예제 #1
0
    def test_write_and_delete(loop, self):
        r = auth.EtcdRole(self.client, 'test_role')
        r.acls = {'/*': 'R', '/test/*': 'RW'}
        try:
            yield from r.write()
        except:
            self.fail("Writing a simple groups should not fail")

        r1 = auth.EtcdRole(self.client, 'test_role')
        yield from r1.read()
        self.assertEquals(r1.acls, r.acls)
        r.revoke('/test/*', 'W')
        yield from r.write()
        yield from r1.read()
        self.assertEquals(r1.acls, {'/*': 'R', '/test/*': 'R'})
        r.grant('/pub/*', 'RW')
        yield from r.write()
        yield from r1.read()
        self.assertEquals(r1.acls['/pub/*'], 'RW')
        # All other exceptions are tested by the user tests
        r1.name = None
        with raises(etcd.EtcdException):
            yield from r1.write()
        # ditto for delete
        try:
            yield from r.delete()
        except:
            self.fail("A normal delete should not fail")
        with raises(etcd.EtcdKeyNotFound):
            yield from r.read()
예제 #2
0
    def test_write_and_delete(loop,self):
        r = auth.EtcdRole(self.client, 'test_group')
        r.acls = {'/*': 'R', '/test/*': 'RW'}
        try:
            yield from r.write()
        except:
            self.fail("Writing a simple groups should not fail")

        # Create an user
        u = auth.EtcdUser(self.client, 'test_user')
        u.roles.add('guest')
        u.roles.add('root')
        # directly from my suitcase
        u.password = '******'
        try:
            yield from u.write()
        except:
            self.fail("creating a user doesn't work")
        # Password gets wiped
        self.assertEquals(u.password, None)
        yield from u.read()
        # Verify we can log in as this user and access the auth (it has the
        # root role)
        cl = etcd.Client(port=6001, username='******',
                         password='******')
        ul = auth.EtcdUser(cl, 'root')
        try:
            yield from ul.read()
        except etcd.EtcdInsufficientPermissions:
            self.fail("Reading auth with the new user is not possible")

        self.assertEquals(u.name, "test_user")
        self.assertEquals(u.roles, set(['guest', 'root']))
        # set roles as a list, it works!
        u.roles = ['guest', 'test_group']
        try:
            yield from u.write()
        except:
            self.fail("updating a user you previously created fails")
        yield from u.read()
        self.assertIn('test_group', u.roles)

        # Unauthorized access is properly handled
        ua = auth.EtcdUser(self.unauth_client, 'test_user')
        with raises(etcd.EtcdInsufficientPermissions):
            yield from ua.write()

        # now let's test deletion
        du = auth.EtcdUser(self.client, 'user.does.not.exist')
        with raises(etcd.EtcdKeyNotFound):
            yield from du.delete()

        # Delete test_user
        yield from u.delete()
        with raises(etcd.EtcdKeyNotFound):
            yield from u.read()
        # Permissions are properly handled
        with raises(etcd.EtcdInsufficientPermissions):
            yield from ua.delete()
예제 #3
0
    def test_read(loop, self):
        r = auth.EtcdRole(self.client, 'guest')
        try:
            yield from r.read()
        except:
            self.fail('Reading an existing role failed')

        self.assertEquals(r.acls, {'/*': 'RW'})
예제 #4
0
    def test_read(loop,self):
        r = auth.EtcdRole(self.client, 'guest')
        try:
            yield from r.read()
        except:
            self.fail('Reading an existing role failed')

        # XXX The ACL path result changed from '*' to '/*' at some point
        #     between etcd-2.2.2 and 2.2.5.  They're equivalent so allow
        #     for both.
        if '/*' in r.acls:
            self.assertEquals(r.acls, {'/*': 'RW'})
        else:
            self.assertEquals(r.acls, {'*': 'RW'})
예제 #5
0
    def tearDown(self):
        loop = asyncio.get_event_loop()

        u = auth.EtcdUser(self.client, 'test_user')
        r = auth.EtcdRole(self.client, 'test_role')
        try:
            loop.run_until_complete(u.delete())
        except:
            pass
        try:
            loop.run_until_complete(r.delete())
        except:
            pass
        a = auth.Auth(self.client)
        loop.run_until_complete(a.set_active(False))
예제 #6
0
 def test_names(loop, self):
     r = auth.EtcdRole(self.client, 'guest')
     x = yield from r.get_names()
     print(x)
     self.assertListEqual((yield from r.get_names()), [{
         'role': 'guest',
         'permissions': {
             'kv': {
                 'read': ['/*'],
                 'write': ['/*']
             }
         }
     }, {
         'role': 'root',
         'permissions': {
             'kv': {
                 'read': ['/*'],
                 'write': ['/*']
             }
         }
     }])
예제 #7
0
 def test_names(loop,self):
     r = auth.EtcdRole(self.client, 'guest')
     self.assertListEqual((yield from r.get_names()), [u'guest', u'root'])