def test_ssh(self):
""" IDENTITY (CORE): Test adding and removing SSH public key authentication """
add_identity(self.account.external, IdentityType.SSH, email='*****@*****.**')
add_account_identity('my_public_key', IdentityType.SSH, self.account, email='*****@*****.**')
list_identities()
del_account_identity('my_public_key', IdentityType.SSH, self.account)
del_identity(self.account.external, IdentityType.SSH)
def check_accounts(self, test_accounts):
db_identities = list_identities()
for account in test_accounts:
# check existence
db_account = get_account(account=account['account'])
assert_equal(db_account['account'], account['account'])
# check properties
email = account.get('email')
if email:
assert_equal(db_account['email'], account['email'])
# check identities
identities = account.get('identities')
if identities:
for identity in identities:
# check identity creation and identity-account association
identity_type = IdentityType.from_sym(identity['type'])
identity = identity['identity']
assert_in((identity, identity_type), db_identities)
accounts_for_identity = list_accounts_for_identity(
identity, identity_type)
assert_in(account['account'], accounts_for_identity)
# check removal of account
account = get_account(self.old_account_1)
assert_equal(account['status'], AccountStatus.DELETED)
# check removal of identities
accounts_for_identity = list_accounts_for_identity(
self.identity_to_be_removed, IdentityType.X509)
assert_true(account['account'] not in accounts_for_identity)
def list_identities(**kwargs):
"""
Returns a list of all enabled identities.
returns: A list of all enabled identities.
"""
return identity.list_identities(**kwargs)
def import_accounts(accounts, vo='def', session=None):
vo_filter = {'account': InternalAccount(account='*', vo=vo)}
old_accounts = {account['account']: account for account in account_module.list_accounts(filter_=vo_filter, session=session)}
missing_accounts = [account for account in accounts if account['account'] not in old_accounts]
outdated_accounts = [account for account in accounts if account['account'] in old_accounts]
to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]]
old_identities = identity_module.list_identities(session=session)
old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all()
# add missing accounts
for account_dict in missing_accounts:
account = account_dict['account']
email = account_dict['email']
account_module.add_account(account=account, type_=AccountType.USER, email=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
# remove left over accounts
for account in to_be_removed_accounts:
if account.external != 'root':
account_module.del_account(account=account, session=session)
# update existing accounts
for account_dict in outdated_accounts:
account = account_dict['account']
email = account_dict['email']
old_account = old_accounts[account]
if email and old_account['email'] != email:
account_module.update_account(account, key='email', value=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
def list_identities(**kwargs):
"""
Returns a list of all enabled identities.
returns: A list of all enabled identities.
"""
return identity.list_identities(**kwargs)
def list_identities(session=None, **kwargs):
"""
Returns a list of all enabled identities.
:param session: The database session in use.
returns: A list of all enabled identities.
"""
return identity.list_identities(session=session, **kwargs)
def test_userpass(self):
""" IDENTITY (CORE): Test adding and removing username/password authentication """
add_identity(self.account.external, IdentityType.USERPASS, email='*****@*****.**', password='******')
add_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account, email='*****@*****.**', password='******')
add_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, email='*****@*****.**')
add_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account, email='*****@*****.**')
add_identity('ddmlab_%s' % self.account, IdentityType.GSS, email='*****@*****.**')
add_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account, email='*****@*****.**')
list_identities()
del_account_identity('ddmlab_%s' % self.account, IdentityType.USERPASS, self.account)
del_account_identity('/ch/cern/rucio/ddmlab_%s' % self.account, IdentityType.X509, self.account)
del_account_identity('ddmlab_%s' % self.account, IdentityType.GSS, self.account)
del_identity('ddmlab_%s' % self.account, IdentityType.USERPASS)
def test_userpass(self):
""" IDENTITY (CORE): Test adding and removing username/password authentication """
add_identity(self.account, IdentityType.USERPASS, email="*****@*****.**", password="******")
add_account_identity(
"ddmlab_%s" % self.account, IdentityType.USERPASS, self.account, email="*****@*****.**"
)
add_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, email="*****@*****.**")
add_account_identity(
"/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account, email="*****@*****.**"
)
add_identity("ddmlab_%s" % self.account, IdentityType.GSS, email="*****@*****.**")
add_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account, email="*****@*****.**")
list_identities()
del_account_identity("ddmlab_%s" % self.account, IdentityType.USERPASS, self.account)
del_account_identity("/ch/cern/rucio/ddmlab_%s" % self.account, IdentityType.X509, self.account)
del_account_identity("ddmlab_%s" % self.account, IdentityType.GSS, self.account)
del_identity("ddmlab_%s" % self.account, IdentityType.USERPASS)
