Esempio n. 1
0
def test_delete_identity_of_account(vo, rest_client):
    """ ACCOUNT (REST): send a DELETE to remove an identity of an account."""
    account = account_name_generator()
    identity = uuid()
    password = '******'
    add_account(account, 'USER', '*****@*****.**', 'root', vo=vo)
    add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password)
    add_account_identity(identity, IdentityType.USERPASS,
                         InternalAccount(account, vo=vo), '*****@*****.**')
    auth_response = rest_client.get('/auth/userpass',
                                    headers=headers(
                                        loginhdr(account, identity, password),
                                        vohdr(vo)))
    assert auth_response.status_code == 200
    assert 'X-Rucio-Auth-Token' in auth_response.headers
    token = str(auth_response.headers.get('X-Rucio-Auth-Token'))
    assert len(token) != 0

    # normal deletion
    data = {'authtype': 'USERPASS', 'identity': identity}
    response = rest_client.delete('/accounts/' + account + '/identities',
                                  headers=headers(auth(token)),
                                  json=data)
    assert response.status_code == 200

    # unauthorized deletion
    other_account = account_name_generator()
    data = {'authtype': 'USERPASS', 'identity': identity}
    response = rest_client.delete('/accounts/' + other_account + '/identities',
                                  headers=headers(auth(token)),
                                  json=data)
    assert response.status_code == 401
Esempio n. 2
0
def import_identities(identities, account_name, old_identities, old_identity_account, account_email, session=None):
    for identity in identities:
        identity['type'] = IdentityType[identity['type'].upper()]

    missing_identities = [identity for identity in identities if (identity['identity'], identity['type']) not in old_identities]
    missing_identity_account = [identity for identity in identities if (identity['identity'], identity['type'], account_name) not in old_identity_account]
    to_be_removed_identity_account = [old_identity for old_identity in old_identity_account if (old_identity[0], old_identity[1], old_identity[2]) not in
                                      [(identity['identity'], identity['type'], account_name) for identity in identities] and old_identity[2] == account_name]

    # add missing identities
    for identity in missing_identities:
        identity_type = identity['type']
        password = identity.get('password')
        identity = identity['identity']
        if identity_type == IdentityType.USERPASS:
            identity_module.add_identity(identity=identity, password=password, email=account_email, type_=identity_type, session=session)
        elif identity_type == IdentityType.GSS or identity_type == IdentityType.SSH or identity_type == IdentityType.X509:
            identity_module.add_identity(identity=identity, email=account_email, type_=identity_type, session=session)

    # add missing identity-account association
    for identity in missing_identity_account:
        identity_module.add_account_identity(identity['identity'], identity['type'], account_name, email=account_email, session=session)

    # remove identities from account-identity association
    for identity in to_be_removed_identity_account:
        identity_module.del_account_identity(identity=identity[0], type_=identity[1], account=identity[2], session=session)
Esempio n. 3
0
    def test_delete_identity_of_account(self):
        """ ACCOUNT (REST): send a DELETE to remove an identity of an account."""
        mw = []
        account = account_name_generator()
        identity = uuid()
        password = '******'
        add_account(account, 'USER', '*****@*****.**', 'root', **self.vo)
        add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password)
        add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**')
        headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password}
        headers1.update(self.vo_header)
        res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
        token = str(res1.header('X-Rucio-Auth-Token'))

        # normal deletion
        headers2 = {'X-Rucio-Auth-Token': str(token)}
        data = dumps({'authtype': 'USERPASS', 'identity': identity})
        res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
        assert_equal(res2.status, 200)

        # unauthorized deletion
        other_account = account_name_generator()
        headers2 = {'X-Rucio-Auth-Token': str(token)}
        data = dumps({'authtype': 'USERPASS', 'identity': identity})
        res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True)
        assert_equal(res2.status, 401)
Esempio n. 4
0
    def test_ssh(self):
        """ IDENTITY (CORE): Test adding and removing SSH public key authentication """

        add_identity(self.account.external, IdentityType.SSH, email='*****@*****.**')
        add_account_identity('my_public_key', IdentityType.SSH, self.account, email='*****@*****.**')

        list_identities()

        del_account_identity('my_public_key', IdentityType.SSH, self.account)
        del_identity(self.account.external, IdentityType.SSH)
Esempio n. 5
0
def add_identity(identity_key, type, email, password=None):
    """
    Creates a user identity.

    :param identity_key: The identity key name. For example x509 DN, or a username.
    :param type: The type of the authentication (x509, gss, userpass)
    :param email: The Email address associated with the identity.
    :param password: If type==userpass, this sets the password.
    """
    return identity.add_identity(identity_key, IdentityType.from_sym(type), password, email=email)
Esempio n. 6
0
def add_identity(identity_key, id_type, email, password=None):
    """
    Creates a user identity.

    :param identity_key: The identity key name. For example x509 DN, or a username.
    :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml)
    :param email: The Email address associated with the identity.
    :param password: If type==userpass, this sets the password.
    """
    return identity.add_identity(identity_key, IdentityType.from_sym(id_type), email, password=password)
Esempio n. 7
0
def add_identity(identity_key, id_type, email, password=None, session=None):
    """
    Creates a user identity.

    :param identity_key: The identity key name. For example x509 DN, or a username.
    :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml)
    :param email: The Email address associated with the identity.
    :param password: If type==userpass, this sets the password.
    :param session: The database session in use.
    """
    return identity.add_identity(identity_key,
                                 IdentityType[id_type.upper()],
                                 email,
                                 password=password,
                                 session=session)
Esempio n. 8
0
    def test_userpass(self):
        """ IDENTITY (CORE): Test adding and removing username/password authentication """

        add_identity(self.account.external, IdentityType.USERPASS, email='*****@*****.**', password='******')
        add_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account, email='*****@*****.**', password='******')

        add_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, email='*****@*****.**')
        add_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account, email='*****@*****.**')

        add_identity('ddmlab_%s' % self.account, IdentityType.GSS, email='*****@*****.**')
        add_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account, email='*****@*****.**')

        list_identities()

        del_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account)
        del_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account)
        del_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account)

        del_identity('ddmlab_%s' % self.account, IdentityType.USERPASS)
Esempio n. 9
0
    def test_userpass(self):
        """ IDENTITY (CORE): Test adding and removing username/password authentication """

        add_identity(self.account, IdentityType.USERPASS, email="*****@*****.**", password="******")
        add_account_identity(
            "ddmlab_%s" % self.account, IdentityType.USERPASS, self.account, email="*****@*****.**"
        )

        add_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, email="*****@*****.**")
        add_account_identity(
            "/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account, email="*****@*****.**"
        )

        add_identity("ddmlab_%s" % self.account, IdentityType.GSS, email="*****@*****.**")
        add_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account, email="*****@*****.**")

        list_identities()

        del_account_identity("ddmlab_%s" % self.account, IdentityType.USERPASS, self.account)
        del_account_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account)
        del_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account)

        del_identity("ddmlab_%s" % self.account, IdentityType.USERPASS)
Esempio n. 10
0
    def setup(self):
        # New RSE
        self.new_rse = rse_name_generator()

        # RSE 1 that already exists
        self.old_rse_1 = rse_name_generator()
        self.old_rse_id_1 = add_rse(self.old_rse_1,
                                    availability=1,
                                    region_code='DE',
                                    country_name='DE',
                                    deterministic=True,
                                    volatile=True,
                                    staging_area=True,
                                    time_zone='Europe',
                                    latitude='1',
                                    longitude='2')
        add_protocol(
            self.old_rse_id_1, {
                'scheme': 'scheme1',
                'hostname': 'hostname1',
                'port': 1000,
                'impl': 'TODO'
            })
        add_protocol(
            self.old_rse_id_1, {
                'scheme': 'scheme3',
                'hostname': 'hostname3',
                'port': 1000,
                'impl': 'TODO'
            })

        set_rse_limits(rse_id=self.old_rse_id_1,
                       name='MaxBeingDeletedFiles',
                       value='10')
        set_rse_limits(rse_id=self.old_rse_id_1,
                       name='MinFreeSpace',
                       value='10')
        add_rse_attribute(rse_id=self.old_rse_id_1,
                          key='attr1',
                          value='test10')
        add_rse_attribute(rse_id=self.old_rse_id_1,
                          key='lfn2pfn_algorithm',
                          value='test10')
        add_rse_attribute(rse_id=self.old_rse_id_1,
                          key='verify_checksum',
                          value=True)

        # RSE 2 that already exists
        self.old_rse_2 = rse_name_generator()
        self.old_rse_id_2 = add_rse(self.old_rse_2)

        # RSE 3 that already exists
        self.old_rse_3 = rse_name_generator()
        self.old_rse_id_3 = add_rse(self.old_rse_3)

        # RSE 4 that already exists
        self.old_rse_4 = rse_name_generator()
        self.old_rse_id_4 = add_rse(self.old_rse_4)

        # RSE 4 that already exists
        self.old_rse_4 = rse_name_generator()
        add_rse(self.old_rse_4)
        self.old_rse_id_4 = get_rse_id(self.old_rse_4)

        # Distance that already exists
        add_distance(self.old_rse_id_1, self.old_rse_id_2)

        # Account 1 that already exists
        self.old_account_1 = InternalAccount(rse_name_generator())
        add_account(self.old_account_1, AccountType.USER, email='test')

        # Account 2 that already exists
        self.old_account_2 = InternalAccount(rse_name_generator())
        add_account(self.old_account_2, AccountType.USER, email='test')

        # Identity that should be removed
        self.identity_to_be_removed = rse_name_generator()
        add_identity(self.identity_to_be_removed,
                     IdentityType.X509,
                     email='email')
        add_account_identity(self.identity_to_be_removed, IdentityType.X509,
                             self.old_account_2, 'email')

        # Identity that already exsits but should be added to the account
        self.identity_to_be_added_to_account = rse_name_generator()
        add_identity(self.identity_to_be_added_to_account,
                     IdentityType.X509,
                     email='email')

        self.data1 = {
            'rses': {
                self.new_rse: {
                    'rse_type':
                    RSEType.TAPE,
                    'availability':
                    3,
                    'city':
                    'NewCity',
                    'region_code':
                    'CH',
                    'country_name':
                    'switzerland',
                    'staging_area':
                    False,
                    'time_zone':
                    'Europe',
                    'latitude':
                    1,
                    'longitude':
                    2,
                    'deterministic':
                    True,
                    'volatile':
                    False,
                    'protocols': [{
                        'scheme': 'scheme',
                        'hostname': 'hostname',
                        'port': 1000,
                        'impl': 'impl'
                    }],
                    'attributes': {
                        'attr1': 'test'
                    },
                    'MinFreeSpace':
                    20000,
                    'lfn2pfn_algorithm':
                    'hash2',
                    'verify_checksum':
                    False,
                    'availability_delete':
                    True,
                    'availability_read':
                    False,
                    'availability_write':
                    True
                },
                self.old_rse_1: {
                    'rse_type':
                    RSEType.TAPE,
                    'deterministic':
                    False,
                    'volatile':
                    False,
                    'region_code':
                    'US',
                    'country_name':
                    'US',
                    'staging_area':
                    False,
                    'time_zone':
                    'Asia',
                    'longitude':
                    5,
                    'city':
                    'City',
                    'availability':
                    2,
                    'latitude':
                    10,
                    'protocols': [{
                        'scheme': 'scheme1',
                        'hostname': 'hostname1',
                        'port': 1000,
                        'prefix': 'prefix',
                        'impl': 'impl1'
                    }, {
                        'scheme': 'scheme2',
                        'hostname': 'hostname2',
                        'port': 1001,
                        'impl': 'impl'
                    }],
                    'attributes': {
                        'attr1': 'test1',
                        'attr2': 'test2'
                    },
                    'MinFreeSpace':
                    10000,
                    'MaxBeingDeletedFiles':
                    1000,
                    'verify_checksum':
                    False,
                    'lfn2pfn_algorithm':
                    'hash3',
                    'availability_delete':
                    False,
                    'availability_read':
                    False,
                    'availability_write':
                    True
                },
                self.old_rse_2: {},
                self.old_rse_3: {}
            },
            'distances': {
                self.old_rse_1: {
                    self.old_rse_2: {
                        'src_rse': self.old_rse_1,
                        'dest_rse': self.old_rse_2,
                        'ranking': 10
                    },
                    self.old_rse_3: {
                        'src_rse': self.old_rse_1,
                        'dest_rse': self.old_rse_3,
                        'ranking': 4
                    }
                }
            },
            'accounts': [{
                'account':
                InternalAccount('new_account'),
                'email':
                'email',
                'identities': [{
                    'type': 'userpass',
                    'identity': 'username',
                    'password': '******'
                }]
            }, {
                'account': InternalAccount('new_account2'),
                'email': 'email'
            }, {
                'account':
                self.old_account_2,
                'email':
                'new_email',
                'identities': [{
                    'identity': self.identity_to_be_added_to_account,
                    'type': 'x509'
                }, {
                    'type': 'userpass',
                    'identity': 'username2',
                    'password': '******'
                }]
            }, {
                'account': InternalAccount('jdoe'),
                'email': 'email'
            }]
        }

        self.data2 = {'rses': {self.new_rse: {'rse': self.new_rse}}}
        self.data3 = {'distances': {}}