def test_read(loop, self):
u = auth.EtcdUser(self.client, 'root')
# Reading an existing user succeeds
try:
yield from u.read()
except Exception:
self.fail("reading the root user raised an exception")
# roles for said user are fetched
self.assertEquals(u.roles, set(['root']))
# The user is correctly rendered out
self.assertEquals(u._to_net(), [{
'user': '******',
'password': None,
'roles': ['root']
}])
# An inexistent user raises the appropriate exception
u = auth.EtcdUser(self.client, 'user.does.not.exist')
with raises(etcd.EtcdKeyNotFound):
yield from u.read()
# Reading with an unauthenticated client raises an exception
u = auth.EtcdUser(self.unauth_client, 'root')
with raises(etcd.EtcdInsufficientPermissions):
yield from u.read()
# Generic errors are caught
c = etcd.Client(port=9999)
u = auth.EtcdUser(c, 'root')
with raises(etcd.EtcdException):
yield from u.read()
def test_write_and_delete(loop,self):
r = auth.EtcdRole(self.client, 'test_group')
r.acls = {'/*': 'R', '/test/*': 'RW'}
try:
yield from r.write()
except:
self.fail("Writing a simple groups should not fail")
# Create an user
u = auth.EtcdUser(self.client, 'test_user')
u.roles.add('guest')
u.roles.add('root')
# directly from my suitcase
u.password = '******'
try:
yield from u.write()
except:
self.fail("creating a user doesn't work")
# Password gets wiped
self.assertEquals(u.password, None)
yield from u.read()
# Verify we can log in as this user and access the auth (it has the
# root role)
cl = etcd.Client(port=6001, username='******',
password='******')
ul = auth.EtcdUser(cl, 'root')
try:
yield from ul.read()
except etcd.EtcdInsufficientPermissions:
self.fail("Reading auth with the new user is not possible")
self.assertEquals(u.name, "test_user")
self.assertEquals(u.roles, set(['guest', 'root']))
# set roles as a list, it works!
u.roles = ['guest', 'test_group']
try:
yield from u.write()
except:
self.fail("updating a user you previously created fails")
yield from u.read()
self.assertIn('test_group', u.roles)
# Unauthorized access is properly handled
ua = auth.EtcdUser(self.unauth_client, 'test_user')
with raises(etcd.EtcdInsufficientPermissions):
yield from ua.write()
# now let's test deletion
du = auth.EtcdUser(self.client, 'user.does.not.exist')
with raises(etcd.EtcdKeyNotFound):
yield from du.delete()
# Delete test_user
yield from u.delete()
with raises(etcd.EtcdKeyNotFound):
yield from u.read()
# Permissions are properly handled
with raises(etcd.EtcdInsufficientPermissions):
yield from ua.delete()
def test_write_and_delete(loop, self):
# Create an user
u = auth.EtcdUser(self.client, 'test_user')
u.roles.add('guest')
u.roles.add('root')
# directly from my suitcase
u.password = '******'
try:
yield from u.write()
except:
self.fail("creating a user doesn't work")
# Password gets wiped
self.assertEquals(u.password, None)
yield from u.read()
# Verify we can log in as this user and access the auth (it has the
# root role)
cl = etcd.Client(port=6281, username='******', password='******')
ul = auth.EtcdUser(cl, 'root')
try:
yield from ul.read()
except etcd.EtcdInsufficientPermissions:
self.fail("Reading auth with the new user is not possible")
self.assertEquals(u.name, "test_user")
self.assertEquals(u.roles, set(['guest', 'root']))
# Unauthorized access is properly handled
ua = auth.EtcdUser(self.unauth_client, 'test_user')
with raises(etcd.EtcdInsufficientPermissions):
yield from ua.write()
# now let's test deletion
du = auth.EtcdUser(self.client, 'user.does.not.exist')
with raises(etcd.EtcdKeyNotFound):
yield from du.delete()
# Delete test_user
yield from u.delete()
with raises(etcd.EtcdKeyNotFound):
yield from u.read()
# Permissions are properly handled
with raises(etcd.EtcdInsufficientPermissions):
yield from ua.delete()
def setUp(self):
# Sets up the root user, toggles auth
loop = asyncio.get_event_loop()
self.client = etcd.Client(port=6001, loop=loop)
u = auth.EtcdUser(self.client, 'root')
u.password = '******'
loop.run_until_complete(u.write())
self.client = etcd.Client(port=6001, username='******',
password='******', loop=loop)
self.unauth_client = etcd.Client(port=6001, loop=loop)
a = auth.Auth(self.client)
loop.run_until_complete(a.set_active(True))
def test_names(loop, self):
u = auth.EtcdUser(self.client, 'test_user')
self.assertEquals((yield from u.get_names()), [{
'user':
'******',
'roles': [{
'role': 'root',
'permissions': {
'kv': {
'read': ['/*'],
'write': ['/*']
}
}
}]
}])
def tearDown(self):
loop = asyncio.get_event_loop()
u = auth.EtcdUser(self.client, 'test_user')
r = auth.EtcdRole(self.client, 'test_role')
try:
loop.run_until_complete(u.delete())
except:
pass
try:
loop.run_until_complete(r.delete())
except:
pass
a = auth.Auth(self.client)
loop.run_until_complete(a.set_active(False))
def test_names(loop,self):
u = auth.EtcdUser(self.client, 'test_user')
self.assertEquals((yield from u.get_names()), ['root'])