def testReadWriteApprovalRequestsWithFilledInUsersEmailsAndGrants(self):
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
client_id = "C.0000000050000001"
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=rdfvalue.RDFDatetime(42),
notified_users=["user1", "user2", "user3"],
email_cc_addresses=["*****@*****.**", "*****@*****.**"],
grants=[
objects.ApprovalGrant(grantor_username="******"),
objects.ApprovalGrant(grantor_username="******")
])
approval_id = d.WriteApprovalRequest(approval_request)
read_request = d.ReadApprovalRequest("requestor", approval_id)
self.assertEqual(sorted(approval_request.notified_users),
sorted(read_request.notified_users))
self.assertEqual(sorted(approval_request.email_cc_addresses),
sorted(read_request.email_cc_addresses))
self.assertEqual(
sorted(g.grantor_username for g in approval_request.grants),
sorted(g.grantor_username for g in read_request.grants))
def testReadApprovalRequestsForSubjectKeepsExpiredApprovalsWhenAsked(self):
client_id = "C.0000000050000001"
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
time_future = rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d")
time_past = rdfvalue.RDFDatetime.Now() - rdfvalue.Duration("1d")
approval_ids = set()
for i in range(10):
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=(time_future if i % 2 == 0 else time_past))
approval_ids.add(d.WriteApprovalRequest(approval_request))
approvals = list(
d.ReadApprovalRequests(
"requestor",
objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT,
subject_id=client_id,
include_expired=True))
self.assertEqual(len(approvals), 10)
self.assertEqual(set(a.approval_id for a in approvals), approval_ids)
def testReadWriteApprovalRequestWithEmptyNotifiedUsersEmailsAndGrants(
self):
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
client_id = "C.0000000050000001"
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=rdfvalue.RDFDatetime(42))
approval_id = d.WriteApprovalRequest(approval_request)
self.assertTrue(approval_id)
read_request = d.ReadApprovalRequest("requestor", approval_id)
# Approval id and timestamp are generated in WriteApprovalRequest so we're
# filling them into our model object ot make sure that equality check works.
approval_request.approval_id = read_request.approval_id
approval_request.timestamp = read_request.timestamp
self.assertEqual(approval_request, read_request)
def testReadApprovalRequestsForSubjectIncludesGrantsIntoSingleResult(self):
client_id = "C.0000000050000001"
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
grants=[
objects.ApprovalGrant(grantor_username="******"),
objects.ApprovalGrant(grantor_username="******")
],
expiration_time=rdfvalue.RDFDatetime.Now() +
rdfvalue.Duration("1d"))
approval_id = d.WriteApprovalRequest(approval_request)
approvals = list(
d.ReadApprovalRequests(
"requestor",
objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT,
subject_id=client_id))
self.assertEqual(len(approvals), 1)
self.assertEqual(approvals[0].approval_id, approval_id)
self.assertEqual(
sorted(g.grantor_username for g in approvals[0].grants),
["grantor1", "grantor2"])
def testReadApprovalRequestsForSubjectIncludesGrantsIntoMultipleResults(
self):
client_id = "C.000000000000001"
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
for i in range(10):
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason %d" % i,
grants=[
objects.ApprovalGrant(grantor_username="******" % i),
objects.ApprovalGrant(grantor_username="******" % i)
],
expiration_time=rdfvalue.RDFDatetime.Now() +
rdfvalue.Duration("1d"))
d.WriteApprovalRequest(approval_request)
approvals = sorted(d.ReadApprovalRequests(
"requestor",
objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT,
subject_id=client_id),
key=lambda a: a.reason)
self.assertEqual(len(approvals), 10)
for i, approval in enumerate(approvals):
self.assertEqual(
sorted(g.grantor_username for g in approval.grants),
["grantor_%d_1" % i, "grantor_%d_2" % i])
def testReadApprovalRequestsForSubjectReturnsManyNonExpiredApproval(self):
client_id = "C.0000000050000001"
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
expiration_time = rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d")
approval_ids = set()
for _ in range(10):
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=expiration_time)
approval_ids.add(d.WriteApprovalRequest(approval_request))
approvals = list(
d.ReadApprovalRequests(
"requestor",
objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT,
subject_id=client_id))
self.assertEqual(len(approvals), 10)
self.assertEqual(set(a.approval_id for a in approvals), approval_ids)
def testReadApprovalRequestsForSubjectReturnsSingleNonExpiredApproval(
self):
client_id = "C.0000000050000001"
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=rdfvalue.RDFDatetime.Now() +
rdfvalue.Duration("1d"))
approval_id = d.WriteApprovalRequest(approval_request)
approvals = list(
d.ReadApprovalRequests(
"requestor",
objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT,
subject_id=client_id))
self.assertEqual(len(approvals), 1)
self.assertEqual(approvals[0].approval_id, approval_id)
# Approval id and timestamp are generated in WriteApprovalRequest so we're
# filling them into our model object ot make sure that equality check works.
approval_request.approval_id = approvals[0].approval_id
approval_request.timestamp = approvals[0].timestamp
self.assertEqual(approval_request, approvals[0])
def testReadApprovalRequestsFiltersOutExpiredApprovals(self):
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
time_future = rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d")
time_past = rdfvalue.RDFDatetime.Now() - rdfvalue.Duration("1d")
non_expired_approval_ids = set()
for i in range(10):
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id="C.000000005000000%d" % i,
requestor_username="******",
reason="some test reason",
expiration_time=(time_future if i % 2 == 0 else time_past))
approval_id = d.WriteApprovalRequest(approval_request)
if i % 2 == 0:
non_expired_approval_ids.add(approval_id)
approvals = list(
d.ReadApprovalRequests(
"requestor",
objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT))
self.assertEqual(len(approvals), 5)
self.assertEqual(set(a.approval_id for a in approvals),
non_expired_approval_ids)
def _CreateApprovalRequest(approval_type,
subject_id,
expiration_time=None,
grants=None):
expiration_time = expiration_time or (rdfvalue.RDFDatetime.Now() +
rdfvalue.Duration("1h"))
return rdf_objects.ApprovalRequest(approval_type=approval_type,
approval_id="1234",
subject_id=subject_id,
requestor_username="******",
reason="reason",
timestamp=rdfvalue.RDFDatetime.Now(),
expiration_time=expiration_time,
grants=grants)
def testGrantApprovalAddsMultipleGrantorsWithSameName(self):
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
client_id = "C.0000000050000001"
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=rdfvalue.RDFDatetime(42))
approval_id = d.WriteApprovalRequest(approval_request)
for _ in range(3):
d.GrantApproval("requestor", approval_id, "grantor")
read_request = d.ReadApprovalRequest("requestor", approval_id)
self.assertEqual(len(read_request.grants), 3)
self.assertEqual([g.grantor_username for g in read_request.grants],
["grantor"] * 3)
def testGrantApprovalAddsNewGrantor(self):
d = self.db
# Ensure that the requestor user exists.
d.WriteGRRUser("requestor")
client_id = "C.0000000050000001"
approval_request = objects.ApprovalRequest(
approval_type=objects.ApprovalRequest.ApprovalType.
APPROVAL_TYPE_CLIENT,
subject_id=client_id,
requestor_username="******",
reason="some test reason",
expiration_time=rdfvalue.RDFDatetime(42))
approval_id = d.WriteApprovalRequest(approval_request)
read_request = d.ReadApprovalRequest("requestor", approval_id)
self.assertFalse(read_request.grants)
d.GrantApproval("requestor", approval_id, "grantor")
read_request = d.ReadApprovalRequest("requestor", approval_id)
self.assertEqual(len(read_request.grants), 1)
self.assertEqual(read_request.grants[0].grantor_username, "grantor")
