def test04_session_permissions(self): """ Test the session_perms & check_access method """ print_ln('test session_perms') try: usr = User(uid="py-user*") uList = review.find_users(usr) for idx, entity in enumerate(uList): if idx % 10 == 0: sys.stdout.write('') sys.stdout.flush() entity.password = '******' session = access.create_session(entity, False) if session is None: self.fail('test_session_permissions failed ' + entity.uid) if session.user.roles is not None and len( session.user.roles) > 0: perms = access.session_perms(session) for idx2, perm in enumerate(perms): if idx2 % 10 == 0: sys.stdout.write('`') sys.stdout.flush() result = access.check_access(session, perm) if not result: self.fail('test_session_permissions failed uid=' + entity.uid + ', perm obj name=' + perm.obj_name + ', op name=' + perm.op_name + ', obj id=' + perm.obj_id) print() except Exception as e: self.fail('test_session_permissions exception=' + e.msg)
def process_role(args): role = load_entity(Role(), args) print(args.entity + ' ' + args.operation) if not args.name: print("error --name required for entity role") return False elif args.operation == ADD: constraint = load_entity(Constraint(), args) role.constraint = constraint admin.add_role(role) elif args.operation == UPDATE: constraint = load_entity(Constraint(), args) role.constraint = constraint admin.update_role(role) elif args.operation == DELETE: admin.delete_role(role) elif args.operation == READ: print_role(review.read_role(role), role.name) pass elif args.operation == SEARCH: role.name += '*' roles = review.find_roles(role) if len(roles) > 0: for idx, rle in enumerate(roles): print_role(rle, role.name + ':' + str(idx)) else: print_ln('No matching records found matching filter: ' + role.name) else: print('process_role failed, invalid operation=' + args.operation) return False return True
def test02_user_roles(self): """ Test the user_roles & is_user_in_role method """ print_ln('test user_roles') try: usr = User(uid="py-user*") uList = review.find_users(usr) for idx, entity in enumerate(uList): if idx % 10 == 0: sys.stdout.write('') sys.stdout.flush() entity.password = '******' session = access.create_session(entity, False) if session is None: self.fail('test_user_roles failed ' + entity.uid) if session.user.roles is not None and len( session.user.roles) > 0: roles = access.session_roles(session) for role in roles: result = access.is_user_in_role(session, role.name) if not result: self.fail('test_user_roles failed uid=' + entity.uid + ', role=' + role) print() except Exception as e: self.fail('test_user_roles exception=' + e)
def process_object(args): pobject = load_entity(PermObj(), args) print(args.entity + ' ' + args.operation) if not args.obj_name: print("error --obj_name required for entity object") return False elif args.operation == ADD: admin.add_object(pobject) elif args.operation == UPDATE: admin.update_object(pobject) elif args.operation == DELETE: admin.delete_object(pobject) elif args.operation == READ: print_entity(review.read_object(pobject), pobject.obj_name) pass elif args.operation == SEARCH: pobject.obj_name += '*' objs = review.find_objects(pobject) if len(objs) > 0: for idx, obj in enumerate(objs): print_entity(obj, pobject.obj_name + ':' + str(idx)) else: print_ln('No matching records found matching filter: ' + pobject.obj_name) else: print('process_object failed, invalid operation=' + args.operation) return False return True
def test_active_roles(self): """ Test the add_active_role & drop_active_role methods """ print_ln('test active_roles') try: u = userdao.read(User(uid="foouser1")) u.password="******" session=access.create_session (u, False) if session.user.roles is not None and len(session.user.roles) > 0: for role in list(access.session_roles(session)): access.drop_active_role(session, role) if session.user.roles is None or len(session.user.roles) > 0: self.fail('test_active_roles did not inactivate all roles in session for uid=' + entity.uid) for role in list(u.roles): access.add_active_role(session, role) if session.user.roles is None or len(session.user.roles) != len(u.roles): self.fail('test_active_roles did not activate all roles in session for uid=' + entity.uid) except Exception as e: self.fail('test_active_roles exception=' + e.msg)
def test_search_roles(self): """ Test role search by name in file """ print_ln('test search role by name') try: rs = roledao.search(Role(name="test*")) for r in rs: print_entity(r, "Role") except Exception as e: self.fail('role search failed, exception=' + e.msg)
def test_search_perms(self): """ Test perm search by obj_name in file """ print_ln('test read perms by obj_name') try: perm = Perm(obj_name="test*") p = permdao.read(perm) print_entity(p, "Perm") except Exception as e: self.fail('perm search failed, exception=' + e.msg)
def test_search_users(self): """ Test the user search by uid in file """ print_ln('test search users by uid') try: for user in userdao.search(User(uid="foo*")): print_entity(user, "search user") print_entity(userdao.read(user), "read user") except Exception as e: self.fail('user search failed, exception=' + e.msg)
def test03_bootstrap(self): """ Create the DIT based on the config """ print_ln('test_bootstrap') try: ditdao.bootstrap() print('test_bootstrap success') except Exception as e: error = 'test_bootstrap errpr=' + e.msg print(error)
def test_create_roles(self): """ Test the role create """ print_ln('test create roles') rls = role_test_data.get_test_roles('py-test', 10) for rle in rls: try: rle = roledao.create(rle) print_role(rle, "Role Create") except Exception as e: self.fail('role create failed, exception=' + e.msg)
def test02_del_suffix(self): """ Test the del suffix method """ print_ln('test_del_suffix') try: ditdao.delete_suffix() print('test_del_suffix success') except Exception as e: error = 'test_del_suffix errpr=' + e.msg print(error)
def test_create_users(self): """ Test the user create """ print_ln('test create users') usrs = user_test_data.get_test_users('py-test', 10) for usr in usrs: try: entity = userdao.create(usr) print_user(entity, "User Create") except Exception as e: self.fail('user create failed, exception=' + e.msg)
def test08_add_object(self): """ Test the add object method """ print_ln('test_add_object') objs = perm_test_data.get_test_objs('py-obj', 10) for obj in objs: try: entity = admin.add_object(obj) print_ln("Add Object=" + entity.obj_name) except Exception as e: self.fail('test_add_object failed, exception=' + e.msg)
def test07_add_role(self): """ Test the add role method """ print_ln('test_add_role') rles = role_test_data.get_test_roles('py-role', 10) for rle in rles: try: entity = admin.add_role(rle) print_role(entity, "Add Role") except Exception as e: self.fail('test_add_role failed, exception=' + e.msg)
def test10_add_user(self): """ Test the add user method """ print_ln('test_add_user') usrs = user_test_data.get_test_users('py-user', 10) for usr in usrs: try: entity = admin.add_user(usr) print_user(entity, "Add User") except Exception as e: self.fail('test_add_user failed, exception=' + e.msg)
def test_search_perms(self): """ Test the perm search by obj_name and op_name in ldap """ print_ln('test search perms by objNm') try: prm = Perm(obj_name = "TOB*", op_name = "TOP*") pList = permdao.search(prm) for idx, entity in enumerate(pList) : print_entity (entity, "Perm[" + str(idx+1) + "]:", 1) except Exception as e: self.fail('perm search failed, exception=' + e.msg)
def test_search_roles(self): """ Test the role search by name in ldap """ print_ln('test search roles by name') try: rle = Role(name = 'oam*') rList = roledao.search(rle) for idx, entity in enumerate(rList) : print_role(entity, "Role[" + str(idx+1) + "]:") except Exception as e: self.fail('role search failed, exception=' + e.msg)
def test_create_perms(self): """ Test the perm create """ print_ln('test create perms') perms = perm_test_data.get_test_perms('py-test', 10) for perm in perms: try: entity = permdao.create(perm) print_ln("Create perm obj=" + entity.obj_name + ', op=' + entity.op_name + ', id=' + entity.obj_id) except Exception as e: self.fail('perm create failed, exception=' + e.msg)
def test_search_users(self): """ Test the user search by uid in ldap """ print_ln('test search users by uid') try: usr = User(uid = "jts*") uList = userdao.search(usr) for idx, entity in enumerate(uList) : print_user(entity, "User[" + str(idx+1) + "]:") except Exception as e: self.fail('user search failed, exception=' + e.msg)
def test_create_objects(self): """ Test the object create """ print_ln('test create objects') objs = perm_test_data.get_test_objs('py-test', 10) for obj in objs: try: entity = permdao.create_obj(obj) print_ln("Create object=" + entity.obj_name) except Exception as e: self.fail('perm object create failed, exception=' + e.msg)
def test_search_wild(self): """ Test wildcard match """ print_ln('test wildmatch users') us = userdao.search(User(uid="test*")) try: us = sorted(map(lambda u: u.uid, us)) except Exception as e: self.fail('exception ' + e.msg) if us != ['testuser1', 'testuser2']: self.fail('wrong set of users in match: ' + dumps(us))
def test09_add_perm(self): """ Test the add perm method """ print_ln('test_add_perm') perms = perm_test_data.get_test_perms('py-obj', 10) for perm in perms: try: entity = admin.add_perm(perm) print_ln("Add Perm obj name=" + entity.obj_name + ', op=' + entity.op_name + ', id=' + entity.obj_id) except Exception as e: self.fail('test_add_perm failed, exception=' + e.msg)
def process_perm(args): perm = load_entity(Perm(), args) print(args.entity + ' ' + args.operation) if args.operation == ADD: admin.add_perm(perm) elif args.operation == UPDATE: admin.update_perm(perm) elif args.operation == DELETE: admin.delete_perm(perm) elif args.operation == GRANT: role_nm = args.role print('role=' + role_nm) admin.grant(perm, Role(name=role_nm)) elif args.operation == REVOKE: role_nm = args.role print('role=' + role_nm) admin.revoke(perm, Role(name=role_nm)) elif args.operation == READ: print_entity(review.read_perm(perm), perm.obj_name + '.' + perm.op_name) pass elif args.operation == SEARCH: role_nm = args.role userid = args.uid prms = [] label = '' if userid: label = userid prms = review.user_perms(User(uid=userid)) elif role_nm: label = role_nm prms = review.role_perms(Role(name=role_nm)) else: if perm.obj_name: perm.obj_name += '*' else: perm.obj_name = '*' if perm.op_name: perm.op_name += '*' else: perm.op_name = '*' label = perm.obj_name + '.' + perm.op_name prms = review.find_perms(perm) if len(prms) > 0: for idx, prm in enumerate(prms): print_entity(prm, label + ':' + str(idx)) else: print_ln('No matching records found matching filter: ' + label) else: print('process_perm failed, invalid operation=' + args.operation) return False return True
def test06_delete_role(self): """ Test the role delete user method """ print_ln('test_delete_role') try: rList = review.find_roles(Role(name='py-role*')) for rle in rList: entity = admin.delete_role(rle) print_ln("Delete role=" + entity.name) except Exception as e: self.fail('test_delete_role failed, exception=' + e.msg)
def test_delete_roles(self): """ Test the role delete """ print_ln('test delete roles') try: rList = roledao.search(Role(name='py-test*')) for rle in rList: rle = roledao.delete(rle) print_ln("Role Delete role=" + rle.name) except Exception as e: self.fail('role delete failed, exception=' + e.msg)
def test03_delete_object(self): """ Test the role delete object method """ print_ln('test_delete_object') try: oList = review.find_objects(PermObj(obj_name='py-obj*')) for obj in oList: admin.delete_object(obj) print_ln("Delete Object=" + obj.obj_name) except Exception as e: self.fail('test_delete_object failed, exception=' + e.msg)
def test_delete_users(self): """ Test the user delete """ print_ln('test delete users') try: uList = userdao.search(User(uid='py-test*')) for usr in uList: entity = userdao.delete(usr) print_ln("Delete user=" + entity.uid) except Exception as e: self.fail('user delete failed, exception=' + e.msg)
def test_delete_perms(self): """ Test the perm delete """ print_ln('test delete perms') try: pList = permdao.search(Perm(obj_name='py-test*', op_name='*')) for perm in pList: entity = permdao.delete(perm) print_ln("Delete perm obj=" + perm.obj_name + ', op=' + perm.op_name + ', id=' + perm.obj_id) except Exception as e: self.fail('perm delete failed, exception=' + e.msg)
def test_delete_objects(self): """ Test the object delete """ print_ln('test delete objects') try: oList = permdao.search_objs(PermObj(obj_name='py-test*')) for obj in oList: entity = permdao.delete_obj(obj) print_ln("Delete object=" + obj.obj_name) except Exception as e: self.fail('perm obj delete failed, exception=' + e.msg)
def test_update_roles(self): """ Test the role update """ print_ln('test update roles') rls = role_test_data.get_test_roles('py-test', 10) for rle in rls: rle.description += '-updated' try: rle = roledao.update(rle) print_role(rle, "Role Update") except Exception as e: self.fail('role update failed, exception=' + e.msg)