예제 #1
0
파일: mgrant.py 프로젝트: FilipchukB/P1
def allow(endpoint, email, spec):
    """
    [Admins only] Set allow rules for users.

    \b
    EMAIL: Email address of user to update.
    SPEC: mongogrant spec, e.g. "ro:host/dbname", "rw:host/dbname"
    """
    client = Client()
    remote = next(r for r in client.remotes() if r["endpoint"] == endpoint)
    token = remote["token"]
    if not token:
        print(
            "You do not have a token set for your default endpoint. See `mgrant init --help`."
        )
        return
    role, host_db = spec.split(":")
    host, db = host_db.split("/")
    roles = {"ro", "rw", "read", "readWrite"}
    if role not in roles:
        print("Role not recognized. Must be one of {}".format(roles))
        return

    if role == "ro":
        role = "read"
    elif role == "rw":
        role = "readWrite"
    rv = requests.post("{}/setrule/{}".format(endpoint, token),
                       data=dict(
                           email=email,
                           host=host,
                           db=db,
                           role=role,
                           which="allow",
                       ))
    if rv.json()["success"]:
        print("{} is now authorized to obtain {} credentials for {}/{} "
              "via mongogrant (from remote \"{}\").".format(
                  email,
                  "read" if role == "read" else "read and readWrite",
                  host,
                  db,
                  endpoint,
              ))
    else:
        print("Rule setting failed: {}".format(rv.text))
예제 #2
0
class TestClient(TestCase):
    @classmethod
    def setUpClass(cls):
        cls.mongod_with_auth = MongodWithAuth(port=27020)
        cls.mongod_with_auth.ensure()
        _, cls.config_path = tempfile.mkstemp()
        cls.dbname = "test_" + uuid4().hex
        cls.db = MongoClient(
            "mongodb://*****:*****@localhost:27020/admin")[
                cls.dbname]
        cls.db.command("createUser",
                       "reader",
                       pwd="readerpass",
                       roles=["read"])
        cls.db.command("createUser",
                       "writer",
                       pwd="writerpass",
                       roles=["readWrite"])

    @classmethod
    def tearDownClass(cls):
        os.remove(cls.config_path)
        cls.db.command("dropDatabase")
        cls.db.client.close()
        cls.mongod_with_auth.destroy()

    def setUp(self):
        config = Config(check=check, path=self.config_path, seed=seed())
        self.client = Client(config)

    def test_empty_init(self):
        os.environ["HOME"] = os.path.split(self.config_path)[0]
        self.assertTrue(Client().cfg is not None)

    def test_remotes(self):
        self.assertEqual(len(self.client.remotes()), 0)
        self.client.set_remote("ep1", "tk1")
        self.assertIn(dict(endpoint="ep1", token="tk1"), self.client.remotes())
        self.client.set_remote("ep1", "tk0")
        self.client.set_remote("ep2", "tk2")
        remotes = self.client.remotes()
        self.assertIn(dict(endpoint="ep1", token="tk0"), remotes)
        self.assertIn(dict(endpoint="ep2", token="tk2"), remotes)
        self.assertNotIn(dict(endpoint="ep1", token="tk1"), remotes)

    def test_aliases(self):
        self.assertEqual(len(self.client.aliases()), 0)
        h_alias = "dev"
        h_actual = "my.example.com"
        self.client.set_alias(h_alias, h_actual)
        self.assertIn(h_alias, self.client.aliases())
        self.assertTrue(h_actual, self.client.aliases()[h_alias])
        self.client.set_alias("h_alt_alias", h_actual)
        self.assertTrue(h_actual, self.client.aliases()["h_alt_alias"])
        d_alias = "core"
        d_actual = "the_best_db"
        self.client.set_alias(d_alias, d_actual, which="db")
        self.assertIn(d_alias, self.client.aliases("db"))
        self.assertTrue(d_actual, self.client.aliases("db")[d_alias])

    def test_auth(self):
        host = "my.example.com"
        db = "the_best_db"
        user_ro, user_rw = "user_ro", "user_rw"
        pass_ro, pass_rw = "pass_ro", "pass_rw"
        self.client.set_auth(host, db, "read", user_ro, pass_ro)
        self.client.set_auth(host, db, "readWrite", user_rw, pass_rw)
        self.assertTrue(self.client.get_auth(host, db, "read"))
        self.assertTrue(self.client.get_auth(host, db, "readWrite"))
        self.client.set_alias("dev", host, "host")
        auth = self.client.get_auth("dev", db, "read")
        self.assertEqual(auth["host"], host)
        self.client.set_alias("core", "the_best_db", "db")
        auth = self.client.get_auth("dev", "core", "read")
        self.assertEqual(auth["host"], host)

    def test_db(self):
        self.client.set_auth("localhost:27020",
                             self.dbname,
                             "read",
                             "reader",
                             "readerpass",
                             check=True)
        self.client.set_auth("localhost:27020",
                             self.dbname,
                             "readWrite",
                             "writer",
                             "writerpass",
                             check=True)
        self.client.set_alias("dev", "localhost:27020", "host")
        self.client.set_alias("core", self.dbname, "db")
        self.assertTrue(self.client.get_auth("dev", "core", "ro"))
        db = self.client.db("ro:dev/core")
        self.assertIsInstance(db, pymongo.database.Database)
        self.assertRaises(pymongo.errors.OperationFailure,
                          db.collection.insert_one, {"a": 1})
        db = self.client.db("rw:dev/core")
        db.collection.insert_one({"a": 1})
        self.assertTrue(db.collection.find_one({"a": 1}))