def test_service_accounts(session, standard_graph, users, http_client, base_url): # noqa: F811
api_url = url(base_url, "/service_accounts")
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
assert resp.code == 200
assert body["status"] == "ok"
assert sorted(body["data"]["service_accounts"]) == sorted(
[u.name for u in itervalues(users) if u.role_user] + ["*****@*****.**"]
)
# Retrieve a single service account and check its metadata.
api_url = url(base_url, "/service_accounts/[email protected]")
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
assert resp.code == 200
assert body["status"] == "ok"
data = body["data"]["user"]
assert "service_account" in data
assert data["service_account"]["description"] == "some service account"
assert data["service_account"]["machine_set"] == "some machines"
assert data["service_account"]["owner"] == "team-sre"
assert body["data"]["permissions"] == []
# Delegate a permission to the service account and check for it.
service_account = ServiceAccount.get(session, name="*****@*****.**")
permission = get_permission(session, "team-sre")
grant_permission_to_service_account(session, service_account, permission, "*")
standard_graph.update_from_db(session)
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
assert resp.code == 200
assert body["status"] == "ok"
perms = body["data"]["permissions"]
assert perms[0]["permission"] == "team-sre"
assert perms[0]["argument"] == "*"
def test_users_aliased_permissions(
mocker, session, standard_graph, http_client, base_url # noqa: F811
):
proxy = PluginProxy([PermissionAliasesPlugin()])
mocker.patch("grouper.graph.get_plugin_proxy", return_value=proxy)
# Force graph update
Counter.incr(session, "updates")
standard_graph.update_from_db(session)
api_url = url(base_url, "/users/[email protected]")
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
perms = [(p["permission"], p["argument"]) for p in body["data"]["permissions"]]
assert ("owner", "sad-team") in perms
assert ("ssh", "owner=sad-team") in perms
assert ("sudo", "sad-team") in perms
def test_users_aliased_permissions(
mocker, session, standard_graph, http_client, base_url # noqa: F811
):
proxy = PluginProxy([TestPermissionAliasesPlugin()])
mocker.patch("grouper.graph.get_plugin_proxy", return_value=proxy)
# Force graph update
Counter.incr(session, "updates")
standard_graph.update_from_db(session)
api_url = url(base_url, "/users/[email protected]")
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
perms = [(p["permission"], p["argument"]) for p in body["data"]["permissions"]]
assert ("owner", "sad-team") in perms
assert ("ssh", "owner=sad-team") in perms
assert ("sudo", "sad-team") in perms
def test_service_accounts(session, standard_graph, users, http_client,
base_url): # noqa: F811
api_url = url(base_url, "/service_accounts")
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
assert resp.code == 200
assert body["status"] == "ok"
assert sorted(body["data"]["service_accounts"]) == sorted(
[u.name for u in itervalues(users) if u.role_user] + ["*****@*****.**"])
# TODO: test cutoff
# Retrieve a single service account and check its metadata.
api_url = url(base_url, "/service_accounts/[email protected]")
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
assert resp.code == 200
assert body["status"] == "ok"
data = body["data"]["user"]
assert "service_account" in data
assert data["service_account"]["description"] == "some service account"
assert data["service_account"]["machine_set"] == "some machines"
assert data["service_account"]["owner"] == "team-sre"
assert body["data"]["permissions"] == []
# Delegate a permission to the service account and check for it.
service_account = ServiceAccount.get(session, name="*****@*****.**")
permission = get_permission(session, "team-sre")
grant_permission_to_service_account(session, service_account, permission,
"*")
standard_graph.update_from_db(session)
resp = yield http_client.fetch(api_url)
body = json.loads(resp.body)
assert resp.code == 200
assert body["status"] == "ok"
perms = body["data"]["permissions"]
assert perms[0]["permission"] == "team-sre"
assert perms[0]["argument"] == "*"
