def test_ssh(self):
""" IDENTITY (CORE): Test adding and removing SSH public key authentication """
add_identity(self.account.external, IdentityType.SSH, email='*****@*****.**')
add_account_identity('my_public_key', IdentityType.SSH, self.account, email='*****@*****.**')
list_identities()
del_account_identity('my_public_key', IdentityType.SSH, self.account)
del_identity(self.account.external, IdentityType.SSH)
def del_identity(identity_key, id_type, issuer, vo='def', session=None):
"""
Deletes a user identity.
:param identity_key: The identity key name. For example x509 DN, or a username.
:param id_type: The type of the authentication (x509, gss, userpass, ssh, saml).
:param issuer: The issuer account.
:param vo: the VO of the issuer.
:param session: The database session in use.
"""
id_type = IdentityType[id_type.upper()]
kwargs = {
'accounts':
identity.list_accounts_for_identity(identity_key,
id_type,
session=session)
}
if not permission.has_permission(issuer=issuer,
vo=vo,
action='del_identity',
kwargs=kwargs,
session=session):
raise exception.AccessDenied('Account %s can not delete identity' %
(issuer))
return identity.del_identity(identity_key, id_type, session=session)
def del_identity(identity_key, id_type):
"""
Deletes a user identity.
:param identity_key: The identity key name. For example x509 DN, or a username.
:param id_type: The type of the authentication (x509, gss, userpass).
"""
return identity.del_identity(identity_key, IdentityType.from_sym(id_type))
def del_identity(identity_key, type):
"""
Deletes a user identity.
:param identity_key: The identity key name. For example x509 DN, or a username.
:param type: The type of the authentication (x509, gss, userpass).
"""
return identity.del_identity(identity_key, IdentityType.from_sym(type))
def test_userpass(self):
""" IDENTITY (CORE): Test adding and removing username/password authentication """
add_identity(self.account.external, IdentityType.USERPASS, email='*****@*****.**', password='******')
add_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account, email='*****@*****.**', password='******')
add_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, email='*****@*****.**')
add_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account, email='*****@*****.**')
add_identity('ddmlab_%s' % self.account, IdentityType.GSS, email='*****@*****.**')
add_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account, email='*****@*****.**')
list_identities()
del_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account)
del_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account)
del_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account)
del_identity('ddmlab_%s' % self.account, IdentityType.USERPASS)
def del_identity(identity_key, id_type, issuer):
"""
Deletes a user identity.
:param identity_key: The identity key name. For example x509 DN, or a username.
:param id_type: The type of the authentication (x509, gss, userpass, ssh, saml).
:param issuer: The issuer account.
"""
id_type = IdentityType.from_sym(id_type)
kwargs = {'accounts': identity.list_accounts_for_identity(identity_key, id_type)}
if not permission.has_permission(issuer=issuer, action='del_identity', kwargs=kwargs):
raise exception.AccessDenied('Account %s can not delete identity' % (issuer))
return identity.del_identity(identity_key, id_type)
def test_userpass(self):
""" IDENTITY (CORE): Test adding and removing username/password authentication """
add_identity(self.account, IdentityType.USERPASS, email="*****@*****.**", password="******")
add_account_identity(
"ddmlab_%s" % self.account, IdentityType.USERPASS, self.account, email="*****@*****.**"
)
add_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, email="*****@*****.**")
add_account_identity(
"/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account, email="*****@*****.**"
)
add_identity("ddmlab_%s" % self.account, IdentityType.GSS, email="*****@*****.**")
add_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account, email="*****@*****.**")
list_identities()
del_account_identity("ddmlab_%s" % self.account, IdentityType.USERPASS, self.account)
del_account_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account)
del_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account)
del_identity("ddmlab_%s" % self.account, IdentityType.USERPASS)