def test_load_users_no_groups(self):
config = SQLStorageConfiguration()
engine = SQLStorageEngine(config)
engine.initialise()
store = SQLUserGroupStore(engine)
yaml_data = yaml.load("""
users:
console:
roles:
user
viewer:
roles:
user
""", Loader=yaml.FullLoader)
store._upload_users(yaml_data, verbose=True)
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store.load_usergroups(authorisor)
self.assertTrue("console" in authorisor.users)
self.assertTrue("viewer" in authorisor.users)
self.assertFalse("sysadmin" in authorisor.groups)
self.assertFalse("local" in authorisor.groups)
self.assertTrue(authorisor.authorise("console", "user"))
self.assertTrue(authorisor.authorise("viewer", "user"))
def test_load_usergroups(self):
config = SQLStorageConfiguration()
engine = SQLStorageEngine(config)
engine.initialise()
store = SQLUserGroupStore(engine)
yaml_data = yaml.load("""
users:
user1:
groups:
group1
user2:
groups:
group4
user3:
groups:
group1
groups:
group1:
roles:
role1, role2, role3
groups:
group1, group2
users:
user1, user2
group2:
roles:
role4, role5
groups:
group5
users:
user3
group3:
roles:
role6
""", Loader=yaml.FullLoader)
store.load_from_yaml(yaml_data, verbose=False)
store.commit()
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store.load_usergroups(authorisor)
self.assertTrue("user1" in authorisor.users)
self.assertTrue("user2" in authorisor.users)
self.assertTrue("user3" in authorisor.users)
self.assertTrue("group1" in authorisor.groups)
self.assertTrue("group2" in authorisor.groups)
self.assertTrue("group3" in authorisor.groups)
self.assertTrue(authorisor.authorise("user3", "role3"))
def test_usersgroups(self):
service_config = BrainSecurityAuthorisationConfiguration("authorisation")
service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml"
service = BasicUserGroupAuthorisationService(service_config)
self.assertIsNotNone(service)
self.assertTrue(service.authorise("console", "root"))
self.assertFalse(service.authorise("console", "uber"))
with self.assertRaises(AuthorisationException):
service.authorise("anyone", "root")
def assert_upload_from_file(self, store):
store.empty()
store.upload_from_file(os.path.dirname(__file__) + os.sep + "data" + os.sep + "security" + os.sep + "roles.yaml")
config = unittest.mock.Mock()
config.usergroups = "Test"
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
store.load_usergroups(usersgroupsauthorisor)
self.assertTrue(usersgroupsauthorisor.authorise("console", "admin"))
with self.assertRaises(Exception):
self.assertFalse(usersgroupsauthorisor.authorise("offred", "admin"))
def assert_upload_from_file_no_collection(self, store):
store.empty()
config = unittest.mock.Mock()
config.usergroups = "Test"
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
store.load_usergroups(usersgroupsauthorisor)
with self.assertRaises(Exception):
self.assertTrue(usersgroupsauthorisor.authorise(
"console", "admin"))
with self.assertRaises(Exception):
self.assertFalse(usersgroupsauthorisor.authorise(
"offred", "admin"))
def test_load_users_and_groups(self):
config = FileStorageConfiguration()
config._usergroups_storage = FileStoreConfiguration(file=os.path.dirname(__file__) + os.sep + "data" + os.sep + "security" + os.sep + "roles.yaml", fileformat="yaml", encoding="utf-8", delete_on_start=False)
engine = FileStorageEngine(config)
engine.initialise()
store = FileUserGroupStore(engine)
config = unittest.mock.Mock()
config.usergroups = "Test"
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
self.assertTrue(store.load_usergroups(usersgroupsauthorisor))
self.assertTrue(usersgroupsauthorisor.authorise("console", "admin"))
with self.assertRaises(Exception):
self.assertFalse(usersgroupsauthorisor.authorise("offred", "admin"))
def test_overall_load_missing_groups(self):
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store = UserGroupsStore()
yaml_data = yaml.load("""
users:
user1:
groups:
group1
user2:
groups:
group4
groups:
group1:
roles:
role1, role2, role3
groups:
group1, group2
users:
user1, user2
group2:
roles:
role4, role5
groups:
group5
users:
user3
group3:
roles:
role6 """, Loader=yaml.FullLoader)
store.load_users_and_groups_from_yaml(yaml_data, authorisor)
def test_load_groups_no_groups(self):
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store = UserGroupsStore()
yaml_data = yaml.load("""
others:
group1:
roles:
role1, role2, role3
groups:
group1, group2
users:
user1, user2
group2:
roles:
role4, role5
groups:
group3
users:
user3
""", Loader=yaml.FullLoader)
store._load_groups(yaml_data,authorisor)
self.assertFalse("group1" in authorisor.groups)
self.assertFalse("group2" in authorisor.groups)
def test_load_groups_group(self):
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store = UserGroupsStore()
yaml_data = yaml.load("""
groups:
group1:
roles:
role1, role2, role3
groups:
group1, group2
users:
user1, user2
""", Loader=yaml.FullLoader)
store._load_groups_group(yaml_data, "group1", authorisor)
self.assertTrue("group1" in authorisor.groups)
self.assertTrue("role1" in authorisor.groups['group1'].roles)
self.assertTrue("role2" in authorisor.groups['group1'].roles)
self.assertTrue("role2" in authorisor.groups['group1'].roles)
self.assertTrue("group1" in authorisor.groups['group1'].groups)
self.assertTrue("group2" in authorisor.groups['group1'].groups)
self.assertTrue("user1" in authorisor.groups['group1'].users)
self.assertTrue("user2" in authorisor.groups['group1'].users)
def test_load_users(self):
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store = UserGroupsStore()
yaml_data = yaml.load("""
users:
console:
roles:
user
groups:
sysadmin, local
viewer:
roles:
user
groups:
local
""", Loader=yaml.FullLoader)
store._load_users(yaml_data,authorisor)
self.assertTrue("console" in authorisor.users.keys())
self.assertIsInstance(authorisor.users['console'], User)
self.assertTrue("user" in authorisor.users['console'].roles)
self.assertTrue("sysadmin" in authorisor.users['console'].groups)
self.assertTrue("local" in authorisor.users['console'].groups)
self.assertTrue("viewer" in authorisor.users.keys())
self.assertIsInstance(authorisor.users['viewer'], User)
self.assertTrue("user" in authorisor.users['viewer'].roles)
self.assertTrue("local" in authorisor.users['viewer'].groups)
def test_load_groups_no_group_users(self):
config = SQLStorageConfiguration()
engine = SQLStorageEngine(config)
engine.initialise()
store = SQLUserGroupStore(engine)
yaml_data = yaml.load("""
groups:
group1:
roles:
role1, role2, role3
groups:
group1, group2
group2:
roles:
role4, role5
groups:
group3
""", Loader=yaml.FullLoader)
store._upload_groups(yaml_data, verbose=False)
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store.load_usergroups(authorisor)
def test_load_users_groups_with_exception(self):
config = FileStorageConfiguration()
engine = FileStorageEngine(config)
engine.initialise()
store = FileUserGroupStore(engine)
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
self.assertFalse(store.load_usergroups(usersgroupsauthorisor))
def test_usersgroups(self):
client = TestClient()
client.add_usergroups_store()
service_config = BrainSecurityAuthorisationConfiguration("authorisation")
service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml"
service = BasicUserGroupAuthorisationService(service_config)
self.assertIsNotNone(service)
service.initialise(client)
self.assertTrue(service.authorise("console", "root"))
self.assertFalse(service.authorise("console", "uber"))
with self.assertRaises(AuthorisationException):
service.authorise("anyone", "root")
def test_load_users_no_users(self):
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store = UserGroupsStore()
yaml_data = yaml.load("""
others:
console:
roles:
user
groups:
sysadmin, local
viewer:
roles:
user
groups:
local
""", Loader=yaml.FullLoader)
store._load_users(yaml_data,authorisor)
self.assertFalse("console" in authorisor.users.keys())
self.assertFalse("viewer" in authorisor.users.keys())
