def testSystemCronFlowsMayBeDisabledViaConfig(self): with test_lib.ConfigOverrider({ "Cron.disabled_system_jobs": ["DummySystemCronJob"] }): cronjobs.ScheduleSystemCronFlows(token=self.token) jobs = cronjobs.CRON_MANAGER.ListJobs(token=self.token) dummy_jobs = [j for j in jobs if j.Basename() == "DummySystemCronJob"] self.assertTrue(dummy_jobs) # This cron job should be disabled, because it's listed in # Cron.disabled_system_jobs config variable. job = aff4.FACTORY.Open( dummy_jobs[0], aff4_type=cronjobs.CronJob, token=self.token) self.assertTrue(job.Get(job.Schema.DISABLED)) # Now remove the cron job from the list and check that it gets disabled # after next ScheduleSystemCronFlows() call. with test_lib.ConfigOverrider({"Cron.disabled_system_jobs": []}): cronjobs.ScheduleSystemCronFlows(token=self.token) # System cron job should be enabled. job = aff4.FACTORY.Open( dummy_jobs[0], aff4_type=cronjobs.CronJob, token=self.token) self.assertFalse(job.Get(job.Schema.DISABLED))
def testSystemCronJobSetsStartTime(self): with test_lib.FakeTime(100): now = rdfvalue.RDFDatetime.Now() cronjobs.ScheduleSystemCronFlows( names=[ DummySystemCronJob.__name__, DummySystemCronJobStartNow.__name__ ], token=self.token) random_time = "aff4:/cron/DummySystemCronJob" no_random_time = "aff4:/cron/DummySystemCronJobStartNow" random_time_job = aff4.FACTORY.Open( random_time, aff4_type=cronjobs.CronJob, token=self.token) no_random_time_job = aff4.FACTORY.Open( no_random_time, aff4_type=cronjobs.CronJob, token=self.token) start_time_now = no_random_time_job.Get( no_random_time_job.Schema.CRON_ARGS).start_time self.assertEqual(start_time_now, now) random_start_time = random_time_job.Get( random_time_job.Schema.CRON_ARGS).start_time self.assertTrue( now < random_start_time < (now + DummySystemCronJob.frequency))
def testEmailCronjobApprovalGrantNotificationLinkLeadsToCorrectPage(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob(rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) security.CronJobApprovalRequestor( reason=self.APPROVAL_REASON, subject_urn="aff4:/cron/OSBreakDown", approver=self.GRANTOR_TOKEN.username, token=self.token).Request() security.CronJobApprovalGrantor( reason=self.APPROVAL_REASON, subject_urn="aff4:/cron/OSBreakDown", token=self.GRANTOR_TOKEN, delegate=self.token.username).Grant() # There should be 1 message for approval request and 1 message # for approval grant notification. self.assertEqual(len(self.messages_sent), 2) message = self.messages_sent[1] self.assertTrue(self.APPROVAL_REASON in message) self.assertTrue(self.GRANTOR_TOKEN.username in message) self.Open(self._ExtractLinkFromMessage(message)) self.WaitUntil(self.IsTextPresent, "OSBreakDown")
def testEmailCronJobApprovalRequestLinkLeadsToACorrectPage(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob(rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) security.CronJobApprovalRequestor( reason=self.APPROVAL_REASON, subject_urn="aff4:/cron/OSBreakDown", approver=self.GRANTOR_TOKEN.username, token=self.token).Request() self.assertEqual(len(self.messages_sent), 1) message = self.messages_sent[0] self.assertTrue(self.APPROVAL_REASON in message) self.assertTrue(self.token.username in message) self.assertTrue("OSBreakDown" in message) # Extract link from the message text and open it. m = re.search(r"href='(.+?)'", message, re.MULTILINE) link = urlparse.urlparse(m.group(1)) self.Open(link.path + "?" + link.query + "#" + link.fragment) # Check that requestor's username and reason are correctly displayed. self.WaitUntil(self.IsTextPresent, self.token.username) self.WaitUntil(self.IsTextPresent, self.APPROVAL_REASON) # Check that host information is displayed. self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__) self.WaitUntil(self.IsTextPresent, "Periodicity")
def testEmailCronJobApprovalRequestLinkLeadsToACorrectPage(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob( rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) messages_sent = [] def SendEmailStub(unused_from_user, unused_to_user, unused_subject, message, **unused_kwargs): messages_sent.append(message) # Request client approval, it will trigger an email message. with utils.Stubber(email_alerts.EMAIL_ALERTER, "SendEmail", SendEmailStub): security.CronJobApprovalRequestor( reason="Please please let me", subject_urn="aff4:/cron/OSBreakDown", approver=self.token.username, token=access_control.ACLToken(username="******", reason="test")).Request() self.assertEqual(len(messages_sent), 1) # Extract link from the message text and open it. m = re.search(r"href='(.+?)'", messages_sent[0], re.MULTILINE) link = urlparse.urlparse(m.group(1)) self.Open(link.path + "?" + link.query + "#" + link.fragment) # Check that requestor's username and reason are correctly displayed. self.WaitUntil(self.IsTextPresent, "iwantapproval") self.WaitUntil(self.IsTextPresent, "Please please let me") # Check that host information is displayed. self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__) self.WaitUntil(self.IsTextPresent, "Periodicity")
def testSystemCronJobsGetScheduledWhenDisabledListInvalid(self): with test_lib.ConfigOverrider({ "Cron.disabled_system_jobs": ["NonExistent"] }): with self.assertRaises(ValueError): cronjobs.ScheduleSystemCronFlows( names=[DummySystemCronJob.__name__], token=self.token) jobs = cronjobs.CRON_MANAGER.ListJobs(token=self.token) dummy_jobs = [j for j in jobs if j.Basename() == "DummySystemCronJob"] self.assertTrue(dummy_jobs)
def testSystemCronFlowsGetScheduledAutomatically(self): cronjobs.ScheduleSystemCronFlows( names=[DummySystemCronJob.__name__], token=self.token) jobs = cronjobs.CRON_MANAGER.ListJobs(token=self.token) dummy_jobs = [j for j in jobs if j.Basename() == "DummySystemCronJob"] self.assertTrue(dummy_jobs) # System cron job should be enabled by default. job = aff4.FACTORY.Open( dummy_jobs[0], aff4_type=cronjobs.CronJob, token=self.token) self.assertFalse(job.Get(job.Schema.DISABLED))
def testStatefulSystemCronFlowMaintainsState(self): DummyStatefulSystemCronJob.VALUES = [] # We need to have a cron job started to have a place to maintain # state. cronjobs.ScheduleSystemCronFlows( names=[DummyStatefulSystemCronJob.__name__], token=self.token) flow.GRRFlow.StartFlow( flow_name="DummyStatefulSystemCronJob", token=self.token) flow.GRRFlow.StartFlow( flow_name="DummyStatefulSystemCronJob", token=self.token) flow.GRRFlow.StartFlow( flow_name="DummyStatefulSystemCronJob", token=self.token) self.assertListEqual(DummyStatefulSystemCronJob.VALUES, [0, 1, 2])
def testCronJobACLWorkflow(self): cronjobs.ScheduleSystemCronFlows( names=[cron_system.OSBreakDown.__name__], token=self.token) cronjobs.CRON_MANAGER.DisableJob( rdfvalue.RDFURN("aff4:/cron/OSBreakDown")) # Open up and click on Cron Job Viewer. self.Open("/") self.WaitUntil(self.IsElementPresent, "client_query") self.Click("css=a[grrtarget=crons]") # Select a cron job self.Click("css=td:contains('OSBreakDown')") # Click on Enable button and check that dialog appears. self.Click("css=button[name=EnableCronJob]") self.WaitUntil(self.IsTextPresent, "Are you sure you want to ENABLE this cron job?") # Click on "Proceed" and wait for authorization dialog to appear. self.Click("css=button[name=Proceed]") self.WaitUntil(self.IsElementPresent, "css=h3:contains('Create a new approval')") # This asks the our user to approve the request. self.Type("css=grr-request-approval-dialog input[name=acl_approver]", self.token.username) self.Type("css=grr-request-approval-dialog input[name=acl_reason]", self.reason) self.Click( "css=grr-request-approval-dialog button[name=Proceed]:not([disabled])" ) # "Request Approval" dialog should go away self.WaitUntilNot(self.IsVisible, "css=.modal-open") self.Open("/") self.WaitUntil(lambda: self.GetText("notification_button") != "0") self.Click("notification_button") self.Click("css=td:contains('Please grant access to a cron job')") self.WaitUntilContains("Grant access", self.GetText, "css=h2:contains('Grant')") self.WaitUntil(self.IsTextPresent, "The user %s has requested" % self.token.username) # Cron job overview should be visible self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__) self.WaitUntil(self.IsTextPresent, "Periodicity") self.Click("css=button:contains('Approve')") self.WaitUntil(self.IsTextPresent, "Approval granted.") # Now test starts up self.Open("/") # We should be notified that we have an approval self.WaitUntil(lambda: self.GetText("notification_button") != "0") self.Click("notification_button") self.WaitUntil( self.GetText, "css=td:contains('has granted you access to " "a cron job')") self.Click("css=tr:contains('has granted you access') a") # Enable OSBreakDown cron job (it should be selected by default). self.Click("css=td:contains('OSBreakDown')") # Click on Enable and wait for dialog again. self.Click("css=button[name=EnableCronJob]:not([disabled])") self.WaitUntil(self.IsTextPresent, "Are you sure you want to ENABLE this cron job?") # Click on "Proceed" and wait for authorization dialog to appear. self.Click("css=button[name=Proceed]") # This is insufficient - we need 2 approvers. self.WaitUntilContains( "Need at least 1 additional approver for access.", self.GetText, "css=grr-request-approval-dialog") # Lets add another approver. token = access_control.ACLToken(username="******") security.CronJobApprovalGrantor( subject_urn=rdfvalue.RDFURN("aff4:/cron/OSBreakDown"), reason=self.reason, delegate=self.token.username, token=token).Grant() # Now test starts up self.Open("/") # We should be notified that we have an approval self.WaitUntil(lambda: self.GetText("notification_button") != "0") self.Click("notification_button") self.Click("css=tr:contains('has granted you access') a") # Wait for modal backdrop to go away. self.WaitUntilNot(self.IsVisible, "css=.modal-open") self.WaitUntil(self.IsTextPresent, cron_system.OSBreakDown.__name__) # Enable OSBreakDown cron job (it should be selected by default). self.Click("css=button[name=EnableCronJob]:not([disabled])") self.WaitUntil(self.IsTextPresent, "Are you sure you want to ENABLE this cron job?") # Click on "Proceed" and wait for authorization dialog to appear. self.Click("css=button[name=Proceed]") # This is still insufficient - one of the approvers should have # "admin" label. self.WaitUntilContains( "Need at least 1 additional approver with the 'admin' label for access", self.GetText, "css=grr-request-approval-dialog") # Let's make "approver" an admin. self.CreateAdminUser("approver") # And try again self.Open("/") self.Click("css=a[grrtarget=crons]") # Select and enable OSBreakDown cron job. self.Click("css=td:contains('OSBreakDown')") # Click on Enable button and check that dialog appears. self.Click("css=button[name=EnableCronJob]:not([disabled])") self.WaitUntil(self.IsTextPresent, "Are you sure you want to ENABLE this cron job?") # Click on "Proceed" and wait for success label to appear. # Also check that "Proceed" button gets disabled. self.Click("css=button[name=Proceed]") self.WaitUntil(self.IsTextPresent, "Cron job was ENABLED successfully!")