkey, pynimbusauthz.object_type_s3)
for i in range(0, count*2):
keyname = str(uuid.uuid1())
oldkey = other_base + "/" + keyname
File.create_file(self.db, name+oldkey, self.user1, oldkey, pynimbusauthz.object_type_s3)
self.db.commit()
rc = pynimbusauthz.rebase.main([old_base, new_base])
self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))
f2a = File.find_files_from_data(self.db, new_base + "%")
f2a = list(f2a)
self.assertEqual(len(f2a), count, "length of the new items should be %d is %s" % (count, len(f2a)))
class TestRebaseCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_single_change(self):
name = "/file/name"
old_base = "/OLD"
new_base = "/NEW"
data = "/etc/group"
key = old_base + data
file1 = File.create_file(self.db, name, self.user1, key,
pynimbusauthz.object_type_s3)
self.db.commit()
rc = pynimbusauthz.rebase.main([old_base, new_base])
self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))
f2a = File.find_files_from_data(self.db, key)
f2a = list(f2a)
self.assertEqual(
len(f2a), 0,
"should be no values with key %s len is %d" % (old_base, len(f2a)))
key = new_base + data
f2a = File.find_files_from_data(self.db, key)
f2a = list(f2a)
self.assertNotEqual(
len(f2a), 0, "length should be greater than 0 is %d" % (len(f2a)))
found = False
for f2 in f2a:
tst_key = f2.get_data_key()
if tst_key == key:
found = True
self.assertTrue(found, "key not found")
def test_many_change(self):
name = "/file/name"
old_base = "/OLD"
new_base = "/NEW"
count = 10
for i in range(0, count):
keyname = str(uuid.uuid1())
oldkey = old_base + "/" + keyname
File.create_file(self.db, name + oldkey, self.user1, oldkey,
pynimbusauthz.object_type_s3)
self.db.commit()
rc = pynimbusauthz.rebase.main([old_base, new_base])
self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))
f2a = File.find_files_from_data(self.db, new_base + "%")
f2a = list(f2a)
self.assertEqual(
len(f2a), count,
"length of the new items should be %d is %s" % (count, len(f2a)))
def test_many_change_but_not_all(self):
name = "/file/name"
old_base = "/OLD"
new_base = "/NEW"
other_base = "/NOTHERE"
count = 10
for i in range(0, count):
keyname = str(uuid.uuid1())
oldkey = old_base + "/" + keyname
File.create_file(self.db, name + oldkey, self.user1, oldkey,
pynimbusauthz.object_type_s3)
for i in range(0, count * 2):
keyname = str(uuid.uuid1())
oldkey = other_base + "/" + keyname
File.create_file(self.db, name + oldkey, self.user1, oldkey,
pynimbusauthz.object_type_s3)
self.db.commit()
rc = pynimbusauthz.rebase.main([old_base, new_base])
self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))
f2a = File.find_files_from_data(self.db, new_base + "%")
f2a = list(f2a)
self.assertEqual(
len(f2a), count,
"length of the new items should be %d is %s" % (count, len(f2a)))
class cbAuthzUser(object):
def __init__(self, alias_name, con_str):
self.db_obj = DB(con_str=con_str)
alias = User.find_alias(self.db_obj, alias_name, pynimbusauthz.alias_type_s3)
a_list = list(alias)
if len(a_list) < 1:
raise cbException('AccessDenied')
# pick the first one, hmmm XXX
self.alias = a_list[0]
self.user = self.alias.get_canonical_user()
def get_canonical_id(self):
return self.user.get_id()
def get_password(self):
return self.alias.get_data()
# return string user_id
def get_id(self):
return self.alias.get_name()
# return string email name
def get_display_name(self):
return self.alias.get_friendly_name()
def get_file_obj(self, bucketName, objectName=None):
file = File.get_file(self.db_obj, bucketName, pynimbusauthz.object_type_s3)
if file == None:
return None
if objectName != None:
file = File.get_file(self.db_obj, objectName, pynimbusauthz.object_type_s3, file)
return file
# return the permission string of the given object
def get_uf(self, bucketName, objectName=None):
file = self.get_file_obj(bucketName, objectName)
if file == None:
pycb.log(logging.INFO, "b:o not found %s:%s" % (bucketName, str(objectName)))
raise cbException('NoSuchKey')
uf = UserFile(file, self.user)
return uf
def set_quota(self, max):
self.user.set_quota(max)
self.db_obj.commit()
def get_quota(self):
q = self.user.get_quota()
self.db_obj.commit()
return q
# return the permission string of the given object
def get_perms(self, bucketName, objectName=None):
global authed_user
global public_user
try:
ufa = authed_user.get_uf(bucketName, objectName)
ufp = public_user.get_uf(bucketName, objectName)
p1 = ufa.get_perms(force=True)
p2 = ufp.get_perms(force=True)
gperms = merge_permissions(p1, p2)
except:
pycb.log(logging.ERROR, "error getting global permissions %s" % (sys.exc_info()[0]), tb=traceback)
gperms = ""
try:
uf = self.get_uf(bucketName, objectName)
p = uf.get_perms(force=True)
p = merge_permissions(p, gperms)
return (p, uf.get_file().get_data_key())
finally:
self.db_obj.commit()
def get_owner(self, bucketName, objectName=None):
try:
uf = self.get_uf(bucketName, objectName)
o = uf.get_owner()
uas = list(o.get_alias_by_type(pynimbusauthz.alias_type_s3))
if len(uas) < 1:
raise cbException('InternalError')
return (uas[0].get_name(), uas[0].get_friendly_name())
finally:
self.db_obj.commit()
# get a list of all of this users buckets
# returns a list of cbObjects
def get_my_buckets(self):
try:
file_iterater = File.get_user_files(self.db_obj, self.user, root=True)
new_it = itertools.imap(lambda r: _convert_bucket_to_cbObject(self, r), file_iterater)
return list(new_it)
finally:
self.db_obj.commit()
# returns a list of cbObjects
def list_bucket(self, bucketName, args):
clause = " ORDER BY name"
prefix = None
if 'prefix' in args:
prefix = args['prefix'][0]
prefix = "%s%%" % (prefix)
limit = None
if 'max-keys' in args:
max_a = args['max-keys']
limit = int(max_a[0])
if 'delimiter' in args:
pass
if 'key-marker' in args:
km = args['key-marker'][0]
clause = " and name > '%s'" % (km)
try:
bucket = File.get_file(self.db_obj, bucketName, pynimbusauthz.alias_type_s3)
iter = bucket.get_all_children(limit=limit, match_str=prefix, clause=clause)
new_it = itertools.imap(lambda r: _convert_File_to_cbObject(self, r), iter)
return list(new_it)
finally:
self.db_obj.commit()
# check if the given bucket/object exists
# returns a bool
def exists(self, bucketName, objectName=None):
try:
file = self.get_file_obj(bucketName, objectName)
return file != None
finally:
self.db_obj.commit()
def get_info(self, bucketName, objectName=None):
try:
file = self.get_file_obj(bucketName, objectName)
return (file.get_size(), file.get_creation_time(), file.get_md5sum())
finally:
self.db_obj.commit()
def get_remaining_quota(self):
quota = self.user.get_quota()
if quota == User.UNLIMITED:
return User.UNLIMITED
u = self.user.get_quota_usage()
return quota - u
# add a new bucket owned by this user
def put_bucket(self, bucketName):
try:
f = File.create_file(self.db_obj, bucketName, self.user, bucketName, pynimbusauthz.alias_type_s3)
finally:
self.db_obj.commit()
def put_object(self, data_obj, bucketName, objectName):
data_key = data_obj.get_data_key()
md5sum = data_obj.get_md5()
fsize = data_obj.get_size()
try:
# it is ok for someone to put to an existing object
# we just need to delete the existing one
file = self.get_file_obj(bucketName, objectName)
if file != None:
pycb.config.bucket.delete_object(file.get_data_key())
file.delete()
bf = self.get_file_obj(bucketName)
f = File.create_file(self.db_obj, objectName, self.user, data_key, pynimbusauthz.alias_type_s3, parent=bf, size=fsize, md5sum=md5sum)
finally:
self.db_obj.commit()
# grant a new user_id access to the object or bucket
def grant(self, user_id, bucketName, objectName=None, perms="Rr"):
try:
uf = self.get_uf(bucketName, objectName)
new_alias_iter = User.find_alias(self.db_obj, user_id, pynimbusauthz.alias_type_s3)
new_alias_list = list(new_alias_iter)
new_alias = new_alias_list[0]
new_user = new_alias.get_canonical_user()
uf.chmod(perms, user=new_user)
finally:
self.db_obj.commit()
# remove an object from the registry
def delete_object(self, bucketName, objectName):
try:
file = self.get_file_obj(bucketName, objectName)
file.delete()
finally:
self.db_obj.commit()
# remove a bucket from the registry
def delete_bucket(self, bucketName):
try:
file = self.get_file_obj(bucketName)
kids = file.get_all_children()
if len(list(kids)) != 0:
raise cbException('BucketNotEmpty')
file.delete()
finally:
self.db_obj.commit()
# return the acl list of the given bucket/object
#
# list of (id, display_name, perms)
def get_acl(self, bucketName, objectName=None):
try:
file = self.get_file_obj(bucketName, objectName)
ufs = file.get_all_user_files()
grants = []
for uf in ufs:
u = uf.get_user()
perms = uf.get_perms(force=True)
uas = u.get_alias_by_type(pynimbusauthz.alias_type_s3)
for ua in uas:
user_id = ua.get_name()
display_name = ua.get_friendly_name()
line = (user_id, display_name, perms)
grants.append(line)
return grants
finally:
self.db_obj.commit()
def set_user_pw(self, password):
self.alias.set_data(password)
def remove_user(self, force=False):
if force:
uc = User(self.db_obj, uu=self.get_canonical_id(), create=False)
uc.destroy_brutally()
else:
self.alias.remove()
class cbAuthzUser(object):
def __init__(self, alias_name, con_str):
self.db_obj = DB(con_str=con_str)
alias = User.find_alias(self.db_obj, alias_name,
pynimbusauthz.alias_type_s3)
a_list = list(alias)
if len(a_list) < 1:
raise cbException('AccessDenied')
# pick the first one, hmmm XXX
self.alias = a_list[0]
self.user = self.alias.get_canonical_user()
def get_canonical_id(self):
return self.user.get_id()
def get_password(self):
return self.alias.get_data()
# return string user_id
def get_id(self):
return self.alias.get_name()
# return string email name
def get_display_name(self):
return self.alias.get_friendly_name()
def get_file_obj(self, bucketName, objectName=None):
file = File.get_file(self.db_obj, bucketName,
pynimbusauthz.object_type_s3)
if file == None:
return None
if objectName != None:
file = File.get_file(self.db_obj, objectName,
pynimbusauthz.object_type_s3, file)
return file
# return the permission string of the given object
def get_uf(self, bucketName, objectName=None):
file = self.get_file_obj(bucketName, objectName)
if file == None:
pycb.log(logging.INFO,
"b:o not found %s:%s" % (bucketName, str(objectName)))
raise cbException('NoSuchKey')
uf = UserFile(file, self.user)
return uf
def set_quota(self, max):
self.user.set_quota(max)
self.db_obj.commit()
def get_quota(self):
q = self.user.get_quota()
self.db_obj.commit()
return q
# return the permission string of the given object
def get_perms(self, bucketName, objectName=None):
global authed_user
global public_user
try:
ufa = authed_user.get_uf(bucketName, objectName)
ufp = public_user.get_uf(bucketName, objectName)
p1 = ufa.get_perms(force=True)
p2 = ufp.get_perms(force=True)
gperms = merge_permissions(p1, p2)
except:
pycb.log(logging.ERROR,
"error getting global permissions %s" %
(sys.exc_info()[0]),
tb=traceback)
gperms = ""
try:
uf = self.get_uf(bucketName, objectName)
p = uf.get_perms(force=True)
p = merge_permissions(p, gperms)
return (p, uf.get_file().get_data_key())
finally:
self.db_obj.commit()
def get_owner(self, bucketName, objectName=None):
try:
uf = self.get_uf(bucketName, objectName)
o = uf.get_owner()
uas = list(o.get_alias_by_type(pynimbusauthz.alias_type_s3))
if len(uas) < 1:
raise cbException('InternalError')
return (uas[0].get_name(), uas[0].get_friendly_name())
finally:
self.db_obj.commit()
# get a list of all of this users buckets
# returns a list of cbObjects
def get_my_buckets(self):
try:
file_iterater = File.get_user_files(self.db_obj,
self.user,
root=True)
new_it = itertools.imap(
lambda r: _convert_bucket_to_cbObject(self, r), file_iterater)
return list(new_it)
finally:
self.db_obj.commit()
# returns a list of cbObjects
def list_bucket(self, bucketName, args):
clause = " ORDER BY name"
prefix = None
if 'prefix' in args:
prefix = args['prefix'][0]
prefix = "%s%%" % (prefix)
limit = None
if 'max-keys' in args:
max_a = args['max-keys']
limit = int(max_a[0])
if 'delimiter' in args:
pass
if 'key-marker' in args:
km = args['key-marker'][0]
clause = " and name > '%s'" % (km)
try:
bucket = File.get_file(self.db_obj, bucketName,
pynimbusauthz.alias_type_s3)
iter = bucket.get_all_children(limit=limit,
match_str=prefix,
clause=clause)
new_it = itertools.imap(
lambda r: _convert_File_to_cbObject(self, r), iter)
return list(new_it)
finally:
self.db_obj.commit()
# check if the given bucket/object exists
# returns a bool
def exists(self, bucketName, objectName=None):
try:
file = self.get_file_obj(bucketName, objectName)
return file != None
finally:
self.db_obj.commit()
def get_info(self, bucketName, objectName=None):
try:
file = self.get_file_obj(bucketName, objectName)
return (file.get_size(), file.get_creation_time(),
file.get_md5sum())
finally:
self.db_obj.commit()
def get_remaining_quota(self):
quota = self.user.get_quota()
if quota == User.UNLIMITED:
return User.UNLIMITED
u = self.user.get_quota_usage()
return quota - u
# add a new bucket owned by this user
def put_bucket(self, bucketName):
try:
f = File.create_file(self.db_obj, bucketName, self.user,
bucketName, pynimbusauthz.alias_type_s3)
finally:
self.db_obj.commit()
def put_object(self, data_obj, bucketName, objectName):
data_key = data_obj.get_data_key()
md5sum = data_obj.get_md5()
fsize = data_obj.get_size()
try:
# it is ok for someone to put to an existing object
# we just need to delete the existing one
file = self.get_file_obj(bucketName, objectName)
if file != None:
pycb.config.bucket.delete_object(file.get_data_key())
file.delete()
bf = self.get_file_obj(bucketName)
f = File.create_file(self.db_obj,
objectName,
self.user,
data_key,
pynimbusauthz.alias_type_s3,
parent=bf,
size=fsize,
md5sum=md5sum)
finally:
self.db_obj.commit()
# grant a new user_id access to the object or bucket
def grant(self, user_id, bucketName, objectName=None, perms="Rr"):
try:
uf = self.get_uf(bucketName, objectName)
new_alias_iter = User.find_alias(self.db_obj, user_id,
pynimbusauthz.alias_type_s3)
new_alias_list = list(new_alias_iter)
new_alias = new_alias_list[0]
new_user = new_alias.get_canonical_user()
uf.chmod(perms, user=new_user)
finally:
self.db_obj.commit()
# remove an object from the registry
def delete_object(self, bucketName, objectName):
try:
file = self.get_file_obj(bucketName, objectName)
file.delete()
finally:
self.db_obj.commit()
# remove a bucket from the registry
def delete_bucket(self, bucketName):
try:
file = self.get_file_obj(bucketName)
kids = file.get_all_children()
if len(list(kids)) != 0:
raise cbException('BucketNotEmpty')
file.delete()
finally:
self.db_obj.commit()
# return the acl list of the given bucket/object
#
# list of (id, display_name, perms)
def get_acl(self, bucketName, objectName=None):
try:
file = self.get_file_obj(bucketName, objectName)
ufs = file.get_all_user_files()
grants = []
for uf in ufs:
u = uf.get_user()
perms = uf.get_perms(force=True)
uas = u.get_alias_by_type(pynimbusauthz.alias_type_s3)
for ua in uas:
user_id = ua.get_name()
display_name = ua.get_friendly_name()
line = (user_id, display_name, perms)
grants.append(line)
return grants
finally:
self.db_obj.commit()
def set_user_pw(self, password):
try:
self.alias.set_data(password)
finally:
self.db_obj.commit()
def remove_user(self, force=False):
try:
if force:
uc = User(self.db_obj,
uu=self.get_canonical_id(),
create=False)
uc.destroy_brutally()
else:
self.alias.remove()
finally:
self.db_obj.commit()
class TestFile(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
def tearDown(self):
self.db.close()
def test_basic_file(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
x = file1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
n2 = file1.get_name()
self.assertEqual(name, n2, "Names not equal")
d2 = file1.get_data_key()
self.assertEqual(data, d2, "Data not equal")
o2 = file1.get_owner()
self.assertEqual(user1, o2, "Owner not equal")
p2 = file1.get_parent()
self.assertEqual(None, p2, "There should be no parent")
b2 = file1.get_object_type()
self.assertEqual(pynimbusauthz.object_type_s3, b2, "Type wrong")
def test_file_children(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
self.db.commit()
p2 = child1.get_parent()
self.assertEqual(p2, file1, "parent not set properly")
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = file1.get_all_children()
found = False
for f in x:
if f == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
def test_find_no_file(self):
f = File.get_file_from_db_id(self.db, 1000)
self.assertEqual(f, None, "We should not have found that file")
f = File.get_file(self.db, "nofile", pynimbusauthz.object_type_s3)
self.assertEqual(f, None, "We should not have found that file")
def test_file_and_bucket(self):
user1 = User(self.db)
fname = "NAME"
data = "data"
b1 = File.create_file(self.db, "bucket", user1, data, pynimbusauthz.object_type_s3)
f1 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3, parent=b1)
f2 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
self.assertNotEqual(f1.get_id(), f2.get_id())
f3 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
f4 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertEqual(f1.get_id(), f3.get_id())
self.assertEqual(f2.get_id(), f4.get_id())
self.assertNotEqual(f3.get_id(), f4.get_id())
self.db.commit()
def test_change_key(self):
user1 = User(self.db)
name = "/file/name"
old_base = "/old/path/base"
fname = "/etc/group"
new_base = "/new/base/location/dir"
f = File.create_file(self.db, name, user1, old_base + fname, pynimbusauthz.object_type_s3)
self.assertEqual(old_base + fname, f.get_data_key(), "old value not euqal")
new_key = new_base + fname
f.set_data_key(new_key)
self.db.commit()
tst_new_key = f.get_data_key()
self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))
f2 = File.get_file(self.db, name, pynimbusauthz.object_type_s3)
tst_new_key = f2.get_data_key()
self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))
def test_find_by_key(self):
user1 = User(self.db)
name = "/file/name"
key = "/old/path/base"
f = File.create_file(self.db, name, user1, key, pynimbusauthz.object_type_s3)
self.db.commit()
f2a = File.find_files_from_data(self.db, key)
found = False
for f2 in f2a:
tst_key = f2.get_data_key()
if tst_key == key:
found = True
self.assertTrue(found, "key not found")
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user = User(self.db)
class TestAddUserCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_adduser(self):
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
rc = pynimbusauthz.add_user.main(["-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
try:
user = User(self.db, uu)
self.fail("should have had an exception loading user")
except:
pass
def test_basic_alias(self):
user = User(self.db)
uu = user.get_id()
aname = "alias1"
self.db.commit()
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.assertNotEqual(ua, None, "alias not found")
rc = pynimbusauthz.add_user.main(["-x", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.assertEqual(ua, None, "alias should not be found")
def test_user_alias_remove(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
rc = pynimbusauthz.add_user.main(["-x", aname, "-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
try:
user = User(self.db, uu)
self.fail("should have had an exception loading user")
except:
pass
try:
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.fail("should have had an exception loading user")
except:
pass
def test_set_key(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
rc = pynimbusauthz.add_user.main(["-g", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
key = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-k", key, "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.db.commit()
k2 = ua.get_data()
self.assertEqual(k2, key)
def test_default_new_user(self):
rc = pynimbusauthz.add_user.main(["-n"])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
def test_bad_args(self):
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main([])
self.assertNotEqual(rc, 0, "CLI should not return success %d" % (rc))
rc = pynimbusauthz.add_user.main(["-k", uu, uu])
self.assertNotEqual(rc, 0, "CLI should not return success %d" % (rc))
rc = pynimbusauthz.add_user.main(["-g", uu])
self.assertNotEqual(rc, 0, "CLI should not return success %d" % (rc))
def test_remove_force(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
# add a few alias
for i in range(0, 10):
aname = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
rc = pynimbusauthz.add_user.main(["-f", "-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def tearDown(self):
self.db.close()
def test_basic_userfile(self):
perms = self.uf.get_perms()
self.assertEqual(len(perms), 4, "Default perms should be none")
self.assertTrue("r" in perms, "read not set")
self.assertTrue("w" in perms, "write not set")
self.assertTrue("R" in perms, "read acl not set")
self.assertTrue("W" in perms, "write acl not set")
f2 = self.uf.get_file()
self.assertEqual(f2, self.file1, "should return the same file")
o2 = self.uf.get_owner()
self.assertEqual(o2, self.user1, "should return the same user")
self.assertTrue(self.uf.can_access("rwRW"))
a = self.uf.get_all_children()
self.assertEqual(len(list(a)), 0, "should be no children")
def test_bad_chmod(self):
try:
self.uf.chmod("KSA")
self.fail("should be a bad parameter exception")
except:
pass
def test_bad_chmod(self):
self.uf.chmod("r")
try:
perms = self.uf.get_perms()
self.fail("should not be able to read acl")
except:
pass
self.uf.chmod("Rr")
perms = self.uf.get_perms()
rc = self.uf.can_access("w")
self.assertFalse(rc, "should not be able to write %d" % (rc))
rc = self.uf.can_access("r")
self.assertTrue(rc, "should be able to read")
self.uf.chmod("RW")
def test_grant(self):
user2 = User(self.db)
self.uf.chmod("R", user=user2)
uf2 = UserFile(self.file1, user2)
p = uf2.get_perms()
self.assertEqual(p, "R", "perms should only be read here")
def test_children(self):
child1 = File.create_file(self.db, "kid", self.user1, self.data, pynimbusauthz.object_type_s3, parent=self.file1)
self.db.commit()
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = self.uf.get_all_children()
found = False
for f in x:
if f.get_file() == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def tearDown(self):
self.db.close()
def test_basic_userfile(self):
perms = self.uf.get_perms()
self.assertEqual(len(perms), 4, "Default perms should be none")
self.assertTrue("r" in perms, "read not set")
self.assertTrue("w" in perms, "write not set")
self.assertTrue("R" in perms, "read acl not set")
self.assertTrue("W" in perms, "write acl not set")
f2 = self.uf.get_file()
self.assertEqual(f2, self.file1, "should return the same file")
o2 = self.uf.get_owner()
self.assertEqual(o2, self.user1, "should return the same user")
self.assertTrue(self.uf.can_access("rwRW"))
a = self.uf.get_all_children()
self.assertEqual(len(list(a)), 0, "should be no children")
def test_bad_chmod(self):
try:
self.uf.chmod("KSA")
self.fail("should be a bad parameter exception")
except:
pass
def test_bad_chmod(self):
self.uf.chmod("r")
try:
perms = self.uf.get_perms()
self.fail("should not be able to read acl")
except:
pass
self.uf.chmod("Rr")
perms = self.uf.get_perms()
rc = self.uf.can_access("w")
self.assertFalse(rc, "should not be able to write %d" % (rc))
rc = self.uf.can_access("r")
self.assertTrue(rc, "should be able to read")
self.uf.chmod("RW")
def test_grant(self):
user2 = User(self.db)
self.uf.chmod("R", user=user2)
uf2 = UserFile(self.file1, user2)
p = uf2.get_perms()
self.assertEqual(p, "R", "perms should only be read here")
def test_children(self):
child1 = File.create_file(self.db,
"kid",
self.user1,
self.data,
pynimbusauthz.object_type_s3,
parent=self.file1)
self.db.commit()
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = self.uf.get_all_children()
found = False
for f in x:
if f.get_file() == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
class TestUser(unittest.TestCase):
def setUp(self):
#os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
def tearDown(self):
self.db.close()
def test_basic_user(self):
user1 = User(self.db)
user2 = User(self.db, user1.get_id())
self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
def test_user_to_string(self):
user1 = User(self.db)
uu = user1.get_id()
self.assertEqual(str(user1), uu, "toString function not working for user")
def test_destroy_user(self):
user1 = User(self.db)
uu = user1.get_id()
user1.destroy_brutally()
try:
user1 = User(self.db, uu)
self.fail("The uuid should have been deleted %s" % (uu))
except:
pass
def test_null_alias(self):
user1 = User(self.db)
all_alias = user1.get_all_alias()
self.assertEqual(len(list(all_alias)), 0, "No alias should be in DB for new user")
all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
self.assertEqual(len(list(all_alias)), 0, "No alias should be in DB for new user")
def test_create_alias_simple(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "testname@")
user2 = alias1.get_canonical_user()
self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
alias1 = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "name2@", "pooP")
user2 = alias1.get_canonical_user()
self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
print alias1
def test_alias_lookup_simple(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name1@")
alias2 = user1.get_alias("/name/", pynimbusauthz.alias_type_s3)
self.assertEqual(alias1.get_name(), alias2.get_name(), "Alias names should be the same")
self.assertEqual(alias1.get_type(), alias2.get_type(), "Alias types should be the same")
self.assertEqual(alias1.get_data(), alias2.get_data(), "Alias data should be the same")
def test_alias_lookup(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "1")
aliasX = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "2")
aliasX = user1.create_alias("/name3", pynimbusauthz.alias_type_s3, "3")
aliasX = user1.create_alias("/name4", pynimbusauthz.alias_type_s3, "4")
all_alias = user1.get_all_alias()
found = False
for a in all_alias:
if a.get_name() == alias1.get_name() and a.get_type() == alias1.get_type():
found = True
self.assertTrue(found, "We should have found the alias")
all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
found = False
for a in all_alias:
if a.get_name() == alias1.get_name() and a.get_type() == alias1.get_type():
found = True
self.assertTrue(found, "We should have found the alias")
def test_delete_alias(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
alias1.remove()
alias2 = user1.get_alias("/name/", pynimbusauthz.alias_type_s3)
self.assertEqual(alias2, None, "The alias should be gone")
def test_create_same_alias(self):
user1 = User(self.db)
alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
try:
alias2 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
self.fail("This should have caused an conflict on insert")
except:
pass
def find_user_id(self, u, list):
for l in list:
if u == l:
return True
return False
def test_find_user(self):
user1 = User(self.db)
self.db.commit()
id = user1.get_id()
fid = id[1:]
lid = id[:-1]
mid = id[1:-1]
# find by exact id
u_all = User.find_user(self.db, id)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, fid)
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, lid)
self.assertTrue(self.find_user_id(user1, u_all))
# find by exact partial 1
u_all = User.find_user(self.db, mid)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(user1, u_all))
def test_find_user_alias(self):
user1 = User(self.db)
self.db.commit()
alias_name = "helloname"
alias1 = user1.create_alias(alias_name, pynimbusauthz.alias_type_s3, alias_name)
self.db.commit()
fid = "%%" + alias_name[1:]
lid = alias_name[:-1] + "%%"
mid = "%%" + alias_name[1:-1] + "%%"
# find by exact id
u_all = UserAlias.find_alias(self.db, alias_name)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(alias1, u_all))
# find by exact partial 1
u_all = UserAlias.find_alias(self.db, fid)
self.assertTrue(self.find_user_id(alias1, u_all))
# find by exact partial 1
u_all = UserAlias.find_alias(self.db, lid)
self.assertTrue(self.find_user_id(alias1, u_all))
# find by exact partial 1
u_all = UserAlias.find_alias(self.db, mid)
self.assertNotEqual(u_all, None, "we should have found somethings")
self.assertTrue(self.find_user_id(alias1, u_all))
def test_set_alias_data(self):
user1 = User(self.db)
self.db.commit()
alias_name = "helloname"
alias1 = user1.create_alias(alias_name, pynimbusauthz.alias_type_s3, alias_name)
key = "helloworld"
alias1.set_data(key)
self.db.commit()
alias2 = user1.get_alias(alias_name, pynimbusauthz.alias_type_s3)
self.assertEqual(alias1.get_data(), alias2.get_data(), "alias not equal")
self.assertEqual(key, alias2.get_data(), "alias not equal")
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
class TestListUserCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
(tmpFD, self.outFileName) = tempfile.mkstemp("koatests")
os.close(tmpFD)
def tearDown(self):
self.db.close()
os.remove(self.fname)
def find_out_string(self, s):
f = open(self.outFileName)
lines = f.readlines()
f.close()
for l in lines:
ndx = l.find(s)
if ndx >= 0:
return True
return False
def test_basic_list_user(self):
uu = str(uuid.uuid1())
user = User(self.db, uu, create=True)
self.db.commit()
rc = pynimbusauthz.list_user.main(["-O", self.outFileName])
self.assertEqual(rc, 0, "CLI should return success")
rc = self.find_out_string(uu)
self.assertTrue(rc, "Username not found")
def test_list_alias(self):
uu = str(uuid.uuid1())
user = User(self.db, uu, create=True)
# add a few alias
alias_a = []
for i in range(0, 10):
aname = str(uuid.uuid1())
alias_a.append(aname)
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
self.db.commit()
rc = pynimbusauthz.list_user.main(["-a", "-O", self.outFileName])
self.assertEqual(rc, 0, "CLI should return success")
rc = self.find_out_string(uu)
self.assertTrue(rc, "Username not found")
for a in alias_a:
rc = self.find_out_string(a)
self.assertTrue(rc, "Username not found")
def test_find_by_alias(self):
uu = str(uuid.uuid1())
user = User(self.db, uu, create=True)
# add a few alias
alias_a = []
for i in range(0, 10):
aname = str(uuid.uuid1())
alias_a.append(aname)
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
self.db.commit()
rc = pynimbusauthz.list_user.main(["-s", "-O", self.outFileName, alias_a[0]])
self.assertEqual(rc, 0, "CLI should return success")
rc = self.find_out_string(uu)
self.assertTrue(rc, "Username not found")
def create_user(self, display_name, id, pw, opts):
db_obj = DB(con_str=self.con_str)
user = User(db_obj, friendly=display_name)
user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
db_obj.commit()
db_obj.close()
class TestChmodCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def validate_perms(self, new):
f = File.get_file_from_db_id(self.db, self.file1.get_id())
uf = UserFile(f, self.user1)
perms = uf.get_perms(force=True)
for p in new:
self.assertTrue(p in perms, "bad perms set %s != %s" % (new, perms))
self.assertEqual(len(perms), len(new), "perms dont match %s != %s" % (new, perms))
def test_basic_chmod(self):
uu = str(uuid.uuid1())
new_perms = "WR"
rc = pynimbusauthz.chmod.main([self.user1.get_id(), self.file1.get_name(), new_perms])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
self.validate_perms(new_perms)
def test_type_chmod(self):
uu = str(uuid.uuid1())
new_perms = "WRr"
rc = pynimbusauthz.chmod.main(["-t", self.file1.get_object_type(), self.user1.get_id(), self.file1.get_name(), new_perms])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
self.validate_perms(new_perms)
def test_badopts(self):
new_perms = "WR"
rc = pynimbusauthz.chmod.main(["-t", self.file1.get_object_type(), self.user1.get_id()])
self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
rc = pynimbusauthz.chmod.main([self.user1.get_id(), "notafile", new_perms])
self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
rc = pynimbusauthz.chmod.main(["-t", self.file1.get_object_type(), "-p", "nobucket", self.user1.get_id(), self.file1.get_name(), new_perms])
self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
def test_bucket(self):
# create a file and a bucket
b1 = File.create_file(self.db, "bucket", self.user1, self.data, pynimbusauthz.object_type_s3)
f2 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3, parent=b1)
self.db.commit()
new_perms = "WR"
rc = pynimbusauthz.chmod.main(["-t", f2.get_object_type(), "-p", b1.get_name(), self.user1.get_id(), f2.get_name(), new_perms])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
class TestChmodCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def tearDown(self):
self.db.close()
os.remove(self.fname)
def validate_perms(self, new):
f = File.get_file_from_db_id(self.db, self.file1.get_id())
uf = UserFile(f, self.user1)
perms = uf.get_perms(force=True)
for p in new:
self.assertTrue(p in perms,
"bad perms set %s != %s" % (new, perms))
self.assertEqual(len(perms), len(new),
"perms dont match %s != %s" % (new, perms))
def test_basic_chmod(self):
uu = str(uuid.uuid1())
new_perms = "WR"
rc = pynimbusauthz.chmod.main(
[self.user1.get_id(),
self.file1.get_name(), new_perms])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
self.validate_perms(new_perms)
def test_type_chmod(self):
uu = str(uuid.uuid1())
new_perms = "WRr"
rc = pynimbusauthz.chmod.main([
"-t",
self.file1.get_object_type(),
self.user1.get_id(),
self.file1.get_name(), new_perms
])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
self.validate_perms(new_perms)
def test_badopts(self):
new_perms = "WR"
rc = pynimbusauthz.chmod.main(
["-t", self.file1.get_object_type(),
self.user1.get_id()])
self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
rc = pynimbusauthz.chmod.main(
[self.user1.get_id(), "notafile", new_perms])
self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
rc = pynimbusauthz.chmod.main([
"-t",
self.file1.get_object_type(), "-p", "nobucket",
self.user1.get_id(),
self.file1.get_name(), new_perms
])
self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
def test_bucket(self):
# create a file and a bucket
b1 = File.create_file(self.db, "bucket", self.user1, self.data,
pynimbusauthz.object_type_s3)
f2 = File.create_file(self.db,
self.name,
self.user1,
self.data,
pynimbusauthz.object_type_s3,
parent=b1)
self.db.commit()
new_perms = "WR"
rc = pynimbusauthz.chmod.main([
"-t",
f2.get_object_type(), "-p",
b1.get_name(),
self.user1.get_id(),
f2.get_name(), new_perms
])
self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
class TestAddUserCli(unittest.TestCase):
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
def tearDown(self):
self.db.close()
os.remove(self.fname)
def test_basic_adduser(self):
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
rc = pynimbusauthz.add_user.main(["-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
try:
user = User(self.db, uu)
self.fail("should have had an exception loading user")
except:
pass
def test_basic_alias(self):
user = User(self.db)
uu = user.get_id()
aname = "alias1"
self.db.commit()
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.assertNotEqual(ua, None, "alias not found")
rc = pynimbusauthz.add_user.main(["-x", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.assertEqual(ua, None, "alias should not be found")
def test_user_alias_remove(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
rc = pynimbusauthz.add_user.main(["-x", aname, "-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
try:
user = User(self.db, uu)
self.fail("should have had an exception loading user")
except:
pass
try:
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.fail("should have had an exception loading user")
except:
pass
def test_set_key(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
rc = pynimbusauthz.add_user.main(["-g", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
key = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-k", key, "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
user = User(self.db, uu)
ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
self.db.commit()
k2 = ua.get_data()
self.assertEqual(k2, key)
def test_default_new_user(self):
rc = pynimbusauthz.add_user.main(["-n"])
self.assertEqual(rc, 0, "CLI should return success %d"%(rc))
def test_bad_args(self):
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main([])
self.assertNotEqual(rc, 0, "CLI should not return success %d"%(rc))
rc = pynimbusauthz.add_user.main(["-k", uu, uu])
self.assertNotEqual(rc, 0, "CLI should not return success %d"%(rc))
rc = pynimbusauthz.add_user.main(["-g", uu])
self.assertNotEqual(rc, 0, "CLI should not return success %d"%(rc))
def test_remove_force(self):
aname = str(uuid.uuid1())
uu = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
# add a few alias
for i in range(0, 10):
aname = str(uuid.uuid1())
rc = pynimbusauthz.add_user.main(["-a", aname, uu])
self.assertEqual(rc, 0, "CLI should return success")
rc = pynimbusauthz.add_user.main(["-f", "-r", uu])
self.assertEqual(rc, 0, "CLI should return success")
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
def tearDown(self):
self.db.close()
def test_basic_file(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
x = file1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
n2 = file1.get_name()
self.assertEqual(name, n2, "Names not equal")
d2 = file1.get_data_key()
self.assertEqual(data, d2, "Data not equal")
o2 = file1.get_owner()
self.assertEqual(user1, o2, "Owner not equal")
p2 = file1.get_parent()
self.assertEqual(None, p2, "There should be no parent")
b2 = file1.get_object_type()
self.assertEqual(pynimbusauthz.object_type_s3, b2, "Type wrong")
def test_file_children(self):
user1 = User(self.db)
name = "/file/name"
data = "/etc/group"
file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
self.db.commit()
p2 = child1.get_parent()
self.assertEqual(p2, file1, "parent not set properly")
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = file1.get_all_children()
found = False
for f in x:
if f == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
def test_find_no_file(self):
f = File.get_file_from_db_id(self.db, 1000)
self.assertEqual(f, None, "We should not have found that file")
f = File.get_file(self.db, "nofile", pynimbusauthz.object_type_s3)
self.assertEqual(f, None, "We should not have found that file")
def test_file_and_bucket(self):
user1 = User(self.db)
fname = "NAME"
data = "data"
b1 = File.create_file(self.db, "bucket", user1, data, pynimbusauthz.object_type_s3)
f1 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3, parent=b1)
f2 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3)
self.db.commit()
self.assertNotEqual(f1.get_id(), f2.get_id())
f3 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
f4 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
self.assertEqual(f1.get_id(), f3.get_id())
self.assertEqual(f2.get_id(), f4.get_id())
self.assertNotEqual(f3.get_id(), f4.get_id())
self.db.commit()
