def test_delete_identity_of_account(vo, rest_client): """ ACCOUNT (REST): send a DELETE to remove an identity of an account.""" account = account_name_generator() identity = uuid() password = '******' add_account(account, 'USER', '*****@*****.**', 'root', vo=vo) add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password) add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, vo=vo), '*****@*****.**') auth_response = rest_client.get('/auth/userpass', headers=headers( loginhdr(account, identity, password), vohdr(vo))) assert auth_response.status_code == 200 assert 'X-Rucio-Auth-Token' in auth_response.headers token = str(auth_response.headers.get('X-Rucio-Auth-Token')) assert len(token) != 0 # normal deletion data = {'authtype': 'USERPASS', 'identity': identity} response = rest_client.delete('/accounts/' + account + '/identities', headers=headers(auth(token)), json=data) assert response.status_code == 200 # unauthorized deletion other_account = account_name_generator() data = {'authtype': 'USERPASS', 'identity': identity} response = rest_client.delete('/accounts/' + other_account + '/identities', headers=headers(auth(token)), json=data) assert response.status_code == 401
def import_identities(identities, account_name, old_identities, old_identity_account, account_email, session=None): for identity in identities: identity['type'] = IdentityType[identity['type'].upper()] missing_identities = [identity for identity in identities if (identity['identity'], identity['type']) not in old_identities] missing_identity_account = [identity for identity in identities if (identity['identity'], identity['type'], account_name) not in old_identity_account] to_be_removed_identity_account = [old_identity for old_identity in old_identity_account if (old_identity[0], old_identity[1], old_identity[2]) not in [(identity['identity'], identity['type'], account_name) for identity in identities] and old_identity[2] == account_name] # add missing identities for identity in missing_identities: identity_type = identity['type'] password = identity.get('password') identity = identity['identity'] if identity_type == IdentityType.USERPASS: identity_module.add_identity(identity=identity, password=password, email=account_email, type_=identity_type, session=session) elif identity_type == IdentityType.GSS or identity_type == IdentityType.SSH or identity_type == IdentityType.X509: identity_module.add_identity(identity=identity, email=account_email, type_=identity_type, session=session) # add missing identity-account association for identity in missing_identity_account: identity_module.add_account_identity(identity['identity'], identity['type'], account_name, email=account_email, session=session) # remove identities from account-identity association for identity in to_be_removed_identity_account: identity_module.del_account_identity(identity=identity[0], type_=identity[1], account=identity[2], session=session)
def test_delete_identity_of_account(self): """ ACCOUNT (REST): send a DELETE to remove an identity of an account.""" mw = [] account = account_name_generator() identity = uuid() password = '******' add_account(account, 'USER', '*****@*****.**', 'root', **self.vo) add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password) add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**') headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) token = str(res1.header('X-Rucio-Auth-Token')) # normal deletion headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 200) # unauthorized deletion other_account = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 401)
def test_ssh(self): """ IDENTITY (CORE): Test adding and removing SSH public key authentication """ add_identity(self.account.external, IdentityType.SSH, email='*****@*****.**') add_account_identity('my_public_key', IdentityType.SSH, self.account, email='*****@*****.**') list_identities() del_account_identity('my_public_key', IdentityType.SSH, self.account) del_identity(self.account.external, IdentityType.SSH)
def add_identity(identity_key, type, email, password=None): """ Creates a user identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param type: The type of the authentication (x509, gss, userpass) :param email: The Email address associated with the identity. :param password: If type==userpass, this sets the password. """ return identity.add_identity(identity_key, IdentityType.from_sym(type), password, email=email)
def add_identity(identity_key, id_type, email, password=None): """ Creates a user identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml) :param email: The Email address associated with the identity. :param password: If type==userpass, this sets the password. """ return identity.add_identity(identity_key, IdentityType.from_sym(id_type), email, password=password)
def add_identity(identity_key, id_type, email, password=None, session=None): """ Creates a user identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml) :param email: The Email address associated with the identity. :param password: If type==userpass, this sets the password. :param session: The database session in use. """ return identity.add_identity(identity_key, IdentityType[id_type.upper()], email, password=password, session=session)
def test_userpass(self): """ IDENTITY (CORE): Test adding and removing username/password authentication """ add_identity(self.account.external, IdentityType.USERPASS, email='*****@*****.**', password='******') add_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account, email='*****@*****.**', password='******') add_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, email='*****@*****.**') add_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account, email='*****@*****.**') add_identity('ddmlab_%s' % self.account, IdentityType.GSS, email='*****@*****.**') add_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account, email='*****@*****.**') list_identities() del_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account) del_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account) del_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account) del_identity('ddmlab_%s' % self.account, IdentityType.USERPASS)
def test_userpass(self): """ IDENTITY (CORE): Test adding and removing username/password authentication """ add_identity(self.account, IdentityType.USERPASS, email="*****@*****.**", password="******") add_account_identity( "ddmlab_%s" % self.account, IdentityType.USERPASS, self.account, email="*****@*****.**" ) add_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, email="*****@*****.**") add_account_identity( "/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account, email="*****@*****.**" ) add_identity("ddmlab_%s" % self.account, IdentityType.GSS, email="*****@*****.**") add_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account, email="*****@*****.**") list_identities() del_account_identity("ddmlab_%s" % self.account, IdentityType.USERPASS, self.account) del_account_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account) del_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account) del_identity("ddmlab_%s" % self.account, IdentityType.USERPASS)
def setup(self): # New RSE self.new_rse = rse_name_generator() # RSE 1 that already exists self.old_rse_1 = rse_name_generator() self.old_rse_id_1 = add_rse(self.old_rse_1, availability=1, region_code='DE', country_name='DE', deterministic=True, volatile=True, staging_area=True, time_zone='Europe', latitude='1', longitude='2') add_protocol( self.old_rse_id_1, { 'scheme': 'scheme1', 'hostname': 'hostname1', 'port': 1000, 'impl': 'TODO' }) add_protocol( self.old_rse_id_1, { 'scheme': 'scheme3', 'hostname': 'hostname3', 'port': 1000, 'impl': 'TODO' }) set_rse_limits(rse_id=self.old_rse_id_1, name='MaxBeingDeletedFiles', value='10') set_rse_limits(rse_id=self.old_rse_id_1, name='MinFreeSpace', value='10') add_rse_attribute(rse_id=self.old_rse_id_1, key='attr1', value='test10') add_rse_attribute(rse_id=self.old_rse_id_1, key='lfn2pfn_algorithm', value='test10') add_rse_attribute(rse_id=self.old_rse_id_1, key='verify_checksum', value=True) # RSE 2 that already exists self.old_rse_2 = rse_name_generator() self.old_rse_id_2 = add_rse(self.old_rse_2) # RSE 3 that already exists self.old_rse_3 = rse_name_generator() self.old_rse_id_3 = add_rse(self.old_rse_3) # RSE 4 that already exists self.old_rse_4 = rse_name_generator() self.old_rse_id_4 = add_rse(self.old_rse_4) # RSE 4 that already exists self.old_rse_4 = rse_name_generator() add_rse(self.old_rse_4) self.old_rse_id_4 = get_rse_id(self.old_rse_4) # Distance that already exists add_distance(self.old_rse_id_1, self.old_rse_id_2) # Account 1 that already exists self.old_account_1 = InternalAccount(rse_name_generator()) add_account(self.old_account_1, AccountType.USER, email='test') # Account 2 that already exists self.old_account_2 = InternalAccount(rse_name_generator()) add_account(self.old_account_2, AccountType.USER, email='test') # Identity that should be removed self.identity_to_be_removed = rse_name_generator() add_identity(self.identity_to_be_removed, IdentityType.X509, email='email') add_account_identity(self.identity_to_be_removed, IdentityType.X509, self.old_account_2, 'email') # Identity that already exsits but should be added to the account self.identity_to_be_added_to_account = rse_name_generator() add_identity(self.identity_to_be_added_to_account, IdentityType.X509, email='email') self.data1 = { 'rses': { self.new_rse: { 'rse_type': RSEType.TAPE, 'availability': 3, 'city': 'NewCity', 'region_code': 'CH', 'country_name': 'switzerland', 'staging_area': False, 'time_zone': 'Europe', 'latitude': 1, 'longitude': 2, 'deterministic': True, 'volatile': False, 'protocols': [{ 'scheme': 'scheme', 'hostname': 'hostname', 'port': 1000, 'impl': 'impl' }], 'attributes': { 'attr1': 'test' }, 'MinFreeSpace': 20000, 'lfn2pfn_algorithm': 'hash2', 'verify_checksum': False, 'availability_delete': True, 'availability_read': False, 'availability_write': True }, self.old_rse_1: { 'rse_type': RSEType.TAPE, 'deterministic': False, 'volatile': False, 'region_code': 'US', 'country_name': 'US', 'staging_area': False, 'time_zone': 'Asia', 'longitude': 5, 'city': 'City', 'availability': 2, 'latitude': 10, 'protocols': [{ 'scheme': 'scheme1', 'hostname': 'hostname1', 'port': 1000, 'prefix': 'prefix', 'impl': 'impl1' }, { 'scheme': 'scheme2', 'hostname': 'hostname2', 'port': 1001, 'impl': 'impl' }], 'attributes': { 'attr1': 'test1', 'attr2': 'test2' }, 'MinFreeSpace': 10000, 'MaxBeingDeletedFiles': 1000, 'verify_checksum': False, 'lfn2pfn_algorithm': 'hash3', 'availability_delete': False, 'availability_read': False, 'availability_write': True }, self.old_rse_2: {}, self.old_rse_3: {} }, 'distances': { self.old_rse_1: { self.old_rse_2: { 'src_rse': self.old_rse_1, 'dest_rse': self.old_rse_2, 'ranking': 10 }, self.old_rse_3: { 'src_rse': self.old_rse_1, 'dest_rse': self.old_rse_3, 'ranking': 4 } } }, 'accounts': [{ 'account': InternalAccount('new_account'), 'email': 'email', 'identities': [{ 'type': 'userpass', 'identity': 'username', 'password': '******' }] }, { 'account': InternalAccount('new_account2'), 'email': 'email' }, { 'account': self.old_account_2, 'email': 'new_email', 'identities': [{ 'identity': self.identity_to_be_added_to_account, 'type': 'x509' }, { 'type': 'userpass', 'identity': 'username2', 'password': '******' }] }, { 'account': InternalAccount('jdoe'), 'email': 'email' }] } self.data2 = {'rses': {self.new_rse: {'rse': self.new_rse}}} self.data3 = {'distances': {}}