def main(argv=None):
del argv # Unused.
config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
config.CONFIG.AddContext(
contexts.CONSOLE_CONTEXT,
"Context applied when running the console binary.")
server_startup.Init()
fleetspeak_connector.Init()
username = flags.FLAGS.username
if not username:
username = os.environ["USER"]
if not username:
print("Username has to be specified with either --username flag or "
"USER environment variable.")
sys.exit(1)
grrapi = api.GrrApi(connector=api_shell_raw_access_lib.RawConnector(
token=access_control.ACLToken(username=username),
page_size=flags.FLAGS.page_size))
if flags.FLAGS.exec_code and flags.FLAGS.exec_file:
print("--exec_code --exec_file flags can't be supplied together.")
sys.exit(1)
elif flags.FLAGS.exec_code:
# pylint: disable=exec-used
exec(flags.FLAGS.exec_code, dict(grrapi=grrapi))
# pylint: enable=exec-used
elif flags.FLAGS.exec_file:
api_shell_lib.ExecFile(flags.FLAGS.exec_file, grrapi)
else:
api_shell_lib.IPShell([sys.argv[0]], user_ns=dict(grrapi=grrapi))
def testUserModificationAudit(self):
worker = worker_test_lib.MockWorker(token=self.token)
token = self.GenerateToken(username="******", reason="reason")
grr_api = api.GrrApi(connector=api_shell_raw_access_lib.RawConnector(
token=token, page_size=10))
grr_user = grr_api.root.CreateGrrUser(
"testuser",
password="******",
user_type=int(api_user.ApiGrrUser.UserType.USER_TYPE_ADMIN))
worker.Simulate()
grr_user.Modify(password="******",
user_type=int(
api_user.ApiGrrUser.UserType.USER_TYPE_STANDARD))
worker.Simulate()
grr_user.Delete()
worker.Simulate()
log_entries = []
for log in audit._AllLegacyAuditLogs(token=self.token):
log_entries.extend(log)
self.assertLen(log_entries, 3)
self.assertEqual(log_entries[0].action, "USER_ADD")
self.assertEqual(log_entries[0].urn, "aff4:/users/testuser")
self.assertEqual(log_entries[0].user, "usermodtest")
self.assertEqual(log_entries[1].action, "USER_UPDATE")
self.assertEqual(log_entries[1].urn, "aff4:/users/testuser")
self.assertEqual(log_entries[1].user, "usermodtest")
self.assertEqual(log_entries[2].action, "USER_DELETE")
self.assertEqual(log_entries[2].urn, "aff4:/users/testuser")
self.assertEqual(log_entries[2].user, "usermodtest")
def setUp(self):
super(RawConnectorTest, self).setUp()
self.connector = api_shell_raw_access_lib.RawConnector(
token=self.token, page_size=10)
def _CreateInProcessRootGRRAPI():
return api.GrrApi(connector=api_shell_raw_access_lib.RawConnector(
token=GetToken(), page_size=_GRR_API_PAGE_SIZE)).root
def InitGRRRootAPI():
return api.GrrApi(
connector=api_shell_raw_access_lib.RawConnector(
token=access_control.ACLToken(username="******"),
page_size=_GRR_API_PAGE_SIZE)).root
def setUp(self):
super().setUp()
self.connector = api_shell_raw_access_lib.RawConnector(
context=api_call_context.ApiCallContext(self.test_username),
page_size=10)
def InitGRRRootAPI():
return api.GrrApi(connector=api_shell_raw_access_lib.RawConnector(
context=api_call_context.ApiCallContext(username="******"),
page_size=_GRR_API_PAGE_SIZE)).root
