def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("approver")
cron_manager = aff4_cronjobs.CronManager()
cron_args = aff4_cronjobs.CreateCronJobFlowArgs(
periodicity="1d", allow_overruns=False)
cron1_urn = cron_manager.ScheduleFlow(cron_args=cron_args,
token=self.token)
cron2_urn = cron_manager.ScheduleFlow(cron_args=cron_args,
token=self.token)
with test_lib.FakeTime(44):
approval_urn = security.CronJobApprovalRequestor(
reason="foo",
subject_urn=cron1_urn,
approver="approver",
token=self.token).Request()
approval1_id = approval_urn.Basename()
with test_lib.FakeTime(45):
approval_urn = security.CronJobApprovalRequestor(
reason="bar",
subject_urn=cron2_urn,
approver="approver",
token=self.token).Request()
approval2_id = approval_urn.Basename()
with test_lib.FakeTime(84):
approver_token = access_control.ACLToken(username="******")
security.CronJobApprovalGrantor(reason="bar",
delegate=self.token.username,
subject_urn=cron2_urn,
token=approver_token).Grant()
with test_lib.FakeTime(126):
self.Check("GetCronJobApproval",
args=user_plugin.ApiGetCronJobApprovalArgs(
username=self.token.username,
cron_job_id=cron1_urn.Basename(),
approval_id=approval1_id),
replace={
cron1_urn.Basename(): "CronJob_123456",
approval1_id: "approval:111111"
})
self.Check("GetCronJobApproval",
args=user_plugin.ApiGetCronJobApprovalArgs(
username=self.token.username,
cron_job_id=cron2_urn.Basename(),
approval_id=approval2_id),
replace={
cron2_urn.Basename(): "CronJob_567890",
approval2_id: "approval:222222"
})
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("requestor")
cron_manager = aff4_cronjobs.CronManager()
cron_args = aff4_cronjobs.CreateCronJobFlowArgs(
periodicity="1d", allow_overruns=False)
cron_urn = cron_manager.ScheduleFlow(cron_args=cron_args,
token=self.token)
with test_lib.FakeTime(44):
requestor_token = access_control.ACLToken(username="******")
approval_urn = security.CronJobApprovalRequestor(
reason="foo",
subject_urn=cron_urn,
approver=self.token.username,
token=requestor_token).Request()
approval_id = approval_urn.Basename()
with test_lib.FakeTime(126):
self.Check("GrantCronJobApproval",
args=user_plugin.ApiGrantCronJobApprovalArgs(
cron_job_id=cron_urn.Basename(),
approval_id=approval_id,
username="******"),
replace={
cron_urn.Basename(): "CronJob_123456",
approval_id: "approval:111111"
})
def testEmailCronjobApprovalGrantNotificationLinkLeadsToCorrectPage(self):
cronjobs.ScheduleSystemCronFlows(
names=[cron_system.OSBreakDown.__name__], token=self.token)
cronjobs.CRON_MANAGER.DisableJob(rdfvalue.RDFURN("aff4:/cron/OSBreakDown"))
security.CronJobApprovalRequestor(
reason=self.APPROVAL_REASON,
subject_urn="aff4:/cron/OSBreakDown",
approver=self.GRANTOR_TOKEN.username,
token=self.token).Request()
security.CronJobApprovalGrantor(
reason=self.APPROVAL_REASON,
subject_urn="aff4:/cron/OSBreakDown",
token=self.GRANTOR_TOKEN,
delegate=self.token.username).Grant()
# There should be 1 message for approval request and 1 message
# for approval grant notification.
self.assertEqual(len(self.messages_sent), 2)
message = self.messages_sent[1]
self.assertTrue(self.APPROVAL_REASON in message)
self.assertTrue(self.GRANTOR_TOKEN.username in message)
self.Open(self._ExtractLinkFromMessage(message))
self.WaitUntil(self.IsTextPresent, "OSBreakDown")
def testEmailCronJobApprovalRequestLinkLeadsToACorrectPage(self):
cronjobs.ScheduleSystemCronFlows(
names=[cron_system.OSBreakDown.__name__], token=self.token)
cronjobs.CRON_MANAGER.DisableJob(rdfvalue.RDFURN("aff4:/cron/OSBreakDown"))
security.CronJobApprovalRequestor(
reason=self.APPROVAL_REASON,
subject_urn="aff4:/cron/OSBreakDown",
approver=self.GRANTOR_TOKEN.username,
token=self.token).Request()
self.assertEqual(len(self.messages_sent), 1)
message = self.messages_sent[0]
self.assertTrue(self.APPROVAL_REASON in message)
self.assertTrue(self.token.username in message)
self.assertTrue("OSBreakDown" in message)
# Extract link from the message text and open it.
m = re.search(r"href='(.+?)'", message, re.MULTILINE)
link = urlparse.urlparse(m.group(1))
self.Open(link.path + "?" + link.query + "#" + link.fragment)
# Check that requestor's username and reason are correctly displayed.
self.WaitUntil(self.IsTextPresent, self.token.username)
self.WaitUntil(self.IsTextPresent, self.APPROVAL_REASON)
# Check that host information is displayed.
self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__)
self.WaitUntil(self.IsTextPresent, "Periodicity")
def testEmailCronJobApprovalRequestLinkLeadsToACorrectPage(self):
cronjobs.ScheduleSystemCronFlows(
names=[cron_system.OSBreakDown.__name__], token=self.token)
cronjobs.CRON_MANAGER.DisableJob(
rdfvalue.RDFURN("aff4:/cron/OSBreakDown"))
messages_sent = []
def SendEmailStub(unused_from_user, unused_to_user, unused_subject,
message, **unused_kwargs):
messages_sent.append(message)
# Request client approval, it will trigger an email message.
with utils.Stubber(email_alerts.EMAIL_ALERTER, "SendEmail",
SendEmailStub):
security.CronJobApprovalRequestor(
reason="Please please let me",
subject_urn="aff4:/cron/OSBreakDown",
approver=self.token.username,
token=access_control.ACLToken(username="******",
reason="test")).Request()
self.assertEqual(len(messages_sent), 1)
# Extract link from the message text and open it.
m = re.search(r"href='(.+?)'", messages_sent[0], re.MULTILINE)
link = urlparse.urlparse(m.group(1))
self.Open(link.path + "?" + link.query + "#" + link.fragment)
# Check that requestor's username and reason are correctly displayed.
self.WaitUntil(self.IsTextPresent, "iwantapproval")
self.WaitUntil(self.IsTextPresent, "Please please let me")
# Check that host information is displayed.
self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__)
self.WaitUntil(self.IsTextPresent, "Periodicity")
def testRendersRequestedCronJobApproval(self):
cron_manager = aff4_cronjobs.CronManager()
cron_args = aff4_cronjobs.CreateCronJobFlowArgs(periodicity="1d",
allow_overruns=False)
cron_job_urn = cron_manager.ScheduleFlow(cron_args=cron_args,
token=self.token)
aff4_security.CronJobApprovalRequestor(reason=self.token.reason,
subject_urn=cron_job_urn,
approver="approver",
token=self.token).Request()
args = user_plugin.ApiListCronJobApprovalsArgs()
result = self.handler.Handle(args, token=self.token)
self.assertEqual(len(result.items), 1)
def RequestCronJobApproval(self,
cron_job_id,
requestor=None,
reason=None,
approver="approver"):
"""Request cron job approval for a given cron job."""
if not requestor:
requestor = self.token.username
if not reason:
reason = self.token.reason
requestor = security.CronJobApprovalRequestor(
subject_urn=rdfvalue.RDFURN("cron").Add(cron_job_id),
reason=reason,
approver=approver,
token=access_control.ACLToken(username=requestor))
return requestor.Request().Basename()
def testCreatingApprovalCreatesSymlink(self):
cron_urn = rdfvalue.RDFURN("aff4:/cron/CronJobName")
security.CronJobApprovalRequestor(reason=self.token.reason,
subject_urn=cron_urn,
approver="approver",
token=self.token).Request()
approval_id = list(
aff4.FACTORY.ListChildren(
"aff4:/users/test/approvals/cron/CronJobName"))[0].Basename()
self.assertTrue(approval_id.startswith("approval:"))
fd = aff4.FACTORY.Open(
"aff4:/users/test/approvals/cron/CronJobName/%s" % approval_id,
follow_symlinks=False,
mode="r",
token=self.token)
self.assertEqual(fd.Get(fd.Schema.TYPE), "AFF4Symlink")
self.assertEqual(fd.Get(fd.Schema.SYMLINK_TARGET),
"aff4:/ACL/cron/CronJobName/test/%s" % approval_id)
