def render_template_with_system_and_user_context(value, user, context=None, prefix=None): """ Render provided template with a default system context and user context for the provided user. :param value: Template string. :type value: ``str`` :param user: Name (PK) of the user for the user scope. :type user: ``str`` :param context: Template context (optional). :type context: ``dict`` :param prefix: Datastore key prefix (optional). :type prefix: ``str`` :rtype: ``str`` """ context = context or {} context[SYSTEM_SCOPE] = KeyValueLookup(prefix=prefix, scope=SYSTEM_SCOPE) context[USER_SCOPE] = UserKeyValueLookup(prefix=prefix, user=user, scope=USER_SCOPE) context[DATASTORE_PARENT_SCOPE] = { SYSTEM_SCOPE: KeyValueLookup(prefix=prefix, scope=FULL_SYSTEM_SCOPE), USER_SCOPE: UserKeyValueLookup(prefix=prefix, user=user, scope=FULL_USER_SCOPE) } rendered = render_template(value=value, context=context) return rendered
def test_lookup_with_key_prefix(self): KeyValuePair.add_or_update(KeyValuePairDB(name='some:prefix:stanley:k5', value='v5', scope=FULL_USER_SCOPE)) # No prefix provided, should return None lookup = UserKeyValueLookup(user='******', scope=FULL_USER_SCOPE) self.assertEqual(str(lookup.k5), '') # Prefix provided lookup = UserKeyValueLookup(prefix='some:prefix', user='******', scope=FULL_USER_SCOPE) self.assertEqual(str(lookup.k5), 'v5')
def test_user_scope_lookups_user_sep_in_name(self): KeyValuePair.add_or_update(KeyValuePairDB(name='stanley:r:i:p', value='v4', scope=FULL_USER_SCOPE)) lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user='******') # This is the only way to lookup because USER_SEPARATOR (':') cannot be a part of # variable name in Python. self.assertEquals(str(lookup['r:i:p']), 'v4')
def test_filter_decrypt_kv_with_user_scope_value(self): KeyValuePair.add_or_update(KeyValuePairDB(name='stanley:k8', value=self.secret_value, scope=FULL_USER_SCOPE, secret=True)) context = {} context.update({USER_SCOPE: UserKeyValueLookup(user='******', scope=USER_SCOPE)}) context.update({ DATASTORE_PARENT_SCOPE: { USER_SCOPE: UserKeyValueLookup(user='******', scope=FULL_USER_SCOPE) } }) template = '{{st2kv.user.k8 | decrypt_kv}}' actual = self.env.from_string(template).render(context) self.assertEqual(actual, self.secret)
def _create_graph(action_context, config): ''' Creates a generic directed graph for depencency tree and fills it with basic context variables ''' G = nx.DiGraph() system_keyvalue_context = { SYSTEM_SCOPE: KeyValueLookup(scope=FULL_SYSTEM_SCOPE) } # If both 'user' and 'api_user' are specified, this prioritize 'api_user' user = action_context['user'] if 'user' in action_context else None user = action_context['api_user'] if 'api_user' in action_context else user if not user: # When no user is not specified, this selects system-user's scope by default. user = cfg.CONF.system_user.user LOG.info( 'Unable to retrieve user / api_user value from action_context. Falling back ' 'to and using system_user (%s).' % (user)) system_keyvalue_context[USER_SCOPE] = UserKeyValueLookup( scope=FULL_USER_SCOPE, user=user) G.add_node(DATASTORE_PARENT_SCOPE, value=system_keyvalue_context) G.add_node(ACTION_CONTEXT_KV_PREFIX, value=action_context) G.add_node(PACK_CONFIG_CONTEXT_KV_PREFIX, value=config) return G
def test_user_scope_lookups_dot_in_user(self): KeyValuePair.add_or_update( KeyValuePairDB(name='first.last:r.i.p', value='v4', scope=FULL_USER_SCOPE)) lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user='******') self.assertEqual(str(lookup.r.i.p), 'v4') self.assertEqual(str(lookup['r']['i']['p']), 'v4')
def test_missing_key_lookup(self): lookup = KeyValueLookup(scope=FULL_SYSTEM_SCOPE) self.assertEqual(str(lookup.missing_key), '') self.assertTrue(lookup.missing_key, 'Should be not none.') user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user='******') self.assertEqual(str(user_lookup.missing_key), '') self.assertTrue(user_lookup.missing_key, 'Should be not none.')
def test_user_scope_lookups_dot_in_user(self): KeyValuePair.add_or_update( KeyValuePairDB(name="first.last:r.i.p", value="v4", scope=FULL_USER_SCOPE)) lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user="******") self.assertEqual(str(lookup.r.i.p), "v4") self.assertEqual(str(lookup["r"]["i"]["p"]), "v4")
def test_lookups_older_scope_names_backward_compatibility(self): k1 = KeyValuePair.add_or_update(KeyValuePairDB(name='a.b', value='v1', scope=FULL_SYSTEM_SCOPE)) lookup = KeyValueLookup(scope=SYSTEM_SCOPE) self.assertEquals(str(lookup['a']['b']), k1.value) k2 = KeyValuePair.add_or_update(KeyValuePairDB(name='stanley:r.i.p', value='v4', scope=FULL_USER_SCOPE)) user_lookup = UserKeyValueLookup(scope=USER_SCOPE, user='******') self.assertEquals(str(user_lookup['r']['i']['p']), k2.value)
def test_lookups_older_scope_names_backward_compatibility(self): k1 = KeyValuePair.add_or_update( KeyValuePairDB(name="a.b", value="v1", scope=FULL_SYSTEM_SCOPE)) lookup = KeyValueLookup(scope=SYSTEM_SCOPE) self.assertEqual(str(lookup["a"]["b"]), k1.value) k2 = KeyValuePair.add_or_update( KeyValuePairDB(name="stanley:r.i.p", value="v4", scope=FULL_USER_SCOPE)) user_lookup = UserKeyValueLookup(scope=USER_SCOPE, user="******") self.assertEqual(str(user_lookup["r"]["i"]["p"]), k2.value)
def test_filter_decrypt_kv_with_user_scope_value_datastore_value_doesnt_exist(self): context = {} context.update({SYSTEM_SCOPE: KeyValueLookup(scope=SYSTEM_SCOPE)}) context.update({ DATASTORE_PARENT_SCOPE: { USER_SCOPE: UserKeyValueLookup(user='******', scope=FULL_USER_SCOPE) } }) template = '{{st2kv.user.doesnt_exist | decrypt_kv}}' expected_msg = ('Referenced datastore item "st2kv.user.doesnt_exist" doesn\'t exist or ' 'it contains an empty string') self.assertRaisesRegexp(ValueError, expected_msg, self.env.from_string(template).render, context)
def test_non_hierarchical_lookup(self): k1 = KeyValuePair.add_or_update(KeyValuePairDB(name='k1', value='v1')) k2 = KeyValuePair.add_or_update(KeyValuePairDB(name='k2', value='v2')) k3 = KeyValuePair.add_or_update(KeyValuePairDB(name='k3', value='v3')) k4 = KeyValuePair.add_or_update(KeyValuePairDB(name='stanley:k4', value='v4', scope=FULL_USER_SCOPE)) lookup = KeyValueLookup() self.assertEquals(str(lookup.k1), k1.value) self.assertEquals(str(lookup.k2), k2.value) self.assertEquals(str(lookup.k3), k3.value) # Scoped lookup lookup = KeyValueLookup(scope=FULL_SYSTEM_SCOPE) self.assertEquals(str(lookup.k4), '') user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user='******') self.assertEquals(str(user_lookup.k4), k4.value)
def test_hierarchical_lookup_dict(self): k1 = KeyValuePair.add_or_update(KeyValuePairDB(name='a.b', value='v1')) k2 = KeyValuePair.add_or_update(KeyValuePairDB(name='a.b.c', value='v2')) k3 = KeyValuePair.add_or_update(KeyValuePairDB(name='b.c', value='v3')) k4 = KeyValuePair.add_or_update(KeyValuePairDB(name='stanley:r.i.p', value='v4', scope=FULL_USER_SCOPE)) lookup = KeyValueLookup() self.assertEquals(str(lookup['a']['b']), k1.value) self.assertEquals(str(lookup['a']['b']['c']), k2.value) self.assertEquals(str(lookup['b']['c']), k3.value) self.assertEquals(str(lookup['a']), '') # Scoped lookup lookup = KeyValueLookup(scope=FULL_SYSTEM_SCOPE) self.assertEquals(str(lookup['r']['i']['p']), '') user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user='******') self.assertEquals(str(user_lookup['r']['i']['p']), k4.value)
def test_secret_lookup(self): secret_value = '0055A2D9A09E1071931925933744965EEA7E23DCF59A8D1D7A3' + \ '64338294916D37E83C4796283C584751750E39844E2FD97A3727DB5D553F638' k1 = KeyValuePair.add_or_update( KeyValuePairDB(name='k1', value=secret_value, secret=True)) k2 = KeyValuePair.add_or_update(KeyValuePairDB(name='k2', value='v2')) k3 = KeyValuePair.add_or_update( KeyValuePairDB(name='stanley:k3', value=secret_value, scope=FULL_USER_SCOPE, secret=True)) lookup = KeyValueLookup() self.assertEqual(str(lookup.k1), k1.value) self.assertEqual(str(lookup.k2), k2.value) self.assertEqual(str(lookup.k3), '') user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user='******') self.assertEqual(str(user_lookup.k3), k3.value)
def test_non_hierarchical_lookup(self): k1 = KeyValuePair.add_or_update(KeyValuePairDB(name="k1", value="v1")) k2 = KeyValuePair.add_or_update(KeyValuePairDB(name="k2", value="v2")) k3 = KeyValuePair.add_or_update(KeyValuePairDB(name="k3", value="v3")) k4 = KeyValuePair.add_or_update( KeyValuePairDB(name="stanley:k4", value="v4", scope=FULL_USER_SCOPE)) lookup = KeyValueLookup() self.assertEqual(str(lookup.k1), k1.value) self.assertEqual(str(lookup.k2), k2.value) self.assertEqual(str(lookup.k3), k3.value) # Scoped lookup lookup = KeyValueLookup(scope=FULL_SYSTEM_SCOPE) self.assertEqual(str(lookup.k4), "") user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user="******") self.assertEqual(str(user_lookup.k4), k4.value)
def test_hierarchical_lookup_dotted(self): k1 = KeyValuePair.add_or_update(KeyValuePairDB(name='a.b', value='v1')) k2 = KeyValuePair.add_or_update( KeyValuePairDB(name='a.b.c', value='v2')) k3 = KeyValuePair.add_or_update(KeyValuePairDB(name='b.c', value='v3')) k4 = KeyValuePair.add_or_update( KeyValuePairDB(name='stanley:r.i.p', value='v4', scope=USER_SCOPE)) lookup = KeyValueLookup() self.assertEquals(str(lookup.a.b), k1.value) self.assertEquals(str(lookup.a.b.c), k2.value) self.assertEquals(str(lookup.b.c), k3.value) self.assertEquals(str(lookup.a), '') # Scoped lookup lookup = KeyValueLookup(scope=SYSTEM_SCOPE) self.assertEquals(str(lookup.r.i.p), '') user_lookup = UserKeyValueLookup(scope=USER_SCOPE, user='******') self.assertEquals(str(user_lookup.r.i.p), k4.value)
def test_hierarchical_lookup_dict(self): k1 = KeyValuePair.add_or_update(KeyValuePairDB(name="a.b", value="v1")) k2 = KeyValuePair.add_or_update( KeyValuePairDB(name="a.b.c", value="v2")) k3 = KeyValuePair.add_or_update(KeyValuePairDB(name="b.c", value="v3")) k4 = KeyValuePair.add_or_update( KeyValuePairDB(name="stanley:r.i.p", value="v4", scope=FULL_USER_SCOPE)) lookup = KeyValueLookup() self.assertEqual(str(lookup["a"]["b"]), k1.value) self.assertEqual(str(lookup["a"]["b"]["c"]), k2.value) self.assertEqual(str(lookup["b"]["c"]), k3.value) self.assertEqual(str(lookup["a"]), "") # Scoped lookup lookup = KeyValueLookup(scope=FULL_SYSTEM_SCOPE) self.assertEqual(str(lookup["r"]["i"]["p"]), "") user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user="******") self.assertEqual(str(user_lookup["r"]["i"]["p"]), k4.value)
def test_secret_lookup(self): secret_value = ( "0055A2D9A09E1071931925933744965EEA7E23DCF59A8D1D7A3" + "64338294916D37E83C4796283C584751750E39844E2FD97A3727DB5D553F638") k1 = KeyValuePair.add_or_update( KeyValuePairDB(name="k1", value=secret_value, secret=True)) k2 = KeyValuePair.add_or_update(KeyValuePairDB(name="k2", value="v2")) k3 = KeyValuePair.add_or_update( KeyValuePairDB( name="stanley:k3", value=secret_value, scope=FULL_USER_SCOPE, secret=True, )) lookup = KeyValueLookup() self.assertEqual(str(lookup.k1), k1.value) self.assertEqual(str(lookup.k2), k2.value) self.assertEqual(str(lookup.k3), "") user_lookup = UserKeyValueLookup(scope=FULL_USER_SCOPE, user="******") self.assertEqual(str(user_lookup.k3), k3.value)