def badger(self, user_email, roles, action, srv_token=None): """Creates a service account, and uses it to grant or revoke a role to the user. To skip creation of the service account, pass a srv_token. :returns: the authentication token of the created service account. :rtype: str """ if isinstance(roles, str): roles = {roles} # Create a service account if needed. if srv_token is None: from pillar.api.service import create_service_account with self.app.test_request_context(): _, srv_token_doc = create_service_account( '*****@*****.**', {'badger'}, {'badger': list(roles)}) srv_token = srv_token_doc['token'] for role in roles: self.post('/api/service/badger', auth_token=srv_token, json={ 'action': action, 'role': role, 'user_email': user_email }, expected_status=204) return srv_token
def setUp(self, **kwargs): AbstractPillarTest.setUp(self, **kwargs) from pillar.api import service with self.app.test_request_context(): self.badger, token_doc = service.create_service_account( '*****@*****.**', ['badger'], {'badger': ['succubus', 'subscriber', 'demo']}) self.badger_token = token_doc['token'] self.user_id = self.create_user() self.user_email = TEST_EMAIL_ADDRESS
def test_create_service_account(self): from pillar.api.utils.authentication import force_cli_user from pillar.api import service with self.app.test_request_context(): force_cli_user() account, token = service.create_service_account( '*****@*****.**', ['flamenco_manager'], {'flamenco_manager': {}}) self.assertEqual(f'SRV-{account["_id"]}', account['full_name']) self.assertEqual(f'SRV-{account["_id"]}', account['username']) self.assertEqual(['flamenco_manager', 'service'], account['roles']) self.assertEqual([], account['auth']) self.assertEqual({'flamenco_manager': {}}, account['service']) self.assertAllowsAccess(token, account['_id'])
def create_new_manager(self, name: str, description: str, owner_id: bson.ObjectId) \ -> typing.Tuple[dict, dict, dict]: """Creates a new Manager, including its system account.""" assert isinstance(owner_id, bson.ObjectId) from pillar.api import service from pillar.api.users import add_user_to_group # Create the service account and the Manager. account, token_data = service.create_service_account( '', ['flamenco_manager'], {'flamenco_manager': {}}) mngr_doc = self.create_manager_doc(account['_id'], name, description) # Assign the owner to the owner group. add_user_to_group(owner_id, mngr_doc['owner']) return account, mngr_doc, token_data
def create_service_account(email, service_roles, service_definition, *, full_name: str = None): from pillar.api import service from pillar.api.utils import dumps account, token = service.create_service_account( email, service_roles, service_definition, full_name=full_name, ) print('Service account information:') print(dumps(account, indent=4, sort_keys=True)) print() print('Access token: %s' % token['token']) print(' expires on: %s' % token['expire_time']) return account, token