def user_token(self): user = User(username="******").save() user_token = UserToken( expires_at=datetime.utcnow() + timedelta(minutes=10), user=user, uuid=uuid4(), ).save() yield user_token user_token.delete() user.delete()
def user_with_permission(event_forward_role): role_assignment = RoleAssignment( role=event_forward_role, domain={ "scope": "Global", }, ) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def user_admin(user_admin_role): role_assignment = RoleAssignment(role=user_admin_role, domain={"scope": "Global"}) user = User(username="******") user.set_password("password") user.role_assignments = [role_assignment] user.save() yield user user.delete()
def user_with_role_assignments(): role = Role(name="assignedrole1", permissions=["garden:read"]).save() role_assignment = RoleAssignment(domain={ "scope": "Garden", "identifiers": { "name": "garden1" } }, role=role) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete() role.delete()
def user(user_password): user = User(username="******") user.set_password(user_password) user.save() yield user user.delete()
def data_cleanup(): """Cleanup all data between test modules to ensure each one is independent""" yield Event.drop_collection() File.drop_collection() Garden.drop_collection() Job.drop_collection() RawFile.drop_collection() Request.drop_collection() RemoteUser.drop_collection() Role.drop_collection() System.drop_collection() User.drop_collection() UserToken.drop_collection()
def user_with_permission(garden_permitted, queue_manager_role): role_assignment = RoleAssignment( role=queue_manager_role, domain={ "scope": "Garden", "identifiers": { "name": garden_permitted.name, }, }, ) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def user_with_permission(garden, garden_admin_role): role_assignment = RoleAssignment( role=garden_admin_role, domain={ "scope": "Garden", "identifiers": { "name": garden.name }, }, ) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def _anonymous_superuser(self) -> "User": """Return a User object with all permissions for all gardens""" anonymous_superuser = User(username="******") # Manually set the permissions cache (to all permissions for all gardens) since # the anonymous user has no actual role assignments from which the permissions # could be calculated permissions = {"global_permissions": [], "domain_permissions": {}} for permission in Permissions: permissions["global_permissions"].append(permission.value) anonymous_superuser.set_permissions_cache(permissions) return anonymous_superuser
def user_with_role_assignments( role_assignment_for_garden_scope, role_assignment_for_system_scope, role_assignment_for_global_scope, ): user = User( username="******", role_assignments=[ role_assignment_for_garden_scope, role_assignment_for_system_scope, role_assignment_for_global_scope, ], ).save() yield user user.delete()
def user(request_permitted, operator_role): role_assignment = RoleAssignment( role=operator_role, domain={ "scope": "System", "identifiers": { "name": request_permitted.system, "namespace": request_permitted.namespace, }, }, ) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def user(system_permitted, system_read_role): role_assignment = RoleAssignment( role=system_read_role, domain={ "scope": "System", "identifiers": { "name": system_permitted.name, "namespace": system_permitted.namespace, }, }, ) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def test_initiate_user_sync_routes_to_each_running_garden( self, monkeypatch, gardens): monkeypatch.setattr(beer_garden.router, "route", Mock()) User(username="******").save() initiate_user_sync() assert beer_garden.router.route.call_count == len( Garden.objects.filter(status="RUNNING"))
def get_user(self, request: HTTPServerRequest) -> Optional[User]: """Gets the User based on certificates supplied with in the request body Args: request: tornado HTTPServerRequest object Returns: User: The User object for the user specified by the certificates None: If no User was found """ authenticated_user: Optional[User] = None if request.headers and self.group_mapping: username = request.headers.get(self.username_header) groups = self._groups_from_headers(request.headers) if username and groups: try: authenticated_user = User.objects.get(username=username) except User.DoesNotExist: if self.create_users: authenticated_user = User(username=username) # TODO: Really we should just have an option on User to disable # password logins. For now, just set a random-ish value. authenticated_user.set_password(str(uuid4())) if authenticated_user: authenticated_user.role_assignments = ( self._role_assignments_from_groups(groups)) authenticated_user.save() return authenticated_user
def user_to_sync(self): role = Role(name="role1").save() role_assignment = RoleAssignment(role=role, domain={"scope": "Global"}) user = User(username="******", password="******", role_assignments=[role_assignment]) yield user role.delete()
def read_only_user(garden_permitted, garden_read_role): role_assignment = RoleAssignment( role=garden_read_role, domain={ "scope": "Garden", "identifiers": { "name": garden_permitted.name, }, }, ) user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def test_user_has_permission_for_object_request_through_user( self, test_request, ): """user_has_permission_for_object returns true for a System in which the user has Garden level access for the required permission """ # Set the requester of the request to be our "owner" test user owner = User(username="******") test_request.requester = owner.username test_request.save() assert user_has_permission_for_object( owner, OBJECT_OWNER_PERMISSIONS[0], test_request ) assert not user_has_permission_for_object(owner, "noaccess", test_request)
def ensure_users(): """Create the default admin user if necessary""" if User.objects.count() == 0: username = config.get("auth.default_admin.username") password = config.get("auth.default_admin.password") superuser_role = Role.objects.get(name="superuser") logger.info("Creating default admin user with username: %s", username) admin = User(username=username) admin.set_password(password) admin.role_assignments = [ RoleAssignment(role=superuser_role, domain={"scope": "Global"}) ] admin.save()
def test_update_user(self): user = User(username="******", password="******") user.save() prev_password = user.password updated_user = update_user(user, username="******", password="******") assert type(updated_user) is User assert User.objects.filter(username="******").count() == 0 assert User.objects.filter(username="******").count() == 1 assert updated_user.username == "differentuser" # Check for differences rather than actual values to avoid making these # assertions dependent on our specific hashing algorithm. We check that: # 1) The password changed # 2) It is not the plaintext password we provided assert updated_user.password != prev_password assert updated_user.password != "badpassword"
def user(garden_permitted, garden_admin_role, garden_create_role): role_assignments = [ RoleAssignment( role=garden_admin_role, domain={ "scope": "Garden", "identifiers": { "name": garden_permitted.name, }, }, ), RoleAssignment( role=garden_create_role, domain={ "scope": "Global", }, ), ] user = User(username="******", role_assignments=role_assignments).save() yield user user.delete()
def existing_user(self): user = User(username="******").save() yield user user.delete()
def drop(): Garden.drop_collection() Role.drop_collection() System.drop_collection() User.drop_collection()
def test_user_synced_with_garden_returns_true_for_no_relevant_assignments( self): user = User(username="******") garden = Garden(name="garden") assert user_synced_with_garden(user, garden) is True
def drop_users(self): yield User.drop_collection()
def user(self, role_assignment): user = User(username="******", role_assignments=[role_assignment]).save() yield user user.delete()
def user_without_permission(event_forward_role): user = User(username="******").save() yield user user.delete()
def user_without_permission(): user = User(username="******").save() yield user user.delete()