def testSuccess(self, mock_metric):
non_expired_dt = datetime.datetime.utcnow() + datetime.timedelta(
days=1)
test_utils.CreateExemption(
'non_expired_host_id',
deactivation_dt=non_expired_dt,
initial_state=constants.EXEMPTION_STATE.APPROVED)
expired_dt = datetime.datetime.utcnow() - datetime.timedelta(days=1)
exm_count = 7
expired_exm_keys = []
for host_id in test_utils.RandomStrings(exm_count):
exm_key = test_utils.CreateExemption(
host_id,
deactivation_dt=expired_dt,
initial_state=constants.EXEMPTION_STATE.APPROVED)
expired_exm_keys.append(exm_key)
self.testapp.get(self.ROUTE,
headers={'X-AppEngine-Cron': 'true'},
status=httplib.OK)
tasks = self.UnpackTaskQueue(
queue_name=constants.TASK_QUEUE.EXEMPTIONS)
# keys = {args[0] for func, args, kwargs in tasks}
actual_exm_keys = {args[0] for func, args, kwargs in tasks}
self.assertSameElements(expired_exm_keys, actual_exm_keys)
self.assertNoBigQueryInsertions()
mock_metric.Set.assert_called_once_with(exm_count)
def testGetPlatform_Success(self):
host_id = test_utils.CreateSantaHost().key.id()
exm_key = test_utils.CreateExemption(host_id)
self.assertEqual(
constants.PLATFORM.MACOS, exemption.Exemption.GetPlatform(exm_key))
host_id = test_utils.CreateBit9Host().key.id()
exm_key = test_utils.CreateExemption(host_id)
self.assertEqual(
constants.PLATFORM.WINDOWS, exemption.Exemption.GetPlatform(exm_key))
def testSuccess(self):
user = test_utils.CreateUser()
host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id()
host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id()
exm_1 = test_utils.CreateExemption(host_id_1).get()
exm_2 = test_utils.CreateExemption(host_id_2).get()
test_utils.CreateExemption(host_id_3)
expected_exms = sorted([exm_1, exm_2])
actual_exms = sorted(model_utils.GetExemptionsForUser(user.email))
self.assertListEqual(expected_exms, actual_exms)
def testWithStateFilter(self):
user = test_utils.CreateUser()
host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id()
host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id()
exm_1 = test_utils.CreateExemption(
host_id_1, initial_state=_STATE.APPROVED).get()
test_utils.CreateExemption(host_id_2, initial_state=_STATE.EXPIRED)
test_utils.CreateExemption(host_id_3, initial_state=_STATE.APPROVED)
actual_exms = sorted(
model_utils.GetExemptionsForUser(user.email, state=_STATE.APPROVED))
self.assertListEqual([exm_1], actual_exms)
def setUp(self):
super(RevokeExemptionHandlerTest, self).setUp()
host_key = test_utils.CreateSantaHost().key
self.host_id = host_key.id()
self.exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.APPROVED)
def testGet_AsAdmin_Success(self):
user = test_utils.CreateUser()
host = test_utils.CreateSantaHost(primary_user=user.nickname)
test_utils.CreateExemption(host.key.id())
with self.LoggedInUser(admin=True):
self.testapp.get(self.ROUTE % host.key.id(), status=httplib.OK)
def testGet_AsUser_Forbidden(self):
user = test_utils.CreateUser()
host = test_utils.CreateSantaHost(primary_user=user.nickname)
test_utils.CreateExemption(host.key.id())
with self.LoggedInUser(): # Without arguments, will log in as a new user.
self.testapp.get(self.ROUTE % host.key.id(), status=httplib.FORBIDDEN)
def testPost_Forbidden_Pending(self):
other_host_key = test_utils.CreateSantaHost().key
other_host_id = other_host_key.id()
test_utils.CreateExemption(other_host_id, initial_state=_STATE.PENDING)
with self.LoggedInUser(admin=True):
self.testapp.post(self.ROUTE % other_host_id, status=httplib.FORBIDDEN)
def setUp(self):
super(EscalateExemptionHandlerTest, self).setUp()
self.user = test_utils.CreateUser()
host_key = test_utils.CreateSantaHost(primary_user=self.user.nickname).key
self.host_id = host_key.id()
self.exm_key = test_utils.CreateExemption(
self.host_id, initial_state=_STATE.DENIED)
def testRenew_Failure(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.ESCALATED)
with self.assertRaises(api.InvalidRenewalError):
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
self.mock_send.assert_not_called()
def setUp(self):
super(CancelExemptionHandlerTest, self).setUp()
self.valid_user = test_utils.CreateUser()
host_key = test_utils.CreateSantaHost(
primary_user=self.valid_user.nickname).key
self.host_id = host_key.id()
self.exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.APPROVED)
def testException_InitialStateChange(self, mock_change_state, mock_metric):
mock_change_state.side_effect = exemption_models.InvalidStateChangeError
exm_key = test_utils.CreateExemption('12345')
self.assertEqual(_STATE.REQUESTED, exm_key.get().state)
api.Process(exm_key)
self.assertEqual(_STATE.REQUESTED, exm_key.get().state)
mock_metric.Increment.assert_called_once()
def testCannotDeterminePlatform(self, mock_metric):
MysteryHost(id='host_id').put()
exm_key = test_utils.CreateExemption('host_id')
api.Process(exm_key)
self.assertEqual(_STATE.DENIED, exm_key.get().state)
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2)
mock_metric.Increment.assert_called_once()
def testInvalidStateChangeError(self):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.APPROVED)
with self.assertRaises(api.InvalidStateChangeError):
api.Escalate(exm_key)
self.assertEqual(_STATE.APPROVED, exm_key.get().state)
def testMacOs(self):
host = test_utils.CreateSantaHost(primary_user='******')
host_id = host.key.id()
exm_key = test_utils.CreateExemption(host_id)
notify.SendUpdateEmail(exm_key, _STATE.APPROVED)
expected_subject = 'Lockdown exemption update: %s' % host.hostname
self.mock_send.assert_called_once_with(expected_subject,
mock.ANY,
to=['aaaa'],
html=True)
def testSuccess(self):
# Create a user and some Hosts, some with Exemptions, and some without.
user = test_utils.CreateUser()
host_key_1 = test_utils.CreateBit9Host(users=[user.nickname]).key
exm_1 = test_utils.CreateExemption(host_key_1.id()).get()
host_key_2 = test_utils.CreateBit9Host(users=[user.nickname]).key
host_key_3 = test_utils.CreateSantaHost(primary_user=user.nickname).key
exm_2 = test_utils.CreateExemption(host_key_3.id()).get()
host_key_4 = test_utils.CreateSantaHost(primary_user=user.nickname).key
host_keys = [host_key_1, host_key_2, host_key_3, host_key_4]
results = model_utils.GetExemptionsForHosts(host_keys)
self.assertLen(results, 4)
self.assertEqual(exm_1, results.get(host_key_1))
self.assertIsNone(results.get(host_key_2))
self.assertEqual(exm_2, results.get(host_key_3))
self.assertIsNone(results.get(host_key_4))
def testSuccess(self):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.PENDING)
api.Escalate(exm_key)
exm = exm_key.get()
self.assertEqual(_STATE.ESCALATED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
def testRenew_NoOtherText(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.CANCELLED)
api.Request(host_id, _REASON.DEVELOPER_MACOS, None, _DURATION.DAY)
self.assertIsNotNone(exemption_models.Exemption.Get(host_id))
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testWindows(self):
users = ['aaaa', 'bbbb']
host = test_utils.CreateBit9Host(users=users)
host_id = host.key.id()
exm_key = test_utils.CreateExemption(host_id)
notify.SendUpdateEmail(exm_key, _STATE.APPROVED)
expected_subject = 'Lockdown exemption update: %s' % host.hostname
self.mock_send.assert_called_once_with(expected_subject,
mock.ANY,
to=users,
html=True)
def testInvalidStateChangeError(self, mock_enable):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.DENIED)
with self.assertRaises(api.InvalidStateChangeError):
api.Cancel(exm_key)
mock_enable.assert_not_called()
self.assertEqual(_STATE.DENIED, exm_key.get().state)
self.mock_send.assert_not_called()
def testInvalidStateChangeError(self, mock_enable):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.CANCELLED)
with self.assertRaises(api.InvalidStateChangeError):
api.Revoke(exm_key, ['justification'])
mock_enable.assert_not_called()
self.assertEqual(_STATE.CANCELLED, exm_key.get().state)
self.mock_send.assert_not_called()
def testRenew_Success_NotYetExpired(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.APPROVED)
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
exm = exemption_models.Exemption.Get(host_id)
self.assertEqual(_STATE.REQUESTED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testInitialStateChange_Exception(self, mock_change_state, mock_metric):
exm_key = test_utils.CreateExemption('12345')
self.assertEqual(_STATE.REQUESTED, exm_key.get().state)
# If the initial state change fails unexpectedly, ensure that the state
# remains as REQUESTED, and noise is made.
mock_change_state.side_effect = Exception
api.Process(exm_key)
self.assertEqual(_STATE.REQUESTED, exm_key.get().state)
mock_metric.Increment.assert_called_once()
def testPost_Admin(self):
user = test_utils.CreateUser()
host = test_utils.CreateSantaHost(primary_user=user.nickname)
test_utils.CreateExemption(host.key.id())
with self.LoggedInUser(admin=True):
response = self.testapp.post(self.ROUTE % host.key.id())
output = response.json
self.assertIn('application/json', response.headers['Content-type'])
self.assertIsInstance(output, dict)
def testSuccess(self):
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(
host_key.id(), initial_state=_STATE.PENDING)
api.Deny(exm_key)
exm = exm_key.get()
self.assertEqual(_STATE.DENIED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testEmptyPolicy(self, mock_disable):
self._PatchPolicyChecks()
host_key = test_utils.CreateSantaHost().key
exm_key = test_utils.CreateExemption(host_key.id())
api.Process(exm_key)
exm = exm_key.get()
mock_disable.assert_called()
self.assertEqual(_STATE.APPROVED, exm.state)
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2)
def testPolicyNotDefinedForPlatform(self, mock_metric):
self._PatchPolicyChecks()
host_key = test_utils.CreateBit9Host().key
exm_key = test_utils.CreateExemption(host_key.id())
api.Process(exm_key)
exm = exm_key.get()
self.assertEqual(_STATE.DENIED, exm.state)
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2)
mock_metric.Increment.assert_called_once()
def testGetByUserId_WithExemption(self):
user = test_utils.CreateUser()
bit9_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
test_utils.CreateExemption(bit9_host_id).get()
with self.LoggedInUser(admin=True):
response = self.testapp.get(self.USER_ID_ROUTE % user.key.id())
output = response.json
self.assertLen(output, 1)
self.assertIn('exemption', output[0])
self.assertIsNotNone(output[0]['exemption'])
def testGetSelf_WithExemption(self):
user = test_utils.CreateUser()
bit9_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id()
test_utils.CreateExemption(bit9_host_id)
with self.LoggedInUser(user=user):
response = self.testapp.get(self.SELF_ROUTE)
output = response.json
self.assertLen(output, 1)
self.assertIn('exemption', output[0])
self.assertIsNotNone(output[0]['exemption'])
def testEnable_ActiveExemption(self, mock_send, mock_cancel):
user = test_utils.CreateUser()
host = test_utils.CreateSantaHost(
primary_user=user.nickname, transitive_whitelisting_enabled=False)
test_utils.CreateExemption(
host.key.id(), initial_state=constants.EXEMPTION_STATE.APPROVED)
api.ChangeTransitiveWhitelisting(host.key.id(), True)
self.assertTrue(host.key.get().transitive_whitelisting_enabled)
mock_send.assert_called_once()
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.HOST)
mock_cancel.assert_called_once()
