Python new_auth_db_snapshot 예제들

예제 #1

파일: replication_test.py 프로젝트: misscache/luci-py

 def test_empty(self):
   state, snapshot = replication.new_auth_db_snapshot()
   self.assertIsNone(state)
   expected_snapshot = {
     'global_config': {
       '__id__': 'root',
       '__parent__': None,
       'auth_db_rev': None,
       'auth_db_prev_rev': None,
       'modified_by': None,
       'modified_ts': None,
       'oauth_additional_client_ids': [],
       'oauth_client_id': '',
       'oauth_client_secret': ''
     },
     'groups': [],
     'secrets': [],
     'ip_whitelists': [],
     'ip_whitelist_assignments': {
       '__id__': 'default',
       '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
       'assignments': [],
       'auth_db_rev': None,
       'auth_db_prev_rev': None,
       'modified_by': None,
       'modified_ts': None,
     },
   }
   self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))

예제 #2

def pack_auth_db():
    """Packs an entire AuthDB into a blob, signing it using app's private key.

  Returns:
    Tuple (blob, name of a key used to sign it, base64 encoded signature).
  """
    # Grab the snapshot.
    state, snapshot = replication.new_auth_db_snapshot()

    # Serialize to binary proto message.
    req = replication_pb2.ReplicationPushRequest()
    req.revision.primary_id = app_identity.get_application_id()
    req.revision.auth_db_rev = state.auth_db_rev
    req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
    replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
    req.auth_code_version = version.__version__
    auth_db_blob = req.SerializeToString()

    # Sign it using primary's private keys. sign_blob is limited to 8KB only, so
    # hash the body first and sign the digest.
    key_name, sig = signature.sign_blob(hashlib.sha512(auth_db_blob).digest())
    sig = base64.b64encode(sig)

    logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
    return auth_db_blob, key_name, sig

예제 #3

 def test_empty(self):
   state, snapshot = replication.new_auth_db_snapshot()
   self.assertIsNone(state)
   expected_snapshot = {
     'global_config': {
       '__id__': 'root',
       '__parent__': None,
       'auth_db_rev': None,
       'auth_db_prev_rev': None,
       'modified_by': None,
       'modified_ts': None,
       'oauth_additional_client_ids': [],
       'oauth_client_id': u'',
       'oauth_client_secret': u''
     },
     'groups': [],
     'secrets': [],
     'ip_whitelists': [],
     'ip_whitelist_assignments': {
       '__id__': 'default',
       '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
       'assignments': [],
       'auth_db_rev': None,
       'auth_db_prev_rev': None,
       'modified_by': None,
       'modified_ts': None,
     },
   }
   self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))

예제 #4

파일: replication.py 프로젝트: eakuefner/luci-py

def pack_auth_db():
  """Packs an entire AuthDB into a blob, signing it using app's private key.

  Returns:
    Tuple (blob, name of a key used to sign it, base64 encoded signature).
  """
  # Grab the snapshot.
  state, snapshot = replication.new_auth_db_snapshot()

  # Serialize to binary proto message.
  req = replication_pb2.ReplicationPushRequest()
  req.revision.primary_id = app_identity.get_application_id()
  req.revision.auth_db_rev = state.auth_db_rev
  req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
  replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
  req.auth_code_version = version.__version__
  auth_db_blob = req.SerializeToString()

  # Sign it using primary's private keys. sign_blob is limited to 8KB only, so
  # hash the body first and sign the digest.
  key_name, sig = signature.sign_blob(hashlib.sha512(auth_db_blob).digest())
  sig = base64.b64encode(sig)

  logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
  return auth_db_blob, key_name, sig

예제 #5

파일: replication.py 프로젝트: rmistry/luci-py

def pack_auth_db():
  """Packs an entire AuthDB into a blob (serialized protobuf message).

  Returns:
    Tuple (AuthReplicationState, blob).
  """
  # Grab the snapshot.
  state, snapshot = replication.new_auth_db_snapshot()

  # Serialize to binary proto message.
  req = replication_pb2.ReplicationPushRequest()
  req.revision.primary_id = app_identity.get_application_id()
  req.revision.auth_db_rev = state.auth_db_rev
  req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
  replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
  req.auth_code_version = version.__version__
  auth_db_blob = req.SerializeToString()

  logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
  return state, auth_db_blob

예제 #6

def pack_auth_db():
    """Packs an entire AuthDB into a blob (serialized protobuf message).

  Returns:
    Tuple (AuthReplicationState, blob).
  """
    # Grab the snapshot.
    state, snapshot = replication.new_auth_db_snapshot()

    # Serialize to binary proto message.
    req = replication_pb2.ReplicationPushRequest()
    req.revision.primary_id = app_identity.get_application_id()
    req.revision.auth_db_rev = state.auth_db_rev
    req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
    replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
    req.auth_code_version = version.__version__
    auth_db_blob = req.SerializeToString()

    logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
    return state, auth_db_blob

예제 #7

파일: replication_test.py 프로젝트: misscache/luci-py

  def test_non_empty(self):
    self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))

    state = model.AuthReplicationState(
        key=model.replication_state_key(),
        primary_id='blah',
        primary_url='https://blah',
        auth_db_rev=123)
    state.put()

    global_config = model.AuthGlobalConfig(
        key=model.root_key(),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'),
        oauth_client_id='oauth_client_id',
        oauth_client_secret='oauth_client_secret',
        oauth_additional_client_ids=['a', 'b'])
    global_config.put()

    group = model.AuthGroup(
        key=model.group_key('Some group'),
        members=[model.Identity.from_bytes('user:[email protected]')],
        globs=[model.IdentityGlob.from_bytes('user:*@example.com')],
        nested=[],
        description='Some description',
        created_ts=utils.utcnow(),
        created_by=model.Identity.from_bytes('user:[email protected]'),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    group.put()

    another = model.AuthGroup(
        key=model.group_key('Another group'),
        nested=['Some group'])
    another.put()

    global_secret = model.AuthSecret(
        id='global_secret',
        parent=model.secret_scope_key('global'),
        values=['1234', '5678'],
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    global_secret.put()

    # Local secret should not appear in a snapshot.
    local_secret = model.AuthSecret(
        id='local_secret',
        parent=model.secret_scope_key('local'),
        values=['1234', '5678'],
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    local_secret.put()

    ip_whitelist = model.AuthIPWhitelist(
        key=model.ip_whitelist_key('bots'),
        subnets=['127.0.0.1/32'],
        description='Some description',
        created_ts=utils.utcnow(),
        created_by=model.Identity.from_bytes('user:[email protected]'),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    ip_whitelist.put()

    ip_whitelist_assignments = model.AuthIPWhitelistAssignments(
        key=model.ip_whitelist_assignments_key(),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'),
        assignments=[
          model.AuthIPWhitelistAssignments.Assignment(
            identity=model.Identity.from_bytes('user:[email protected]'),
            ip_whitelist='bots',
            comment='some comment',
            created_ts=utils.utcnow(),
            created_by=model.Identity.from_bytes('user:[email protected]')),
        ])
    ip_whitelist_assignments.put()

    captured_state, snapshot = replication.new_auth_db_snapshot()

    expected_state =  {
      'auth_db_rev': 123,
      'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
      'primary_id': u'blah',
      'primary_url': u'https://blah',
    }
    self.assertEqual(expected_state, captured_state.to_dict())

    expected_snapshot = {
      'global_config': {
        '__id__': 'root',
        '__parent__': None,
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': model.Identity(kind='user', name='*****@*****.**'),
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
        'oauth_additional_client_ids': [u'a', u'b'],
        'oauth_client_id': u'oauth_client_id',
        'oauth_client_secret': u'oauth_client_secret',
      },
      'groups': [
        {
          '__id__': 'Another group',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': None,
          'description': '',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': None,
          'nested': [u'Some group'],
        },
        {
          '__id__': 'Some group',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': model.Identity(kind='user', name='*****@*****.**'),
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'Some description',
          'globs': [model.IdentityGlob(kind='user', pattern='*@example.com')],
          'members': [model.Identity(kind='user', name='*****@*****.**')],
          'modified_by': model.Identity(
              kind='user', name='*****@*****.**'),
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
        },
      ],
      'secrets': [
        {
          '__id__': 'global_secret',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': model.Identity(
              kind='user', name='*****@*****.**'),
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': ['1234', '5678'],
        },
      ],
      'ip_whitelists': [
        {
          '__id__': 'bots',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': model.Identity(kind='user', name='*****@*****.**'),
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'Some description',
          'modified_by': model.Identity(
              kind='user', name='*****@*****.**'),
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': ['127.0.0.1/32'],
        },
      ],
      'ip_whitelist_assignments': {
        '__id__': 'default',
        '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
        'assignments': [
          {
            'comment': 'some comment',
            'created_by': model.Identity(
                kind='user', name='*****@*****.**'),
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(
                kind='user', name='*****@*****.**'),
            'ip_whitelist': 'bots',
          },
        ],
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': model.Identity(kind='user', name='*****@*****.**'),
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
      },
    }
    self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))

예제 #8

파일: replication_test.py 프로젝트: misscache/luci-py

  def test_works(self):
    self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))
    self.configure_as_replica(0)

    # Prepare auth db state.
    model.AuthGlobalConfig(
        key=model.root_key(),
        modified_ts=utils.utcnow(),
        oauth_client_id='oauth_client_id',
        oauth_client_secret='oauth_client_secret',
        oauth_additional_client_ids=['a', 'b']).put()

    def group(name, **kwargs):
      return model.AuthGroup(
          key=model.group_key(name),
          created_ts=utils.utcnow(),
          modified_ts=utils.utcnow(),
          **kwargs)
    group('Modify').put()
    group('Delete').put()
    group('Keep').put()

    def secret(name, scope, **kwargs):
      return model.AuthSecret(
          id=name, parent=model.secret_scope_key(scope), **kwargs)
    secret('modify', 'global').put()
    secret('delete', 'global').put()
    secret('keep', 'global').put()
    secret('local', 'local').put()

    def ip_whitelist(name, **kwargs):
      return model.AuthIPWhitelist(
          key=model.ip_whitelist_key(name),
          created_ts=utils.utcnow(),
          modified_ts=utils.utcnow(),
          **kwargs)
    ip_whitelist('modify').put()
    ip_whitelist('delete').put()
    ip_whitelist('keep').put()

    def assignment(ident, ip_whitelist):
      return model.AuthIPWhitelistAssignments.Assignment(
          identity=model.Identity.from_bytes(ident),
          ip_whitelist=ip_whitelist,
          created_ts=utils.utcnow(),
          comment='comment')
    model.AuthIPWhitelistAssignments(
        key=model.ip_whitelist_assignments_key(),
        modified_ts=utils.utcnow(),
        assignments=[
          assignment('user:[email protected]', 'modify'),
          assignment('user:[email protected]', 'delete'),
          assignment('user:[email protected]', 'keep'),
        ]).put()

    # Prepare snapshot.
    snapshot = replication.AuthDBSnapshot(
        global_config=model.AuthGlobalConfig(
            key=model.root_key(),
            modified_ts=utils.utcnow(),
            oauth_client_id='another_oauth_client_id',
            oauth_client_secret='another_oauth_client_secret',
            oauth_additional_client_ids=[]),
        groups=[
          group('New'),
          group('Modify', description='blah'),
          group('Keep'),
        ],
        secrets=[
          secret('new', 'global'),
          secret('modify', 'global', values=['1234']),
          secret('keep', 'global'),
        ],
        ip_whitelists=[
          ip_whitelist('new', subnets=['1.1.1.1/32']),
          ip_whitelist('modify', subnets=['127.0.0.1/32', '192.168.0.1/32']),
          ip_whitelist('keep'),
        ],
        ip_whitelist_assignments=model.AuthIPWhitelistAssignments(
            key=model.ip_whitelist_assignments_key(),
            assignments=[
              assignment('user:[email protected]', 'new'),
              assignment('user:[email protected]', 'modify'),
              assignment('user:[email protected]', 'keep'),
            ],
        ),
    )

    # Push it.
    updated, state = replication.replace_auth_db(
        auth_db_rev=1234,
        modified_ts=datetime.datetime(2014, 1, 1, 1, 1, 1),
        snapshot=snapshot)
    self.assertTrue(updated)
    expected_state = {
      'auth_db_rev': 1234,
      'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
      'primary_id': u'primary',
      'primary_url': u'https://primary',
    }
    self.assertEqual(expected_state, state.to_dict())

    # Verify expected Auth db state.
    current_state, current_snapshot = replication.new_auth_db_snapshot()
    self.assertEqual(expected_state, current_state.to_dict())

    expected_auth_db = {
      'global_config': {
        '__id__': 'root',
        '__parent__': None,
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': None,
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
        'oauth_additional_client_ids': [],
        'oauth_client_id': u'another_oauth_client_id',
        'oauth_client_secret': u'another_oauth_client_secret'},
      'groups': [
        {
          '__id__': 'Keep',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': '',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
        },
        {
          '__id__': 'Modify',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'blah',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
        },
        {
          '__id__': 'New',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': '',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
        },
      ],
      'secrets': [
        {
          '__id__': 'keep',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': [],
        },
        {
          '__id__': 'modify',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': ['1234'],
        },
        {
          '__id__': 'new',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': [],
        },
      ],
      'ip_whitelists': [
        {
          '__id__': 'keep',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': '',
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': [],
        },
        {
          '__id__': 'modify',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': '',
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': ['127.0.0.1/32', '192.168.0.1/32'],
        },
        {
          '__id__': 'new',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': '',
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': ['1.1.1.1/32'],
        },
      ],
      'ip_whitelist_assignments': {
        '__id__': 'default',
        '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
        'assignments': [
          {
            'comment': 'comment',
            'created_by': None,
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(kind='user', name='*****@*****.**'),
            'ip_whitelist': 'new',
          },
          {
            'comment': 'comment',
            'created_by': None,
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(kind='user', name='*****@*****.**'),
            'ip_whitelist': 'modify',
          },
          {
            'comment': 'comment',
            'created_by': None,
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(kind='user', name='*****@*****.**'),
            'ip_whitelist': 'keep',
          },
        ],
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': None,
        'modified_ts': None, # not transfered currently in proto
      },
    }
    self.assertEqual(expected_auth_db, snapshot_to_dict(current_snapshot))

    # Ensure local secret was left intact.
    local_secrets = model.AuthSecret.query(
        ancestor=model.secret_scope_key('local'))
    expected_local_secrets = [
      {
        '__id__': 'local',
        '__parent__': ndb.Key(
            'AuthGlobalConfig', 'root', 'AuthSecretScope', 'local'),
        'modified_by': None,
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
        'values': [],
      },
    ]
    self.assertEqual(
        expected_local_secrets, [entity_to_dict(s) for s in local_secrets])

예제 #9

  def test_non_empty(self):
    self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))

    state = model.AuthReplicationState(
        key=model.replication_state_key(),
        primary_id='blah',
        primary_url='https://blah',
        auth_db_rev=123)
    state.put()

    global_config = model.AuthGlobalConfig(
        key=model.root_key(),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'),
        oauth_client_id='oauth_client_id',
        oauth_client_secret='oauth_client_secret',
        oauth_additional_client_ids=['a', 'b'])
    global_config.put()

    group = model.AuthGroup(
        key=model.group_key('Some group'),
        members=[model.Identity.from_bytes('user:[email protected]')],
        globs=[model.IdentityGlob.from_bytes('user:*@example.com')],
        nested=[],
        description='Some description',
        owners='owning-group',
        created_ts=utils.utcnow(),
        created_by=model.Identity.from_bytes('user:[email protected]'),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    group.put()

    another = model.AuthGroup(
        key=model.group_key('Another group'),
        nested=['Some group'])
    another.put()

    global_secret = model.AuthSecret(
        id='global_secret',
        parent=model.secret_scope_key('global'),
        values=['1234', '5678'],
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    global_secret.put()

    # Local secret should not appear in a snapshot.
    local_secret = model.AuthSecret(
        id='local_secret',
        parent=model.secret_scope_key('local'),
        values=['1234', '5678'],
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    local_secret.put()

    ip_whitelist = model.AuthIPWhitelist(
        key=model.ip_whitelist_key('bots'),
        subnets=['127.0.0.1/32'],
        description='Some description',
        created_ts=utils.utcnow(),
        created_by=model.Identity.from_bytes('user:[email protected]'),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'))
    ip_whitelist.put()

    ip_whitelist_assignments = model.AuthIPWhitelistAssignments(
        key=model.ip_whitelist_assignments_key(),
        modified_ts=utils.utcnow(),
        modified_by=model.Identity.from_bytes('user:[email protected]'),
        assignments=[
          model.AuthIPWhitelistAssignments.Assignment(
            identity=model.Identity.from_bytes('user:[email protected]'),
            ip_whitelist='bots',
            comment='some comment',
            created_ts=utils.utcnow(),
            created_by=model.Identity.from_bytes('user:[email protected]')),
        ])
    ip_whitelist_assignments.put()

    captured_state, snapshot = replication.new_auth_db_snapshot()

    expected_state =  {
      'auth_db_rev': 123,
      'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
      'primary_id': u'blah',
      'primary_url': u'https://blah',
    }
    self.assertEqual(expected_state, captured_state.to_dict())

    expected_snapshot = {
      'global_config': {
        '__id__': 'root',
        '__parent__': None,
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': model.Identity(kind='user', name='*****@*****.**'),
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
        'oauth_additional_client_ids': [u'a', u'b'],
        'oauth_client_id': u'oauth_client_id',
        'oauth_client_secret': u'oauth_client_secret',
      },
      'groups': [
        {
          '__id__': 'Another group',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': None,
          'description': u'',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': None,
          'nested': [u'Some group'],
          'owners': u'administrators',
        },
        {
          '__id__': 'Some group',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': model.Identity(kind='user', name='*****@*****.**'),
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'Some description',
          'globs': [model.IdentityGlob(kind='user', pattern='*@example.com')],
          'members': [model.Identity(kind='user', name='*****@*****.**')],
          'modified_by': model.Identity(
              kind='user', name='*****@*****.**'),
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
          'owners': u'owning-group',
        },
      ],
      'secrets': [
        {
          '__id__': 'global_secret',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': model.Identity(
              kind='user', name='*****@*****.**'),
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': ['1234', '5678'],
        },
      ],
      'ip_whitelists': [
        {
          '__id__': 'bots',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': model.Identity(kind='user', name='*****@*****.**'),
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'Some description',
          'modified_by': model.Identity(
              kind='user', name='*****@*****.**'),
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': [u'127.0.0.1/32'],
        },
      ],
      'ip_whitelist_assignments': {
        '__id__': 'default',
        '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
        'assignments': [
          {
            'comment': u'some comment',
            'created_by': model.Identity(
                kind='user', name='*****@*****.**'),
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(
                kind='user', name='*****@*****.**'),
            'ip_whitelist': u'bots',
          },
        ],
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': model.Identity(kind='user', name='*****@*****.**'),
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
      },
    }
    self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))

예제 #10

  def test_works(self):
    self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))
    self.configure_as_replica(0)

    # Prepare auth db state.
    model.AuthGlobalConfig(
        key=model.root_key(),
        modified_ts=utils.utcnow(),
        oauth_client_id='oauth_client_id',
        oauth_client_secret='oauth_client_secret',
        oauth_additional_client_ids=['a', 'b']).put()

    def group(name, **kwargs):
      return model.AuthGroup(
          key=model.group_key(name),
          created_ts=utils.utcnow(),
          modified_ts=utils.utcnow(),
          **kwargs)
    group('Modify').put()
    group('Delete').put()
    group('Keep').put()

    def secret(name, scope, **kwargs):
      return model.AuthSecret(
          id=name, parent=model.secret_scope_key(scope), **kwargs)
    secret('modify', 'global').put()
    secret('delete', 'global').put()
    secret('keep', 'global').put()
    secret('local', 'local').put()

    def ip_whitelist(name, **kwargs):
      return model.AuthIPWhitelist(
          key=model.ip_whitelist_key(name),
          created_ts=utils.utcnow(),
          modified_ts=utils.utcnow(),
          **kwargs)
    ip_whitelist('modify').put()
    ip_whitelist('delete').put()
    ip_whitelist('keep').put()

    def assignment(ident, ip_whitelist):
      return model.AuthIPWhitelistAssignments.Assignment(
          identity=model.Identity.from_bytes(ident),
          ip_whitelist=ip_whitelist,
          created_ts=utils.utcnow(),
          comment='comment')
    model.AuthIPWhitelistAssignments(
        key=model.ip_whitelist_assignments_key(),
        modified_ts=utils.utcnow(),
        assignments=[
          assignment('user:[email protected]', 'modify'),
          assignment('user:[email protected]', 'delete'),
          assignment('user:[email protected]', 'keep'),
        ]).put()

    # Prepare snapshot.
    snapshot = replication.AuthDBSnapshot(
        global_config=model.AuthGlobalConfig(
            key=model.root_key(),
            modified_ts=utils.utcnow(),
            oauth_client_id='another_oauth_client_id',
            oauth_client_secret='another_oauth_client_secret',
            oauth_additional_client_ids=[]),
        groups=[
          group('New'),
          group('Modify', description='blah', owners='some-other-owners'),
          group('Keep'),
        ],
        secrets=[
          secret('new', 'global'),
          secret('modify', 'global', values=['1234']),
          secret('keep', 'global'),
        ],
        ip_whitelists=[
          ip_whitelist('new', subnets=['1.1.1.1/32']),
          ip_whitelist('modify', subnets=['127.0.0.1/32', '192.168.0.1/32']),
          ip_whitelist('keep'),
        ],
        ip_whitelist_assignments=model.AuthIPWhitelistAssignments(
            key=model.ip_whitelist_assignments_key(),
            assignments=[
              assignment('user:[email protected]', 'new'),
              assignment('user:[email protected]', 'modify'),
              assignment('user:[email protected]', 'keep'),
            ],
        ),
    )

    # Push it.
    updated, state = replication.replace_auth_db(
        auth_db_rev=1234,
        modified_ts=datetime.datetime(2014, 1, 1, 1, 1, 1),
        snapshot=snapshot)
    self.assertTrue(updated)
    expected_state = {
      'auth_db_rev': 1234,
      'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
      'primary_id': u'primary',
      'primary_url': u'https://primary',
    }
    self.assertEqual(expected_state, state.to_dict())

    # Verify expected Auth db state.
    current_state, current_snapshot = replication.new_auth_db_snapshot()
    self.assertEqual(expected_state, current_state.to_dict())

    expected_auth_db = {
      'global_config': {
        '__id__': 'root',
        '__parent__': None,
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': None,
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
        'oauth_additional_client_ids': [],
        'oauth_client_id': u'another_oauth_client_id',
        'oauth_client_secret': u'another_oauth_client_secret'},
      'groups': [
        {
          '__id__': 'Keep',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
          'owners': u'administrators',
        },
        {
          '__id__': 'Modify',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'blah',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
          'owners': u'some-other-owners',
        },
        {
          '__id__': 'New',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'',
          'globs': [],
          'members': [],
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'nested': [],
          'owners': u'administrators',
        },
      ],
      'secrets': [
        {
          '__id__': 'keep',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': [],
        },
        {
          '__id__': 'modify',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': ['1234'],
        },
        {
          '__id__': 'new',
          '__parent__': ndb.Key(
              'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'),
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'values': [],
        },
      ],
      'ip_whitelists': [
        {
          '__id__': 'keep',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'',
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': [],
        },
        {
          '__id__': 'modify',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'',
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': [u'127.0.0.1/32', u'192.168.0.1/32'],
        },
        {
          '__id__': 'new',
          '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
          'auth_db_rev': None,
          'auth_db_prev_rev': None,
          'created_by': None,
          'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'description': u'',
          'modified_by': None,
          'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
          'subnets': [u'1.1.1.1/32'],
        },
      ],
      'ip_whitelist_assignments': {
        '__id__': 'default',
        '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
        'assignments': [
          {
            'comment': u'comment',
            'created_by': None,
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(kind='user', name='*****@*****.**'),
            'ip_whitelist': u'new',
          },
          {
            'comment': u'comment',
            'created_by': None,
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(kind='user', name='*****@*****.**'),
            'ip_whitelist': u'modify',
          },
          {
            'comment': u'comment',
            'created_by': None,
            'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'identity': model.Identity(kind='user', name='*****@*****.**'),
            'ip_whitelist': u'keep',
          },
        ],
        'auth_db_rev': None,
        'auth_db_prev_rev': None,
        'modified_by': None,
        'modified_ts': None, # not transfered currently in proto
      },
    }
    self.assertEqual(expected_auth_db, snapshot_to_dict(current_snapshot))

    # Ensure local secret was left intact.
    local_secrets = model.AuthSecret.query(
        ancestor=model.secret_scope_key('local'))
    expected_local_secrets = [
      {
        '__id__': 'local',
        '__parent__': ndb.Key(
            'AuthGlobalConfig', 'root', 'AuthSecretScope', 'local'),
        'modified_by': None,
        'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
        'values': [],
      },
    ]
    self.assertEqual(
        expected_local_secrets, [entity_to_dict(s) for s in local_secrets])

예제 #11

파일: replication_test.py 프로젝트: amymariaparker2401/luci-py

    def test_non_empty(self):
        self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1))

        state = model.AuthReplicationState(key=model.replication_state_key(),
                                           primary_id='blah',
                                           primary_url='https://blah',
                                           auth_db_rev=123)
        state.put()

        global_config = model.AuthGlobalConfig(
            key=model.root_key(),
            modified_ts=utils.utcnow(),
            modified_by=model.Identity.from_bytes('user:[email protected]'),
            oauth_client_id='oauth_client_id',
            oauth_client_secret='oauth_client_secret',
            oauth_additional_client_ids=['a', 'b'],
            token_server_url='https://token-server',
            security_config='security config blob')
        global_config.put()

        group = model.AuthGroup(
            key=model.group_key('Some group'),
            members=[model.Identity.from_bytes('user:[email protected]')],
            globs=[model.IdentityGlob.from_bytes('user:*@example.com')],
            nested=[],
            description='Some description',
            owners='owning-group',
            created_ts=utils.utcnow(),
            created_by=model.Identity.from_bytes('user:[email protected]'),
            modified_ts=utils.utcnow(),
            modified_by=model.Identity.from_bytes('user:[email protected]'))
        group.put()

        another = model.AuthGroup(key=model.group_key('Another group'),
                                  nested=['Some group'])
        another.put()

        ip_whitelist = model.AuthIPWhitelist(
            key=model.ip_whitelist_key('bots'),
            subnets=['127.0.0.1/32'],
            description='Some description',
            created_ts=utils.utcnow(),
            created_by=model.Identity.from_bytes('user:[email protected]'),
            modified_ts=utils.utcnow(),
            modified_by=model.Identity.from_bytes('user:[email protected]'))
        ip_whitelist.put()

        ip_whitelist_assignments = model.AuthIPWhitelistAssignments(
            key=model.ip_whitelist_assignments_key(),
            modified_ts=utils.utcnow(),
            modified_by=model.Identity.from_bytes('user:[email protected]'),
            assignments=[
                model.AuthIPWhitelistAssignments.Assignment(
                    identity=model.Identity.from_bytes(
                        'user:[email protected]'),
                    ip_whitelist='bots',
                    comment='some comment',
                    created_ts=utils.utcnow(),
                    created_by=model.Identity.from_bytes(
                        'user:[email protected]')),
            ])
        ip_whitelist_assignments.put()

        realms_globals = model.AuthRealmsGlobals(
            key=model.realms_globals_key(),
            permissions=[
                realms_pb2.Permission(name='luci.dev.p1'),
                realms_pb2.Permission(name='luci.dev.p2'),
            ])
        realms_globals.put()

        model.AuthProjectRealms(key=model.project_realms_key('proj_id1'),
                                realms=realms_pb2.Realms(api_version=1234),
                                config_rev='rev1',
                                perms_rev='rev1').put()
        model.AuthProjectRealms(key=model.project_realms_key('proj_id2'),
                                realms=realms_pb2.Realms(api_version=1234),
                                config_rev='rev2',
                                perms_rev='rev2').put()

        captured_state, snapshot = replication.new_auth_db_snapshot()

        expected_state = {
            'auth_db_rev': 123,
            'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1),
            'primary_id': u'blah',
            'primary_url': u'https://blah',
            'shard_ids': [],
        }
        self.assertEqual(expected_state, captured_state.to_dict())

        expected_snapshot = {
            'global_config': {
                '__id__':
                'root',
                '__parent__':
                None,
                'auth_db_rev':
                None,
                'auth_db_prev_rev':
                None,
                'modified_by':
                model.Identity(kind='user', name='*****@*****.**'),
                'modified_ts':
                datetime.datetime(2014, 1, 1, 1, 1, 1),
                'oauth_additional_client_ids': [u'a', u'b'],
                'oauth_client_id':
                u'oauth_client_id',
                'oauth_client_secret':
                u'oauth_client_secret',
                'security_config':
                'security config blob',
                'token_server_url':
                u'https://token-server',
            },
            'groups': [
                {
                    '__id__': 'Another group',
                    '__parent__': ndb.Key('AuthGlobalConfig', 'root'),
                    'auth_db_rev': None,
                    'auth_db_prev_rev': None,
                    'created_by': None,
                    'created_ts': None,
                    'description': u'',
                    'globs': [],
                    'members': [],
                    'modified_by': None,
                    'modified_ts': None,
                    'nested': [u'Some group'],
                    'owners': u'administrators',
                },
                {
                    '__id__':
                    'Some group',
                    '__parent__':
                    ndb.Key('AuthGlobalConfig', 'root'),
                    'auth_db_rev':
                    None,
                    'auth_db_prev_rev':
                    None,
                    'created_by':
                    model.Identity(kind='user', name='*****@*****.**'),
                    'created_ts':
                    datetime.datetime(2014, 1, 1, 1, 1, 1),
                    'description':
                    u'Some description',
                    'globs':
                    [model.IdentityGlob(kind='user', pattern='*@example.com')],
                    'members':
                    [model.Identity(kind='user', name='*****@*****.**')],
                    'modified_by':
                    model.Identity(kind='user', name='*****@*****.**'),
                    'modified_ts':
                    datetime.datetime(2014, 1, 1, 1, 1, 1),
                    'nested': [],
                    'owners':
                    u'owning-group',
                },
            ],
            'ip_whitelists': [
                {
                    '__id__':
                    'bots',
                    '__parent__':
                    ndb.Key('AuthGlobalConfig', 'root'),
                    'auth_db_rev':
                    None,
                    'auth_db_prev_rev':
                    None,
                    'created_by':
                    model.Identity(kind='user', name='*****@*****.**'),
                    'created_ts':
                    datetime.datetime(2014, 1, 1, 1, 1, 1),
                    'description':
                    u'Some description',
                    'modified_by':
                    model.Identity(kind='user', name='*****@*****.**'),
                    'modified_ts':
                    datetime.datetime(2014, 1, 1, 1, 1, 1),
                    'subnets': [u'127.0.0.1/32'],
                },
            ],
            'ip_whitelist_assignments': {
                '__id__':
                'default',
                '__parent__':
                ndb.Key('AuthGlobalConfig', 'root'),
                'assignments': [
                    {
                        'comment':
                        u'some comment',
                        'created_by':
                        model.Identity(kind='user',
                                       name='*****@*****.**'),
                        'created_ts':
                        datetime.datetime(2014, 1, 1, 1, 1, 1),
                        'identity':
                        model.Identity(kind='user',
                                       name='*****@*****.**'),
                        'ip_whitelist':
                        u'bots',
                    },
                ],
                'auth_db_rev':
                None,
                'auth_db_prev_rev':
                None,
                'modified_by':
                model.Identity(kind='user', name='*****@*****.**'),
                'modified_ts':
                datetime.datetime(2014, 1, 1, 1, 1, 1),
            },
            'realms_globals': {
                '__id__':
                'globals',
                '__parent__':
                ndb.Key('AuthGlobalConfig', 'root'),
                'auth_db_prev_rev':
                None,
                'auth_db_rev':
                None,
                'modified_by':
                None,
                'modified_ts':
                None,
                'permissions': [
                    realms_pb2.Permission(name='luci.dev.p1'),
                    realms_pb2.Permission(name='luci.dev.p2'),
                ],
            },
            'project_realms': [{
                '__id__':
                'proj_id1',
                '__parent__':
                ndb.Key('AuthGlobalConfig', 'root'),
                'auth_db_prev_rev':
                None,
                'auth_db_rev':
                None,
                'config_rev':
                u'rev1',
                'perms_rev':
                u'rev1',
                'modified_by':
                None,
                'modified_ts':
                None,
                'realms':
                realms_pb2.Realms(api_version=1234),
            }, {
                '__id__':
                'proj_id2',
                '__parent__':
                ndb.Key('AuthGlobalConfig', 'root'),
                'auth_db_prev_rev':
                None,
                'auth_db_rev':
                None,
                'config_rev':
                u'rev2',
                'perms_rev':
                u'rev2',
                'modified_by':
                None,
                'modified_ts':
                None,
                'realms':
                realms_pb2.Realms(api_version=1234),
            }],
        }
        self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))