def test_modify_roles_validation(self):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=['not a RoleChange'],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
def should_fail(
package_path='a', revoke=False, role='OWNER', user=None, group='group'):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=[
acl.RoleChange(
package_path=package_path,
revoke=revoke,
role=role,
user=user,
group=group),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
should_fail(package_path='bad path')
should_fail(role='BAD_ROLE')
should_fail(user=None, group=None)
should_fail(user=auth.Identity.from_bytes('user:[email protected]'), group='group')
should_fail(user='******', group=None)
should_fail(group='bad/group/name')
def test_modify_roles_validation(self):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=['not a RoleChange'],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
def should_fail(package_path='a',
revoke=False,
role='OWNER',
user=None,
group='group'):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=[
acl.RoleChange(package_path=package_path,
revoke=revoke,
role=role,
user=user,
group=group),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
should_fail(package_path='bad path')
should_fail(role='BAD_ROLE')
should_fail(user=None, group=None)
should_fail(user=auth.Identity.from_bytes('user:[email protected]'),
group='group')
should_fail(user='******', group=None)
should_fail(group='bad/group/name')
def should_fail(
package_path='a', revoke=False, role='OWNER', user=None, group='group'):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=[
acl.RoleChange(
package_path=package_path,
revoke=revoke,
role=role,
user=user,
group=group),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
def should_fail(package_path='a',
revoke=False,
role='OWNER',
user=None,
group='group'):
with self.assertRaises(ValueError):
acl.modify_roles(
changes=[
acl.RoleChange(package_path=package_path,
revoke=revoke,
role=role,
user=user,
group=group),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
def test_fetch_acl_ok(self):
acl.modify_roles(
changes=[
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=auth.Identity.from_bytes('user:[email protected]'),
group=None),
acl.RoleChange(package_path='a/b/c',
revoke=False,
role='READER',
user=None,
group='reader-group'),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
resp = self.call_api('fetch_acl', {'package_path': 'a/b/c/d'})
self.assertEqual(200, resp.status_code)
self.assertEqual(
{
'status': 'SUCCESS',
'acls': {
'acls': [
{
'modified_by': 'user:[email protected]',
'modified_ts': '1388534400000000',
'package_path': 'a',
'principals': ['user:[email protected]'],
'role': 'OWNER',
},
{
'modified_by': 'user:[email protected]',
'modified_ts': '1388534400000000',
'package_path': 'a/b/c',
'principals': ['group:reader-group'],
'role': 'READER',
},
],
},
}, resp.json_body)
def test_fetch_acl_ok(self):
acl.modify_roles(
changes=[
acl.RoleChange(
package_path="a",
revoke=False,
role="OWNER",
user=auth.Identity.from_bytes("user:[email protected]"),
group=None,
),
acl.RoleChange(package_path="a/b/c", revoke=False, role="READER", user=None, group="reader-group"),
],
caller=auth.Identity.from_bytes("user:[email protected]"),
now=datetime.datetime(2014, 1, 1),
)
resp = self.call_api("fetch_acl", {"package_path": "a/b/c/d"})
self.assertEqual(200, resp.status_code)
self.assertEqual(
{
"status": "SUCCESS",
"acls": {
"acls": [
{
"modified_by": "user:[email protected]",
"modified_ts": "1388534400000000",
"package_path": "a",
"principals": ["user:[email protected]"],
"role": "OWNER",
},
{
"modified_by": "user:[email protected]",
"modified_ts": "1388534400000000",
"package_path": "a/b/c",
"principals": ["group:reader-group"],
"role": "READER",
},
]
},
},
resp.json_body,
)
def test_fetch_acl_ok(self):
acl.modify_roles(
changes=[
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=auth.Identity.from_bytes('user:[email protected]'),
group=None),
acl.RoleChange(
package_path='a/b/c',
revoke=False,
role='READER',
user=None,
group='reader-group'),
],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
resp = self.call_api('fetch_acl', {'package_path': 'a/b/c/d'})
self.assertEqual(200, resp.status_code)
self.assertEqual({
'status': 'SUCCESS',
'acls': {
'acls': [
{
'modified_by': 'user:[email protected]',
'modified_ts': '1388534400000000',
'package_path': 'a',
'principals': ['user:[email protected]'],
'role': 'OWNER',
},
{
'modified_by': 'user:[email protected]',
'modified_ts': '1388534400000000',
'package_path': 'a/b/c',
'principals': ['group:reader-group'],
'role': 'READER',
},
],
},
}, resp.json_body)
def test_modify_roles(self):
ident_a = auth.Identity.from_bytes('user:[email protected]')
ident_b = auth.Identity.from_bytes('user:[email protected]')
# Modify a bunch of packages. Include some redundant and self-canceling
# changes to test all code paths.
acl.modify_roles(changes=[
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=ident_b,
group=None),
acl.RoleChange(package_path='a/b',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(package_path='a/b',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(package_path='a/b/c',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a/b/c',
revoke=True,
role='OWNER',
user=ident_a,
group=None),
],
caller=ident_a,
now=datetime.datetime(2014, 1, 1))
# Ensure modification have been applied correctly.
self.assertEqual(
{
'groups': [],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [ident_a, ident_b],
},
acl.package_acl_key('a', 'OWNER').get().to_dict())
self.assertEqual(
{
'groups': ['some-group'],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [],
},
acl.package_acl_key('a/b', 'OWNER').get().to_dict())
self.assertEqual(None, acl.package_acl_key('a/b/c', 'OWNER').get())
# Modify same ACLs again.
acl.modify_roles(changes=[
acl.RoleChange(package_path='a',
revoke=True,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(package_path='a',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(package_path='a/b',
revoke=True,
role='OWNER',
user=None,
group='some-group'),
],
caller=ident_b,
now=datetime.datetime(2015, 1, 1))
# Ensure modification have been applied correctly.
self.assertEqual(
{
'groups': ['some-group'],
'modified_by': ident_b,
'modified_ts': datetime.datetime(2015, 1, 1, 0, 0),
'rev': 2,
'users': [ident_b],
},
acl.package_acl_key('a', 'OWNER').get().to_dict())
# Ensure previous version has been saved in the revision log.
rev_key = ndb.Key(acl.PackageACLRevision,
1,
parent=acl.package_acl_key('a', 'OWNER'))
self.assertEqual(
{
'groups': [],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'users': [ident_a, ident_b],
},
rev_key.get().to_dict())
def test_modify_roles_empty(self):
# Just for code coverage.
acl.modify_roles(changes=[],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
def test_modify_roles(self):
ident_a = auth.Identity.from_bytes('user:[email protected]')
ident_b = auth.Identity.from_bytes('user:[email protected]')
# Modify a bunch of packages. Include some redundant and self-canceling
# changes to test all code paths.
acl.modify_roles(
changes=[
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=ident_b,
group=None),
acl.RoleChange(
package_path='a/b',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(
package_path='a/b',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(
package_path='a/b/c',
revoke=False,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(
package_path='a/b/c',
revoke=True,
role='OWNER',
user=ident_a,
group=None),
],
caller=ident_a,
now=datetime.datetime(2014, 1, 1))
# Ensure modification have been applied correctly.
self.assertEqual({
'groups': [],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [ident_a, ident_b],
}, acl.package_acl_key('a', 'OWNER').get().to_dict())
self.assertEqual({
'groups': ['some-group'],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'rev': 1,
'users': [],
}, acl.package_acl_key('a/b', 'OWNER').get().to_dict())
self.assertEqual(None, acl.package_acl_key('a/b/c', 'OWNER').get())
# Modify same ACLs again.
acl.modify_roles(
changes=[
acl.RoleChange(
package_path='a',
revoke=True,
role='OWNER',
user=ident_a,
group=None),
acl.RoleChange(
package_path='a',
revoke=False,
role='OWNER',
user=None,
group='some-group'),
acl.RoleChange(
package_path='a/b',
revoke=True,
role='OWNER',
user=None,
group='some-group'),
],
caller=ident_b,
now=datetime.datetime(2015, 1, 1))
# Ensure modification have been applied correctly.
self.assertEqual({
'groups': ['some-group'],
'modified_by': ident_b,
'modified_ts': datetime.datetime(2015, 1, 1, 0, 0),
'rev': 2,
'users': [ident_b],
}, acl.package_acl_key('a', 'OWNER').get().to_dict())
# Ensure previous version has been saved in the revision log.
rev_key = ndb.Key(
acl.PackageACLRevision, 1, parent=acl.package_acl_key('a', 'OWNER'))
self.assertEqual({
'groups': [],
'modified_by': ident_a,
'modified_ts': datetime.datetime(2014, 1, 1, 0, 0),
'users': [ident_a, ident_b],
}, rev_key.get().to_dict())
def test_modify_roles_empty(self):
# Just for code coverage.
acl.modify_roles(
changes=[],
caller=auth.Identity.from_bytes('user:[email protected]'),
now=datetime.datetime(2014, 1, 1))
