def test_ssh(self): """ IDENTITY (CORE): Test adding and removing SSH public key authentication """ add_identity(self.account.external, IdentityType.SSH, email='*****@*****.**') add_account_identity('my_public_key', IdentityType.SSH, self.account, email='*****@*****.**') list_identities() del_account_identity('my_public_key', IdentityType.SSH, self.account) del_identity(self.account.external, IdentityType.SSH)
def check_accounts(self, test_accounts): db_identities = list_identities() for account in test_accounts: # check existence db_account = get_account(account=account['account']) assert_equal(db_account['account'], account['account']) # check properties email = account.get('email') if email: assert_equal(db_account['email'], account['email']) # check identities identities = account.get('identities') if identities: for identity in identities: # check identity creation and identity-account association identity_type = IdentityType.from_sym(identity['type']) identity = identity['identity'] assert_in((identity, identity_type), db_identities) accounts_for_identity = list_accounts_for_identity( identity, identity_type) assert_in(account['account'], accounts_for_identity) # check removal of account account = get_account(self.old_account_1) assert_equal(account['status'], AccountStatus.DELETED) # check removal of identities accounts_for_identity = list_accounts_for_identity( self.identity_to_be_removed, IdentityType.X509) assert_true(account['account'] not in accounts_for_identity)
def list_identities(**kwargs): """ Returns a list of all enabled identities. returns: A list of all enabled identities. """ return identity.list_identities(**kwargs)
def import_accounts(accounts, vo='def', session=None): vo_filter = {'account': InternalAccount(account='*', vo=vo)} old_accounts = {account['account']: account for account in account_module.list_accounts(filter_=vo_filter, session=session)} missing_accounts = [account for account in accounts if account['account'] not in old_accounts] outdated_accounts = [account for account in accounts if account['account'] in old_accounts] to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]] old_identities = identity_module.list_identities(session=session) old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all() # add missing accounts for account_dict in missing_accounts: account = account_dict['account'] email = account_dict['email'] account_module.add_account(account=account, type_=AccountType.USER, email=email, session=session) identities = account_dict.get('identities', []) if identities: import_identities(identities, account, old_identities, old_identity_account, email, session=session) # remove left over accounts for account in to_be_removed_accounts: if account.external != 'root': account_module.del_account(account=account, session=session) # update existing accounts for account_dict in outdated_accounts: account = account_dict['account'] email = account_dict['email'] old_account = old_accounts[account] if email and old_account['email'] != email: account_module.update_account(account, key='email', value=email, session=session) identities = account_dict.get('identities', []) if identities: import_identities(identities, account, old_identities, old_identity_account, email, session=session)
def list_identities(session=None, **kwargs): """ Returns a list of all enabled identities. :param session: The database session in use. returns: A list of all enabled identities. """ return identity.list_identities(session=session, **kwargs)
def test_userpass(self): """ IDENTITY (CORE): Test adding and removing username/password authentication """ add_identity(self.account.external, IdentityType.USERPASS, email='*****@*****.**', password='******') add_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account, email='*****@*****.**', password='******') add_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, email='*****@*****.**') add_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account, email='*****@*****.**') add_identity('ddmlab_%s' % self.account, IdentityType.GSS, email='*****@*****.**') add_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account, email='*****@*****.**') list_identities() del_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account) del_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account) del_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account) del_identity('ddmlab_%s' % self.account, IdentityType.USERPASS)
def test_userpass(self): """ IDENTITY (CORE): Test adding and removing username/password authentication """ add_identity(self.account, IdentityType.USERPASS, email="*****@*****.**", password="******") add_account_identity( "ddmlab_%s" % self.account, IdentityType.USERPASS, self.account, email="*****@*****.**" ) add_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, email="*****@*****.**") add_account_identity( "/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account, email="*****@*****.**" ) add_identity("ddmlab_%s" % self.account, IdentityType.GSS, email="*****@*****.**") add_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account, email="*****@*****.**") list_identities() del_account_identity("ddmlab_%s" % self.account, IdentityType.USERPASS, self.account) del_account_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account) del_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account) del_identity("ddmlab_%s" % self.account, IdentityType.USERPASS)