Esempio n. 1
0
class TestLsCli(unittest.TestCase):

    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_ls(self):
        rc = pynimbusauthz.ls.main([])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.ls.main(["-t", pynimbusauthz.object_type_s3])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.ls.main([self.name[0:-1]])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))


    def test_fail_ls(self):
        rc = pynimbusauthz.ls.main(["-p", "nobucket", self.name[0:-1]])
        self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))
Esempio n. 2
0
def main(argv=sys.argv[1:]):
    
    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts,args) = setup_options(argv)

        if len(args) != 3:
            raise AuthzException('CLI_PARAMETER', "You must specify a username filename and a datakey\nTry --help")
        user_name = args[0]
        object_name = args[1]
        data = args[2]

        user = User(db_obj, uu=user_name)
        parent = None
        if opts.parent != None:
            parent = File.get_file(db_obj, opts.parent, opts.type)
            if parent == None:
                raise AuthzException('FILE_EXISTS', "parent %s not found" % (opts.parent))
        File.create_file(db_obj, object_name, user, data, opts.type, parent=parent)
        db_obj.commit()
    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 3
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        if len(args) != 3:
            raise AuthzException(
                'CLI_PARAMETER',
                "You must specify a username filename and a datakey\nTry --help"
            )
        user_name = args[0]
        object_name = args[1]
        data = args[2]

        user = User(db_obj, uu=user_name)
        parent = None
        if opts.parent != None:
            parent = File.get_file(db_obj, opts.parent, opts.type)
            if parent == None:
                raise AuthzException('FILE_EXISTS',
                                     "parent %s not found" % (opts.parent))
        File.create_file(db_obj,
                         object_name,
                         user,
                         data,
                         opts.type,
                         parent=parent)
        db_obj.commit()
    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 4
0
class TestLsCli(unittest.TestCase):
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        # os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1,
                                      self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_ls(self):
        rc = pynimbusauthz.ls.main([])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.ls.main(["-t", pynimbusauthz.object_type_s3])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.ls.main([self.name[0:-1]])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))

    def test_fail_ls(self):
        rc = pynimbusauthz.ls.main(["-p", "nobucket", self.name[0:-1]])
        self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))
Esempio n. 5
0
def main(argv=sys.argv[1:]):
    
    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts,args) = setup_options(argv)

        if len(args) != 3:
            raise AuthzException('CLI_PARAMETER', "You must specify a username filename permssions")
        user_name = args[0]
        object_name = args[1]
        requested_perms = args[2]

        parent = None
        if opts.parent != None:
            parent = File.get_file(db_obj, opts.parent, opts.type)
            if parent == None:
                raise AuthzException('FILE_EXISTS', "parent %s not found" % (opts.parent))

        file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
        if file1 == None:
            raise AuthzException('FILE_EXISTS', "file %s:%s not found" % (opts.type, object_name))
        user = User(db_obj, uu=user_name)
        uf = UserFile(file1) # create a uesrfile with owner so we can chmod
        uf.chmod(requested_perms, user=user)
        pynimbusauthz.print_msg(opts, 0, "changed %s to %s for %s" % (str(file1), requested_perms, str(user)))
        db_obj.commit()

    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 6
0
 def create_user(self, display_name, id, pw, opts):
     pycb.log(logging.INFO, "===== def create_user of cbAuthzSecurity.py")
     db_obj = DB(con_str=self.con_str)
     user = User(db_obj, friendly=display_name)
     user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
     db_obj.commit()
     db_obj.close()
Esempio n. 7
0
class TestTouchCli(unittest.TestCase):

    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_touch(self):
        fname = str(uuid.uuid1())
        data = str(uuid.uuid1())
        f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
        self.assertEqual(f, None)
        rc = pynimbusauthz.touch.main([self.user1.get_id(), fname, data])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
        self.assertNotEqual(f, None)

    def test_bucket_touch(self):
        fname = str(uuid.uuid1())
        data = str(uuid.uuid1())
        rc = pynimbusauthz.touch.main(["-t", pynimbusauthz.object_type_s3, self.user1.get_id(), fname, data])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))

        f = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
        self.assertNotEqual(f, None)

    def test_under_bucket_touch(self):
        bname = str(uuid.uuid1())
        fname = str(uuid.uuid1())
        data = str(uuid.uuid1())
        rc = pynimbusauthz.touch.main(["-t", pynimbusauthz.object_type_s3, self.user1.get_id(), bname, data])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.touch.main(["-p", bname, self.user1.get_id(), fname, data])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))

        b1 = File.get_file(self.db, bname, pynimbusauthz.object_type_s3)
        f1 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)

        self.assertNotEqual(b1, None)
        self.assertNotEqual(f1, None)


    def test_bad_opts(self):
        bname = str(uuid.uuid1())
        fname = str(uuid.uuid1())
        data = str(uuid.uuid1())
        rc = pynimbusauthz.touch.main([bname, data])
        self.assertEqual(rc, 32, "CLI should return failure %d" % (rc))
        rc = pynimbusauthz.touch.main(["-p", bname, self.user1.get_id(), fname, data])
        self.assertEqual(rc, 33, "CLI should return failure %d" % (rc))
Esempio n. 8
0
 def setUp(self):
     (osf, self.fname) = tempfile.mkstemp()
     os.close(osf)
     #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
     os.environ['NIMBUS_AUTHZ_DB'] = self.fname
     pynimbusauthz.db.make_test_database(self.fname)
     self.db = DB(con_str=self.fname)
     self.user1 = User(self.db)
     self.db.commit()
Esempio n. 9
0
 def __init__(self, alias_name, con_str):
     self.db_obj = DB(con_str=con_str)
     alias = User.find_alias(self.db_obj, alias_name,
                             pynimbusauthz.alias_type_s3)
     a_list = list(alias)
     if len(a_list) < 1:
         raise cbException('AccessDenied')
     # pick the first one, hmmm XXX
     self.alias = a_list[0]
     self.user = self.alias.get_canonical_user()
Esempio n. 10
0
 def setUp(self):
     #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
     con = pynimbusauthz.db.make_test_database()
     self.db = DB(con=con)
     self.user1 = User(self.db)
     self.name = "/file/name"
     self.data = "/etc/group"
     self.file1 = File.create_file(self.db, self.name, self.user1,
                                   self.data, pynimbusauthz.object_type_s3)
     self.uf = UserFile(self.file1)
Esempio n. 11
0
 def get_user_object_by_access_id(self, access_id):
     """Get a new connection every time this is called to make sure it is cleaned up"""
     db = DB(self._cumulus_db)
     user_alias = User.find_alias(db, access_id)
     if not user_alias:
         raise PhantomAWSException('InvalidClientTokenId')
     l = list(user_alias)
     db.close()
     if l < 1:
         raise PhantomAWSException('InvalidClientTokenId')
     return PhantomUserObject(access_id, l[0].get_data(), l[0].get_friendly_name())
Esempio n. 12
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        user_uu = None
        if len(args) == 1:
            user_uu = args[0]
        if opts.new:
            user = User(db_obj,
                        user_uu,
                        friendly=opts.friendlyname,
                        create=True)
            pynimbusauthz.print_msg(opts, 0, "User %s added" % (user.get_id()))
        else:
            user = User(db_obj, user_uu)
            pynimbusauthz.print_msg(opts, 0, "User %s" % (user.get_id()))

        if opts.alias != None:
            user_alias = user.get_alias(opts.alias, opts.type)
            if user_alias == None:
                user_alias = user.create_alias(opts.alias, opts.type,
                                               opts.friendlyname)
                pynimbusauthz.print_msg(
                    opts, 0,
                    "Creating new alias %s:%s" % (opts.type, opts.alias))
            if opts.genkey:
                data = pynimbusauthz.random_string_gen(42)
                pynimbusauthz.print_msg(opts, 0, "Key generated %s" % (data))
                user_alias.set_data(data)
            elif opts.setkey != None:
                data = opts.setkey
                user_alias.set_data(data)
                pynimbusauthz.print_msg(opts, 0, "updated the alias key")

        if opts.remove_alias != None:
            user_alias = user.get_alias(opts.remove_alias, opts.type)
            user_alias.remove()

        if opts.remove:
            pynimbusauthz.print_msg(opts, 1,
                                    "Removing user %s" % (user.get_id()))
            if opts.force:
                pynimbusauthz.print_msg(opts, 1, "Removing all references")
                user.destroy_brutally()
            else:
                user.destroy()
        db_obj.commit()
    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 13
0
 def get_user_object_by_access_id(self, access_id):
     """Get a new connection every time this is called to make sure it is cleaned up"""
     db = DB(self._cumulus_db)
     user_alias = User.find_alias(db, access_id)
     if not user_alias:
         raise PhantomAWSException('InvalidClientTokenId')
     l = list(user_alias)
     db.close()
     if l < 1:
         raise PhantomAWSException('InvalidClientTokenId')
     return PhantomUserObject(access_id, l[0].get_data(),
                              l[0].get_friendly_name())
Esempio n. 14
0
class TestCommit(unittest.TestCase):
    def setUp(self):
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)

    def tearDown(self):
        self.db.close()

    def test_basic(self):
        id = uuid.uuid1()
        user1 = User(self.db, id, create=True)
        self.db.rollback()
        user1 = User(self.db, id, create=True)
Esempio n. 15
0
 def setUp(self):
     (osf, self.fname) = tempfile.mkstemp()
     os.close(osf)
     #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
     os.environ['NIMBUS_AUTHZ_DB'] = self.fname
     pynimbusauthz.db.make_test_database(self.fname)
     self.db = DB(con_str=self.fname)
     self.user1 = User(self.db)
     self.name = "/file/name"
     self.data = "/etc/group"
     self.file1 = File.create_file(self.db, self.name, self.user1,
                                   self.data, pynimbusauthz.object_type_s3)
     self.uf = UserFile(self.file1)
     self.db.commit()
Esempio n. 16
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        if len(args) > 0:
            u_pattern = args[0]
        else:
            u_pattern = ""

        if opts.bya:
            usa = User.find_alias(db_obj, u_pattern)
            users = []
            for ua in usa:
                users.append(ua.get_canonical_user())
        else:
            users = User.find_user(db_obj, u_pattern)

        if users == None:
            pynimbusauthz.print_msg(opts, 0, "No users in list")
            return 1

        for u in users:
            list_user(opts, u)

    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 17
0
def main(argv=sys.argv[1:]):

    try:
        (o, args, p) = setup_options(argv)

        search_pattern = args[0]
        con_str = pycb.config.authzdb
        db = DB(con_str)
        user_list = User.find_user_by_friendly(db, search_pattern)
        for u in user_list:
            report_results(db, u, o)
        db.commit()

    except CLIError, clie:
        print clie
        return clie.get_rc()
Esempio n. 18
0
def delete_user(o):
    con_str = pycb.config.authzdb
    db = DB(con_str)
    # create canonical user
    user = User.get_user_by_friendly(db, o.emailaddr)
    if user == None:
        raise CLIError('EUSER', "No such user %s" % (o.emailaddr))

    o.canonical_id = user.get_id()

    dnu = user.get_alias_by_friendly(o.emailaddr,
                                     pynimbusauthz.alias_type_x509)
    if dnu == None:
        print "WARNING! there is no x509 alias for user %s" % (o.emailaddr)
    else:
        dn = dnu.get_name()
        remove_gridmap(dn)

        nh = get_nimbus_home()
        groupauthz_dir = os.path.join(
            nh, "services/etc/nimbus/workspace-service/group-authz/")
        try:
            remove_member(groupauthz_dir, dn)
        except Exception, ex:
            print "WARNING %s" % (ex)

        if o.web:
            if o.web_id == None:
                o.web_id = o.emailaddr.split("@")[0]
            remove_web(o)
Esempio n. 19
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        if len(args) > 0:
            u_pattern = args[0]
        else:
            u_pattern = ""
        parent = None
        if opts.parent != None:
            parent = File.get_file(db_obj, opts.parent, opts.type)
            if parent == None:
                raise AuthzException(['FILE_EXISTS'],
                                     "parent %s not found" % (opts.parent))

        if opts.type == "all":
            types = pynimbusauthz.object_types.keys()
        else:
            types = [opts.type]

        for t in types:
            files = File.find_files(db_obj, u_pattern, t, parent)

            for f in files:
                print_file(opts, f)

    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 20
0
def main(argv=sys.argv[1:]):

    try:
        (o, args, p) = setup_options(argv)

        search_pattern = args[0]
        con_str = pycb.config.authzdb
        db = DB(con_str)
        user_list = User.find_user_by_friendly(db, search_pattern)
        for u in user_list:
            report_results(db, u, o)
        db.commit()

    except CLIError, clie:
        print clie
        return clie.get_rc()
Esempio n. 21
0
def main(argv=sys.argv[1:]):
    
    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts,args) = setup_options(argv)

        user_uu = None
        if len(args) == 1:
            user_uu = args[0]
        if opts.new:
            user = User(db_obj, user_uu, friendly=opts.friendlyname, create=True)
            pynimbusauthz.print_msg(opts, 0, "User %s added" % (user.get_id()))
        else:
            user = User(db_obj, user_uu) 
            pynimbusauthz.print_msg(opts, 0, "User %s" % (user.get_id()))

        if opts.alias != None:
            user_alias = user.get_alias(opts.alias, opts.type)
            if user_alias == None:
                user_alias = user.create_alias(opts.alias, opts.type, opts.friendlyname)
                pynimbusauthz.print_msg(opts, 0, "Creating new alias %s:%s" % (opts.type,opts.alias))
            if opts.genkey:
                data = pynimbusauthz.random_string_gen(42)
                pynimbusauthz.print_msg(opts, 0, "Key generated %s" % (data))
                user_alias.set_data(data)
            elif opts.setkey != None:
                data = opts.setkey
                user_alias.set_data(data)
                pynimbusauthz.print_msg(opts, 0, "updated the alias key")

        if opts.remove_alias != None:
            user_alias = user.get_alias(opts.remove_alias, opts.type)
            user_alias.remove()

        if opts.remove:
            pynimbusauthz.print_msg(opts, 1, "Removing user %s" % (user.get_id()))
            if opts.force:
                pynimbusauthz.print_msg(opts, 1, "Removing all references")
                user.destroy_brutally()
            else:
                user.destroy() 
        db_obj.commit()
    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 22
0
 def get_user_id_by_display(self, display_name):
     db_obj = DB(con_str=self.con_str)
     a_it = UserAlias.find_alias_by_friendly(db_obj, display_name)
     a_list = list(a_it)
     if len(a_list) < 1:
         return None
     alias = a_list[0]
     return alias.get_name()
Esempio n. 23
0
def main(argv=sys.argv[1:]):

    try:
        (o, args, p) = setup_options(argv)
        con_str = pycb.config.authzdb
        db = DB(con_str)

        o.emailaddr = args[0]
        create_user(o, db)
        report_results(o, db)
        db.close()
    except CLIError, clie:
        if DEBUG:
            traceback.print_exc(file=sys.stdout)

        print clie
        return clie.get_rc()
Esempio n. 24
0
def main(argv=sys.argv[1:]):

    try:
        (o, args, p) = setup_options(argv)
        con_str = pycb.config.authzdb
        db = DB(con_str)

        o.emailaddr = args[0]
        create_user(o, db)
        report_results(o, db)
        db.close()
    except CLIError, clie:
        if DEBUG:
            traceback.print_exc(file=sys.stdout)
        
        print clie
        return clie.get_rc()
Esempio n. 25
0
def main(argv=sys.argv[1:]):

    try:
        repo_dir = argv[0]
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        user = User(db_obj, uu="CumulusPublicUser")
        if user == None:
            raise Exception("No public user")

        File.create_file(db_obj, repo_dir, user, repo_dir, pynimbusauthz.alias_type_s3)
        db_obj.commit()
    except:
        raise

    return 0
Esempio n. 26
0
    def setUp(self):
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
Esempio n. 27
0
 def __init__(self, alias_name, con_str):
     self.db_obj = DB(con_str=con_str)
     alias = User.find_alias(self.db_obj, alias_name, pynimbusauthz.alias_type_s3)
     a_list = list(alias)
     if len(a_list) < 1:
         raise cbException('AccessDenied')
     # pick the first one, hmmm XXX
     self.alias = a_list[0]
     self.user = self.alias.get_canonical_user()
Esempio n. 28
0
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.db.commit()
Esempio n. 29
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        user = User(db_obj, args[0], create=False)

        if opts.quota != None:
            q = opts.quota
            if opts.quota == "UNLIMITED":
                q = User.UNLIMITED

            user.set_quota(q, object_type=opts.type)
        if opts.report:
            q = user.get_quota(object_type=opts.type)
            u = user.get_quota_usage(object_type=opts.type)

            if q != User.UNLIMITED:
                r = q - u

                rstr = pynimbusauthz.pretty_number(r)
                qstr = pynimbusauthz.pretty_number(q)
                ustr = pynimbusauthz.pretty_number(u)

                pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Quota", qstr))
                pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Usage", ustr))
                pynimbusauthz.print_msg(opts, 0, "%-10s %s" % ("Remaining", rstr))
                if r < 0:
                    pynimbusauthz.print_msg(opts, 0, "OVER LIMIT!")
                elif r == 0:
                    pynimbusauthz.print_msg(opts, 0, "At Limit")
                else:
                    p = (float(r) / float(q)) * 100.0
                    pynimbusauthz.print_msg(opts, 0, "%-10s %5.1f%%" % ("Available", p))
            else:
                pynimbusauthz.print_msg(opts, 0, "Quota UNLIMITED")

        db_obj.commit()
    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 30
0
def main(argv=sys.argv[1:]):

    try:
        repo_dir = argv[0]
        repo_dir = str(repo_dir).strip()
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        user = User(db_obj, uu="CumulusPublicUser")
        if user == None:
            raise Exception("No public user")

        File.create_file(db_obj, repo_dir, user, repo_dir,
                         pynimbusauthz.alias_type_s3)
        db_obj.commit()
    except:
        raise

    return 0
Esempio n. 31
0
 def setUp(self):
     (osf, self.fname) = tempfile.mkstemp()
     os.close(osf)
     #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
     os.environ["NIMBUS_AUTHZ_DB"] = self.fname
     pynimbusauthz.db.make_test_database(self.fname)
     self.db = DB(con_str=self.fname)
     self.user1 = User(self.db)
     self.name = "/file/name"
     self.data = "/etc/group"
     self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
     self.uf = UserFile(self.file1)
     self.db.commit()
Esempio n. 32
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        if len(args) != 3:
            raise AuthzException(
                'CLI_PARAMETER',
                "You must specify a username filename permssions")
        user_name = args[0]
        object_name = args[1]
        requested_perms = args[2]

        parent = None
        if opts.parent != None:
            parent = File.get_file(db_obj, opts.parent, opts.type)
            if parent == None:
                raise AuthzException('FILE_EXISTS',
                                     "parent %s not found" % (opts.parent))

        file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
        if file1 == None:
            raise AuthzException(
                'FILE_EXISTS',
                "file %s:%s not found" % (opts.type, object_name))
        user = User(db_obj, uu=user_name)
        uf = UserFile(file1)  # create a uesrfile with owner so we can chmod
        uf.chmod(requested_perms, user=user)
        pynimbusauthz.print_msg(
            opts, 0, "changed %s to %s for %s" %
            (str(file1), requested_perms, str(user)))
        db_obj.commit()

    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 33
0
def main(argv=sys.argv[1:]):

    try:
        (o, args, p) = setup_options(argv)

        con_str = pycb.config.authzdb
        db = DB(con_str)

        o.emailaddr = args[0]
        edit_user(o, db)
        report_results(o, db)
    except CLIError, clie:
        print clie
        return clie.get_rc()
Esempio n. 34
0
def main(argv=sys.argv[1:]):
    
    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts,args) = setup_options(argv)

        old_path = args[0]
        new_path = args[1]

        pattern = old_path + "%"

        files = list(File.find_files_from_data(db_obj, pattern))
        for f in files:
            old_key = f.get_data_key()
            new_key = old_key.replace(old_path, new_path, 1)
            f.set_data_key(new_key)
        db_obj.commit()
        print "done - %d files rebased" % len(files)

    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 35
0
class TestUser(unittest.TestCase):

    def setUp(self):
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)
        self.user = User(self.db)

    def tearDown(self):
        self.user.destroy_brutally()
        self.db.close()

    def test_get_no_quota(self):
        q = self.user.get_quota()
        self.assertEqual(q, User.UNLIMITED)

    def test_set_quota(self):
        q = 100
        self.user.set_quota(q)
        qrc = self.user.get_quota()
        self.assertEqual(q, qrc)

    def test_get_no_usage(self):
        u = self.user.get_quota_usage()
        self.assertEqual(u, 0)

    def test_add_file_usage_one_file(self):
        size1 = 100
        name = "/file/name"
        data = "/etc/group"

        file1 = File.create_file(self.db, name, self.user, data, pynimbusauthz.object_type_s3, size=size1)
        self.db.commit()

        u = self.user.get_quota_usage()
        self.assertEqual(u, size1)

    def test_add_file_usage_many_files(self):
        size1 = 100
        name = "/file/name"
        data = "/etc/group"

        total = 0
        for i in range(0, 10):
            file1 = File.create_file(self.db, name+str(i), self.user, data, pynimbusauthz.object_type_s3, size=size1)
            total = total + size1
        self.db.commit()

        u = self.user.get_quota_usage()
        self.assertEqual(u, total)
Esempio n. 36
0
def main(argv=sys.argv[1:]):

    try:
        con_str = pynimbusauthz.get_db_connection_string()
        db_obj = DB(con_str=con_str)

        (opts, args) = setup_options(argv)

        if len(args) == 0:
            raise AuthzException('CLI_PARAMETER',
                                 "You must specify a filename")
        parent = None
        if opts.parent != None:
            parent = File.get_file(db_obj, opts.parent, opts.type)
            if parent == None:
                raise AuthzException('FILE_EXISTS',
                                     "bucket %s not found" % (opts.parent))

        object_name = args[0]
        file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
        if file1 == None:
            pynimbusauthz.print_msg(opts, 0, "File not found")
            return

        uf = UserFile(file1)
        msg = "%10s\t%10s\t%10s\t%10s\t%10s" % ("file", "type", "owner",
                                                "user", "perms")
        pynimbusauthz.print_msg(opts, 1, msg)
        n = uf.get_file().get_name()
        t = uf.get_file().get_object_type()
        stat_print_uf(opts, uf, n, t)
        if opts.all:
            user_list = uf.get_file().get_all_users()
            for u in user_list:
                uf = UserFile(uf.get_file(), u)
                stat_print_uf(opts, uf, " ", " ")

    except AuthzException, ae:
        print ae
        return ae.get_rc()
Esempio n. 37
0
class TestStatCli(unittest.TestCase):
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1,
                                      self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_stat(self):
        rc = pynimbusauthz.stat.main([self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main(["-a", self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))

    def test_bad_opts_stat(self):
        rc = pynimbusauthz.stat.main([])
        self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main(["nofile"])
        self.assertNotEqual(rc, 0, "CLI should return success %s" % (str(rc)))
        rc = pynimbusauthz.stat.main(["-p", "nobucket", self.name])
        self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))

    def test_basic_stat(self):
        user2 = User(self.db)
        self.db.commit()

        rc = pynimbusauthz.chmod.main([user2.get_id(), self.name, "Rrw"])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main([self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main(["-a", self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
Esempio n. 38
0
class TestStatCli(unittest.TestCase):
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ["NIMBUS_AUTHZ_DB"] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_stat(self):
        rc = pynimbusauthz.stat.main([self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main(["-a", self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))

    def test_bad_opts_stat(self):
        rc = pynimbusauthz.stat.main([])
        self.assertEqual(rc, 32, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main(["nofile"])
        self.assertNotEqual(rc, 0, "CLI should return success %s" % (str(rc)))
        rc = pynimbusauthz.stat.main(["-p", "nobucket", self.name])
        self.assertNotEqual(rc, 0, "CLI should return success %d" % (rc))

    def test_basic_stat(self):
        user2 = User(self.db)
        self.db.commit()

        rc = pynimbusauthz.chmod.main([user2.get_id(), self.name, "Rrw"])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main([self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.stat.main(["-a", self.name])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
Esempio n. 39
0
 def setUp(self):
     (osf, self.fname) = tempfile.mkstemp()
     os.close(osf)
     os.environ['NIMBUS_AUTHZ_DB'] = self.fname
     pynimbusauthz.db.make_test_database(self.fname)
     self.db = DB(con_str=self.fname)
Esempio n. 40
0
class TestFile(unittest.TestCase):
    def setUp(self):
        #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)

    def tearDown(self):
        self.db.close()

    def test_basic_file(self):
        user1 = User(self.db)
        name = "/file/name"
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()
        x = file1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")
        n2 = file1.get_name()
        self.assertEqual(name, n2, "Names not equal")
        d2 = file1.get_data_key()
        self.assertEqual(data, d2, "Data not equal")
        o2 = file1.get_owner()
        self.assertEqual(user1, o2, "Owner not equal")
        p2 = file1.get_parent()
        self.assertEqual(None, p2, "There should be no parent")
        b2 = file1.get_object_type()
        self.assertEqual(pynimbusauthz.object_type_s3, b2, "Type wrong")

    def xtest_international_file(self):
        user1 = User(self.db)
        name = os.environ["CUMULUS_WORD"]
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()

    def test_file_children(self):
        user1 = User(self.db)
        name = "/file/name"
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()

        child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
        self.db.commit()

        p2 = child1.get_parent()
        self.assertEqual(p2, file1, "parent not set properly")

        x = child1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")

        x = file1.get_all_children()
        found = False
        for f in x:
            if f == child1:
                found = True

        self.assertTrue(found, "We should have found that kid!")

    def test_find_no_file(self):
        f = File.get_file_from_db_id(self.db, 1000)
        self.assertEqual(f, None, "We should not have found that file")
        f = File.get_file(self.db, "nofile", pynimbusauthz.object_type_s3)
        self.assertEqual(f, None, "We should not have found that file")

    def test_file_and_bucket(self):
        user1 = User(self.db)
        fname = "NAME"
        data = "data"
        b1 = File.create_file(self.db, "bucket", user1, data, pynimbusauthz.object_type_s3)
        f1 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3, parent=b1)
        f2 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()

        self.assertNotEqual(f1.get_id(), f2.get_id())

        f3 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
        f4 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
        self.assertEqual(f1.get_id(), f3.get_id())
        self.assertEqual(f2.get_id(), f4.get_id())
        self.assertNotEqual(f3.get_id(), f4.get_id())
        self.db.commit()

    def test_change_key(self):
        user1 = User(self.db)
        name = "/file/name"
        old_base = "/old/path/base"
        fname = "/etc/group"
        new_base = "/new/base/location/dir"
        f = File.create_file(self.db, name, user1, old_base + fname, pynimbusauthz.object_type_s3)

        self.assertEqual(old_base + fname, f.get_data_key(), "old value not euqal")

        new_key = new_base + fname
        f.set_data_key(new_key)
        self.db.commit()

        tst_new_key = f.get_data_key()
        self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))

        f2 = File.get_file(self.db, name, pynimbusauthz.object_type_s3)

        tst_new_key = f2.get_data_key()
        self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))

    def test_find_by_key(self):
        user1 = User(self.db)
        name = "/file/name"
        key = "/old/path/base"
        f = File.create_file(self.db, name, user1, key, pynimbusauthz.object_type_s3)
        self.db.commit()

        f2a = File.find_files_from_data(self.db, key)

        found = False
        for f2 in f2a:
            tst_key = f2.get_data_key()
            if tst_key == key:
                found = True
        self.assertTrue(found, "key not found")
Esempio n. 41
0
class TestRebaseCli(unittest.TestCase):

    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_single_change(self): 
        name = "/file/name"
        old_base = "/OLD"
        new_base = "/NEW"
        data = "/etc/group"

        key = old_base + data
        file1 = File.create_file(self.db, name, self.user1, key, pynimbusauthz.object_type_s3)
        self.db.commit()

        rc = pynimbusauthz.rebase.main([old_base, new_base])
        self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))

        f2a = File.find_files_from_data(self.db, key)
        f2a = list(f2a)
        self.assertEqual(len(f2a), 0, "should be no values with key %s len is %d" % (old_base, len(f2a)))
        key = new_base + data
        f2a = File.find_files_from_data(self.db, key)
        f2a = list(f2a)
        self.assertNotEqual(len(f2a), 0, "length should be greater than 0 is %d" % (len(f2a)))

        found = False
        for f2 in f2a:
            tst_key = f2.get_data_key()
            if tst_key == key:
                found = True
        self.assertTrue(found, "key not found")
       

    def test_many_change(self):
        name = "/file/name"
        old_base = "/OLD"
        new_base = "/NEW"
        count = 10

        for i in range(0, count): 
            keyname = str(uuid.uuid1())
            oldkey = old_base + "/" + keyname
            File.create_file(self.db, name+oldkey, self.user1, oldkey, pynimbusauthz.object_type_s3)
        self.db.commit()

        rc = pynimbusauthz.rebase.main([old_base, new_base])
        self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))

        f2a = File.find_files_from_data(self.db, new_base + "%")
        f2a = list(f2a)
        self.assertEqual(len(f2a), count, "length of the new items should be %d is %s" % (count, len(f2a)))


    def test_many_change_but_not_all(self):
        name = "/file/name"
        old_base = "/OLD"
        new_base = "/NEW"
        other_base = "/NOTHERE"
        count = 10

        for i in range(0, count):
            keyname = str(uuid.uuid1())
            oldkey = old_base + "/" + keyname
            File.create_file(self.db, name+oldkey, self.user1, oldkey, pynimbusauthz.object_type_s3)
        for i in range(0, count*2):
            keyname = str(uuid.uuid1())
            oldkey = other_base + "/" + keyname
            File.create_file(self.db, name+oldkey, self.user1, oldkey, pynimbusauthz.object_type_s3)
        self.db.commit()

        rc = pynimbusauthz.rebase.main([old_base, new_base])
        self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))

        f2a = File.find_files_from_data(self.db, new_base + "%")
        f2a = list(f2a)
        self.assertEqual(len(f2a), count, "length of the new items should be %d is %s" % (count, len(f2a)))
Esempio n. 42
0
class TestRebaseCli(unittest.TestCase):
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_single_change(self):
        name = "/file/name"
        old_base = "/OLD"
        new_base = "/NEW"
        data = "/etc/group"

        key = old_base + data
        file1 = File.create_file(self.db, name, self.user1, key,
                                 pynimbusauthz.object_type_s3)
        self.db.commit()

        rc = pynimbusauthz.rebase.main([old_base, new_base])
        self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))

        f2a = File.find_files_from_data(self.db, key)
        f2a = list(f2a)
        self.assertEqual(
            len(f2a), 0,
            "should be no values with key %s len is %d" % (old_base, len(f2a)))
        key = new_base + data
        f2a = File.find_files_from_data(self.db, key)
        f2a = list(f2a)
        self.assertNotEqual(
            len(f2a), 0, "length should be greater than 0 is %d" % (len(f2a)))

        found = False
        for f2 in f2a:
            tst_key = f2.get_data_key()
            if tst_key == key:
                found = True
        self.assertTrue(found, "key not found")

    def test_many_change(self):
        name = "/file/name"
        old_base = "/OLD"
        new_base = "/NEW"
        count = 10

        for i in range(0, count):
            keyname = str(uuid.uuid1())
            oldkey = old_base + "/" + keyname
            File.create_file(self.db, name + oldkey, self.user1, oldkey,
                             pynimbusauthz.object_type_s3)
        self.db.commit()

        rc = pynimbusauthz.rebase.main([old_base, new_base])
        self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))

        f2a = File.find_files_from_data(self.db, new_base + "%")
        f2a = list(f2a)
        self.assertEqual(
            len(f2a), count,
            "length of the new items should be %d is %s" % (count, len(f2a)))

    def test_many_change_but_not_all(self):
        name = "/file/name"
        old_base = "/OLD"
        new_base = "/NEW"
        other_base = "/NOTHERE"
        count = 10

        for i in range(0, count):
            keyname = str(uuid.uuid1())
            oldkey = old_base + "/" + keyname
            File.create_file(self.db, name + oldkey, self.user1, oldkey,
                             pynimbusauthz.object_type_s3)
        for i in range(0, count * 2):
            keyname = str(uuid.uuid1())
            oldkey = other_base + "/" + keyname
            File.create_file(self.db, name + oldkey, self.user1, oldkey,
                             pynimbusauthz.object_type_s3)
        self.db.commit()

        rc = pynimbusauthz.rebase.main([old_base, new_base])
        self.assertEqual(rc, 0, "rc should be 0, is %d" % (rc))

        f2a = File.find_files_from_data(self.db, new_base + "%")
        f2a = list(f2a)
        self.assertEqual(
            len(f2a), count,
            "length of the new items should be %d is %s" % (count, len(f2a)))
Esempio n. 43
0
class cbAuthzUser(object):

    def __init__(self, alias_name, con_str):
        self.db_obj = DB(con_str=con_str)
        alias = User.find_alias(self.db_obj, alias_name, pynimbusauthz.alias_type_s3)
        a_list = list(alias)
        if len(a_list) < 1:
            raise cbException('AccessDenied')
        # pick the first one, hmmm XXX
        self.alias = a_list[0]
        self.user = self.alias.get_canonical_user()

    def get_canonical_id(self):
        return self.user.get_id()

    def get_password(self):
        return self.alias.get_data()

    # return string user_id
    def get_id(self):
        return self.alias.get_name()

    # return string email name
    def get_display_name(self):
        return self.alias.get_friendly_name()

    def get_file_obj(self, bucketName, objectName=None):
        file = File.get_file(self.db_obj, bucketName, pynimbusauthz.object_type_s3)
        if file == None:
            return None
        if objectName != None:
            file = File.get_file(self.db_obj, objectName, pynimbusauthz.object_type_s3, file)
        return file


    # return the permission string of the given object
    def get_uf(self, bucketName, objectName=None):
        file = self.get_file_obj(bucketName, objectName)
        if file == None:
            pycb.log(logging.INFO, "b:o not found %s:%s" % (bucketName, str(objectName)))
            raise cbException('NoSuchKey')
        uf = UserFile(file, self.user)
        return uf

    def set_quota(self, max):
        self.user.set_quota(max)
        self.db_obj.commit()

    def get_quota(self):
        q = self.user.get_quota()
        self.db_obj.commit()
        return q

    # return the permission string of the given object
    def get_perms(self, bucketName, objectName=None):
        global authed_user
        global public_user
        try:
            ufa = authed_user.get_uf(bucketName, objectName)
            ufp = public_user.get_uf(bucketName, objectName)
            p1 = ufa.get_perms(force=True)
            p2 = ufp.get_perms(force=True)
            gperms = merge_permissions(p1, p2)
        except:
            pycb.log(logging.ERROR, "error getting global permissions %s" % (sys.exc_info()[0]), tb=traceback)
            gperms = ""

        try:
            uf = self.get_uf(bucketName, objectName)
            p = uf.get_perms(force=True)
            p = merge_permissions(p, gperms)
            return (p, uf.get_file().get_data_key())
        finally:
            self.db_obj.commit()

    def get_owner(self, bucketName, objectName=None):
        try:
            uf = self.get_uf(bucketName, objectName)
            o = uf.get_owner()
            uas = list(o.get_alias_by_type(pynimbusauthz.alias_type_s3))
            if len(uas) < 1:
                raise cbException('InternalError')
            return (uas[0].get_name(), uas[0].get_friendly_name())
        finally:
            self.db_obj.commit()

    # get a list of all of this users buckets
    # returns a list of cbObjects
    def get_my_buckets(self):
        try:
            file_iterater = File.get_user_files(self.db_obj, self.user, root=True)
            new_it = itertools.imap(lambda r: _convert_bucket_to_cbObject(self, r), file_iterater)
            return list(new_it)
        finally:
            self.db_obj.commit()

    # returns a list of cbObjects
    def list_bucket(self, bucketName, args):

        clause = " ORDER BY name"
        prefix = None
        if 'prefix' in args:
            prefix = args['prefix'][0]
            prefix = "%s%%" % (prefix)

        limit = None
        if 'max-keys' in args:
            max_a = args['max-keys']
            limit = int(max_a[0])

        if 'delimiter' in args:
            pass
        if 'key-marker' in args:
            km = args['key-marker'][0]
            clause = " and name > '%s'" % (km)

        try:
            bucket = File.get_file(self.db_obj, bucketName, pynimbusauthz.alias_type_s3)
            iter = bucket.get_all_children(limit=limit, match_str=prefix, clause=clause)
            new_it = itertools.imap(lambda r: _convert_File_to_cbObject(self, r), iter)
            return list(new_it)
        finally:
            self.db_obj.commit()

    # check if the given bucket/object exists
    # returns a bool 
    def exists(self, bucketName, objectName=None):
        try:
            file = self.get_file_obj(bucketName, objectName)
            return file != None
        finally:
            self.db_obj.commit()

    def get_info(self, bucketName, objectName=None):
        try:
            file = self.get_file_obj(bucketName, objectName)
            return (file.get_size(), file.get_creation_time(), file.get_md5sum())
        finally:
            self.db_obj.commit()

    def get_remaining_quota(self):
        quota = self.user.get_quota()
        if quota == User.UNLIMITED:
            return User.UNLIMITED

        u = self.user.get_quota_usage()
        return quota - u

    # add a new bucket owned by this user
    def put_bucket(self, bucketName):
        try:
            f = File.create_file(self.db_obj, bucketName, self.user, bucketName, pynimbusauthz.alias_type_s3)
        finally:
            self.db_obj.commit()

    def put_object(self, data_obj, bucketName, objectName):
        data_key = data_obj.get_data_key()
        md5sum = data_obj.get_md5()
        fsize = data_obj.get_size()
        try:
            # it is ok for someone to put to an existing object
            # we just need to delete the existing one
            file = self.get_file_obj(bucketName, objectName)
            if file != None:
                pycb.config.bucket.delete_object(file.get_data_key())
                file.delete()
            bf = self.get_file_obj(bucketName)
            f = File.create_file(self.db_obj, objectName, self.user, data_key, pynimbusauthz.alias_type_s3, parent=bf, size=fsize, md5sum=md5sum)

        finally:
            self.db_obj.commit()

    # grant a new user_id access to the object or bucket
    def grant(self, user_id, bucketName, objectName=None, perms="Rr"):
        try:
            uf = self.get_uf(bucketName, objectName)
            new_alias_iter = User.find_alias(self.db_obj, user_id, pynimbusauthz.alias_type_s3)
            new_alias_list = list(new_alias_iter)
            new_alias = new_alias_list[0]
            new_user = new_alias.get_canonical_user()
    
            uf.chmod(perms, user=new_user)
        finally:
            self.db_obj.commit()

    # remove an object from the registry
    def delete_object(self, bucketName, objectName):
        try:
            file = self.get_file_obj(bucketName, objectName)
            file.delete()
        finally:
            self.db_obj.commit()

    # remove a bucket from the registry
    def delete_bucket(self, bucketName):
        try:
            file = self.get_file_obj(bucketName)
            kids = file.get_all_children()
            if len(list(kids)) != 0:
                raise cbException('BucketNotEmpty')
            file.delete()
        finally:
            self.db_obj.commit()

    # return the acl list of the given bucket/object
    #
    # list of        (id, display_name, perms)
    def get_acl(self, bucketName, objectName=None):
        try:
            file = self.get_file_obj(bucketName, objectName)
            ufs = file.get_all_user_files()

            grants = []
            for uf in ufs:
                u = uf.get_user()
                perms = uf.get_perms(force=True)
                uas = u.get_alias_by_type(pynimbusauthz.alias_type_s3)
                for ua in uas:
                    user_id = ua.get_name()
                    display_name = ua.get_friendly_name()
                    line = (user_id, display_name, perms)
                    grants.append(line)
            return grants
        finally:
            self.db_obj.commit()

    def set_user_pw(self, password):
        self.alias.set_data(password)

    def remove_user(self, force=False):
        if force:
            uc = User(self.db_obj, uu=self.get_canonical_id(), create=False)
            uc.destroy_brutally()
        else:
            self.alias.remove()
Esempio n. 44
0
class cbAuthzUser(object):
    def __init__(self, alias_name, con_str):
        self.db_obj = DB(con_str=con_str)
        alias = User.find_alias(self.db_obj, alias_name,
                                pynimbusauthz.alias_type_s3)
        a_list = list(alias)
        if len(a_list) < 1:
            raise cbException('AccessDenied')
        # pick the first one, hmmm XXX
        self.alias = a_list[0]
        self.user = self.alias.get_canonical_user()

    def get_canonical_id(self):
        return self.user.get_id()

    def get_password(self):
        return self.alias.get_data()

    # return string user_id
    def get_id(self):
        return self.alias.get_name()

    # return string email name
    def get_display_name(self):
        return self.alias.get_friendly_name()

    def get_file_obj(self, bucketName, objectName=None):
        file = File.get_file(self.db_obj, bucketName,
                             pynimbusauthz.object_type_s3)
        if file == None:
            return None
        if objectName != None:
            file = File.get_file(self.db_obj, objectName,
                                 pynimbusauthz.object_type_s3, file)
        return file

    # return the permission string of the given object
    def get_uf(self, bucketName, objectName=None):
        file = self.get_file_obj(bucketName, objectName)
        if file == None:
            pycb.log(logging.INFO,
                     "b:o not found %s:%s" % (bucketName, str(objectName)))
            raise cbException('NoSuchKey')
        uf = UserFile(file, self.user)
        return uf

    def set_quota(self, max):
        self.user.set_quota(max)
        self.db_obj.commit()

    def get_quota(self):
        q = self.user.get_quota()
        self.db_obj.commit()
        return q

    # return the permission string of the given object
    def get_perms(self, bucketName, objectName=None):
        global authed_user
        global public_user
        try:
            ufa = authed_user.get_uf(bucketName, objectName)
            ufp = public_user.get_uf(bucketName, objectName)
            p1 = ufa.get_perms(force=True)
            p2 = ufp.get_perms(force=True)
            gperms = merge_permissions(p1, p2)
        except:
            pycb.log(logging.ERROR,
                     "error getting global permissions %s" %
                     (sys.exc_info()[0]),
                     tb=traceback)
            gperms = ""

        try:
            uf = self.get_uf(bucketName, objectName)
            p = uf.get_perms(force=True)
            p = merge_permissions(p, gperms)
            return (p, uf.get_file().get_data_key())
        finally:
            self.db_obj.commit()

    def get_owner(self, bucketName, objectName=None):
        try:
            uf = self.get_uf(bucketName, objectName)
            o = uf.get_owner()
            uas = list(o.get_alias_by_type(pynimbusauthz.alias_type_s3))
            if len(uas) < 1:
                raise cbException('InternalError')
            return (uas[0].get_name(), uas[0].get_friendly_name())
        finally:
            self.db_obj.commit()

    # get a list of all of this users buckets
    # returns a list of cbObjects
    def get_my_buckets(self):
        try:
            file_iterater = File.get_user_files(self.db_obj,
                                                self.user,
                                                root=True)
            new_it = itertools.imap(
                lambda r: _convert_bucket_to_cbObject(self, r), file_iterater)
            return list(new_it)
        finally:
            self.db_obj.commit()

    # returns a list of cbObjects
    def list_bucket(self, bucketName, args):

        clause = " ORDER BY name"
        prefix = None
        if 'prefix' in args:
            prefix = args['prefix'][0]
            prefix = "%s%%" % (prefix)

        limit = None
        if 'max-keys' in args:
            max_a = args['max-keys']
            limit = int(max_a[0])

        if 'delimiter' in args:
            pass
        if 'key-marker' in args:
            km = args['key-marker'][0]
            clause = " and name > '%s'" % (km)

        try:
            bucket = File.get_file(self.db_obj, bucketName,
                                   pynimbusauthz.alias_type_s3)
            iter = bucket.get_all_children(limit=limit,
                                           match_str=prefix,
                                           clause=clause)
            new_it = itertools.imap(
                lambda r: _convert_File_to_cbObject(self, r), iter)
            return list(new_it)
        finally:
            self.db_obj.commit()

    # check if the given bucket/object exists
    # returns a bool
    def exists(self, bucketName, objectName=None):
        try:
            file = self.get_file_obj(bucketName, objectName)
            return file != None
        finally:
            self.db_obj.commit()

    def get_info(self, bucketName, objectName=None):
        try:
            file = self.get_file_obj(bucketName, objectName)
            return (file.get_size(), file.get_creation_time(),
                    file.get_md5sum())
        finally:
            self.db_obj.commit()

    def get_remaining_quota(self):
        quota = self.user.get_quota()
        if quota == User.UNLIMITED:
            return User.UNLIMITED

        u = self.user.get_quota_usage()
        return quota - u

    # add a new bucket owned by this user
    def put_bucket(self, bucketName):
        try:
            f = File.create_file(self.db_obj, bucketName, self.user,
                                 bucketName, pynimbusauthz.alias_type_s3)
        finally:
            self.db_obj.commit()

    def put_object(self, data_obj, bucketName, objectName):
        data_key = data_obj.get_data_key()
        md5sum = data_obj.get_md5()
        fsize = data_obj.get_size()
        try:
            # it is ok for someone to put to an existing object
            # we just need to delete the existing one
            file = self.get_file_obj(bucketName, objectName)
            if file != None:
                pycb.config.bucket.delete_object(file.get_data_key())
                file.delete()
            bf = self.get_file_obj(bucketName)
            f = File.create_file(self.db_obj,
                                 objectName,
                                 self.user,
                                 data_key,
                                 pynimbusauthz.alias_type_s3,
                                 parent=bf,
                                 size=fsize,
                                 md5sum=md5sum)

        finally:
            self.db_obj.commit()

    # grant a new user_id access to the object or bucket
    def grant(self, user_id, bucketName, objectName=None, perms="Rr"):
        try:
            uf = self.get_uf(bucketName, objectName)
            new_alias_iter = User.find_alias(self.db_obj, user_id,
                                             pynimbusauthz.alias_type_s3)
            new_alias_list = list(new_alias_iter)
            new_alias = new_alias_list[0]
            new_user = new_alias.get_canonical_user()

            uf.chmod(perms, user=new_user)
        finally:
            self.db_obj.commit()

    # remove an object from the registry
    def delete_object(self, bucketName, objectName):
        try:
            file = self.get_file_obj(bucketName, objectName)
            file.delete()
        finally:
            self.db_obj.commit()

    # remove a bucket from the registry
    def delete_bucket(self, bucketName):
        try:
            file = self.get_file_obj(bucketName)
            kids = file.get_all_children()
            if len(list(kids)) != 0:
                raise cbException('BucketNotEmpty')
            file.delete()
        finally:
            self.db_obj.commit()

    # return the acl list of the given bucket/object
    #
    # list of        (id, display_name, perms)
    def get_acl(self, bucketName, objectName=None):
        try:
            file = self.get_file_obj(bucketName, objectName)
            ufs = file.get_all_user_files()

            grants = []
            for uf in ufs:
                u = uf.get_user()
                perms = uf.get_perms(force=True)
                uas = u.get_alias_by_type(pynimbusauthz.alias_type_s3)
                for ua in uas:
                    user_id = ua.get_name()
                    display_name = ua.get_friendly_name()
                    line = (user_id, display_name, perms)
                    grants.append(line)
            return grants
        finally:
            self.db_obj.commit()

    def set_user_pw(self, password):
        try:
            self.alias.set_data(password)
        finally:
            self.db_obj.commit()

    def remove_user(self, force=False):
        try:
            if force:
                uc = User(self.db_obj,
                          uu=self.get_canonical_id(),
                          create=False)
                uc.destroy_brutally()
            else:
                self.alias.remove()
        finally:
            self.db_obj.commit()
Esempio n. 45
0
class TestFile(unittest.TestCase):

    def setUp(self):
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)

    def tearDown(self):
        self.db.close()

    def test_basic_file(self):
        user1 = User(self.db)
        name = "/file/name"
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()
        x = file1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")
        n2 = file1.get_name()
        self.assertEqual(name, n2, "Names not equal")
        d2 = file1.get_data_key()
        self.assertEqual(data, d2, "Data not equal")
        o2 = file1.get_owner()
        self.assertEqual(user1, o2, "Owner not equal")
        p2 = file1.get_parent()
        self.assertEqual(None, p2, "There should be no parent")
        b2 = file1.get_object_type()
        self.assertEqual(pynimbusauthz.object_type_s3, b2, "Type wrong")

    def test_file_children(self):
        user1 = User(self.db)
        name = "/file/name"
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()
                
        child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
        self.db.commit()

        p2 = child1.get_parent()
        self.assertEqual(p2, file1, "parent not set properly")

        x = child1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")

        x = file1.get_all_children()
        found = False
        for f in x:
            if f == child1:
                found = True

        self.assertTrue(found, "We should have found that kid!")

    def test_find_no_file(self):
        f = File.get_file_from_db_id(self.db, 1000)
        self.assertEqual(f, None, "We should not have found that file")
        f = File.get_file(self.db, "nofile", pynimbusauthz.object_type_s3)
        self.assertEqual(f, None, "We should not have found that file")

    def test_file_and_bucket(self):
        user1 = User(self.db)
        fname = "NAME"
        data = "data"
        b1 = File.create_file(self.db, "bucket", user1, data, pynimbusauthz.object_type_s3)
        f1 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3, parent=b1)
        f2 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()

        self.assertNotEqual(f1.get_id(), f2.get_id())
        
        f3 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
        f4 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
        self.assertEqual(f1.get_id(), f3.get_id())
        self.assertEqual(f2.get_id(), f4.get_id())
        self.assertNotEqual(f3.get_id(), f4.get_id())
        self.db.commit()

    def test_change_key(self):
        user1 = User(self.db)
        name = "/file/name"
        old_base = "/old/path/base"
        fname = "/etc/group"
        new_base = "/new/base/location/dir"
        f = File.create_file(self.db, name, user1, old_base + fname, pynimbusauthz.object_type_s3)

        self.assertEqual(old_base + fname, f.get_data_key(), "old value not euqal")

        new_key = new_base + fname
        f.set_data_key(new_key)
        self.db.commit()

        tst_new_key = f.get_data_key()
        self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))

        f2 = File.get_file(self.db, name, pynimbusauthz.object_type_s3)

        tst_new_key = f2.get_data_key()
        self.assertEqual(tst_new_key, new_key, "%s should equal %s" % (tst_new_key, new_key))


    def test_find_by_key(self):
        user1 = User(self.db)
        name = "/file/name"
        key = "/old/path/base"
        f = File.create_file(self.db, name, user1, key, pynimbusauthz.object_type_s3)
        self.db.commit()

        f2a = File.find_files_from_data(self.db, key)

        found = False
        for f2 in f2a:
            tst_key = f2.get_data_key()
            if tst_key == key:
                found = True
        self.assertTrue(found, "key not found")
Esempio n. 46
0
    def setUp(self):
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)
        self.user = User(self.db)
Esempio n. 47
0
class TestAddUserCli(unittest.TestCase):
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_adduser(self):
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", uu])
        self.assertEqual(rc, 0, "CLI should return success")
        user = User(self.db, uu)
        rc = pynimbusauthz.add_user.main(["-r", uu])
        self.assertEqual(rc, 0, "CLI should return success")
        try:
            user = User(self.db, uu)
            self.fail("should have had an exception loading user")
        except:
            pass

    def test_basic_alias(self):
        user = User(self.db)
        uu = user.get_id()
        aname = "alias1"
        self.db.commit()
        rc = pynimbusauthz.add_user.main(["-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
        self.assertNotEqual(ua, None, "alias not found")
        rc = pynimbusauthz.add_user.main(["-x", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
        self.assertEqual(ua, None, "alias should not be found")

    def test_user_alias_remove(self):
        aname = str(uuid.uuid1())
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        user = User(self.db, uu)
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)

        rc = pynimbusauthz.add_user.main(["-x", aname, "-r", uu])
        self.assertEqual(rc, 0, "CLI should return success")

        try:
            user = User(self.db, uu)
            self.fail("should have had an exception loading user")
        except:
            pass
        try:
            ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
            self.fail("should have had an exception loading user")
        except:
            pass

    def test_set_key(self):
        aname = str(uuid.uuid1())
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
        rc = pynimbusauthz.add_user.main(["-g", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        key = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-k", key, "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        user = User(self.db, uu)
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
        self.db.commit()
        k2 = ua.get_data()
        self.assertEqual(k2, key)

    def test_default_new_user(self):
        rc = pynimbusauthz.add_user.main(["-n"])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))

    def test_bad_args(self):
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main([])
        self.assertNotEqual(rc, 0, "CLI should not return success %d" % (rc))
        rc = pynimbusauthz.add_user.main(["-k", uu, uu])
        self.assertNotEqual(rc, 0, "CLI should not return success %d" % (rc))
        rc = pynimbusauthz.add_user.main(["-g", uu])
        self.assertNotEqual(rc, 0, "CLI should not return success %d" % (rc))

    def test_remove_force(self):
        aname = str(uuid.uuid1())
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        #  add a few alias
        for i in range(0, 10):
            aname = str(uuid.uuid1())
            rc = pynimbusauthz.add_user.main(["-a", aname, uu])
            self.assertEqual(rc, 0, "CLI should return success")

        rc = pynimbusauthz.add_user.main(["-f", "-r", uu])
        self.assertEqual(rc, 0, "CLI should return success")
Esempio n. 48
0
class TestUser(unittest.TestCase):

    def setUp(self):
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)

    def tearDown(self):
        self.db.close()

    def test_basic_userfile(self):
        perms = self.uf.get_perms()
        self.assertEqual(len(perms), 4, "Default perms should be none")
        self.assertTrue("r" in perms, "read not set")
        self.assertTrue("w" in perms, "write not set")
        self.assertTrue("R" in perms, "read acl not set")
        self.assertTrue("W" in perms, "write acl not set")

        f2 = self.uf.get_file()
        self.assertEqual(f2, self.file1, "should return the same file")

        o2 = self.uf.get_owner()
        self.assertEqual(o2, self.user1, "should return the same user")

        self.assertTrue(self.uf.can_access("rwRW"))

        a = self.uf.get_all_children()
        self.assertEqual(len(list(a)), 0, "should be no children")

    def test_bad_chmod(self):
        try:
            self.uf.chmod("KSA")
            self.fail("should be a bad parameter exception")
        except:
            pass

    def test_bad_chmod(self):
        self.uf.chmod("r")
        try:
            perms = self.uf.get_perms()
            self.fail("should not be able to read acl")
        except:
            pass
        self.uf.chmod("Rr")
        perms = self.uf.get_perms()
        rc = self.uf.can_access("w")
        self.assertFalse(rc, "should not be able to write %d"  % (rc))
        rc = self.uf.can_access("r")
        self.assertTrue(rc, "should be able to read")
        self.uf.chmod("RW")


    def test_grant(self):
        user2 = User(self.db)
        self.uf.chmod("R", user=user2)

        uf2 = UserFile(self.file1, user2)

        p = uf2.get_perms()
        self.assertEqual(p, "R", "perms should only be read here")
       
    def test_children(self):
        child1 = File.create_file(self.db, "kid", self.user1, self.data, pynimbusauthz.object_type_s3, parent=self.file1)
        self.db.commit()

        x = child1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")

        x = self.uf.get_all_children()
        found = False
        for f in x:
            if f.get_file() == child1:
                found = True
        self.assertTrue(found, "We should have found that kid!")
Esempio n. 49
0
class TestUser(unittest.TestCase):
    def setUp(self):
        #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1,
                                      self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)

    def tearDown(self):
        self.db.close()

    def test_basic_userfile(self):
        perms = self.uf.get_perms()
        self.assertEqual(len(perms), 4, "Default perms should be none")
        self.assertTrue("r" in perms, "read not set")
        self.assertTrue("w" in perms, "write not set")
        self.assertTrue("R" in perms, "read acl not set")
        self.assertTrue("W" in perms, "write acl not set")

        f2 = self.uf.get_file()
        self.assertEqual(f2, self.file1, "should return the same file")

        o2 = self.uf.get_owner()
        self.assertEqual(o2, self.user1, "should return the same user")

        self.assertTrue(self.uf.can_access("rwRW"))

        a = self.uf.get_all_children()
        self.assertEqual(len(list(a)), 0, "should be no children")

    def test_bad_chmod(self):
        try:
            self.uf.chmod("KSA")
            self.fail("should be a bad parameter exception")
        except:
            pass

    def test_bad_chmod(self):
        self.uf.chmod("r")
        try:
            perms = self.uf.get_perms()
            self.fail("should not be able to read acl")
        except:
            pass
        self.uf.chmod("Rr")
        perms = self.uf.get_perms()
        rc = self.uf.can_access("w")
        self.assertFalse(rc, "should not be able to write %d" % (rc))
        rc = self.uf.can_access("r")
        self.assertTrue(rc, "should be able to read")
        self.uf.chmod("RW")

    def test_grant(self):
        user2 = User(self.db)
        self.uf.chmod("R", user=user2)

        uf2 = UserFile(self.file1, user2)

        p = uf2.get_perms()
        self.assertEqual(p, "R", "perms should only be read here")

    def test_children(self):
        child1 = File.create_file(self.db,
                                  "kid",
                                  self.user1,
                                  self.data,
                                  pynimbusauthz.object_type_s3,
                                  parent=self.file1)
        self.db.commit()

        x = child1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")

        x = self.uf.get_all_children()
        found = False
        for f in x:
            if f.get_file() == child1:
                found = True
        self.assertTrue(found, "We should have found that kid!")
Esempio n. 50
0
class TestUser(unittest.TestCase):

    def setUp(self):
        #os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)

    def tearDown(self):
        self.db.close()

    def test_basic_user(self):
        user1 = User(self.db)
        user2 = User(self.db, user1.get_id())

        self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")

    def test_user_to_string(self):
        user1 = User(self.db)
        uu = user1.get_id()
        self.assertEqual(str(user1), uu, "toString function not working for user")

    def test_destroy_user(self):
        user1 = User(self.db)
        uu = user1.get_id()
        user1.destroy_brutally()

        try:
            user1 = User(self.db, uu)
            self.fail("The uuid should have been deleted %s" % (uu))
        except:
            pass

    def test_null_alias(self):
        user1 = User(self.db)
        all_alias = user1.get_all_alias()
        self.assertEqual(len(list(all_alias)), 0, "No alias should be in DB for new user")
        all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
        self.assertEqual(len(list(all_alias)), 0, "No alias should be in DB for new user")


    def test_create_alias_simple(self):
        user1 = User(self.db)
        alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "testname@")

        user2 = alias1.get_canonical_user()
        self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
        alias1 = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "name2@", "pooP")

        user2 = alias1.get_canonical_user()
        self.assertEqual(user1.get_id(), user2.get_id(), "User IDs should be equal")
        print alias1
        
    def test_alias_lookup_simple(self):
        user1 = User(self.db)
        alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name1@")
        alias2 = user1.get_alias("/name/", pynimbusauthz.alias_type_s3)

        self.assertEqual(alias1.get_name(), alias2.get_name(), "Alias names should be the same")
        self.assertEqual(alias1.get_type(), alias2.get_type(), "Alias types should be the same")
        self.assertEqual(alias1.get_data(), alias2.get_data(), "Alias data should be the same")

    def test_alias_lookup(self):
        user1 = User(self.db)
        alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "1")
        aliasX = user1.create_alias("/name2", pynimbusauthz.alias_type_s3, "2")
        aliasX = user1.create_alias("/name3", pynimbusauthz.alias_type_s3, "3")
        aliasX = user1.create_alias("/name4", pynimbusauthz.alias_type_s3, "4")
        all_alias = user1.get_all_alias()
        found = False
        for a in all_alias:
            if a.get_name() == alias1.get_name() and a.get_type() == alias1.get_type():
                found = True
        self.assertTrue(found, "We should have found the alias")

        all_alias = user1.get_alias_by_type(pynimbusauthz.alias_type_s3)
        found = False
        for a in all_alias:
            if a.get_name() == alias1.get_name() and a.get_type() == alias1.get_type():
                found = True
        self.assertTrue(found, "We should have found the alias")

    def test_delete_alias(self):
        user1 = User(self.db)
        alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
        alias1.remove()
        alias2 = user1.get_alias("/name/", pynimbusauthz.alias_type_s3)
        self.assertEqual(alias2, None, "The alias should be gone")

    def test_create_same_alias(self):
        user1 = User(self.db)
        alias1 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")

        try:
            alias2 = user1.create_alias("/name/", pynimbusauthz.alias_type_s3, "name@")
            self.fail("This should have caused an conflict on insert")
        except:
            pass

    def find_user_id(self, u, list):
        for l in list:
            if u == l:
                return True
        return False

    def test_find_user(self):
        user1 = User(self.db)
        self.db.commit()
        id = user1.get_id()
        fid = id[1:]
        lid = id[:-1]
        mid = id[1:-1]

        # find by exact id
        u_all = User.find_user(self.db, id)
        self.assertNotEqual(u_all, None, "we should have found somethings")
        self.assertTrue(self.find_user_id(user1, u_all))
        # find by exact partial 1
        u_all = User.find_user(self.db, fid)
        self.assertTrue(self.find_user_id(user1, u_all))
        # find by exact partial 1
        u_all = User.find_user(self.db, lid)
        self.assertTrue(self.find_user_id(user1, u_all))
        # find by exact partial 1
        u_all = User.find_user(self.db, mid)
        self.assertNotEqual(u_all, None, "we should have found somethings")
        self.assertTrue(self.find_user_id(user1, u_all))

    def test_find_user_alias(self):
        user1 = User(self.db)
        self.db.commit()
        alias_name = "helloname"
        alias1 = user1.create_alias(alias_name, pynimbusauthz.alias_type_s3, alias_name)
        self.db.commit()
        fid = "%%" + alias_name[1:]
        lid = alias_name[:-1] + "%%"
        mid = "%%" + alias_name[1:-1] + "%%"

        # find by exact id
        u_all = UserAlias.find_alias(self.db, alias_name)
        self.assertNotEqual(u_all, None, "we should have found somethings")
        self.assertTrue(self.find_user_id(alias1, u_all))
        # find by exact partial 1
        u_all = UserAlias.find_alias(self.db, fid)
        self.assertTrue(self.find_user_id(alias1, u_all))
        # find by exact partial 1
        u_all = UserAlias.find_alias(self.db, lid)
        self.assertTrue(self.find_user_id(alias1, u_all))
        # find by exact partial 1
        u_all = UserAlias.find_alias(self.db, mid)
        self.assertNotEqual(u_all, None, "we should have found somethings")
        self.assertTrue(self.find_user_id(alias1, u_all))


    def test_set_alias_data(self):
        user1 = User(self.db)
        self.db.commit()
        alias_name = "helloname"
        alias1 = user1.create_alias(alias_name, pynimbusauthz.alias_type_s3, alias_name)
        key = "helloworld"
        alias1.set_data(key)
        self.db.commit()

        alias2 = user1.get_alias(alias_name, pynimbusauthz.alias_type_s3)
        self.assertEqual(alias1.get_data(), alias2.get_data(), "alias not equal")
        self.assertEqual(key, alias2.get_data(), "alias not equal")
Esempio n. 51
0
 def setUp(self):
     (osf, self.fname) = tempfile.mkstemp()
     os.close(osf)
     os.environ['NIMBUS_AUTHZ_DB'] = self.fname
     pynimbusauthz.db.make_test_database(self.fname)
     self.db = DB(con_str=self.fname)
Esempio n. 52
0
class TestListUserCli(unittest.TestCase):

    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        (tmpFD, self.outFileName) = tempfile.mkstemp("koatests")
        os.close(tmpFD)

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def find_out_string(self, s):
        f = open(self.outFileName)
        lines = f.readlines()
        f.close()

        for l in lines:
            ndx = l.find(s)
            if ndx >= 0:
                return True
        return False

    def test_basic_list_user(self):
        uu = str(uuid.uuid1())
        user = User(self.db, uu, create=True)
        self.db.commit()
        rc = pynimbusauthz.list_user.main(["-O", self.outFileName])
        self.assertEqual(rc, 0, "CLI should return success")
        rc = self.find_out_string(uu)
        self.assertTrue(rc, "Username not found")

    def test_list_alias(self):
        uu = str(uuid.uuid1())
        user = User(self.db, uu, create=True)
        #  add a few alias
        alias_a = []
        for i in range(0, 10):
            aname = str(uuid.uuid1())
            alias_a.append(aname)
            rc = pynimbusauthz.add_user.main(["-a", aname, uu])
            self.assertEqual(rc, 0, "CLI should return success")

        self.db.commit()
        rc = pynimbusauthz.list_user.main(["-a", "-O", self.outFileName])
        self.assertEqual(rc, 0, "CLI should return success")
        rc = self.find_out_string(uu)
        self.assertTrue(rc, "Username not found")
        for a in alias_a:
            rc = self.find_out_string(a)
            self.assertTrue(rc, "Username not found")

    def test_find_by_alias(self):
        uu = str(uuid.uuid1())
        user = User(self.db, uu, create=True)
        #  add a few alias
        alias_a = []
        for i in range(0, 10):
            aname = str(uuid.uuid1())
            alias_a.append(aname)
            rc = pynimbusauthz.add_user.main(["-a", aname, uu])
            self.assertEqual(rc, 0, "CLI should return success")

        self.db.commit()
        rc = pynimbusauthz.list_user.main(["-s", "-O", self.outFileName, alias_a[0]])
        self.assertEqual(rc, 0, "CLI should return success")
        rc = self.find_out_string(uu)
        self.assertTrue(rc, "Username not found")
Esempio n. 53
0
 def create_user(self, display_name, id, pw, opts):
     db_obj = DB(con_str=self.con_str)
     user = User(db_obj, friendly=display_name)
     user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
     db_obj.commit()
     db_obj.close()
Esempio n. 54
0
class TestChmodCli(unittest.TestCase):

    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def validate_perms(self, new):
        f = File.get_file_from_db_id(self.db, self.file1.get_id())
        uf = UserFile(f, self.user1)
        perms = uf.get_perms(force=True)
        for p in new:
            self.assertTrue(p in perms, "bad perms set %s != %s" % (new, perms))
        self.assertEqual(len(perms), len(new), "perms dont match %s != %s" % (new, perms))

    def test_basic_chmod(self):
        uu = str(uuid.uuid1())
        new_perms = "WR"
        rc = pynimbusauthz.chmod.main([self.user1.get_id(), self.file1.get_name(), new_perms])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        self.validate_perms(new_perms)

    def test_type_chmod(self):
        uu = str(uuid.uuid1())
        new_perms = "WRr"
        rc = pynimbusauthz.chmod.main(["-t", self.file1.get_object_type(), self.user1.get_id(), self.file1.get_name(), new_perms])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        self.validate_perms(new_perms)

    def test_badopts(self):
        new_perms = "WR"

        rc = pynimbusauthz.chmod.main(["-t", self.file1.get_object_type(), self.user1.get_id()])
        self.assertEqual(rc, 32, "CLI should return success %d" % (rc))

        rc = pynimbusauthz.chmod.main([self.user1.get_id(), "notafile", new_perms])
        self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.chmod.main(["-t", self.file1.get_object_type(), "-p", "nobucket", self.user1.get_id(), self.file1.get_name(), new_perms])
        self.assertEqual(rc, 33, "CLI should return success %d" % (rc))

    def test_bucket(self):
        # create a file and a bucket
        b1 = File.create_file(self.db, "bucket", self.user1, self.data, pynimbusauthz.object_type_s3)
        f2 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3, parent=b1)
        self.db.commit()

        new_perms = "WR"
        rc = pynimbusauthz.chmod.main(["-t", f2.get_object_type(), "-p", b1.get_name(), self.user1.get_id(), f2.get_name(), new_perms])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
Esempio n. 55
0
class TestChmodCli(unittest.TestCase):
    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        #        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)
        self.user1 = User(self.db)
        self.name = "/file/name"
        self.data = "/etc/group"
        self.file1 = File.create_file(self.db, self.name, self.user1,
                                      self.data, pynimbusauthz.object_type_s3)
        self.uf = UserFile(self.file1)
        self.db.commit()

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def validate_perms(self, new):
        f = File.get_file_from_db_id(self.db, self.file1.get_id())
        uf = UserFile(f, self.user1)
        perms = uf.get_perms(force=True)
        for p in new:
            self.assertTrue(p in perms,
                            "bad perms set %s != %s" % (new, perms))
        self.assertEqual(len(perms), len(new),
                         "perms dont match %s != %s" % (new, perms))

    def test_basic_chmod(self):
        uu = str(uuid.uuid1())
        new_perms = "WR"
        rc = pynimbusauthz.chmod.main(
            [self.user1.get_id(),
             self.file1.get_name(), new_perms])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        self.validate_perms(new_perms)

    def test_type_chmod(self):
        uu = str(uuid.uuid1())
        new_perms = "WRr"
        rc = pynimbusauthz.chmod.main([
            "-t",
            self.file1.get_object_type(),
            self.user1.get_id(),
            self.file1.get_name(), new_perms
        ])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
        self.validate_perms(new_perms)

    def test_badopts(self):
        new_perms = "WR"

        rc = pynimbusauthz.chmod.main(
            ["-t", self.file1.get_object_type(),
             self.user1.get_id()])
        self.assertEqual(rc, 32, "CLI should return success %d" % (rc))

        rc = pynimbusauthz.chmod.main(
            [self.user1.get_id(), "notafile", new_perms])
        self.assertEqual(rc, 33, "CLI should return success %d" % (rc))
        rc = pynimbusauthz.chmod.main([
            "-t",
            self.file1.get_object_type(), "-p", "nobucket",
            self.user1.get_id(),
            self.file1.get_name(), new_perms
        ])
        self.assertEqual(rc, 33, "CLI should return success %d" % (rc))

    def test_bucket(self):
        # create a file and a bucket
        b1 = File.create_file(self.db, "bucket", self.user1, self.data,
                              pynimbusauthz.object_type_s3)
        f2 = File.create_file(self.db,
                              self.name,
                              self.user1,
                              self.data,
                              pynimbusauthz.object_type_s3,
                              parent=b1)
        self.db.commit()

        new_perms = "WR"
        rc = pynimbusauthz.chmod.main([
            "-t",
            f2.get_object_type(), "-p",
            b1.get_name(),
            self.user1.get_id(),
            f2.get_name(), new_perms
        ])
        self.assertEqual(rc, 0, "CLI should return success %d" % (rc))
Esempio n. 56
0
class TestAddUserCli(unittest.TestCase):

    def setUp(self):
        (osf, self.fname) = tempfile.mkstemp()
        os.close(osf)
        os.environ['NIMBUS_AUTHZ_DB'] = self.fname
        pynimbusauthz.db.make_test_database(self.fname)
        self.db = DB(con_str=self.fname)

    def tearDown(self):
        self.db.close()
        os.remove(self.fname)

    def test_basic_adduser(self):
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", uu])
        self.assertEqual(rc, 0, "CLI should return success")
        user = User(self.db, uu)
        rc = pynimbusauthz.add_user.main(["-r", uu])
        self.assertEqual(rc, 0, "CLI should return success")
        try:
            user = User(self.db, uu)
            self.fail("should have had an exception loading user")
        except:
            pass

    def test_basic_alias(self):
        user = User(self.db)
        uu = user.get_id()
        aname = "alias1"
        self.db.commit()
        rc = pynimbusauthz.add_user.main(["-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
        self.assertNotEqual(ua, None, "alias not found")
        rc = pynimbusauthz.add_user.main(["-x", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
        self.assertEqual(ua, None, "alias should not be found")

    def test_user_alias_remove(self):
        aname = str(uuid.uuid1())
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        user = User(self.db, uu)
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)

        rc = pynimbusauthz.add_user.main(["-x", aname, "-r", uu])
        self.assertEqual(rc, 0, "CLI should return success")

        try:
            user = User(self.db, uu)
            self.fail("should have had an exception loading user")
        except:
            pass
        try:
            ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
            self.fail("should have had an exception loading user")
        except:
            pass

    def test_set_key(self):
        aname = str(uuid.uuid1())
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
        rc = pynimbusauthz.add_user.main(["-g", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")
 
        key = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-k", key, "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        user = User(self.db, uu)
        ua = user.get_alias(aname, pynimbusauthz.alias_type_s3)
        self.db.commit()
        k2 = ua.get_data()
        self.assertEqual(k2, key)

    def test_default_new_user(self):
        rc = pynimbusauthz.add_user.main(["-n"])
        self.assertEqual(rc, 0, "CLI should return success %d"%(rc))

    def test_bad_args(self):
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main([])
        self.assertNotEqual(rc, 0, "CLI should not return success %d"%(rc))
        rc = pynimbusauthz.add_user.main(["-k", uu, uu])
        self.assertNotEqual(rc, 0, "CLI should not return success %d"%(rc))
        rc = pynimbusauthz.add_user.main(["-g", uu])
        self.assertNotEqual(rc, 0, "CLI should not return success %d"%(rc))

    def test_remove_force(self):
        aname = str(uuid.uuid1())
        uu = str(uuid.uuid1())
        rc = pynimbusauthz.add_user.main(["-n", "-a", aname, uu])
        self.assertEqual(rc, 0, "CLI should return success")

        #  add a few alias
        for i in range(0, 10):
            aname = str(uuid.uuid1())
            rc = pynimbusauthz.add_user.main(["-a", aname, uu])
            self.assertEqual(rc, 0, "CLI should return success")

        rc = pynimbusauthz.add_user.main(["-f", "-r", uu])
        self.assertEqual(rc, 0, "CLI should return success")
Esempio n. 57
0
class TestUser(unittest.TestCase):

    def setUp(self):
#        os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
        con = pynimbusauthz.db.make_test_database()
        self.db = DB(con=con)

    def tearDown(self):
        self.db.close()

    def test_basic_file(self):
        user1 = User(self.db)
        name = "/file/name"
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()
        x = file1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")
        n2 = file1.get_name()
        self.assertEqual(name, n2, "Names not equal")
        d2 = file1.get_data_key()
        self.assertEqual(data, d2, "Data not equal")
        o2 = file1.get_owner()
        self.assertEqual(user1, o2, "Owner not equal")
        p2 = file1.get_parent()
        self.assertEqual(None, p2, "There should be no parent")
        b2 = file1.get_object_type()
        self.assertEqual(pynimbusauthz.object_type_s3, b2, "Type wrong")

    def test_file_children(self):
        user1 = User(self.db)
        name = "/file/name"
        data = "/etc/group"
        file1 = File.create_file(self.db, name, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()
                
        child1 = File.create_file(self.db, "kid", user1, data, pynimbusauthz.object_type_s3, parent=file1)
        self.db.commit()

        p2 = child1.get_parent()
        self.assertEqual(p2, file1, "parent not set properly")

        x = child1.get_all_children()
        self.assertEqual(len(list(x)), 0, "The file should have no children")

        x = file1.get_all_children()
        found = False
        for f in x:
            if f == child1:
                found = True

        self.assertTrue(found, "We should have found that kid!")

    def test_find_no_file(self):
        f = File.get_file_from_db_id(self.db, 1000)
        self.assertEqual(f, None, "We should not have found that file")
        f = File.get_file(self.db, "nofile", pynimbusauthz.object_type_s3)
        self.assertEqual(f, None, "We should not have found that file")

    def test_file_and_bucket(self):
        user1 = User(self.db)
        fname = "NAME"
        data = "data"
        b1 = File.create_file(self.db, "bucket", user1, data, pynimbusauthz.object_type_s3)
        f1 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3, parent=b1)
        f2 = File.create_file(self.db, fname, user1, data, pynimbusauthz.object_type_s3)
        self.db.commit()

        self.assertNotEqual(f1.get_id(), f2.get_id())
        
        f3 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3, parent=b1)
        f4 = File.get_file(self.db, fname, pynimbusauthz.object_type_s3)
        self.assertEqual(f1.get_id(), f3.get_id())
        self.assertEqual(f2.get_id(), f4.get_id())
        self.assertNotEqual(f3.get_id(), f4.get_id())
        self.db.commit()