def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("approver") clients = self.SetupClients(2) for client_id in clients: # Delete the certificate as it's being regenerated every time the # client is created. with aff4.FACTORY.Open( client_id, mode="rw", token=self.token) as grr_client: grr_client.DeleteAttribute(grr_client.Schema.CERT) with test_lib.FakeTime(44): approval1_id = self.RequestClientApproval( clients[0].Basename(), reason="foo", approver="approver", requestor=self.token.username) with test_lib.FakeTime(45): approval2_id = self.RequestClientApproval( clients[1].Basename(), reason="bar", approver="approver", requestor=self.token.username) with test_lib.FakeTime(84): self.GrantClientApproval( clients[1].Basename(), approval_id=approval2_id, approver="approver", requestor=self.token.username) with test_lib.FakeTime(126): self.Check( "GetClientApproval", args=user_plugin.ApiGetClientApprovalArgs( client_id=clients[0].Basename(), approval_id=approval1_id, username=self.token.username), replace={approval1_id: "approval:111111"}) self.Check( "GetClientApproval", args=user_plugin.ApiGetClientApprovalArgs( client_id=clients[1].Basename(), approval_id=approval2_id, username=self.token.username), replace={approval2_id: "approval:222222"})
def testRendersRequestedClientApproval(self): approval_id = self.RequestClientApproval( self.client_id.Basename(), requestor=self.token.username, reason="blah", approver="approver", email_cc_address="*****@*****.**") args = user_plugin.ApiGetClientApprovalArgs( client_id=self.client_id, approval_id=approval_id, username=self.token.username) result = self.handler.Handle(args, token=self.token) self.assertEqual(result.subject.client_id, self.client_id) self.assertEqual(result.reason, "blah") self.assertEqual(result.is_valid, False) self.assertEqual(result.is_valid_message, "Need at least 1 additional approver for access.") self.assertEqual(result.notified_users, ["approver"]) self.assertEqual(result.email_cc_addresses, ["*****@*****.**"]) # Every approval is self-approved by default. self.assertEqual(result.approvers, [self.token.username])
def testRaisesWhenApprovalIsNotFound(self): args = user_plugin.ApiGetClientApprovalArgs( client_id=self.client_id, approval_id="approval:112233", username=self.token.username) with self.assertRaises(api_call_handler_base.ResourceNotFoundError): self.handler.Handle(args, token=self.token)
def testIncludesApproversInResultWhenApprovalIsGranted(self): approval_id = self.RequestAndGrantClientApproval( self.client_id.Basename(), reason="blah", approver="approver", requestor=self.token.username) args = user_plugin.ApiGetClientApprovalArgs( client_id=self.client_id, approval_id=approval_id, username=self.token.username) result = self.handler.Handle(args, token=self.token) self.assertTrue(result.is_valid) self.assertEqual(sorted(result.approvers), sorted([self.token.username, "approver"]))