def test_credential_manager():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
cm = credentials.CredentialManager(
session_key,
context.app,
owner=context.owner,
realm=context.app,
scheme=context.scheme,
host=context.host,
port=context.port,
)
cm.set_password("testuser1", "password1")
assert cm.get_password("testuser1") == "password1"
long_password = "".join(["1111111111" for i in range(30)])
cm.set_password("testuser2", long_password)
assert cm.get_password("testuser2") == long_password
cm.delete_password("testuser1")
with pytest.raises(credentials.CredentialNotExistException):
cm.get_password("testuser1")
cm.delete_password("testuser2")
with pytest.raises(credentials.CredentialNotExistException):
cm.get_password("testuser2")
def test_conf_manager():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
cfm = conf_manager.ConfManager(
session_key,
context.app,
owner=context.owner,
scheme=context.scheme,
host=context.host,
port=context.port,
)
try:
conf = cfm.get_conf("test")
except conf_manager.ConfManagerException:
conf = cfm.create_conf("test")
assert not conf.stanza_exist("test_stanza")
conf.update("test_stanza", {"k1": 1, "k2": 2}, ["k1"])
assert conf.get("test_stanza")["k1"] == 1
assert int(conf.get("test_stanza")["k2"]) == 2
assert conf.get("test_stanza")["eai:appName"] == "solnlib_demo"
assert len(conf.get_all()) == 1
conf.delete("test_stanza")
with pytest.raises(conf_manager.ConfStanzaNotExistException):
conf.get("test_stanza")
with pytest.raises(conf_manager.ConfStanzaNotExistException):
conf.delete("test_stanza")
conf.reload()
def test_check_user_access():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
app_capabilities = {
"object_type1": {
"read": "read_app_object_type1",
"write": "write_app_object_type1",
"delete": "delete_app_object_type1",
},
"object_type2": {
"read": "read_app_object_type2",
"write": "write_app_object_type2",
"delete": "delete_app_object_type2",
},
}
with pytest.raises(user_access.UserAccessException):
user_access.check_user_access(session_key, app_capabilities,
"object_type1", "read")
def test_server_info():
session_key = get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
si = server_info.ServerInfo(session_key,
scheme=context.scheme,
host=context.host,
port=context.port)
print("Local splunk server info")
print(" -name: ", si.server_name)
print(" -version: ", si.version)
print(" -is a cluster captain: ", si.is_captain())
print(" -is a clound instance: ", si.is_cloud_instance())
print(" -is a search head: ", si.is_search_head())
print(" -is a SHC member: ", si.is_shc_member())
try:
shc_members = si.get_shc_members()
except server_info.ServerInfoException as e:
print(e)
else:
print(" -SHC members are: ", shc_members)
def test_kvstore():
session_key = get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
kvstore = client.Service(
scheme=context.scheme,
host=context.host,
port=context.port,
token=session_key,
app=context.app,
owner=context.owner,
autologin=True,
).kvstore
fields = {"id": "string", "name": "string", "user": "******"}
last_ex = None
for i in range(3):
try:
kvstore.create("sessions", fields=fields)
break
except binding.HTTPError as e:
last_ex = e
time.sleep(2**(i + 1))
else:
if last_ex:
raise last_ex
collections = kvstore.list()
collection_data = None
for collection in collections:
if collection.name == "sessions":
collection_data = collection.data
break
assert collection_data
record = {"id": uuid.uuid4().hex, "name": "session1", "user": "******"}
_key = collection_data.insert(json.dumps(record))["_key"]
resp_record = collection_data.query_by_id(_key)
resp_record = {
key: resp_record[key]
for key in resp_record if not key.startswith("_")
}
assert sorted(resp_record.values()) == sorted(record.values())
record = {"id": uuid.uuid4().hex, "name": "session4", "user": "******"}
collection_data.update(_key, json.dumps(record))
resp_record = collection_data.query_by_id(_key)
resp_record = {
key: resp_record[key]
for key in resp_record if not key.startswith("_")
}
assert sorted(resp_record.values()) == sorted(record.values())
collection_data.delete_by_id(_key)
with pytest.raises(HTTPError):
collection_data.query_by_id(_key)
def test_acl_manager():
session_key = get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
aclm = acl.ACLManager(
session_key,
context.app,
owner=context.owner,
scheme=context.scheme,
host=context.host,
port=context.port,
)
origin_perms = aclm.get("storage/collections/config/sessions/acl")
perms = aclm.update(
"storage/collections/config/sessions/acl",
perms_read=["admin"],
perms_write=["admin"],
)
origin_perms["perms"]["read"] = ["admin"]
origin_perms["perms"]["write"] = ["admin"]
assert origin_perms == perms
def test_get_current_username():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
assert (user_access.get_current_username(
session_key,
scheme=context.scheme,
host=context.host,
port=context.port) == context.username)
def test_get_user_roles():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
user_access.get_user_roles(
session_key,
context.username,
scheme=context.scheme,
host=context.host,
port=context.port,
)
def test_user_is_capable():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
assert not user_access.user_is_capable(
session_key,
context.username,
"test_capability",
scheme=context.scheme,
host=context.host,
port=context.port,
)
def test_hec_config():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
config = hec_config.HECConfig(session_key)
stanza = {
"index": "main",
"sourcetype": "akamai:cm:json2",
"token": "A0-5800-406B-9224-8E1DC4E720B7",
}
assert config.delete_input("not_exists") is None
name = "hec_config_testing"
config.delete_input(name)
assert config.get_input(name) is None
config.create_input(name, stanza)
res = config.get_input(name)
for k in ["index", "sourcetype", "token"]:
assert res[k] == stanza[k]
config.delete_input(name)
assert config.get_input(name) is None
setting = {
"enableSSL": "1",
"disabled": "1",
"useDeploymentServer": "0",
"port": "8087",
"output_mode": "json",
}
config.update_settings(setting)
new_settings = config.get_settings()
for k in ["enableSSL", "disabled", "useDeploymentServer", "port"]:
assert new_settings[k] == setting[k]
limits = {"max_content_length": "4000000"}
config.set_limits(limits)
new_limits = config.get_limits()
assert new_limits["max_content_length"] == limits["max_content_length"]
def test_hec_event_writer():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
ew = hew.HECEventWriter("test", session_key)
m1 = {}
for i in range(100):
m1[i] = "test1 data %s" % i
e1 = ew.create_event(m1, index="main", host="testing", sourcetype="hec")
m2 = {}
for i in range(100):
m2[i] = "test2 data %s" % i
e2 = ew.create_event(m2, index="main", host="testing", sourcetype="hec")
ew.write_events([e1, e2])
def test_app_capability_manager():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
acm = user_access.AppCapabilityManager(
"app_capabilities_collection",
session_key,
context.app,
owner=context.owner,
scheme=context.scheme,
host=context.host,
port=context.port,
)
app_capabilities = {
"object_type1": {
"read": "read_app_object_type1",
"write": "write_app_object_type1",
"delete": "delete_app_object_type1",
},
"object_type2": {
"read": "read_app_object_type2",
"write": "write_app_object_type2",
"delete": "delete_app_object_type2",
},
}
acm.register_capabilities(app_capabilities)
assert acm.capabilities_are_registered()
assert acm.get_capabilities() == app_capabilities
acm.unregister_capabilities()
assert not acm.capabilities_are_registered()
def test_get_session_key(monkeypatch):
def _mock_session_key_post(self, url, headers=None, **kwargs):
return common.make_response_record(
'{"sessionKey":"' + common.SESSION_KEY + '"}'
)
common.mock_splunkhome(monkeypatch)
monkeypatch.setattr(binding.HttpLib, "post", _mock_session_key_post)
assert credentials.get_session_key("user", "password") == common.SESSION_KEY
with pytest.raises(ValueError):
credentials.get_session_key("user", "password", scheme="non-http")
credentials.get_session_key("user", "password", scheme="http")
credentials.get_session_key("user", "password", scheme="https")
with pytest.raises(ValueError):
credentials.get_session_key("user", "password", scheme="http", host="==")
credentials.get_session_key("user", "password", scheme="http", host="localhost")
with pytest.raises(ValueError):
credentials.get_session_key(
"user", "password", scheme="http", host="localhost", port=-10
)
credentials.get_session_key(
"user", "password", scheme="http", host="localhost", port=10
)
credentials.get_session_key("user", "password", scheme="HTTP")
credentials.get_session_key("user", "password", scheme="HTTPS")
def test_object_acl_manager():
session_key = credentials.get_session_key(
context.username,
context.password,
scheme=context.scheme,
host=context.host,
port=context.port,
)
oaclm = user_access.ObjectACLManager(
"object_acls_collection",
session_key,
context.app,
owner=context.owner,
scheme=context.scheme,
host=context.host,
port=context.port,
)
obj_collection = "test_object_collection"
obj_id1 = "281a6d3310e711e6b2c9a45e60e34295"
obj_id2 = "281a6d3310e711e6b2c9a45e60e34296"
obj_id3 = "281a6d3310e711e6b2c9a45e60e34297"
obj_id4 = "281a6d3310e711e6b2c9a45e60e34294"
obj_type = "test_object_type"
obj_perms1 = {"read": ["admin"], "write": ["admin"], "delete": ["admin"]}
obj_perms2 = {"read": ["user1"], "write": ["admin"], "delete": ["admin"]}
oaclm.update_acl(obj_collection, obj_id1, obj_type, context.app,
context.owner, obj_perms1, True)
oaclm.update_acl(
obj_collection,
obj_id1,
obj_type,
context.app,
context.owner,
obj_perms2,
True,
replace_existing=False,
)
obj_acl = oaclm.get_acl(obj_collection, obj_id1)
assert set((obj_acl.obj_perms["read"])) == set(["admin", "user1"])
oaclm.update_acls(
obj_collection,
[obj_id2, obj_id3],
obj_type,
context.app,
context.owner,
obj_perms1,
True,
)
oaclm.get_acl(obj_collection, obj_id2)
oaclm.get_acl(obj_collection, obj_id3)
obj_acls = oaclm.get_acls(obj_collection, [obj_id2, obj_id3, obj_id4])
assert len(obj_acls) == 2
assert oaclm.get_accessible_object_ids(
"user1", "read", obj_collection,
[obj_id1, obj_id2, obj_id3]) == [obj_id1]
oaclm.delete_acl(obj_collection, obj_id1)
oaclm.delete_acls(obj_collection, [obj_id2, obj_id3])