def testReadApprovalRequestsReturnsSingleApproval(self): client_id = "C.0000000050000001" d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", expiration_time=rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d")) approval_id = d.WriteApprovalRequest(approval_request) approvals = list( d.ReadApprovalRequests( "requestor", objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT)) self.assertEqual(len(approvals), 1) self.assertEqual(approvals[0].approval_id, approval_id) # Approval id and timestamp are generated in WriteApprovalRequest so we're # filling them into our model object ot make sure that equality check works. approval_request.approval_id = approvals[0].approval_id approval_request.timestamp = approvals[0].timestamp self.assertEqual(approval_request, approvals[0])
def testReadApprovalRequestsReturnsMultipleApprovals(self): d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") expiration_time = rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d") approval_ids = set() for i in range(10): approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType. APPROVAL_TYPE_CLIENT, subject_id="C.000000005000000%d" % i, requestor_username="******", reason="some test reason", expiration_time=expiration_time) approval_ids.add(d.WriteApprovalRequest(approval_request)) approvals = list( d.ReadApprovalRequests( "requestor", objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT)) self.assertEqual(len(approvals), 10) self.assertEqual(set(a.approval_id for a in approvals), approval_ids)
def testReadApprovalRequestsForSubjectKeepsExpiredApprovalsWhenAsked(self): client_id = "C.0000000050000001" d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") time_future = rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d") time_past = rdfvalue.RDFDatetime.Now() - rdfvalue.Duration("1d") approval_ids = set() for i in range(10): approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType. APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", expiration_time=(time_future if i % 2 == 0 else time_past)) approval_ids.add(d.WriteApprovalRequest(approval_request)) approvals = list( d.ReadApprovalRequests( "requestor", objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id, include_expired=True)) self.assertEqual(len(approvals), 10) self.assertEqual(set(a.approval_id for a in approvals), approval_ids)
def testReadWriteApprovalRequestsWithFilledInUsersEmailsAndGrants(self): d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") client_id = "C.0000000050000001" approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", expiration_time=rdfvalue.RDFDatetime(42), notified_users=["user1", "user2", "user3"], email_cc_addresses=["*****@*****.**", "*****@*****.**"], grants=[ objects.ApprovalGrant(grantor_username="******"), objects.ApprovalGrant(grantor_username="******") ]) approval_id = d.WriteApprovalRequest(approval_request) read_request = d.ReadApprovalRequest("requestor", approval_id) self.assertEqual( sorted(approval_request.notified_users), sorted(read_request.notified_users)) self.assertEqual( sorted(approval_request.email_cc_addresses), sorted(read_request.email_cc_addresses)) self.assertEqual( sorted(g.grantor_username for g in approval_request.grants), sorted(g.grantor_username for g in read_request.grants))
def testReadApprovalRequestsForSubjectIncludesGrantsIntoMultipleResults(self): client_id = "C.000000000000001" d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") for i in range(10): approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType. APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason %d" % i, grants=[ objects.ApprovalGrant(grantor_username="******" % i), objects.ApprovalGrant(grantor_username="******" % i) ], expiration_time=rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d")) d.WriteApprovalRequest(approval_request) approvals = sorted( d.ReadApprovalRequests( "requestor", objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id), key=lambda a: a.reason) self.assertEqual(len(approvals), 10) for i, approval in enumerate(approvals): self.assertEqual( sorted(g.grantor_username for g in approval.grants), ["grantor_%d_1" % i, "grantor_%d_2" % i])
def testReadApprovalRequestsForSubjectIncludesGrantsIntoSingleResult(self): client_id = "C.0000000050000001" d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", grants=[ objects.ApprovalGrant(grantor_username="******"), objects.ApprovalGrant(grantor_username="******") ], expiration_time=rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d")) approval_id = d.WriteApprovalRequest(approval_request) approvals = list( d.ReadApprovalRequests( "requestor", objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id)) self.assertEqual(len(approvals), 1) self.assertEqual(approvals[0].approval_id, approval_id) self.assertEqual( sorted(g.grantor_username for g in approvals[0].grants), ["grantor1", "grantor2"])
def testReadApprovalRequestsFiltersOutExpiredApprovals(self): d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") time_future = rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1d") time_past = rdfvalue.RDFDatetime.Now() - rdfvalue.Duration("1d") non_expired_approval_ids = set() for i in range(10): approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType. APPROVAL_TYPE_CLIENT, subject_id="C.000000005000000%d" % i, requestor_username="******", reason="some test reason", expiration_time=(time_future if i % 2 == 0 else time_past)) approval_id = d.WriteApprovalRequest(approval_request) if i % 2 == 0: non_expired_approval_ids.add(approval_id) approvals = list( d.ReadApprovalRequests( "requestor", objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT)) self.assertEqual(len(approvals), 5) self.assertEqual( set(a.approval_id for a in approvals), non_expired_approval_ids)
def testReadWriteApprovalRequestWithEmptyNotifiedUsersEmailsAndGrants( self): d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") client_id = "C.0000000050000001" approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType. APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", expiration_time=rdfvalue.RDFDatetime(42)) approval_id = d.WriteApprovalRequest(approval_request) self.assertTrue(approval_id) read_request = d.ReadApprovalRequest("requestor", approval_id) # Approval id and timestamp are generated in WriteApprovalRequest so we're # filling them into our model object ot make sure that equality check works. approval_request.approval_id = read_request.approval_id approval_request.timestamp = read_request.timestamp self.assertEqual(approval_request, read_request)
def _CreateApprovalRequest(approval_type, subject_id, expiration_time=None, grants=None): expiration_time = expiration_time or (rdfvalue.RDFDatetime.Now() + rdfvalue.Duration("1h")) return rdf_objects.ApprovalRequest(approval_type=approval_type, approval_id="1234", subject_id=subject_id, requestor_username="******", reason="reason", timestamp=rdfvalue.RDFDatetime.Now(), expiration_time=expiration_time, grants=grants)
def testGrantApprovalAddsMultipleGrantorsWithSameName(self): d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") client_id = "C.0000000050000001" approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", expiration_time=rdfvalue.RDFDatetime(42)) approval_id = d.WriteApprovalRequest(approval_request) for _ in range(3): d.GrantApproval("requestor", approval_id, "grantor") read_request = d.ReadApprovalRequest("requestor", approval_id) self.assertEqual(len(read_request.grants), 3) self.assertEqual([g.grantor_username for g in read_request.grants], ["grantor"] * 3)
def testGrantApprovalAddsNewGrantor(self): d = self.db # Ensure that the requestor user exists. d.WriteGRRUser("requestor") client_id = "C.0000000050000001" approval_request = objects.ApprovalRequest( approval_type=objects.ApprovalRequest.ApprovalType.APPROVAL_TYPE_CLIENT, subject_id=client_id, requestor_username="******", reason="some test reason", expiration_time=rdfvalue.RDFDatetime(42)) approval_id = d.WriteApprovalRequest(approval_request) read_request = d.ReadApprovalRequest("requestor", approval_id) self.assertFalse(read_request.grants) d.GrantApproval("requestor", approval_id, "grantor") read_request = d.ReadApprovalRequest("requestor", approval_id) self.assertEqual(len(read_request.grants), 1) self.assertEqual(read_request.grants[0].grantor_username, "grantor")