Exemple #1
0
    def test_read(self):
        u = auth.EtcdUser(self.client, 'root')
        # Reading an existing user succeeds
        try:
            u.read()
        except Exception:
            self.fail("reading the root user raised an exception")

        # roles for said user are fetched
        self.assertEquals(u.roles, set(['root']))

        # The user is correctly rendered out
        self.assertEquals(u._to_net(), [{'user': '******', 'password': None,
                                         'roles': ['root']}])

        # An inexistent user raises the appropriate exception
        u = auth.EtcdUser(self.client, 'user.does.not.exist')
        self.assertRaises(etcd_gevent.EtcdKeyNotFound, u.read)

        # Reading with an unauthenticated client raises an exception
        u = auth.EtcdUser(self.unauth_client, 'root')
        self.assertRaises(etcd_gevent.EtcdInsufficientPermissions, u.read)

        # Generic errors are caught
        c = etcd_gevent.Client(port=9999)
        u = auth.EtcdUser(c, 'root')
        self.assertRaises(etcd_gevent.EtcdException, u.read)
Exemple #2
0
    def test_write_and_delete(self):
        # Create an user
        u = auth.EtcdUser(self.client, 'test_user')
        u.roles.add('guest')
        u.roles.add('root')
        # directly from my suitcase
        u.password = '******'
        try:
            u.write()
        except:
            self.fail("creating a user doesn't work")
        # Password gets wiped
        self.assertEquals(u.password, None)
        u.read()
        # Verify we can log in as this user and access the auth (it has the
        # root role)
        cl = etcd_gevent.Client(port=6001, username='******',
                                password='******')
        ul = auth.EtcdUser(cl, 'root')
        try:
            ul.read()
        except etcd_gevent.EtcdInsufficientPermissions:
            self.fail("Reading auth with the new user is not possible")

        self.assertEquals(u.name, "test_user")
        self.assertEquals(u.roles, set(['guest', 'root']))
        # set roles as a list, it works!
        u.roles = ['guest', 'test_group']
        # We need this or the new API will return an internal error
        r = auth.EtcdRole(self.client, 'test_group')
        r.acls = {'*': 'R', '/test/*': 'RW'}
        r.write()
        try:
            u.write()
        except:
            self.fail("updating a user you previously created fails")
        u.read()
        self.assertIn('test_group', u.roles)

        # Unauthorized access is properly handled
        ua = auth.EtcdUser(self.unauth_client, 'test_user')
        self.assertRaises(etcd_gevent.EtcdInsufficientPermissions, ua.write)

        # now let's test deletion
        du = auth.EtcdUser(self.client, 'user.does.not.exist')
        self.assertRaises(etcd_gevent.EtcdKeyNotFound, du.delete)

        # Delete test_user
        u.delete()
        self.assertRaises(etcd_gevent.EtcdKeyNotFound, u.read)
        # Permissions are properly handled
        self.assertRaises(etcd_gevent.EtcdInsufficientPermissions, ua.delete)
Exemple #3
0
 def setUp(self):
     # Sets up the root user, toggles auth
     u = auth.EtcdUser(self.client, 'root')
     u.password = '******'
     u.write()
     self.client = etcd_gevent.Client(port=6001, username='******',
                                      password='******')
     self.unauth_client = etcd_gevent.Client(port=6001)
     a = auth.Auth(self.client)
     a.active = True
Exemple #4
0
 def tearDown(self):
     u = auth.EtcdUser(self.client, 'test_user')
     r = auth.EtcdRole(self.client, 'test_role')
     try:
         u.delete()
     except:
         pass
     try:
         r.delete()
     except:
         pass
     a = auth.Auth(self.client)
     a.active = False
Exemple #5
0
 def test_names(self):
     u = auth.EtcdUser(self.client, 'test_user')
     self.assertEquals(u.names, ['root'])