def create_service_account(self,
name,
owner,
machine_set,
description,
initial_metadata=None):
# type: (str, str, str, str, Optional[Dict[str,str]]) -> None
group = Group.get(self.session, name=owner)
if not group:
raise GroupNotFoundException(owner)
# Create the service account in the database.
user = SQLUser(username=name, is_service_account=True)
service = SQLServiceAccount(user=user,
machine_set=machine_set,
description=description)
user.add(self.session)
service.add(self.session)
# Flush the account to allocate an ID.
self.session.flush()
# Set initial user metadata fields if present.
if initial_metadata is not None:
for key, value in initial_metadata.items():
# TODO: move this to use the hexagonal architecture model.
set_user_metadata(self.session, user.id, key, value)
# Create the linkage to the owner.
GroupServiceAccount(group_id=group.id,
service_account=service).add(self.session)
def test_success(setup):
# type: (SetupTest) -> None
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "some-group")
mock_ui = MagicMock()
usecase = setup.usecase_factory.create_create_service_account_usecase("*****@*****.**", mock_ui)
usecase.create_service_account(
"*****@*****.**", "some-group", "machine-set", "description"
)
assert mock_ui.mock_calls == [
call.created_service_account("*****@*****.**", "some-group")
]
# Check the User and ServiceAccount that were created.
user = User.get(setup.session, name="*****@*****.**")
assert user is not None
assert user.is_service_account
assert user.enabled
service = ServiceAccount.get(setup.session, name="*****@*****.**")
assert service is not None
assert service.machine_set == "machine-set"
assert service.description == "description"
# Check that the ServiceAccount is owned by the correct Group.
group = Group.get(setup.session, name="some-group")
assert group is not None
linkage = GroupServiceAccount.get(setup.session, service_account_id=service.id)
assert linkage is not None
assert linkage.group_id == group.id
def test_success(setup):
# type: (SetupTest) -> None
with setup.transaction():
setup.grant_permission_to_group(USER_ADMIN, "", "admins")
setup.add_user_to_group("*****@*****.**", "admins")
setup.create_user("*****@*****.**")
setup.create_group("some-group")
mock_ui = MagicMock()
usecase = setup.usecase_factory.create_convert_user_to_service_account_usecase(
"*****@*****.**", mock_ui)
usecase.convert_user_to_service_account("*****@*****.**", "some-group")
assert mock_ui.mock_calls == [
call.converted_user_to_service_account("*****@*****.**", "some-group")
]
# Check the User after the conversion
service_account_user = User.get(setup.session, name="*****@*****.**")
assert service_account_user
assert service_account_user.is_service_account
assert service_account_user.enabled
# Check the ServiceAccount that should have been created
service_account = ServiceAccount.get(setup.session, name="*****@*****.**")
assert service_account
assert service_account.description == ""
assert service_account.machine_set == ""
assert service_account.user_id == service_account_user.id
# Check that the ServiceAccount is owned by the correct Group
group = Group.get(setup.session, name="some-group")
group_service_account = GroupServiceAccount.get(
setup.session, service_account_id=service_account.id)
assert group
assert group_service_account
assert group_service_account.group_id == group.id
def assign_service_account_to_group(self, name, groupname):
# type: (str, str) -> None
service_account = SQLServiceAccount.get(self.session, name=name)
if not service_account:
raise ServiceAccountNotFoundException(name)
group = Group.get(self.session, name=groupname)
if not group:
raise GroupNotFoundException(groupname)
existing_relationship = GroupServiceAccount.get(
self.session, service_account_id=service_account.id)
if existing_relationship:
existing_relationship.group_id = group.id
else:
group_service_account = GroupServiceAccount(
group_id=group.id, service_account_id=service_account.id)
group_service_account.add(self.session)
def add_service_account(session, group, service_account):
# type: (Session, Group, ServiceAccount) -> None
"""Add a service account to a group."""
logging.debug("Adding service account %s to %s",
service_account.user.username, group.groupname)
GroupServiceAccount(group_id=group.id,
service_account=service_account).add(session)
Counter.incr(session, "updates")
session.commit()
def assign_service_account_to_group(self, name, groupname):
# type: (str, str) -> None
service_account = SQLServiceAccount.get(self.session, name=name)
if not service_account:
raise ServiceAccountNotFoundException(name)
group = Group.get(self.session, name=groupname)
if not group:
raise GroupNotFoundException(groupname)
existing_relationship = GroupServiceAccount.get(
self.session, service_account_id=service_account.id
)
if existing_relationship:
existing_relationship.group_id = group.id
else:
group_service_account = GroupServiceAccount(
group_id=group.id, service_account_id=service_account.id
)
group_service_account.add(self.session)
def create_service_account(self, service_account, owner, description="", machine_set=""):
# type: (str, str, str, str) -> None
self.create_group(owner)
group_obj = Group.get(self.session, name=owner)
assert group_obj
if User.get(self.session, name=service_account):
return
user = User(username=service_account)
user.add(self.session)
service_account_obj = ServiceAccount(
user_id=user.id, description=description, machine_set=machine_set
)
service_account_obj.add(self.session)
user.is_service_account = True
self.session.flush()
owner_map = GroupServiceAccount(
group_id=group_obj.id, service_account_id=service_account_obj.id
)
owner_map.add(self.session)
def create_service_account(self,
service_account,
owner,
description="",
machine_set=""):
# type: (str, str, str, str) -> None
self.create_group(owner)
group_obj = Group.get(self.session, name=owner)
assert group_obj
if User.get(self.session, name=service_account):
return
user = User(username=service_account)
user.add(self.session)
service_account_obj = ServiceAccount(user_id=user.id,
description=description,
machine_set=machine_set)
service_account_obj.add(self.session)
user.is_service_account = True
self.session.flush()
owner_map = GroupServiceAccount(
group_id=group_obj.id, service_account_id=service_account_obj.id)
owner_map.add(self.session)
def create_service_account(self, name, owner, machine_set, description):
# type: (str, str, str, str) -> None
group = Group.get(self.session, name=owner)
if not group:
raise GroupNotFoundException(group)
# Create the service account in the database.
user = SQLUser(username=name, is_service_account=True)
service = SQLServiceAccount(user=user,
machine_set=machine_set,
description=description)
user.add(self.session)
service.add(self.session)
# Flush the account to allocate an ID, and then create the linkage to the owner.
self.session.flush()
GroupServiceAccount(group_id=group.id,
service_account=service).add(self.session)
def test_success(setup):
# type: (SetupTest) -> None
with setup.transaction():
setup.grant_permission_to_group(USER_ADMIN, "", "admins")
setup.add_user_to_group("*****@*****.**", "admins")
setup.create_user("*****@*****.**")
setup.create_group("some-group")
mock_ui = MagicMock()
usecase = setup.usecase_factory.create_convert_user_to_service_account_usecase(
"*****@*****.**", mock_ui
)
usecase.convert_user_to_service_account("*****@*****.**", "some-group")
assert mock_ui.mock_calls == [
call.converted_user_to_service_account("*****@*****.**", "some-group")
]
# Check the User after the conversion
service_account_user = User.get(setup.session, name="*****@*****.**")
assert service_account_user
assert service_account_user.is_service_account
assert service_account_user.enabled
# Check the ServiceAccount that should have been created
service_account = ServiceAccount.get(setup.session, name="*****@*****.**")
assert service_account
assert service_account.description == ""
assert service_account.machine_set == ""
assert service_account.user_id == service_account_user.id
# Check that the ServiceAccount is owned by the correct Group
group = Group.get(setup.session, name="some-group")
group_service_account = GroupServiceAccount.get(
setup.session, service_account_id=service_account.id
)
assert group
assert group_service_account
assert group_service_account.group_id == group.id