def test_grant_additive(self):
path = yield self.client.create("/abc")
acl = ACL(self.client, "/abc")
yield acl.grant("admin", read=True)
yield acl.grant("admin", write=True)
test_ace = make_ace(":", read=True, write=True)
node_acl, stat = yield self.client.get_acl(path)
self.assertEqual(node_acl[-1]["perms"], test_ace["perms"])
def test_grant_additive(self):
path = yield self.client.create("/abc")
acl = ACL(self.client, "/abc")
yield acl.grant("admin", read=True)
yield acl.grant("admin", write=True)
test_ace = make_ace(":", read=True, write=True)
node_acl, stat = yield self.client.get_acl(path)
self.assertEqual(node_acl[-1]["perms"], test_ace["perms"])
def test_grant(self):
path = yield self.client.create("/abc")
acl = ACL(self.client, path)
yield acl.grant("admin", all=True)
node_acl, stat = yield self.client.get_acl(path)
self.assertEqual(
node_acl,
[ZOO_OPEN_ACL_UNSAFE,
make_ace(self.admin.get_token(), all=True)])
def test_grant(self):
path = yield self.client.create("/abc")
acl = ACL(self.client, path)
yield acl.grant("admin", all=True)
node_acl, stat = yield self.client.get_acl(path)
self.assertEqual(
node_acl,
[ZOO_OPEN_ACL_UNSAFE,
make_ace(self.admin.get_token(), all=True)])
def test_prohibit_not_in_acl(self):
principal = Principal("zebra", "stripes")
yield self.tokens.add(principal)
path = yield self.client.create(
"/abc", acls=[make_ace(self.admin.get_token(), all=True)])
acl = ACL(self.client, path)
# We get to the same end state so its fine.
yield acl.prohibit("zebra")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(acl, [make_ace(self.admin.get_token(), all=True)])
def test_prohibit_not_in_acl(self):
principal = Principal("zebra", "stripes")
yield self.tokens.add(principal)
path = yield self.client.create("/abc", acls=[
make_ace(self.admin.get_token(), all=True)])
acl = ACL(self.client, path)
# We get to the same end state so its fine.
yield acl.prohibit("zebra")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(
acl, [make_ace(self.admin.get_token(), all=True)])
def test_prohibit(self):
principal = Principal("zebra", "stripes")
yield self.tokens.add(principal)
path = yield self.client.create("/abc", acls=[
make_ace(self.admin.get_token(), all=True),
make_ace(principal.get_token(), write=True)])
acl = ACL(self.client, path)
yield acl.prohibit("zebra")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(
acl, [make_ace(self.admin.get_token(), all=True)])
def test_acl_without_admin(self):
"""A client needs an attached principle with the admin perm to set acl.
"""
client = yield self.get_zookeeper_client().connect()
principal = Principal("zebra", "stripes")
yield self.tokens.add(principal)
attach_deferred = principal.attach(client)
yield self.client.create(
"/abc", acls=[make_ace(self.admin.get_token(), all=True)])
yield attach_deferred
acl = ACL(client, "/abc")
yield self.assertFailure(acl.grant("zebra", all=True),
zookeeper.NoAuthException)
def test_acl_without_admin(self):
"""A client needs an attached principle with the admin perm to set acl.
"""
client = yield self.get_zookeeper_client().connect()
principal = Principal("zebra", "stripes")
yield self.tokens.add(principal)
attach_deferred = principal.attach(client)
yield self.client.create(
"/abc",
acls=[make_ace(self.admin.get_token(), all=True)])
yield attach_deferred
acl = ACL(client, "/abc")
yield self.assertFailure(
acl.grant("zebra", all=True),
zookeeper.NoAuthException)
def test_prohibit(self):
principal = Principal("zebra", "stripes")
yield self.tokens.add(principal)
path = yield self.client.create("/abc",
acls=[
make_ace(self.admin.get_token(),
all=True),
make_ace(principal.get_token(),
write=True)
])
acl = ACL(self.client, path)
yield acl.prohibit("zebra")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(acl, [make_ace(self.admin.get_token(), all=True)])
def test_prohibit_non_existant_node(self):
acl = ACL(self.client, "/abc")
yield self.assertFailure(
acl.prohibit("zebra"), StateNotFound)
def test_grant_not_in_token_database(self):
path = yield self.client.create("/abc")
acl = ACL(self.client, path)
yield self.assertFailure(acl.grant("zebra"), PrincipalNotFound)
def test_acl_on_non_existant_node(self):
acl = ACL(self.client, "abc")
yield self.assertFailure(acl.grant("admin", all=True), StateNotFound)
def test_prohibit_non_existant_node(self):
acl = ACL(self.client, "/abc")
yield self.assertFailure(acl.prohibit("zebra"), StateNotFound)
def test_grant_not_in_token_database(self):
path = yield self.client.create("/abc")
acl = ACL(self.client, path)
yield self.assertFailure(acl.grant("zebra"), PrincipalNotFound)
def test_acl_on_non_existant_node(self):
acl = ACL(self.client, "abc")
yield self.assertFailure(acl.grant("admin", all=True), StateNotFound)