Exemplos de check_can_create_token em Python, exemplos de delegation.check_can_create_token em Python

Exemplo n.º 1

0

Exibir arquivo

    def test_allowed_to_impersonate(self):
        rule = self.add_rule(user_id=['user:[email protected]'],
                             target_service=['*'],
                             max_validity_duration=300,
                             allowed_to_impersonate=[
                                 'user:[email protected]',
                                 'user:*@viaglob.com',
                                 'group:via-group',
                             ])
        self.mock(
            auth, 'is_group_member', lambda g, m: g == 'via-group' and m.
            to_bytes() == 'user:[email protected]')

        tok = self.make_subtoken(delegated_identity='user:[email protected]',
                                 validity_duration=300)
        r = delegation.check_can_create_token('user:[email protected]', tok)
        self.assertEqual(rule, r)

        tok = self.make_subtoken(delegated_identity='user:[email protected]',
                                 validity_duration=300)
        r = delegation.check_can_create_token('user:[email protected]', tok)
        self.assertEqual(rule, r)

        tok = self.make_subtoken(delegated_identity='user:[email protected]',
                                 validity_duration=300)
        r = delegation.check_can_create_token('user:[email protected]', tok)
        self.assertEqual(rule, r)

        # Trying to impersonate someone not allowed.
        with self.assertRaises(auth.AuthorizationError):
            tok = self.make_subtoken(delegated_identity='user:[email protected]',
                                     validity_duration=300)
            delegation.check_can_create_token('user:[email protected]', tok)

Exemplo n.º 2

0

Exibir arquivo

Arquivo: delegation_test.py Projeto: onecityuni/luci-py

  def test_impersonation_disallowed_by_default(self):
    # Making delegation token.
    tok = self.make_subtoken(issuer_id='user:[email protected]', validity_duration=300)
    delegation.check_can_create_token('user:[email protected]', tok)

    # Making impersonation token.
    with self.assertRaises(auth.AuthorizationError):
      tok = self.make_subtoken(issuer_id='user:[email protected]', validity_duration=300)
      delegation.check_can_create_token('user:[email protected]', tok)

Exemplo n.º 3

0

Exibir arquivo

Arquivo: delegation_test.py Projeto: onecityuni/luci-py

  def test_validity_duration(self):
    self.add_rule(
        user_id=['*'], target_service=['*'], max_validity_duration=300)

    tok = self.make_subtoken(issuer_id='user:[email protected]', validity_duration=300)
    delegation.check_can_create_token('user:[email protected]', tok)

    with self.assertRaises(auth.AuthorizationError):
      tok = self.make_subtoken(issuer_id='user:[email protected]', validity_duration=400)
      delegation.check_can_create_token('user:[email protected]', tok)

Exemplo n.º 4

0

Exibir arquivo

    def test_impersonation_disallowed_by_default(self):
        # Making delegation token.
        tok = self.make_subtoken(delegated_identity='user:[email protected]',
                                 validity_duration=300)
        r = delegation.check_can_create_token('user:[email protected]', tok)
        self.assertEqual(delegation.DEFAULT_RULE, r)

        # Making impersonation token.
        with self.assertRaises(auth.AuthorizationError):
            tok = self.make_subtoken(delegated_identity='user:[email protected]',
                                     validity_duration=300)
            delegation.check_can_create_token('user:[email protected]', tok)