def testRenew_Failure(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.ESCALATED)
with self.assertRaises(api.InvalidRenewalError):
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
self.mock_send.assert_not_called()
def post(self, host_id):
# This request should only be available to admins or users who have (at
# least at one time) had control of the host.
if not (self.user.is_admin
or model_utils.IsHostAssociatedWithUser(self.host, self.user)):
logging.warning(
'User %s is not authorized to request an Exemption for host %s',
self.user.nickname, host_id)
self.abort(httplib.FORBIDDEN,
explanation='Host not associated with user %s' %
self.user.nickname)
# Extract and validate the exemption reason.
reason = self.request.get('reason')
other_text = self.request.get('otherText') or None
if not reason:
self.abort(httplib.BAD_REQUEST, explanation='No reason provided')
elif reason == constants.EXEMPTION_REASON.OTHER and not other_text:
self.abort(
httplib.BAD_REQUEST,
explanation='No explanation for "Other" reason provided')
# Extract and validate the exemption duration.
duration = self.request.get('duration')
if not duration:
self.abort(httplib.BAD_REQUEST,
explanation='Exemption term not provided')
# Request a new Exemption, and bail if something goes wrong.
try:
exemption_api.Request(host_id, reason, other_text, duration)
except exemption_api.InvalidRenewalError:
self.abort(httplib.BAD_REQUEST,
'Request cannot be renewed at this time')
except exemption_api.InvalidReasonError:
self.abort(httplib.BAD_REQUEST, 'Invalid reason provided')
except exemption_api.InvalidDurationError:
self.abort(httplib.BAD_REQUEST, 'Invalid duration provided')
except Exception: # pylint: disable=broad-except
logging.exception(
'Error encountered while escalating Exemption for host %s',
host_id)
self.abort(httplib.INTERNAL_SERVER_ERROR,
explanation='Error while escalating exemption')
# Start processing the Exemption right away, rather than waiting for the
# 15 minute cron to catch it. On the off chance the cron fires between the
# above Request() call and here, catch and ignore InvalidStateChangeErrors.
try:
exm_key = exemption_models.Exemption.CreateKey(host_id)
exemption_api.Process(exm_key)
except exemption_models.InvalidStateChangeError:
logging.warning('Error encountered while processing Exemption')
self._RespondWithExemptionAndTransitiveState(exm_key)
def testRenew_NoOtherText(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.CANCELLED)
api.Request(host_id, _REASON.DEVELOPER_MACOS, None, _DURATION.DAY)
self.assertIsNotNone(exemption_models.Exemption.Get(host_id))
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testFirstRequest(self):
host_id = test_utils.CreateBit9Host().key.id()
self.assertIsNone(exemption_models.Exemption.Get(host_id))
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
self.assertIsNotNone(exemption_models.Exemption.Get(host_id))
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testRenew_Success_NotYetExpired(self):
host_id = test_utils.CreateBit9Host().key.id()
test_utils.CreateExemption(host_id, initial_state=_STATE.APPROVED)
api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY)
exm = exemption_models.Exemption.Get(host_id)
self.assertEqual(_STATE.REQUESTED, exm.state)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS)
self.mock_send.assert_called_once()
def testInvalidDurationError(self):
with self.assertRaises(api.InvalidDurationError):
api.Request('host_id', _REASON.DEVELOPER_MACOS, 'other text', 'FOREVER')
self.mock_send.assert_not_called()
def testInvalidReasonError(self):
with self.assertRaises(api.InvalidReasonError):
api.Request('host_id', 'some_reason', 'other text', _DURATION.DAY)
self.mock_send.assert_not_called()
