def test_fetch_configs_ok(self):
fetches = {
'imports.cfg': ('imports_cfg_rev', 'tarball{url:"a" systems:"b"}'),
'ip_whitelist.cfg':
('ip_whitelist_cfg_rev', config_pb2.IPWhitelistConfig()),
'oauth.cfg':
('oauth_cfg_rev', config_pb2.OAuthConfig(primary_client_id='a')),
}
@ndb.tasklet
def get_self_config_mock(path, *_args, **_kwargs):
self.assertIn(path, fetches)
raise ndb.Return(fetches.pop(path))
self.mock(config_component, 'get_self_config_async',
get_self_config_mock)
self.mock(config, '_get_configs_url', lambda: 'http://url')
result = config._fetch_configs(fetches.keys())
self.assertFalse(fetches)
self.assertEqual(
{
'imports.cfg':
(config.Revision('imports_cfg_rev', 'http://url'),
'tarball{url:"a" systems:"b"}'),
'ip_whitelist.cfg':
(config.Revision('ip_whitelist_cfg_rev', 'http://url'),
config_pb2.IPWhitelistConfig()),
'oauth.cfg': (config.Revision('oauth_cfg_rev', 'http://url'),
config_pb2.OAuthConfig(primary_client_id='a')),
}, result)
def test_validate_ip_whitelist_config_unknown_whitelist(self):
conf = config_pb2.IPWhitelistConfig(assignments=[
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='missing'),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_config_bad_subnet(self):
conf = config_pb2.IPWhitelistConfig(ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(name='abc',
subnets=['not a subnet']),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_include_cycle_1(self):
conf = config_pb2.IPWhitelistConfig(ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(
name='abc', subnets=[], includes=['abc']),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_config_duplicated_wl(self):
conf = config_pb2.IPWhitelistConfig(ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(name='abc'),
config_pb2.IPWhitelistConfig.IPWhitelist(name='abc'),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_update_ip_whitelist_config_with_includes(self):
def run(conf):
return config._update_authdb_configs({
'ip_whitelist.cfg': (config.Revision('ip_whitelist_cfg_rev',
'http://url'), conf),
})
conf = config_pb2.IPWhitelistConfig(ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(name='a',
subnets=['0.0.0.1/32']),
config_pb2.IPWhitelistConfig.IPWhitelist(
name='b', subnets=['0.0.0.1/32', '0.0.0.2/32'], includes=['a'
]),
config_pb2.IPWhitelistConfig.IPWhitelist(
name='c', subnets=['0.0.0.3/32'], includes=['a', 'b']),
config_pb2.IPWhitelistConfig.IPWhitelist(name='d', includes=['c']),
])
self.assertTrue(run(conf))
# Verify everything is there.
self.assertEqual(
{
'a': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description': u'Imported from ip_whitelist.cfg',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.1/32'],
},
'b': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description': u'Imported from ip_whitelist.cfg',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.1/32', u'0.0.0.2/32'],
},
'c': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description': u'Imported from ip_whitelist.cfg',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.1/32', u'0.0.0.2/32', u'0.0.0.3/32'],
},
'd': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description': u'Imported from ip_whitelist.cfg',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.1/32', u'0.0.0.2/32', u'0.0.0.3/32'],
},
}, {
x.key.id(): x.to_serializable_dict()
for x in model.AuthIPWhitelist.query(ancestor=model.root_key())
})
def test_validate_ip_whitelist_config_bad_identity(self):
conf = config_pb2.IPWhitelistConfig(
ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(name='abc')
],
assignments=[
config_pb2.IPWhitelistConfig.Assignment(
identity='bad identity', ip_whitelist_name='abc'),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_include_diamond(self):
conf = config_pb2.IPWhitelistConfig(ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(
name='abc', subnets=[], includes=['middle1', 'middle2']),
config_pb2.IPWhitelistConfig.IPWhitelist(
name='middle1', subnets=[], includes=['inner']),
config_pb2.IPWhitelistConfig.IPWhitelist(
name='middle2', subnets=[], includes=['inner']),
config_pb2.IPWhitelistConfig.IPWhitelist(name='inner', subnets=[]),
])
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_config_ok(self):
conf = config_pb2.IPWhitelistConfig(
ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(
name='abc', subnets=['127.0.0.1/32', '0.0.0.0/0']),
config_pb2.IPWhitelistConfig.IPWhitelist(name='bots',
subnets=[]),
],
assignments=[
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='abc'),
])
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_config_identity_twice(self):
conf = config_pb2.IPWhitelistConfig(
ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(name='abc'),
config_pb2.IPWhitelistConfig.IPWhitelist(name='def'),
],
assignments=[
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='abc'),
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='def'),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_update_ip_whitelist_config(self):
@ndb.transactional
def run(conf):
return config._update_ip_whitelist_config(
config.Revision('ip_whitelist_cfg_rev', 'http://url'), conf)
# Pushing empty config to empty DB -> no changes.
self.assertFalse(run(config_pb2.IPWhitelistConfig()))
# Added a bunch of IP whitelists and assignments.
conf = config_pb2.IPWhitelistConfig(
ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(
name='abc', subnets=['0.0.0.1/32']),
config_pb2.IPWhitelistConfig.IPWhitelist(
name='bots', subnets=['0.0.0.2/32']),
config_pb2.IPWhitelistConfig.IPWhitelist(name='empty'),
],
assignments=[
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='abc'),
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='bots'),
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='bots'),
])
self.mock_now(datetime.datetime(2014, 1, 2, 3, 4, 5))
self.assertTrue(run(conf))
# Verify everything is there.
self.assertEqual(
{
'assignments': [
{
'comment':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'created_by':
model.Identity(kind='service', name='sample-app'),
'created_ts':
datetime.datetime(2014, 1, 2, 3, 4, 5),
'identity':
model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist':
u'abc',
},
{
'comment':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'created_by':
model.Identity(kind='service', name='sample-app'),
'created_ts':
datetime.datetime(2014, 1, 2, 3, 4, 5),
'identity':
model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist':
u'bots',
},
{
'comment':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'created_by':
model.Identity(kind='service', name='sample-app'),
'created_ts':
datetime.datetime(2014, 1, 2, 3, 4, 5),
'identity':
model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist':
u'bots',
},
],
'auth_db_rev':
1,
'auth_db_prev_rev':
None,
'modified_by':
model.get_service_self_identity(),
'modified_ts':
datetime.datetime(2014, 1, 2, 3, 4, 5),
},
model.ip_whitelist_assignments_key().get().to_dict())
self.assertEqual(
{
'abc': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.1/32'],
},
'bots': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.2/32'],
},
'empty': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [],
},
}, {
x.key.id(): x.to_serializable_dict()
for x in model.AuthIPWhitelist.query(ancestor=model.root_key())
})
# Exact same config a bit later -> no changes applied.
self.mock_now(datetime.datetime(2014, 2, 2, 3, 4, 5))
self.assertFalse(run(conf))
# Modify whitelist, add new one, remove some. Same for assignments.
conf = config_pb2.IPWhitelistConfig(
ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(
name='abc', subnets=['0.0.0.3/32']),
config_pb2.IPWhitelistConfig.IPWhitelist(
name='bots', subnets=['0.0.0.2/32']),
config_pb2.IPWhitelistConfig.IPWhitelist(name='another'),
],
assignments=[
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='abc'),
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]',
ip_whitelist_name='another'),
config_pb2.IPWhitelistConfig.Assignment(
identity='user:[email protected]', ip_whitelist_name='bots'),
])
self.mock_now(datetime.datetime(2014, 3, 2, 3, 4, 5))
self.assertTrue(run(conf))
# Verify everything is there.
self.assertEqual(
{
'assignments': [
{
'comment':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'created_by':
model.Identity(kind='service', name='sample-app'),
'created_ts':
datetime.datetime(2014, 1, 2, 3, 4, 5),
'identity':
model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist':
u'abc',
},
{
'comment':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'created_by':
model.Identity(kind='service', name='sample-app'),
'created_ts':
datetime.datetime(2014, 3, 2, 3, 4, 5),
'identity':
model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist':
u'another',
},
{
'comment':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'created_by':
model.Identity(kind='service', name='sample-app'),
'created_ts':
datetime.datetime(2014, 3, 2, 3, 4, 5),
'identity':
model.Identity(kind='user', name='*****@*****.**'),
'ip_whitelist':
u'bots',
},
],
'auth_db_rev':
1,
'auth_db_prev_rev':
1, # replicate_auth_db is mocked, so no version bump
'modified_by':
model.get_service_self_identity(),
'modified_ts':
datetime.datetime(2014, 3, 2, 3, 4, 5),
},
model.ip_whitelist_assignments_key().get().to_dict())
self.assertEqual(
{
'abc': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'modified_by': 'service:sample-app',
'modified_ts': 1393729445000000,
'subnets': [u'0.0.0.3/32'],
},
'bots': {
'created_by': 'service:sample-app',
'created_ts': 1388631845000000,
'description':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'modified_by': 'service:sample-app',
'modified_ts': 1388631845000000,
'subnets': [u'0.0.0.2/32'],
},
'another': {
'created_by': 'service:sample-app',
'created_ts': 1393729445000000,
'description':
u'Imported from ip_whitelist.cfg at rev ip_whitelist_cfg_rev',
'modified_by': 'service:sample-app',
'modified_ts': 1393729445000000,
'subnets': [],
},
}, {
x.key.id(): x.to_serializable_dict()
for x in model.AuthIPWhitelist.query(ancestor=model.root_key())
})
def test_validate_ip_whitelist_config_bad_name(self):
conf = config_pb2.IPWhitelistConfig(ip_whitelists=[
config_pb2.IPWhitelistConfig.IPWhitelist(name='<bad name>'),
])
with self.assertRaises(ValueError):
config._validate_ip_whitelist_config(conf)
def test_validate_ip_whitelist_config_empty(self):
config._validate_ip_whitelist_config(config_pb2.IPWhitelistConfig())