def test_credential_manager(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) cm = credentials.CredentialManager( session_key, context.app, owner=context.owner, realm=context.app, scheme=context.scheme, host=context.host, port=context.port, ) cm.set_password("testuser1", "password1") assert cm.get_password("testuser1") == "password1" long_password = "".join(["1111111111" for i in range(30)]) cm.set_password("testuser2", long_password) assert cm.get_password("testuser2") == long_password cm.delete_password("testuser1") with pytest.raises(credentials.CredentialNotExistException): cm.get_password("testuser1") cm.delete_password("testuser2") with pytest.raises(credentials.CredentialNotExistException): cm.get_password("testuser2")
def test_conf_manager(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) cfm = conf_manager.ConfManager( session_key, context.app, owner=context.owner, scheme=context.scheme, host=context.host, port=context.port, ) try: conf = cfm.get_conf("test") except conf_manager.ConfManagerException: conf = cfm.create_conf("test") assert not conf.stanza_exist("test_stanza") conf.update("test_stanza", {"k1": 1, "k2": 2}, ["k1"]) assert conf.get("test_stanza")["k1"] == 1 assert int(conf.get("test_stanza")["k2"]) == 2 assert conf.get("test_stanza")["eai:appName"] == "solnlib_demo" assert len(conf.get_all()) == 1 conf.delete("test_stanza") with pytest.raises(conf_manager.ConfStanzaNotExistException): conf.get("test_stanza") with pytest.raises(conf_manager.ConfStanzaNotExistException): conf.delete("test_stanza") conf.reload()
def test_check_user_access(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) app_capabilities = { "object_type1": { "read": "read_app_object_type1", "write": "write_app_object_type1", "delete": "delete_app_object_type1", }, "object_type2": { "read": "read_app_object_type2", "write": "write_app_object_type2", "delete": "delete_app_object_type2", }, } with pytest.raises(user_access.UserAccessException): user_access.check_user_access(session_key, app_capabilities, "object_type1", "read")
def test_server_info(): session_key = get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) si = server_info.ServerInfo(session_key, scheme=context.scheme, host=context.host, port=context.port) print("Local splunk server info") print(" -name: ", si.server_name) print(" -version: ", si.version) print(" -is a cluster captain: ", si.is_captain()) print(" -is a clound instance: ", si.is_cloud_instance()) print(" -is a search head: ", si.is_search_head()) print(" -is a SHC member: ", si.is_shc_member()) try: shc_members = si.get_shc_members() except server_info.ServerInfoException as e: print(e) else: print(" -SHC members are: ", shc_members)
def test_kvstore(): session_key = get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) kvstore = client.Service( scheme=context.scheme, host=context.host, port=context.port, token=session_key, app=context.app, owner=context.owner, autologin=True, ).kvstore fields = {"id": "string", "name": "string", "user": "******"} last_ex = None for i in range(3): try: kvstore.create("sessions", fields=fields) break except binding.HTTPError as e: last_ex = e time.sleep(2**(i + 1)) else: if last_ex: raise last_ex collections = kvstore.list() collection_data = None for collection in collections: if collection.name == "sessions": collection_data = collection.data break assert collection_data record = {"id": uuid.uuid4().hex, "name": "session1", "user": "******"} _key = collection_data.insert(json.dumps(record))["_key"] resp_record = collection_data.query_by_id(_key) resp_record = { key: resp_record[key] for key in resp_record if not key.startswith("_") } assert sorted(resp_record.values()) == sorted(record.values()) record = {"id": uuid.uuid4().hex, "name": "session4", "user": "******"} collection_data.update(_key, json.dumps(record)) resp_record = collection_data.query_by_id(_key) resp_record = { key: resp_record[key] for key in resp_record if not key.startswith("_") } assert sorted(resp_record.values()) == sorted(record.values()) collection_data.delete_by_id(_key) with pytest.raises(HTTPError): collection_data.query_by_id(_key)
def test_acl_manager(): session_key = get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) aclm = acl.ACLManager( session_key, context.app, owner=context.owner, scheme=context.scheme, host=context.host, port=context.port, ) origin_perms = aclm.get("storage/collections/config/sessions/acl") perms = aclm.update( "storage/collections/config/sessions/acl", perms_read=["admin"], perms_write=["admin"], ) origin_perms["perms"]["read"] = ["admin"] origin_perms["perms"]["write"] = ["admin"] assert origin_perms == perms
def test_get_current_username(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) assert (user_access.get_current_username( session_key, scheme=context.scheme, host=context.host, port=context.port) == context.username)
def test_get_user_roles(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) user_access.get_user_roles( session_key, context.username, scheme=context.scheme, host=context.host, port=context.port, )
def test_user_is_capable(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) assert not user_access.user_is_capable( session_key, context.username, "test_capability", scheme=context.scheme, host=context.host, port=context.port, )
def test_hec_config(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) config = hec_config.HECConfig(session_key) stanza = { "index": "main", "sourcetype": "akamai:cm:json2", "token": "A0-5800-406B-9224-8E1DC4E720B7", } assert config.delete_input("not_exists") is None name = "hec_config_testing" config.delete_input(name) assert config.get_input(name) is None config.create_input(name, stanza) res = config.get_input(name) for k in ["index", "sourcetype", "token"]: assert res[k] == stanza[k] config.delete_input(name) assert config.get_input(name) is None setting = { "enableSSL": "1", "disabled": "1", "useDeploymentServer": "0", "port": "8087", "output_mode": "json", } config.update_settings(setting) new_settings = config.get_settings() for k in ["enableSSL", "disabled", "useDeploymentServer", "port"]: assert new_settings[k] == setting[k] limits = {"max_content_length": "4000000"} config.set_limits(limits) new_limits = config.get_limits() assert new_limits["max_content_length"] == limits["max_content_length"]
def test_hec_event_writer(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) ew = hew.HECEventWriter("test", session_key) m1 = {} for i in range(100): m1[i] = "test1 data %s" % i e1 = ew.create_event(m1, index="main", host="testing", sourcetype="hec") m2 = {} for i in range(100): m2[i] = "test2 data %s" % i e2 = ew.create_event(m2, index="main", host="testing", sourcetype="hec") ew.write_events([e1, e2])
def test_app_capability_manager(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) acm = user_access.AppCapabilityManager( "app_capabilities_collection", session_key, context.app, owner=context.owner, scheme=context.scheme, host=context.host, port=context.port, ) app_capabilities = { "object_type1": { "read": "read_app_object_type1", "write": "write_app_object_type1", "delete": "delete_app_object_type1", }, "object_type2": { "read": "read_app_object_type2", "write": "write_app_object_type2", "delete": "delete_app_object_type2", }, } acm.register_capabilities(app_capabilities) assert acm.capabilities_are_registered() assert acm.get_capabilities() == app_capabilities acm.unregister_capabilities() assert not acm.capabilities_are_registered()
def test_get_session_key(monkeypatch): def _mock_session_key_post(self, url, headers=None, **kwargs): return common.make_response_record( '{"sessionKey":"' + common.SESSION_KEY + '"}' ) common.mock_splunkhome(monkeypatch) monkeypatch.setattr(binding.HttpLib, "post", _mock_session_key_post) assert credentials.get_session_key("user", "password") == common.SESSION_KEY with pytest.raises(ValueError): credentials.get_session_key("user", "password", scheme="non-http") credentials.get_session_key("user", "password", scheme="http") credentials.get_session_key("user", "password", scheme="https") with pytest.raises(ValueError): credentials.get_session_key("user", "password", scheme="http", host="==") credentials.get_session_key("user", "password", scheme="http", host="localhost") with pytest.raises(ValueError): credentials.get_session_key( "user", "password", scheme="http", host="localhost", port=-10 ) credentials.get_session_key( "user", "password", scheme="http", host="localhost", port=10 ) credentials.get_session_key("user", "password", scheme="HTTP") credentials.get_session_key("user", "password", scheme="HTTPS")
def test_object_acl_manager(): session_key = credentials.get_session_key( context.username, context.password, scheme=context.scheme, host=context.host, port=context.port, ) oaclm = user_access.ObjectACLManager( "object_acls_collection", session_key, context.app, owner=context.owner, scheme=context.scheme, host=context.host, port=context.port, ) obj_collection = "test_object_collection" obj_id1 = "281a6d3310e711e6b2c9a45e60e34295" obj_id2 = "281a6d3310e711e6b2c9a45e60e34296" obj_id3 = "281a6d3310e711e6b2c9a45e60e34297" obj_id4 = "281a6d3310e711e6b2c9a45e60e34294" obj_type = "test_object_type" obj_perms1 = {"read": ["admin"], "write": ["admin"], "delete": ["admin"]} obj_perms2 = {"read": ["user1"], "write": ["admin"], "delete": ["admin"]} oaclm.update_acl(obj_collection, obj_id1, obj_type, context.app, context.owner, obj_perms1, True) oaclm.update_acl( obj_collection, obj_id1, obj_type, context.app, context.owner, obj_perms2, True, replace_existing=False, ) obj_acl = oaclm.get_acl(obj_collection, obj_id1) assert set((obj_acl.obj_perms["read"])) == set(["admin", "user1"]) oaclm.update_acls( obj_collection, [obj_id2, obj_id3], obj_type, context.app, context.owner, obj_perms1, True, ) oaclm.get_acl(obj_collection, obj_id2) oaclm.get_acl(obj_collection, obj_id3) obj_acls = oaclm.get_acls(obj_collection, [obj_id2, obj_id3, obj_id4]) assert len(obj_acls) == 2 assert oaclm.get_accessible_object_ids( "user1", "read", obj_collection, [obj_id1, obj_id2, obj_id3]) == [obj_id1] oaclm.delete_acl(obj_collection, obj_id1) oaclm.delete_acls(obj_collection, [obj_id2, obj_id3])