def test_request_id_reuse(self): lease_request_1 = rpc_to_json(rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=7, request_id='qwerty', )) lease_request_2 = rpc_to_json(rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=189, request_id='qwerty', )) auth_testing.mock_get_current_identity(self) lease_response_1 = jsonish_dict_to_rpc( self.call_api('lease', lease_request_1).json, rpc_messages.LeaseResponse, ) lease_response_2 = jsonish_dict_to_rpc( self.call_api('lease', lease_request_2).json, rpc_messages.LeaseResponse, ) self.failIf(lease_response_1.error) self.assertEqual( lease_response_2.error, rpc_messages.LeaseRequestError.REQUEST_ID_REUSE, ) self.assertNotEqual( lease_response_1.request_hash, lease_response_2.request_hash, )
def test_add_duplicate(self): request_1 = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( hostname='fake-host', os_family=rpc_messages.OSFamily.LINUX, ), )) request_2 = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( hostname='fake-host', os_family=rpc_messages.OSFamily.LINUX, ), )) auth_testing.mock_get_current_identity(self) response_1 = jsonish_dict_to_rpc( self.call_api('add_machine', request_1).json, rpc_messages.CatalogManipulationResponse, ) response_2 = jsonish_dict_to_rpc( self.call_api('add_machine', request_2).json, rpc_messages.CatalogManipulationResponse, ) self.failIf(response_1.error) self.assertEqual( response_2.error, rpc_messages.CatalogManipulationRequestError.HOSTNAME_REUSE, )
def setUp(self): super(IsolateServiceTest, self).setUp() self.testbed.init_blobstore_stub() self.testbed.init_urlfetch_stub() # It seems like there is a singleton state preserved across the tests, # making it hard to re-run the complete setUp procedure. Therefore we pre- # register all the possible identities being used in the tests. all_authed_ids = [ auth.Identity(auth.IDENTITY_USER, '*****@*****.**'), auth.Identity(auth.IDENTITY_USER, '*****@*****.**'), auth.Identity(auth.IDENTITY_SERVICE, 'adminapp'), ] admin = all_authed_ids[0] full_access_group = config.settings().auth.full_access_group auth.bootstrap_group(full_access_group, all_authed_ids) auth_testing.mock_get_current_identity(self, admin) version = utils.get_app_version() self.mock(utils, 'get_task_queue_host', lambda: version) self.testbed.setup_env(current_version_id='testbed.version') self.source_ip = '127.0.0.1' # It is needed solely for self.execute_tasks(), which processes tasks queues # on the backend application. self.app = webtest.TestApp( handlers_backend.create_application(debug=True), extra_environ={'REMOTE_ADDR': self.source_ip}) # add a private key; signing depends on config.settings() make_private_key() # Remove the check for dev server in should_push_to_gs(). self.mock(utils, 'is_local_dev_server', lambda: False)
def test_log_non_user_id(self, logfunc): """Assert that non-user identity is being logged.""" admin = auth.Identity(auth.IDENTITY_SERVICE, 'adminapp') auth_testing.mock_get_current_identity(self, admin) collection = generate_collection('default', ['foobar']) self.call_api('preupload', message_to_dict(collection), 200) logfunc.assert_any_call('Accessed from service:adminapp')
def test_get_no_data_cached(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: True) res = self.test_app.get('/internal-alerts') self.check_json_headers(res) self.assertEqual(res.body, '{}')
def test_request_id_reuse(self): lease_request_1 = rpc_to_json( rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=7, request_id='qwerty', )) lease_request_2 = rpc_to_json( rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=189, request_id='qwerty', )) auth_testing.mock_get_current_identity(self) lease_response_1 = jsonish_dict_to_rpc( self.call_api('lease', lease_request_1).json, rpc_messages.LeaseResponse, ) lease_response_2 = jsonish_dict_to_rpc( self.call_api('lease', lease_request_2).json, rpc_messages.LeaseResponse, ) self.failIf(lease_response_1.error) self.assertEqual( lease_response_2.error, rpc_messages.LeaseRequestError.REQUEST_ID_REUSE, ) self.assertNotEqual( lease_response_1.request_hash, lease_response_2.request_hash, )
def test_log_normal_users(self, logfunc): """Assert that user identity is being logged.""" admin = auth.Identity(auth.IDENTITY_USER, '*****@*****.**') auth_testing.mock_get_current_identity(self, admin) collection = generate_collection('default', ['foobar']) self.call_api('preupload', message_to_dict(collection), 200) logfunc.assert_any_call('Accessed from user:[email protected]')
def set_as_super_admin(self): self.set_as_anonymous() self.testbed.setup_env(USER_EMAIL='*****@*****.**', overwrite=True) auth_testing.reset_local_state() auth_testing.mock_get_current_identity( self, auth.Identity.from_bytes('user:'******'USER_EMAIL']))
def test_post_invalid_data_not_reflected(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: True) self.test_app.post( '/internal-alerts', '[{"this is not valid JSON', status=400) res = self.test_app.get('/internal-alerts') self.assertEqual(res.body, '{}')
def setUp(self): super(FrontendHandlersTest, self).setUp() self.mock(replication, 'trigger_replication', lambda *_args, **_kws: None) self.app = webtest.TestApp( handlers_frontend.create_application(debug=True), extra_environ={'REMOTE_ADDR': '127.0.0.1'}) auth_testing.mock_is_admin(self, True) auth_testing.mock_get_current_identity(self)
def setUp(self): super(CASServiceApiTest, self).setUp() auth_testing.mock_get_current_identity(self) auth_testing.mock_is_admin(self) self.cas_service = common.MockedCASService() def mocked_get_cas_service(): return self.cas_service self.mock(impl, 'get_cas_service', mocked_get_cas_service)
def test_post_invalid_data_does_not_overwrite_valid_data(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: True) # Populate the cache with something valid self.test_app.post_json('/internal-alerts', {"alerts": "everything is OK"}) self.test_app.post('/internal-alerts', {'content': 'woozlwuzl'}, status=400) res = self.test_app.get('/internal-alerts') self.check_json_headers(res) data = json.loads(res.body) self.assertEqual(data['alerts'], 'everything is OK')
def test_large_number_of_internal_alerts(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: True) put_internal_alerts = {'alerts': ['hi', 'there']} self.mock(alerts.AlertsHandler, 'can_put_in_datastore', lambda *args: False) self.test_app.post_json('/internal-alerts', put_internal_alerts) res = self.test_app.get('/internal-alerts') got_internal_alerts = json.loads(res.body) self.assertEquals(got_internal_alerts['alerts'], put_internal_alerts['alerts'])
def test_alerts_too_big_for_memcache(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: True) big_alerts = {'alerts': ['hi', 'there']} self.mock(alerts.AlertsHandler, 'can_put_in_datastore', lambda *args: False) self.test_app.post_json('/internal-alerts', big_alerts) res = self.test_app.get('/internal-alerts') got_alerts = json.loads(res.body) self.assertEquals(got_alerts['alerts'], big_alerts['alerts']) alerts_type = internal_alerts.InternalAlertsHandler.ALERT_TYPE self.assertEquals(memcache.get(alerts_type), None)
def setUp(self): super(TaskSchedulerApiTest, self).setUp() self.testbed.init_search_stub() self.now = datetime.datetime(2014, 1, 2, 3, 4, 5, 6) self.mock_now(self.now) self.app = webtest.TestApp( deferred.application, extra_environ={ 'REMOTE_ADDR': '1.0.1.2', 'SERVER_SOFTWARE': os.environ['SERVER_SOFTWARE'], }) self.mock(stats_framework, 'add_entry', self._parse_line) auth_testing.mock_get_current_identity(self)
def setUp(self): super(TaskToRunApiTest, self).setUp() self.now = datetime.datetime(2014, 01, 02, 03, 04, 05, 06) self.mock_now(self.now) auth_testing.mock_get_current_identity(self) # Setup the backend to handle task queues for 'task-dimensions'. self.app = webtest.TestApp(handlers_backend.create_application(True), extra_environ={ 'REMOTE_ADDR': self.source_ip, 'SERVER_SOFTWARE': os.environ['SERVER_SOFTWARE'], }) self._enqueue_orig = self.mock(utils, 'enqueue_task', self._enqueue)
def test_modify(self): request = rpc_to_json(rpc_messages.CatalogCapacityModificationRequest( count=1, dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.OSX, ), )) auth_testing.mock_get_current_identity(self) response = jsonish_dict_to_rpc( self.call_api('modify_capacity', request).json, rpc_messages.CatalogManipulationResponse, ) self.failIf(response.error)
def test_add(self): request = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( hostname='fake-host', os_family=rpc_messages.OSFamily.LINUX, ), )) auth_testing.mock_get_current_identity(self) response = jsonish_dict_to_rpc( self.call_api('add_machine', request).json, rpc_messages.CatalogManipulationResponse, ) self.failIf(response.error)
def test_lease(self): lease_request = rpc_to_json(rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.LINUX, ), duration=1, request_id='abc', )) auth_testing.mock_get_current_identity(self) lease_response = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.failIf(lease_response.error)
def test_lease(self): lease_request = rpc_to_json( rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.LINUX, ), duration=1, request_id='abc', )) auth_testing.mock_get_current_identity(self) lease_response = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.failIf(lease_response.error)
def setUp(self): super(IsolateServiceTest, self).setUp() self.testbed.init_blobstore_stub() self.testbed.init_urlfetch_stub() auth_testing.mock_get_current_identity(self) version = utils.get_app_version() self.mock(utils, 'get_task_queue_host', lambda: version) self.testbed.setup_env(current_version_id='testbed.version') self.source_ip = '127.0.0.1' # It is needed solely for self.execute_tasks(), which processes tasks queues # on the backend application. self.app = webtest.TestApp( webapp2.WSGIApplication(handlers_backend.get_routes(), debug=True), extra_environ={'REMOTE_ADDR': self.source_ip}) # add a private key; signing depends on config.settings() make_private_key()
def test_add_no_hostname(self): request = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.LINUX, ), )) auth_testing.mock_get_current_identity(self) response = jsonish_dict_to_rpc( self.call_api('add_machine', request).json, rpc_messages.CatalogManipulationResponse, ) self.assertEqual( response.error, rpc_messages.CatalogManipulationRequestError.UNSPECIFIED_HOSTNAME, )
def test_nobody(self): auth_testing.mock_get_current_identity(self, auth.Anonymous) self.assertFalse(acl.is_ip_whitelisted_machine()) self.assertFalse(acl.can_access()) self.assertFalse(acl.can_view_config()) self.assertFalse(acl.can_edit_config()) self.assertFalse(acl.can_create_bot()) self.assertFalse(acl.can_edit_bot()) self.assertFalse(acl.can_delete_bot()) self.assertFalse(acl.can_view_bot()) self.assertFalse(acl.can_create_task()) self.assertFalse(acl.can_schedule_high_priority_tasks()) self.assertFalse(acl.can_edit_task(self._task_owned)) self.assertFalse(acl.can_edit_task(self._task_other)) self.assertFalse(acl.can_edit_all_tasks()) self.assertFalse(acl.can_view_task(self._task_owned)) self.assertFalse(acl.can_view_task(self._task_other)) self.assertFalse(acl.can_view_all_tasks())
def setUp(self): super(TaskToRunApiTest, self).setUp() self.now = datetime.datetime(2019, 01, 02, 03, 04, 05, 06) self.mock_now(self.now) auth_testing.mock_get_current_identity(self) # Setup the backend to handle task queues. self.app = webtest.TestApp(handlers_backend.create_application(True), extra_environ={ 'REMOTE_ADDR': self.source_ip, 'SERVER_SOFTWARE': os.environ['SERVER_SOFTWARE'], }) self._enqueue_orig = self.mock(utils, 'enqueue_task_async', self._enqueue) cfg = config.settings() cfg.use_lifo = True self.mock(config, 'settings', lambda: cfg)
def setUp(self): super(AclTest, self).setUp() auth_testing.reset_local_state() auth_testing.mock_get_current_identity(self) def settings(): return config_pb2.SettingsCfg(auth=config_pb2.AuthSettings( admins_group='admins', bot_bootstrap_group='bot_bootstrap', privileged_users_group='privileged_users', users_group='users', view_all_bots_group='view_all_bots', view_all_tasks_group='view_all_tasks')) self.mock(config, 'settings', settings) self._task_owned = task_request.TaskRequest( authenticated=auth.get_current_identity()) self._task_other = task_request.TaskRequest( authenticated=auth.Identity(auth.IDENTITY_USER, 'larry@localhost'))
def test_invalid_topic(self): lease_request = rpc_to_json( rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=9, pubsub_topic='../../a-different-project/topics/my-topic', request_id='123', )) auth_testing.mock_get_current_identity(self) lease_response = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.assertEqual( lease_response.error, rpc_messages.LeaseRequestError.INVALID_TOPIC, )
def test_project_without_topic(self): lease_request = rpc_to_json( rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=9, pubsub_project='my-project', request_id='123', )) auth_testing.mock_get_current_identity(self) lease_response = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.assertEqual( lease_response.error, rpc_messages.LeaseRequestError.UNSPECIFIED_TOPIC, )
def test_invalid_topic(self): lease_request = rpc_to_json(rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=9, pubsub_topic='../../a-different-project/topics/my-topic', request_id='123', )) auth_testing.mock_get_current_identity(self) lease_response = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.assertEqual( lease_response.error, rpc_messages.LeaseRequestError.INVALID_TOPIC, )
def test_project_without_topic(self): lease_request = rpc_to_json(rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.WINDOWS, ), duration=9, pubsub_project='my-project', request_id='123', )) auth_testing.mock_get_current_identity(self) lease_response = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.assertEqual( lease_response.error, rpc_messages.LeaseRequestError.UNSPECIFIED_TOPIC, )
def setUp(self): super(IsolateServiceTest, self).setUp() self.testbed.init_blobstore_stub() self.testbed.init_urlfetch_stub() admin = auth.Identity(auth.IDENTITY_USER, '*****@*****.**') auth.bootstrap_group(acl.FULL_ACCESS_GROUP, [admin]) auth_testing.mock_get_current_identity(self, admin) version = utils.get_app_version() self.mock(utils, 'get_task_queue_host', lambda: version) self.testbed.setup_env(current_version_id='testbed.version') self.source_ip = '127.0.0.1' # It is needed solely for self.execute_tasks(), which processes tasks queues # on the backend application. self.app = webtest.TestApp( webapp2.WSGIApplication(handlers_backend.get_routes(), debug=True), extra_environ={'REMOTE_ADDR': self.source_ip}) # add a private key; signing depends on config.settings() make_private_key() # Remove the check for dev server in should_push_to_gs(). self.mock(utils, 'is_local_dev_server', lambda: False)
def setUp(self): """Creates a new app instance for every test case.""" super(MainTest, self).setUp() self.testbed.init_blobstore_stub() self.testbed.init_urlfetch_stub() admin = auth.Identity(auth.IDENTITY_USER, '*****@*****.**') full_access_group = config.settings().auth.full_access_group auth.bootstrap_group(full_access_group, [admin]) auth_testing.mock_get_current_identity(self, admin) version = utils.get_app_version() self.mock(utils, 'get_task_queue_host', lambda: version) self.testbed.setup_env(current_version_id='testbed.version') self.source_ip = '127.0.0.1' self.app = webtest.TestApp( handlers_backend.create_application(debug=True), extra_environ={'REMOTE_ADDR': self.source_ip}) # add a private key; signing depends on config.settings() make_private_key() # Remove the check for dev server in should_push_to_gs(). self.mock(utils, 'is_local_dev_server', lambda: False)
def test_duplicate(self): lease_request = rpc_to_json( rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.OSX, ), duration=3, request_id='asdf', )) auth_testing.mock_get_current_identity(self) lease_response_1 = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) lease_response_2 = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.failIf(lease_response_1.error) self.failIf(lease_response_2.error) self.assertEqual( lease_response_1.request_hash, lease_response_2.request_hash, )
def test_delete(self): request_1 = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( hostname='fake-host', os_family=rpc_messages.OSFamily.LINUX, ), )) request_2 = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( hostname='fake-host', os_family=rpc_messages.OSFamily.LINUX, ), )) request_3 = rpc_to_json(rpc_messages.CatalogMachineAdditionRequest( dimensions=rpc_messages.Dimensions( hostname='fake-host', os_family=rpc_messages.OSFamily.WINDOWS, ), )) auth_testing.mock_get_current_identity(self) response_1 = jsonish_dict_to_rpc( self.call_api('add_machine', request_1).json, rpc_messages.CatalogManipulationResponse, ) response_2 = jsonish_dict_to_rpc( self.call_api('delete_machine', request_2).json, rpc_messages.CatalogManipulationResponse, ) response_3 = jsonish_dict_to_rpc( self.call_api('add_machine', request_3).json, rpc_messages.CatalogManipulationResponse, ) self.failIf(response_1.error) self.failIf(response_2.error) self.failIf(response_3.error)
def test_duplicate(self): lease_request = rpc_to_json(rpc_messages.LeaseRequest( dimensions=rpc_messages.Dimensions( os_family=rpc_messages.OSFamily.OSX, ), duration=3, request_id='asdf', )) auth_testing.mock_get_current_identity(self) lease_response_1 = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) lease_response_2 = jsonish_dict_to_rpc( self.call_api('lease', lease_request).json, rpc_messages.LeaseResponse, ) self.failIf(lease_response_1.error) self.failIf(lease_response_2.error) self.assertEqual( lease_response_1.request_hash, lease_response_2.request_hash, )
def test_happy_path(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: True) # Set it. self.test_app.post_json('/internal-alerts', {"alerts": ["hello", "world"]}) def happy_path(): # Get it. res = self.test_app.get('/internal-alerts') self.check_json_headers(res) data = json.loads(res.body) # The server should have stuck a 'date' on there. self.assertTrue('date' in data) self.assertEqual(type(data['date']), int) self.assertEqual(data['alerts'], ['hello', 'world']) happy_path() memcache.Client().flush_all() happy_path()
def set_as_bot(self): self.set_as_anonymous() auth.bootstrap_ip_whitelist(auth.bots_ip_whitelist(), [self.source_ip]) auth_testing.reset_local_state() auth_testing.mock_get_current_identity(self, auth.IP_WHITELISTED_BOT_ID)
def setUp(self): """Creates a new app instance for every test case.""" super(MainTest, self).setUp() auth_testing.mock_get_current_identity( self, auth.Identity(auth.IDENTITY_USER, '*****@*****.**'))
def setUp(self): super(ImporterTest, self).setUp() auth_testing.mock_is_admin(self, True) auth_testing.mock_get_current_identity(self)
def set_as_privileged_user(self): self.set_as_anonymous() self.testbed.setup_env(USER_EMAIL='*****@*****.**', overwrite=True) auth_testing.reset_local_state() auth_testing.mock_get_current_identity( self, auth.Identity.from_bytes('user:'******'USER_EMAIL']))
def mock_admin(self): auth_testing.mock_is_admin(self, True) auth_testing.mock_get_current_identity(self)
def test_invalid_user(self): auth_testing.mock_get_current_identity(self) self.mock(auth, 'is_group_member', lambda group: False) self.test_app.get('/internal-alerts', status=403)
def setUp(self): super(PackageRepositoryApiTest, self).setUp() auth_testing.mock_get_current_identity(self) auth_testing.mock_is_admin(self) self.repo_service = MockedRepoService() self.mock(impl, "get_repo_service", lambda: self.repo_service)
def set_as_bot(self): self.set_as_anonymous() auth.bootstrap_ip_whitelist(auth.BOTS_IP_WHITELIST, [self.source_ip]) auth_testing.reset_local_state() auth_testing.mock_get_current_identity( self, auth.Identity.from_bytes('bot:' + self.source_ip))
def set_as_anonymous(self): """Removes all IPs from the whitelist.""" self.testbed.setup_env(USER_EMAIL='', overwrite=True) auth.ip_whitelist_key(auth.BOTS_IP_WHITELIST).delete() auth_testing.reset_local_state() auth_testing.mock_get_current_identity(self, auth.Anonymous)
def setUp(self): super(TestCase, self).setUp() auth_testing.mock_get_current_identity(self)
def setUp(self): super(PackageRepositoryApiTest, self).setUp() auth_testing.mock_get_current_identity(self) auth_testing.mock_is_admin(self) self.repo_service = MockedRepoService() self.mock(impl, 'get_repo_service', lambda: self.repo_service)
def set_as_anonymous(self): """Removes all IPs from the whitelist.""" self.testbed.setup_env(USER_EMAIL='', overwrite=True) auth.ip_whitelist_key(auth.bots_ip_whitelist()).delete() auth_testing.reset_local_state() auth_testing.mock_get_current_identity(self, auth.Anonymous)