def testGettingFQDNIfConfigMissing(): fqdn = "opsi.fqdntestcase.invalid" configFilePath = randomString(32) while os.path.exists(configFilePath): configFilePath = randomString(32) with patchAddress(fqdn=fqdn): assert fqdn == getfqdn(conf=configFilePath)
def testWorkingWithManyCredentials(fakeCredentialsBackend, number):
backend = fakeCredentialsBackend
for _ in range(number):
backend.user_setCredentials(username=randomString(12),
password=randomString(12))
backend.user_setCredentials(username="******", password='******')
credentials = backend.user_getCredentials(username="******")
assert 'bla' == credentials['password']
def createActionProcessorUser(self, recreate=True):
if not config.get('action_processor', 'create_user'):
return
run_as_user = config.get('action_processor', 'run_as_user')
if run_as_user.lower() == 'system':
self._actionProcessorUserName = ''
self._actionProcessorUserPassword = ''
return
if '\\' in run_as_user:
logger.warning(
"Ignoring domain part of user to run action processor '%s'",
run_as_user)
run_as_user = run_as_user.split('\\', -1)
if not recreate and self._actionProcessorUserName and self._actionProcessorUserPassword and System.existsUser(
username=run_as_user):
return
self._actionProcessorUserName = run_as_user
logger.notice(f"Creating local user '{run_as_user}'")
self._actionProcessorUserPassword = '******' + str(
randomString(16)) + '!/%'
secret_filter.add_secrets(self._actionProcessorUserPassword)
if System.existsUser(username=run_as_user):
System.deleteUser(username=run_as_user)
System.createUser(username=run_as_user,
password=self._actionProcessorUserPassword,
groups=[System.getAdminGroupName()])
def testGettingFQDNIfConfigFileEmpty(tempDir): fqdn = "opsi.fqdntestcase.invalid" with patchAddress(fqdn=fqdn): confPath = os.path.join(tempDir, randomString(8)) with open(confPath, 'w'): pass assert fqdn == getfqdn(conf=confPath)
def __init__(self, packageFile, tempDir=None):
self.packageFile = os.path.abspath(forceFilename(packageFile))
if not os.path.exists(self.packageFile):
raise IOError(u"Package file '%s' not found" % self.packageFile)
tempDir = tempDir or DEFAULT_TMP_DIR
self.tempDir = os.path.abspath(forceFilename(tempDir))
if not os.path.isdir(self.tempDir):
raise IOError(u"Temporary directory '%s' not found" % self.tempDir)
self.clientDataDir = None
self.tmpUnpackDir = os.path.join(self.tempDir,
u'.opsi.unpack.%s' % randomString(5))
self.packageControlFile = None
self.clientDataFiles = []
def testReadingPasswordFromCredentialsfile(filename):
password = randomString(32)
pwdfile = filename + '.secret'
with codecs.open(pwdfile, 'w', 'utf-8') as f:
f.write(password + '\n')
with open(filename, 'w') as f:
f.write('address = https://lullaby.machine.dream:12345/c3\n')
f.write('username = hanz\n')
f.write('password file = {}\n'.format(pwdfile))
config = readOpsirc(filename)
assert len(config) == 3
assert config['address'] == 'https://lullaby.machine.dream:12345/c3'
assert config['username'] == 'hanz'
assert config['password'] == password
def __init__(self,
sessionHandler,
name=u'OPSISID',
sessionMaxInactiveInterval=120):
self.sessionHandler = sessionHandler
self.name = forceUnicode(name)
self.sessionMaxInactiveInterval = forceInt(sessionMaxInactiveInterval)
self.created = time.time()
self.lastModified = time.time()
self.sessionTimer = None
self.uid = randomString(32)
self.ip = u''
self.userAgent = u''
self.hostname = u''
self.user = u''
self.password = u''
self.authenticated = False
self.postpath = []
self.usageCount = 0
self.usageCountLock = threading.Lock()
self.markedForDeletion = False
self.deleted = False
self.touch()
def inventoryNumber(request):
return randomString(request.param)
def pathToTempFile(tempDir):
yield os.path.join(tempDir, randomString(8))
def text():
return randomString(24)
def __init__(self,
packageSourceDir,
tempDir=None,
customName=None,
customOnly=False,
packageFileDestDir=None,
format='cpio',
compression='gzip',
dereference=False):
self.packageSourceDir = os.path.abspath(
forceFilename(packageSourceDir))
if not os.path.isdir(self.packageSourceDir):
raise IOError(u"Package source directory '%s' not found" %
self.packageSourceDir)
tempDir = tempDir or DEFAULT_TMP_DIR
self.tempDir = os.path.abspath(forceFilename(tempDir))
if not os.path.isdir(self.tempDir):
raise IOError(u"Temporary directory '%s' not found" % self.tempDir)
self.customName = None
if customName:
self.customName = forcePackageCustomName(customName)
self.customOnly = forceBool(customOnly)
if format:
if format not in (u'cpio', u'tar'):
raise ValueError(u"Format '%s' not supported" % format)
self.format = format
else:
self.format = u'cpio'
if not compression:
self.compression = None
else:
if compression not in (u'gzip', u'bzip2'):
raise ValueError(u"Compression '%s' not supported" %
compression)
self.compression = compression
self.dereference = forceBool(dereference)
if not packageFileDestDir:
packageFileDestDir = self.packageSourceDir
packageFileDestDir = os.path.abspath(forceFilename(packageFileDestDir))
if not os.path.isdir(packageFileDestDir):
raise IOError(u"Package destination directory '%s' not found" %
packageFileDestDir)
packageControlFile = os.path.join(self.packageSourceDir, u'OPSI',
u'control')
if customName and os.path.exists(
os.path.join(self.packageSourceDir, u'OPSI.%s' % customName,
u'control')):
packageControlFile = os.path.join(self.packageSourceDir,
u'OPSI.%s' % customName,
u'control')
self.packageControlFile = PackageControlFile(packageControlFile)
self.packageControlFile.parse()
customName = u''
if self.customName:
customName = u'~%s' % self.customName
self.packageFile = os.path.join(
packageFileDestDir, u"%s_%s-%s%s.opsi" %
(self.packageControlFile.getProduct().id,
self.packageControlFile.getProduct().productVersion,
self.packageControlFile.getProduct().packageVersion, customName))
self.tmpPackDir = os.path.join(self.tempDir,
u'.opsi.pack.%s' % randomString(5))
def testArchiveCanBeNamed(tempDir):
randomName = os.path.join(tempDir, '{0}.tar'.format(randomString(16)))
archive, _ = createArchive(tempDir, name=randomName, mode="w")
assert os.path.exists(archive.name)
def testExistingArchiveIsImmutable(tempDir):
randomName = os.path.join(tempDir, '{0}.tar'.format(randomString(16)))
_, options = createArchive(tempDir, name=randomName, mode="w")
with pytest.raises(OpsiBackupFileError):
OpsiBackupArchive(**options)
def urlopen(self,
method,
url,
body=None,
headers={},
retry=True,
redirect=True,
assert_same_host=True,
firstTryTime=None):
"""
Get a connection from the pool and perform an HTTP request.
method
HTTP request method (such as GET, POST, PUT, etc.)
body
Data to send in the request body (useful for creating POST requests,
see HTTPConnectionPool.post_url for more convenience).
headers
Custom headers to send (such as User-Agent, If-None-Match, etc.)
retry
Retry on connection failure in between self.retryTime seconds
redirect
Automatically handle redirects (status codes 301, 302, 303, 307),
each redirect counts as a retry.
"""
now = time.time()
if not firstTryTime:
firstTryTime = now
conn = None
if assert_same_host and not self.is_same_host(url):
host = "%s://%s" % (self.scheme, self.host)
if self.port:
host = "%s:%d" % (host, self.port)
raise HostChangedError(
u"Connection pool with host '%s' tried to open a foreign host: %s"
% (host, url))
try:
conn = self._get_conn()
if self.httplibDebugLevel:
conn.set_debuglevel(self.httplibDebugLevel)
self.num_requests += 1
global totalRequests
totalRequests += 1
randomKey = None
if isinstance(
self, HTTPSConnectionPool
) and self.verifyServerCert and not self.serverVerified:
try:
logger.info(u"Encoding authorization")
randomKey = randomString(32).encode('latin-1')
encryptedKey = encryptWithPublicKeyFromX509CertificatePEMFile(
randomKey, self.serverCertFile)
logger.debug2("Key encrypted...")
headers[
'X-opsi-service-verification-key'] = base64.b64encode(
encryptedKey)
for key, value in headers.items():
if key.lower() == 'authorization':
logger.debug2("Procesing authorization header...")
if value.lower().startswith('basic'):
value = value[5:].strip()
value = base64.b64decode(value).strip()
logger.debug2("Decoded authorization header...")
encodedAuth = encryptWithPublicKeyFromX509CertificatePEMFile(
value, self.serverCertFile)
headers[key] = 'Opsi ' + base64.b64encode(
encodedAuth)
except Exception as error:
logger.logException(error, LOG_INFO)
logger.critical(
u"Cannot verify server based on certificate file {0!r}: {1}",
self.serverCertFile, error)
randomKey = None
logger.debug2("Handing data to connection...")
conn.request(method, url, body=body, headers=headers)
if self.socketTimeout:
conn.sock.settimeout(self.socketTimeout)
else:
conn.sock.settimeout(None)
httplib_response = conn.getresponse()
# from_httplib will perform httplib_response.read() which will have
# the side effect of letting us use this connection for another
# request.
response = HTTPResponse.from_httplib(httplib_response)
if randomKey:
logger.debug2("Checking for random key...")
try:
key = response.getheader('x-opsi-service-verification-key',
None)
if not key:
raise ValueError(
u"HTTP header 'X-opsi-service-verification-key' missing"
)
if key.strip() != randomKey.strip():
raise OpsiAuthenticationError(
u"opsi-service-verification-key '%s' != '%s'" %
(key, randomKey))
self.serverVerified = True
logger.notice(
u"Service verified by opsi-service-verification-key")
except Exception as error:
logger.error(u"Service verification failed: {0}", error)
raise OpsiServiceVerificationError(
u"Service verification failed: %s" % error)
if self.serverCertFile and self.peerCertificate:
try:
certDir = os.path.dirname(self.serverCertFile)
if not os.path.exists(certDir):
os.makedirs(certDir)
with open(self.serverCertFile, 'w') as f:
f.write(self.peerCertificate)
except Exception as error:
logger.error(
u"Failed to create server cert file {0!r}: {1}",
self.serverCertFile, error)
# Put the connection back to be reused
if self.reuseConnection:
self._put_conn(conn)
else:
logger.debug(u"Closing connection: {0}", conn)
self._put_conn(None)
closeConnection(conn)
except (SocketTimeout, Empty, HTTPException, SocketError) as error:
logger.logException(error, logLevel=LOG_DEBUG)
try:
logger.debug(
u"Request to host {0!r} failed, retry: {1}, firstTryTime: {2}, now: {3}, retryTime: {4}, connectTimeout: {5}, socketTimeout: {6} ({7!r})",
self.host, retry, firstTryTime, now, self.retryTime,
self.connectTimeout, self.socketTimeout, error)
except Exception as loggingError:
logger.debug(u"Logging exception failed: {0}",
forceUnicode(loggingError))
logger.debug(
u"Trying to log again without original exception.")
try:
logger.debug(
u"Request to host {0!r} failed, retry: {1}, firstTryTime: {2}, now: {3}, retryTime: {4}, connectTimeout: {5}, socketTimeout: {6}",
self.host, retry, firstTryTime, now, self.retryTime,
self.connectTimeout, self.isocketTimeout)
except Exception as error:
logger.debug(u"Logging message failed: {0!r}", error)
logger.warning(u"Logging message failed: {0}",
forceUnicode(error))
self._put_conn(None)
closeConnection(conn)
if retry and (now - firstTryTime < self.retryTime):
logger.debug(u"Request to {0!r} failed: {1}", self.host,
forceUnicode(error))
logger.debug(u"Waiting before retry...")
time.sleep(0.2)
return self.urlopen(method, url, body, headers, retry,
redirect, assert_same_host, firstTryTime)
else:
if retry:
logger.warning(
"Connecting to {0!r} did not succeed after retrying.",
self.host)
raise
except Exception:
self._put_conn(None)
closeConnection(conn)
raise
# Handle redirection
if redirect and response.status in (
301, 302, 303, 307) and 'location' in response.headers:
logger.info(u"Redirecting %s -> %s" %
(url, response.headers.get('location')))
time.sleep(0.1)
self._put_conn(None)
closeConnection(conn)
return self.urlopen(method, url, body, headers, retry, redirect,
assert_same_host, firstTryTime)
return response
def testRandomStringBuildsStringOutOfGivenCharacters(): assert 5*'a' == randomString(5, characters='a')
def filename(tempDir):
return os.path.join(tempDir, randomString(8) + '.conf')
def randomText(request): yield randomString(request.param)
def testRandomStringHasExpectedLength(length): result = randomString(length) assert length == len(result) assert length == len(result.strip())
