def testDoesNotRaiseWhenLabelMatches(self):
self._AddLabel("foo", owner="GRR")
api_router.CheckClientLabels(
self.client_id,
allow_labels=self.allow_labels,
allow_labels_owners=self.allow_labels_owners)
def testDoesNotRaiseWhenLabelMatches(self):
self._AddLabel("foo", owner="GRR")
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)
def testRaisesIfOwnerDoesNotMatch(self):
self._AddLabel("foo", owner="GRRother")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
allow_labels=self.allow_labels,
allow_labels_owners=self.allow_labels_owners)
def testRaisesIfOwnerDoesNotMatch(self):
self._AddLabel("foo", owner="GRRother")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)
def testDoesNotRaiseWhenLabelMatches(self):
with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd:
fd.AddLabel("foo", owner="GRR")
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)
def testRaisesWhenLabelDoesNotMatch(self):
self._AddLabel("bar", owner="GRR")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
allow_labels=self.allow_labels,
allow_labels_owners=self.allow_labels_owners,
token=self.token)
def testRaisesIfOwnerDoesNotMatch(self):
with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd:
fd.AddLabel("foo", owner="GRRother")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)
def testRaisesWhenLabelDoesNotMatchAmongManyLabels(self):
self._AddLabel("foo1", owner="GRR")
self._AddLabel("2foo", owner="GRR")
self._AddLabel("1foo2", owner="GRR")
self._AddLabel("bar", owner="GRR")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
allow_labels=self.allow_labels,
allow_labels_owners=self.allow_labels_owners)
def testDoesNotRaiseWhenLabelMatchesAmongManyLabels(self):
self._AddLabel("bar", owner="GRR")
self._AddLabel("foo", owner="GRR")
self._AddLabel("zig", owner="GRR")
self._AddLabel("zag", owner="GRR")
api_router.CheckClientLabels(
self.client_id,
allow_labels=self.allow_labels,
allow_labels_owners=self.allow_labels_owners,
token=self.token)
def testRaisesWhenLabelDoesNotMatchAmongManyLabels(self):
with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd:
fd.AddLabel("foo1", owner="GRR")
fd.AddLabel("2foo", owner="GRR")
fd.AddLabel("1foo2", owner="GRR")
fd.AddLabel("bar", owner="GRR")
with self.assertRaises(access_control.UnauthorizedAccess):
api_router.CheckClientLabels(
self.client_id,
labels_whitelist=self.labels_whitelist,
labels_owners_whitelist=self.labels_owners_whitelist,
token=self.token)