def test_user_public_key(make_session, session, users): make_session.return_value = session # good key username = '******' good_key = ('ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCUQeasspT/etEJR2WUoR+h2sMOQYbJgr0Q' 'E+J8p97gEhmz107KWZ+3mbOwyIFzfWBcJZCEg9wy5Paj+YxbGONqbpXAhPdVQ2TLgxr41bNXvbcR' 'AxZC+Q12UZywR4Klb2kungKz4qkcmSZzouaKK12UxzGB3xQ0N+3osKFj3xA1+B6HqrVreU19XdVo' 'AJh0xLZwhw17/NDM+dAcEdMZ9V89KyjwjraXtOVfFhQF0EDF0ame8d6UkayGrAiXC2He0P2Cja+J' '371P27AlNLHFJij8WGxvcGGSeAxMLoVSDOOllLCYH5UieV8mNpX1kNe2LeA58ciZb0AXHaipSmCH' 'gh/ some-comment') call_main('user', 'add_public_key', username, good_key) user = User.get(session, name=username) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == good_key # bad key username = '******' bad_key = 'ssh-rsa AAAblahblahkey some-comment' call_main('user', 'add_public_key', username, good_key) user = User.get(session, name=username) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == good_key
def test_group_logdump(make_session, session, users, groups, tmpdir): make_session.return_value = session groupname = "team-sre" group_id = groups[groupname].id yesterday = date.today() - timedelta(days=1) fn = tmpdir.join("out.csv").strpath call_main("group", "log_dump", groupname, yesterday.isoformat(), "--outfile", fn) with open(fn, "r") as fh: out = fh.read() assert not out, "nothing yet" AuditLog.log(session, users["*****@*****.**"].id, "make_noise", "making some noise", on_group_id=group_id) session.commit() call_main("group", "log_dump", groupname, yesterday.isoformat(), "--outfile", fn) with open(fn, "r") as fh: entries = [x for x in csv.reader(fh)] assert len(entries) == 1, "should capture our new audit log entry" log_time, actor, description, action, extra = entries[0] assert groupname in extra
def test_group_logdump(make_session, session, users, groups, tmpdir): make_session.return_value = session groupname = 'team-sre' group_id = groups[groupname].id yesterday = date.today() - timedelta(days=1) fn = tmpdir.join('out.csv').strpath call_main('group', 'log_dump', groupname, yesterday.isoformat(), '--outfile', fn) with open(fn, 'r') as fh: out = fh.read() assert not out, 'nothing yet' AuditLog.log(session, users['*****@*****.**'].id, 'make_noise', 'making some noise', on_group_id=group_id) session.commit() call_main('group', 'log_dump', groupname, yesterday.isoformat(), '--outfile', fn) with open(fn, 'r') as fh: entries = [x for x in csv.reader(fh)] assert len(entries) == 1, 'should capture our new audit log entry' log_time, actor, description, action, extra = entries[0] assert groupname in extra
def test_oneoff(mock_make_session, mock_annex, mock_load_plugins, session): mock_make_session.return_value = session username = '******' other_username = '******' groupname = 'fake_group' class FakeOneOff(object): def configure(self, service_name): pass def run(self, session, **kwargs): if kwargs.get('group'): Group.get_or_create(session, groupname=groupname) session.commit() elif kwargs.get('key') == 'valuewith=': User.get_or_create(session, username=other_username) session.commit() else: User.get_or_create(session, username=username) session.commit() mock_annex.return_value = [FakeOneOff()] # dry_run call_main('oneoff', 'run', 'FakeOneOff') assert User.get(session, name=username) is None, 'default dry_run means no writes' assert User.get(session, name=other_username) is None, '"valuewith= not in arg' assert Group.get( session, name=groupname) is None, '"group" not in arg so no group created' # not dry_run, create a user call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff') assert User.get(session, name=username) is not None, 'dry_run off means writes' assert User.get(session, name=other_username) is None, '"valuewith= not in arg' assert Group.get( session, name=groupname) is None, '"group" not in arg so no group created' # not dry_run, use kwarg to create a group call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff', 'group=1') assert User.get(session, name=username) is not None, 'dry_run off means writes' assert User.get(session, name=other_username) is None, '"valuewith= not in arg' assert Group.get( session, name=groupname) is not None, '"group" in arg so group created' # invalid format for argument should result in premature system exit with pytest.raises(SystemExit): call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff', 'bad_arg') call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff', 'key=valuewith=') assert User.get( session, name=other_username) is not None, '"valuewith= in arg, create user2'
def test_user_public_key(make_session, session, users): make_session.return_value = session # good key username = '******' good_key = ( 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCUQeasspT/etEJR2WUoR+h2sMOQYbJgr0Q' 'E+J8p97gEhmz107KWZ+3mbOwyIFzfWBcJZCEg9wy5Paj+YxbGONqbpXAhPdVQ2TLgxr41bNXvbcR' 'AxZC+Q12UZywR4Klb2kungKz4qkcmSZzouaKK12UxzGB3xQ0N+3osKFj3xA1+B6HqrVreU19XdVo' 'AJh0xLZwhw17/NDM+dAcEdMZ9V89KyjwjraXtOVfFhQF0EDF0ame8d6UkayGrAiXC2He0P2Cja+J' '371P27AlNLHFJij8WGxvcGGSeAxMLoVSDOOllLCYH5UieV8mNpX1kNe2LeA58ciZb0AXHaipSmCH' 'gh/ some-comment') call_main('user', 'add_public_key', username, good_key) user = User.get(session, name=username) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == good_key # bad key username = '******' bad_key = 'ssh-rsa AAAblahblahkey some-comment' call_main('user', 'add_public_key', username, good_key) user = User.get(session, name=username) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == good_key
def test_sync_db_default_group(make_session, session, users, groups): make_session.return_value = session call_main('sync_db') admin_group = Group.get(session, name="grouper-administrators") assert admin_group, "Group should have been autocreated" admin_group_permission_names = [perm[1] for perm in admin_group.my_permissions()] for permission in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN): assert permission in admin_group_permission_names, \ "Expected permission missing: %s" % permission
def test_sync_db_default_group(make_session, session, users, groups): make_session.return_value = session call_main('sync_db') admin_group = Group.get(session, name="grouper-administrators") assert admin_group, "Group should have been autocreated" admin_group_permission_names = [ perm[1] for perm in admin_group.my_permissions() ] for permission in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN): assert permission in admin_group_permission_names, \ "Expected permission missing: %s" % permission
def test_group_name_checks(make_session, session, users, groups): make_session.return_value = session username = '******' groupname = 'team-sre' # check user/group name call_main('group', 'add_member', '--member', 'invalid group name', username) assert (u'User', username) not in Group.get(session, name=groupname).my_members() bad_username = '******' call_main('group', 'add_member', '--member', groupname, bad_username) assert (u'User', bad_username) not in Group.get(session, name=groupname).my_members()
def test_user_create(make_session, session, users): make_session.return_value = session # simple username = '******' call_main('user', 'create', username) assert User.get(session, name=username), 'non-existent user should be created' # check username bad_username = '******' call_main('user', 'create', bad_username) assert not User.get(session, name=bad_username), 'bad user should not be created' # bulk usernames = ['*****@*****.**', '*****@*****.**', '*****@*****.**'] call_main('user', 'create', *usernames) users = [User.get(session, name=u) for u in usernames] assert all(users), 'all users created' usernames_with_one_bad = ['*****@*****.**', '*****@*****.**', 'not_valid_user'] call_main('user', 'create', *usernames_with_one_bad) users = [User.get(session, name=u) for u in usernames_with_one_bad] assert not any(users), 'one bad seed means no users created'
def test_group_bulk_add_remove(make_session, session, users, groups): make_session.return_value = session groupname = 'team-sre' # bulk add usernames = {'*****@*****.**', '*****@*****.**', '*****@*****.**'} call_main('group', 'add_member', '--member', groupname, *usernames) members = {u for _, u in Group.get(session, name=groupname).my_members().keys()} assert usernames.issubset(members) # bulk remove call_main('group', 'remove_member', groupname, *usernames) members = {u for _, u in Group.get(session, name=groupname).my_members().keys()} assert not members.intersection(usernames)
def test_group_disable_group_owner(user_make_session, group_make_session, get_plugin_proxy, session, users, groups): group_make_session.return_value = session user_make_session.return_value = session get_plugin_proxy.return_value = PluginProxy([GroupOwnershipPolicyPlugin()]) username = '******' groupname = 'team-sre' # add call_main('group', 'add_member', '--owner', groupname, username) assert (u'User', username) in Group.get(session, name=groupname).my_members() # disable (fails) call_main('user', 'disable', username) assert (u'User', username) in Group.get(session, name=groupname).my_members()
def test_oneoff(mock_make_session, mock_annex, session): mock_make_session.return_value = session username = '******' other_username = '******' groupname = 'fake_group' class FakeOneOff(object): def configure(self, service_name): pass def run(self, session, **kwargs): if kwargs.get('group'): Group.get_or_create(session, groupname=groupname) session.commit() elif kwargs.get('key') == 'valuewith=': User.get_or_create(session, username=other_username) session.commit() else: User.get_or_create(session, username=username) session.commit() mock_annex.return_value = [FakeOneOff()] # dry_run call_main('oneoff', 'run', 'FakeOneOff') assert User.get(session, name=username) is None, 'default dry_run means no writes' assert User.get(session, name=other_username) is None, '"valuewith= not in arg' assert Group.get(session, name=groupname) is None, '"group" not in arg so no group created' # not dry_run, create a user call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff') assert User.get(session, name=username) is not None, 'dry_run off means writes' assert User.get(session, name=other_username) is None, '"valuewith= not in arg' assert Group.get(session, name=groupname) is None, '"group" not in arg so no group created' # not dry_run, use kwarg to create a group call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff', 'group=1') assert User.get(session, name=username) is not None, 'dry_run off means writes' assert User.get(session, name=other_username) is None, '"valuewith= not in arg' assert Group.get(session, name=groupname) is not None, '"group" in arg so group created' # invalid format for argument should result in premature system exit with pytest.raises(SystemExit): call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff', 'bad_arg') call_main('oneoff', 'run', '--no-dry_run', 'FakeOneOff', 'key=valuewith=') assert User.get(session, name=other_username) is not None, '"valuewith= in arg, create user2'
def test_group_add_remove_member(make_session, session, users, groups): make_session.return_value = session username = '******' groupname = 'team-sre' # add assert (u'User', username) not in groups[groupname].my_members() call_main('group', 'add_member', '--member', groupname, username) all_members = Group.get(session, name=groupname).my_members() assert (u'User', username) in all_members _, _, _, role, _, _ = all_members[(u'User', username)] assert GROUP_EDGE_ROLES[role] == "member" # remove call_main('group', 'remove_member', groupname, username) assert (u'User', username) not in Group.get(session, name=groupname).my_members()
def test_group_add_remove_owner(make_session, get_plugin_proxy, session, users, groups): make_session.return_value = session get_plugin_proxy.return_value = PluginProxy([GroupOwnershipPolicyPlugin()]) username = '******' groupname = 'team-sre' # add assert (u'User', username) not in groups[groupname].my_members() call_main('group', 'add_member', '--owner', groupname, username) all_members = Group.get(session, name=groupname).my_members() assert (u'User', username) in all_members _, _, _, role, _, _ = all_members[(u'User', username)] assert GROUP_EDGE_ROLES[role] == "owner" # remove (fails) call_main('group', 'remove_member', groupname, username) assert (u'User', username) in Group.get(session, name=groupname).my_members()
def test_group_add_remove_owner(make_session, get_plugins, session, users, groups): make_session.return_value = session get_plugins.return_value = [GroupOwnershipPolicyPlugin()] username = '******' groupname = 'team-sre' # add assert (u'User', username) not in groups[groupname].my_members() call_main('group', 'add_member', '--owner', groupname, username) all_members = Group.get(session, name=groupname).my_members() assert (u'User', username) in all_members _, _, _, role, _, _ = all_members[(u'User', username)] assert GROUP_EDGE_ROLES[role] == "owner" # remove (fails) call_main('group', 'remove_member', groupname, username) assert (u'User', username) in Group.get(session, name=groupname).my_members()
def test_group_bulk_add_remove(make_session, session, users, groups): make_session.return_value = session groupname = 'team-sre' # bulk add usernames = {'*****@*****.**', '*****@*****.**', '*****@*****.**'} call_main('group', 'add_member', '--member', groupname, *usernames) members = { u for _, u in Group.get(session, name=groupname).my_members().keys() } assert usernames.issubset(members) # bulk remove call_main('group', 'remove_member', groupname, *usernames) members = { u for _, u in Group.get(session, name=groupname).my_members().keys() } assert not members.intersection(usernames)
def test_user_public_key(make_session, session, users): make_session.return_value = session # good key username = '******' call_main('user', 'add_public_key', username, SSH_KEY_1) user = User.get(session, name=username) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == SSH_KEY_1 # duplicate key call_main('user', 'add_public_key', username, SSH_KEY_1) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == SSH_KEY_1 # bad key call_main('user', 'add_public_key', username, SSH_KEY_BAD) keys = get_public_keys_of_user(session, user.id) assert len(keys) == 1 assert keys[0].public_key == SSH_KEY_1
def test_user_status_changes(make_user_session, make_group_session, session, users, groups): make_user_session.return_value = session make_group_session.return_value = session username = '******' groupname = 'team-sre' # add user to a group call_main('group', 'add_member', '--member', groupname, username) # disable the account call_main('user', 'disable', username) assert not User.get(session, name=username).enabled # double disabling is a no-op call_main('user', 'disable', username) assert not User.get(session, name=username).enabled # re-enable the account, preserving memberships call_main('user', 'enable', '--preserve-membership', username) assert User.get(session, name=username).enabled assert (u'User', username) in groups[groupname].my_members() # enabling an active account is a no-op call_main('user', 'enable', username) assert User.get(session, name=username).enabled # disable and re-enable without the --preserve-membership flag call_main('user', 'disable', username) call_main('user', 'enable', username) assert User.get(session, name=username).enabled assert (u'User', username) not in groups[groupname].my_members()
def test_group_add_remove_member(make_session, session, users, groups): make_session.return_value = session username = "******" groupname = "team-sre" # add assert (u"User", username) not in groups[groupname].my_members() call_main("group", "add_member", "--owner", groupname, username) all_members = Group.get(session, name=groupname).my_members() assert (u"User", username) in all_members _, _, _, role, _, _ = all_members[(u"User", username)] assert GROUP_EDGE_ROLES[role] == "owner" # remove call_main("group", "remove_member", groupname, username) assert (u"User", username) not in Group.get(session, name=groupname).my_members() # bulk add usernames = {"*****@*****.**", "*****@*****.**", "*****@*****.**"} call_main("group", "add_member", "--member", groupname, *usernames) members = {u for _, u in Group.get(session, name=groupname).my_members().keys()} assert usernames.issubset(members) # bulk remove call_main("group", "remove_member", groupname, *usernames) members = {u for _, u in Group.get(session, name=groupname).my_members().keys()} assert not members.intersection(usernames) # check user/group name call_main("group", "add_member", "--member", "invalid group name", username) assert (u"User", username) not in Group.get(session, name=groupname).my_members() bad_username = "******" call_main("group", "add_member", "--member", groupname, bad_username) assert (u"User", bad_username) not in Group.get(session, name=groupname).my_members()
def test_group_add_remove_member(make_session, session, users, groups): make_session.return_value = session username = '******' groupname = 'team-sre' # add assert (u'User', username) not in groups[groupname].my_members() call_main('group', 'add_member', '--owner', groupname, username) all_members = Group.get(session, name=groupname).my_members() assert (u'User', username) in all_members _, _, _, role, _, _ = all_members[(u'User', username)] assert GROUP_EDGE_ROLES[role] == "owner" # remove call_main('group', 'remove_member', groupname, username) assert (u'User', username) not in Group.get(session, name=groupname).my_members() # bulk add usernames = {'*****@*****.**', '*****@*****.**', '*****@*****.**'} call_main('group', 'add_member', '--member', groupname, *usernames) members = { u for _, u in Group.get(session, name=groupname).my_members().keys() } assert usernames.issubset(members) # bulk remove call_main('group', 'remove_member', groupname, *usernames) members = { u for _, u in Group.get(session, name=groupname).my_members().keys() } assert not members.intersection(usernames) # check user/group name call_main('group', 'add_member', '--member', 'invalid group name', username) assert (u'User', username) not in Group.get(session, name=groupname).my_members() bad_username = '******' call_main('group', 'add_member', '--member', groupname, bad_username) assert (u'User', bad_username) not in Group.get(session, name=groupname).my_members()