def test_read(self): u = auth.EtcdUser(self.client, 'root') # Reading an existing user succeeds try: u.read() except Exception: self.fail("reading the root user raised an exception") # roles for said user are fetched self.assertEquals(u.roles, set(['root'])) # The user is correctly rendered out self.assertEquals(u._to_net(), [{'user': '******', 'password': None, 'roles': ['root']}]) # An inexistent user raises the appropriate exception u = auth.EtcdUser(self.client, 'user.does.not.exist') self.assertRaises(etcd_gevent.EtcdKeyNotFound, u.read) # Reading with an unauthenticated client raises an exception u = auth.EtcdUser(self.unauth_client, 'root') self.assertRaises(etcd_gevent.EtcdInsufficientPermissions, u.read) # Generic errors are caught c = etcd_gevent.Client(port=9999) u = auth.EtcdUser(c, 'root') self.assertRaises(etcd_gevent.EtcdException, u.read)
def test_write_and_delete(self): # Create an user u = auth.EtcdUser(self.client, 'test_user') u.roles.add('guest') u.roles.add('root') # directly from my suitcase u.password = '******' try: u.write() except: self.fail("creating a user doesn't work") # Password gets wiped self.assertEquals(u.password, None) u.read() # Verify we can log in as this user and access the auth (it has the # root role) cl = etcd_gevent.Client(port=6001, username='******', password='******') ul = auth.EtcdUser(cl, 'root') try: ul.read() except etcd_gevent.EtcdInsufficientPermissions: self.fail("Reading auth with the new user is not possible") self.assertEquals(u.name, "test_user") self.assertEquals(u.roles, set(['guest', 'root'])) # set roles as a list, it works! u.roles = ['guest', 'test_group'] # We need this or the new API will return an internal error r = auth.EtcdRole(self.client, 'test_group') r.acls = {'*': 'R', '/test/*': 'RW'} r.write() try: u.write() except: self.fail("updating a user you previously created fails") u.read() self.assertIn('test_group', u.roles) # Unauthorized access is properly handled ua = auth.EtcdUser(self.unauth_client, 'test_user') self.assertRaises(etcd_gevent.EtcdInsufficientPermissions, ua.write) # now let's test deletion du = auth.EtcdUser(self.client, 'user.does.not.exist') self.assertRaises(etcd_gevent.EtcdKeyNotFound, du.delete) # Delete test_user u.delete() self.assertRaises(etcd_gevent.EtcdKeyNotFound, u.read) # Permissions are properly handled self.assertRaises(etcd_gevent.EtcdInsufficientPermissions, ua.delete)
def setUp(self): # Sets up the root user, toggles auth u = auth.EtcdUser(self.client, 'root') u.password = '******' u.write() self.client = etcd_gevent.Client(port=6001, username='******', password='******') self.unauth_client = etcd_gevent.Client(port=6001) a = auth.Auth(self.client) a.active = True
def tearDown(self): u = auth.EtcdUser(self.client, 'test_user') r = auth.EtcdRole(self.client, 'test_role') try: u.delete() except: pass try: r.delete() except: pass a = auth.Auth(self.client) a.active = False
def test_names(self): u = auth.EtcdUser(self.client, 'test_user') self.assertEquals(u.names, ['root'])