def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("approver") cron_manager = aff4_cronjobs.CronManager() cron_args = aff4_cronjobs.CreateCronJobFlowArgs( periodicity="1d", allow_overruns=False) cron1_urn = cron_manager.ScheduleFlow(cron_args=cron_args, token=self.token) cron2_urn = cron_manager.ScheduleFlow(cron_args=cron_args, token=self.token) with test_lib.FakeTime(44): approval_urn = security.CronJobApprovalRequestor( reason="foo", subject_urn=cron1_urn, approver="approver", token=self.token).Request() approval1_id = approval_urn.Basename() with test_lib.FakeTime(45): approval_urn = security.CronJobApprovalRequestor( reason="bar", subject_urn=cron2_urn, approver="approver", token=self.token).Request() approval2_id = approval_urn.Basename() with test_lib.FakeTime(84): approver_token = access_control.ACLToken(username="******") security.CronJobApprovalGrantor(reason="bar", delegate=self.token.username, subject_urn=cron2_urn, token=approver_token).Grant() with test_lib.FakeTime(126): self.Check("GetCronJobApproval", args=user_plugin.ApiGetCronJobApprovalArgs( username=self.token.username, cron_job_id=cron1_urn.Basename(), approval_id=approval1_id), replace={ cron1_urn.Basename(): "CronJob_123456", approval1_id: "approval:111111" }) self.Check("GetCronJobApproval", args=user_plugin.ApiGetCronJobApprovalArgs( username=self.token.username, cron_job_id=cron2_urn.Basename(), approval_id=approval2_id), replace={ cron2_urn.Basename(): "CronJob_567890", approval2_id: "approval:222222" })
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("requestor") cron_manager = aff4_cronjobs.CronManager() cron_args = aff4_cronjobs.CreateCronJobFlowArgs( periodicity="1d", allow_overruns=False) cron_urn = cron_manager.ScheduleFlow(cron_args=cron_args, token=self.token) with test_lib.FakeTime(44): requestor_token = access_control.ACLToken(username="******") approval_urn = security.CronJobApprovalRequestor( reason="foo", subject_urn=cron_urn, approver=self.token.username, token=requestor_token).Request() approval_id = approval_urn.Basename() with test_lib.FakeTime(126): self.Check("GrantCronJobApproval", args=user_plugin.ApiGrantCronJobApprovalArgs( cron_job_id=cron_urn.Basename(), approval_id=approval_id, username="******"), replace={ cron_urn.Basename(): "CronJob_123456", approval_id: "approval:111111" })
def testEmailCronjobApprovalGrantNotificationLinkLeadsToCorrectPage(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob(rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) security.CronJobApprovalRequestor( reason=self.APPROVAL_REASON, subject_urn="aff4:/cron/OSBreakDown", approver=self.GRANTOR_TOKEN.username, token=self.token).Request() security.CronJobApprovalGrantor( reason=self.APPROVAL_REASON, subject_urn="aff4:/cron/OSBreakDown", token=self.GRANTOR_TOKEN, delegate=self.token.username).Grant() # There should be 1 message for approval request and 1 message # for approval grant notification. self.assertEqual(len(self.messages_sent), 2) message = self.messages_sent[1] self.assertTrue(self.APPROVAL_REASON in message) self.assertTrue(self.GRANTOR_TOKEN.username in message) self.Open(self._ExtractLinkFromMessage(message)) self.WaitUntil(self.IsTextPresent, "OSBreakDown")
def testEmailCronJobApprovalRequestLinkLeadsToACorrectPage(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob(rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) security.CronJobApprovalRequestor( reason=self.APPROVAL_REASON, subject_urn="aff4:/cron/OSBreakDown", approver=self.GRANTOR_TOKEN.username, token=self.token).Request() self.assertEqual(len(self.messages_sent), 1) message = self.messages_sent[0] self.assertTrue(self.APPROVAL_REASON in message) self.assertTrue(self.token.username in message) self.assertTrue("OSBreakDown" in message) # Extract link from the message text and open it. m = re.search(r"href='(.+?)'", message, re.MULTILINE) link = urlparse.urlparse(m.group(1)) self.Open(link.path + "?" + link.query + "#" + link.fragment) # Check that requestor's username and reason are correctly displayed. self.WaitUntil(self.IsTextPresent, self.token.username) self.WaitUntil(self.IsTextPresent, self.APPROVAL_REASON) # Check that host information is displayed. self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__) self.WaitUntil(self.IsTextPresent, "Periodicity")
def testEmailCronJobApprovalRequestLinkLeadsToACorrectPage(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob( rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) messages_sent = [] def SendEmailStub(unused_from_user, unused_to_user, unused_subject, message, **unused_kwargs): messages_sent.append(message) # Request client approval, it will trigger an email message. with utils.Stubber(email_alerts.EMAIL_ALERTER, "SendEmail", SendEmailStub): security.CronJobApprovalRequestor( reason="Please please let me", subject_urn="aff4:/cron/OSBreakDown", approver=self.token.username, token=access_control.ACLToken(username="******", reason="test")).Request() self.assertEqual(len(messages_sent), 1) # Extract link from the message text and open it. m = re.search(r"href='(.+?)'", messages_sent[0], re.MULTILINE) link = urlparse.urlparse(m.group(1)) self.Open(link.path + "?" + link.query + "#" + link.fragment) # Check that requestor's username and reason are correctly displayed. self.WaitUntil(self.IsTextPresent, "iwantapproval") self.WaitUntil(self.IsTextPresent, "Please please let me") # Check that host information is displayed. self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__) self.WaitUntil(self.IsTextPresent, "Periodicity")
def testRendersRequestedCronJobApproval(self): cron_manager = aff4_cronjobs.CronManager() cron_args = aff4_cronjobs.CreateCronJobFlowArgs(periodicity="1d", allow_overruns=False) cron_job_urn = cron_manager.ScheduleFlow(cron_args=cron_args, token=self.token) aff4_security.CronJobApprovalRequestor(reason=self.token.reason, subject_urn=cron_job_urn, approver="approver", token=self.token).Request() args = user_plugin.ApiListCronJobApprovalsArgs() result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), 1)
def RequestCronJobApproval(self, cron_job_id, requestor=None, reason=None, approver="approver"): """Request cron job approval for a given cron job.""" if not requestor: requestor = self.token.username if not reason: reason = self.token.reason requestor = security.CronJobApprovalRequestor( subject_urn=rdfvalue.RDFURN("cron").Add(cron_job_id), reason=reason, approver=approver, token=access_control.ACLToken(username=requestor)) return requestor.Request().Basename()
def testCreatingApprovalCreatesSymlink(self): cron_urn = rdfvalue.RDFURN("aff4:/cron/CronJobName") security.CronJobApprovalRequestor(reason=self.token.reason, subject_urn=cron_urn, approver="approver", token=self.token).Request() approval_id = list( aff4.FACTORY.ListChildren( "aff4:/users/test/approvals/cron/CronJobName"))[0].Basename() self.assertTrue(approval_id.startswith("approval:")) fd = aff4.FACTORY.Open( "aff4:/users/test/approvals/cron/CronJobName/%s" % approval_id, follow_symlinks=False, mode="r", token=self.token) self.assertEqual(fd.Get(fd.Schema.TYPE), "AFF4Symlink") self.assertEqual(fd.Get(fd.Schema.SYMLINK_TARGET), "aff4:/ACL/cron/CronJobName/test/%s" % approval_id)