def test_load_users_no_groups(self): config = SQLStorageConfiguration() engine = SQLStorageEngine(config) engine.initialise() store = SQLUserGroupStore(engine) yaml_data = yaml.load(""" users: console: roles: user viewer: roles: user """, Loader=yaml.FullLoader) store._upload_users(yaml_data, verbose=True) authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store.load_usergroups(authorisor) self.assertTrue("console" in authorisor.users) self.assertTrue("viewer" in authorisor.users) self.assertFalse("sysadmin" in authorisor.groups) self.assertFalse("local" in authorisor.groups) self.assertTrue(authorisor.authorise("console", "user")) self.assertTrue(authorisor.authorise("viewer", "user"))
def test_load_usergroups(self): config = SQLStorageConfiguration() engine = SQLStorageEngine(config) engine.initialise() store = SQLUserGroupStore(engine) yaml_data = yaml.load(""" users: user1: groups: group1 user2: groups: group4 user3: groups: group1 groups: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 group2: roles: role4, role5 groups: group5 users: user3 group3: roles: role6 """, Loader=yaml.FullLoader) store.load_from_yaml(yaml_data, verbose=False) store.commit() authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store.load_usergroups(authorisor) self.assertTrue("user1" in authorisor.users) self.assertTrue("user2" in authorisor.users) self.assertTrue("user3" in authorisor.users) self.assertTrue("group1" in authorisor.groups) self.assertTrue("group2" in authorisor.groups) self.assertTrue("group3" in authorisor.groups) self.assertTrue(authorisor.authorise("user3", "role3"))
def test_usersgroups(self): service_config = BrainSecurityAuthorisationConfiguration("authorisation") service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml" service = BasicUserGroupAuthorisationService(service_config) self.assertIsNotNone(service) self.assertTrue(service.authorise("console", "root")) self.assertFalse(service.authorise("console", "uber")) with self.assertRaises(AuthorisationException): service.authorise("anyone", "root")
def assert_upload_from_file(self, store): store.empty() store.upload_from_file(os.path.dirname(__file__) + os.sep + "data" + os.sep + "security" + os.sep + "roles.yaml") config = unittest.mock.Mock() config.usergroups = "Test" usersgroupsauthorisor = BasicUserGroupAuthorisationService(config) store.load_usergroups(usersgroupsauthorisor) self.assertTrue(usersgroupsauthorisor.authorise("console", "admin")) with self.assertRaises(Exception): self.assertFalse(usersgroupsauthorisor.authorise("offred", "admin"))
def assert_upload_from_file_no_collection(self, store): store.empty() config = unittest.mock.Mock() config.usergroups = "Test" usersgroupsauthorisor = BasicUserGroupAuthorisationService(config) store.load_usergroups(usersgroupsauthorisor) with self.assertRaises(Exception): self.assertTrue(usersgroupsauthorisor.authorise( "console", "admin")) with self.assertRaises(Exception): self.assertFalse(usersgroupsauthorisor.authorise( "offred", "admin"))
def test_load_users_and_groups(self): config = FileStorageConfiguration() config._usergroups_storage = FileStoreConfiguration(file=os.path.dirname(__file__) + os.sep + "data" + os.sep + "security" + os.sep + "roles.yaml", fileformat="yaml", encoding="utf-8", delete_on_start=False) engine = FileStorageEngine(config) engine.initialise() store = FileUserGroupStore(engine) config = unittest.mock.Mock() config.usergroups = "Test" usersgroupsauthorisor = BasicUserGroupAuthorisationService(config) self.assertTrue(store.load_usergroups(usersgroupsauthorisor)) self.assertTrue(usersgroupsauthorisor.authorise("console", "admin")) with self.assertRaises(Exception): self.assertFalse(usersgroupsauthorisor.authorise("offred", "admin"))
def test_overall_load_missing_groups(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" users: user1: groups: group1 user2: groups: group4 groups: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 group2: roles: role4, role5 groups: group5 users: user3 group3: roles: role6 """, Loader=yaml.FullLoader) store.load_users_and_groups_from_yaml(yaml_data, authorisor)
def test_load_groups_no_groups(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" others: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 group2: roles: role4, role5 groups: group3 users: user3 """, Loader=yaml.FullLoader) store._load_groups(yaml_data,authorisor) self.assertFalse("group1" in authorisor.groups) self.assertFalse("group2" in authorisor.groups)
def test_load_groups_group(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" groups: group1: roles: role1, role2, role3 groups: group1, group2 users: user1, user2 """, Loader=yaml.FullLoader) store._load_groups_group(yaml_data, "group1", authorisor) self.assertTrue("group1" in authorisor.groups) self.assertTrue("role1" in authorisor.groups['group1'].roles) self.assertTrue("role2" in authorisor.groups['group1'].roles) self.assertTrue("role2" in authorisor.groups['group1'].roles) self.assertTrue("group1" in authorisor.groups['group1'].groups) self.assertTrue("group2" in authorisor.groups['group1'].groups) self.assertTrue("user1" in authorisor.groups['group1'].users) self.assertTrue("user2" in authorisor.groups['group1'].users)
def test_load_users(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" users: console: roles: user groups: sysadmin, local viewer: roles: user groups: local """, Loader=yaml.FullLoader) store._load_users(yaml_data,authorisor) self.assertTrue("console" in authorisor.users.keys()) self.assertIsInstance(authorisor.users['console'], User) self.assertTrue("user" in authorisor.users['console'].roles) self.assertTrue("sysadmin" in authorisor.users['console'].groups) self.assertTrue("local" in authorisor.users['console'].groups) self.assertTrue("viewer" in authorisor.users.keys()) self.assertIsInstance(authorisor.users['viewer'], User) self.assertTrue("user" in authorisor.users['viewer'].roles) self.assertTrue("local" in authorisor.users['viewer'].groups)
def test_load_groups_no_group_users(self): config = SQLStorageConfiguration() engine = SQLStorageEngine(config) engine.initialise() store = SQLUserGroupStore(engine) yaml_data = yaml.load(""" groups: group1: roles: role1, role2, role3 groups: group1, group2 group2: roles: role4, role5 groups: group3 """, Loader=yaml.FullLoader) store._upload_groups(yaml_data, verbose=False) authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store.load_usergroups(authorisor)
def test_load_users_groups_with_exception(self): config = FileStorageConfiguration() engine = FileStorageEngine(config) engine.initialise() store = FileUserGroupStore(engine) usersgroupsauthorisor = BasicUserGroupAuthorisationService(config) self.assertFalse(store.load_usergroups(usersgroupsauthorisor))
def test_usersgroups(self): client = TestClient() client.add_usergroups_store() service_config = BrainSecurityAuthorisationConfiguration("authorisation") service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml" service = BasicUserGroupAuthorisationService(service_config) self.assertIsNotNone(service) service.initialise(client) self.assertTrue(service.authorise("console", "root")) self.assertFalse(service.authorise("console", "uber")) with self.assertRaises(AuthorisationException): service.authorise("anyone", "root")
def test_load_users_no_users(self): authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration()) store = UserGroupsStore() yaml_data = yaml.load(""" others: console: roles: user groups: sysadmin, local viewer: roles: user groups: local """, Loader=yaml.FullLoader) store._load_users(yaml_data,authorisor) self.assertFalse("console" in authorisor.users.keys()) self.assertFalse("viewer" in authorisor.users.keys())