def badger(self, user_email, roles, action, srv_token=None):
"""Creates a service account, and uses it to grant or revoke a role to the user.
To skip creation of the service account, pass a srv_token.
:returns: the authentication token of the created service account.
:rtype: str
"""
if isinstance(roles, str):
roles = {roles}
# Create a service account if needed.
if srv_token is None:
from pillar.api.service import create_service_account
with self.app.test_request_context():
_, srv_token_doc = create_service_account(
'*****@*****.**', {'badger'}, {'badger': list(roles)})
srv_token = srv_token_doc['token']
for role in roles:
self.post('/api/service/badger',
auth_token=srv_token,
json={
'action': action,
'role': role,
'user_email': user_email
},
expected_status=204)
return srv_token
def setUp(self, **kwargs):
AbstractPillarTest.setUp(self, **kwargs)
from pillar.api import service
with self.app.test_request_context():
self.badger, token_doc = service.create_service_account(
'*****@*****.**', ['badger'],
{'badger': ['succubus', 'subscriber', 'demo']})
self.badger_token = token_doc['token']
self.user_id = self.create_user()
self.user_email = TEST_EMAIL_ADDRESS
def test_create_service_account(self):
from pillar.api.utils.authentication import force_cli_user
from pillar.api import service
with self.app.test_request_context():
force_cli_user()
account, token = service.create_service_account(
'*****@*****.**', ['flamenco_manager'],
{'flamenco_manager': {}})
self.assertEqual(f'SRV-{account["_id"]}', account['full_name'])
self.assertEqual(f'SRV-{account["_id"]}', account['username'])
self.assertEqual(['flamenco_manager', 'service'], account['roles'])
self.assertEqual([], account['auth'])
self.assertEqual({'flamenco_manager': {}}, account['service'])
self.assertAllowsAccess(token, account['_id'])
def create_new_manager(self, name: str, description: str, owner_id: bson.ObjectId) \
-> typing.Tuple[dict, dict, dict]:
"""Creates a new Manager, including its system account."""
assert isinstance(owner_id, bson.ObjectId)
from pillar.api import service
from pillar.api.users import add_user_to_group
# Create the service account and the Manager.
account, token_data = service.create_service_account(
'', ['flamenco_manager'], {'flamenco_manager': {}})
mngr_doc = self.create_manager_doc(account['_id'], name, description)
# Assign the owner to the owner group.
add_user_to_group(owner_id, mngr_doc['owner'])
return account, mngr_doc, token_data
def create_service_account(email,
service_roles,
service_definition,
*,
full_name: str = None):
from pillar.api import service
from pillar.api.utils import dumps
account, token = service.create_service_account(
email,
service_roles,
service_definition,
full_name=full_name,
)
print('Service account information:')
print(dumps(account, indent=4, sort_keys=True))
print()
print('Access token: %s' % token['token'])
print(' expires on: %s' % token['expire_time'])
return account, token