def test_modify_roles_validation(self): with self.assertRaises(ValueError): acl.modify_roles( changes=['not a RoleChange'], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1)) def should_fail( package_path='a', revoke=False, role='OWNER', user=None, group='group'): with self.assertRaises(ValueError): acl.modify_roles( changes=[ acl.RoleChange( package_path=package_path, revoke=revoke, role=role, user=user, group=group), ], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1)) should_fail(package_path='bad path') should_fail(role='BAD_ROLE') should_fail(user=None, group=None) should_fail(user=auth.Identity.from_bytes('user:[email protected]'), group='group') should_fail(user='******', group=None) should_fail(group='bad/group/name')
def test_modify_roles_validation(self): with self.assertRaises(ValueError): acl.modify_roles( changes=['not a RoleChange'], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1)) def should_fail(package_path='a', revoke=False, role='OWNER', user=None, group='group'): with self.assertRaises(ValueError): acl.modify_roles( changes=[ acl.RoleChange(package_path=package_path, revoke=revoke, role=role, user=user, group=group), ], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1)) should_fail(package_path='bad path') should_fail(role='BAD_ROLE') should_fail(user=None, group=None) should_fail(user=auth.Identity.from_bytes('user:[email protected]'), group='group') should_fail(user='******', group=None) should_fail(group='bad/group/name')
def should_fail( package_path='a', revoke=False, role='OWNER', user=None, group='group'): with self.assertRaises(ValueError): acl.modify_roles( changes=[ acl.RoleChange( package_path=package_path, revoke=revoke, role=role, user=user, group=group), ], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1))
def should_fail(package_path='a', revoke=False, role='OWNER', user=None, group='group'): with self.assertRaises(ValueError): acl.modify_roles( changes=[ acl.RoleChange(package_path=package_path, revoke=revoke, role=role, user=user, group=group), ], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1))
def test_fetch_acl_ok(self): acl.modify_roles( changes=[ acl.RoleChange( package_path='a', revoke=False, role='OWNER', user=auth.Identity.from_bytes('user:[email protected]'), group=None), acl.RoleChange(package_path='a/b/c', revoke=False, role='READER', user=None, group='reader-group'), ], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1)) resp = self.call_api('fetch_acl', {'package_path': 'a/b/c/d'}) self.assertEqual(200, resp.status_code) self.assertEqual( { 'status': 'SUCCESS', 'acls': { 'acls': [ { 'modified_by': 'user:[email protected]', 'modified_ts': '1388534400000000', 'package_path': 'a', 'principals': ['user:[email protected]'], 'role': 'OWNER', }, { 'modified_by': 'user:[email protected]', 'modified_ts': '1388534400000000', 'package_path': 'a/b/c', 'principals': ['group:reader-group'], 'role': 'READER', }, ], }, }, resp.json_body)
def test_fetch_acl_ok(self): acl.modify_roles( changes=[ acl.RoleChange( package_path="a", revoke=False, role="OWNER", user=auth.Identity.from_bytes("user:[email protected]"), group=None, ), acl.RoleChange(package_path="a/b/c", revoke=False, role="READER", user=None, group="reader-group"), ], caller=auth.Identity.from_bytes("user:[email protected]"), now=datetime.datetime(2014, 1, 1), ) resp = self.call_api("fetch_acl", {"package_path": "a/b/c/d"}) self.assertEqual(200, resp.status_code) self.assertEqual( { "status": "SUCCESS", "acls": { "acls": [ { "modified_by": "user:[email protected]", "modified_ts": "1388534400000000", "package_path": "a", "principals": ["user:[email protected]"], "role": "OWNER", }, { "modified_by": "user:[email protected]", "modified_ts": "1388534400000000", "package_path": "a/b/c", "principals": ["group:reader-group"], "role": "READER", }, ] }, }, resp.json_body, )
def test_fetch_acl_ok(self): acl.modify_roles( changes=[ acl.RoleChange( package_path='a', revoke=False, role='OWNER', user=auth.Identity.from_bytes('user:[email protected]'), group=None), acl.RoleChange( package_path='a/b/c', revoke=False, role='READER', user=None, group='reader-group'), ], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1)) resp = self.call_api('fetch_acl', {'package_path': 'a/b/c/d'}) self.assertEqual(200, resp.status_code) self.assertEqual({ 'status': 'SUCCESS', 'acls': { 'acls': [ { 'modified_by': 'user:[email protected]', 'modified_ts': '1388534400000000', 'package_path': 'a', 'principals': ['user:[email protected]'], 'role': 'OWNER', }, { 'modified_by': 'user:[email protected]', 'modified_ts': '1388534400000000', 'package_path': 'a/b/c', 'principals': ['group:reader-group'], 'role': 'READER', }, ], }, }, resp.json_body)
def test_modify_roles(self): ident_a = auth.Identity.from_bytes('user:[email protected]') ident_b = auth.Identity.from_bytes('user:[email protected]') # Modify a bunch of packages. Include some redundant and self-canceling # changes to test all code paths. acl.modify_roles(changes=[ acl.RoleChange(package_path='a', revoke=False, role='OWNER', user=ident_a, group=None), acl.RoleChange(package_path='a', revoke=False, role='OWNER', user=ident_a, group=None), acl.RoleChange(package_path='a', revoke=False, role='OWNER', user=ident_b, group=None), acl.RoleChange(package_path='a/b', revoke=False, role='OWNER', user=None, group='some-group'), acl.RoleChange(package_path='a/b', revoke=False, role='OWNER', user=None, group='some-group'), acl.RoleChange(package_path='a/b/c', revoke=False, role='OWNER', user=ident_a, group=None), acl.RoleChange(package_path='a/b/c', revoke=True, role='OWNER', user=ident_a, group=None), ], caller=ident_a, now=datetime.datetime(2014, 1, 1)) # Ensure modification have been applied correctly. self.assertEqual( { 'groups': [], 'modified_by': ident_a, 'modified_ts': datetime.datetime(2014, 1, 1, 0, 0), 'rev': 1, 'users': [ident_a, ident_b], }, acl.package_acl_key('a', 'OWNER').get().to_dict()) self.assertEqual( { 'groups': ['some-group'], 'modified_by': ident_a, 'modified_ts': datetime.datetime(2014, 1, 1, 0, 0), 'rev': 1, 'users': [], }, acl.package_acl_key('a/b', 'OWNER').get().to_dict()) self.assertEqual(None, acl.package_acl_key('a/b/c', 'OWNER').get()) # Modify same ACLs again. acl.modify_roles(changes=[ acl.RoleChange(package_path='a', revoke=True, role='OWNER', user=ident_a, group=None), acl.RoleChange(package_path='a', revoke=False, role='OWNER', user=None, group='some-group'), acl.RoleChange(package_path='a/b', revoke=True, role='OWNER', user=None, group='some-group'), ], caller=ident_b, now=datetime.datetime(2015, 1, 1)) # Ensure modification have been applied correctly. self.assertEqual( { 'groups': ['some-group'], 'modified_by': ident_b, 'modified_ts': datetime.datetime(2015, 1, 1, 0, 0), 'rev': 2, 'users': [ident_b], }, acl.package_acl_key('a', 'OWNER').get().to_dict()) # Ensure previous version has been saved in the revision log. rev_key = ndb.Key(acl.PackageACLRevision, 1, parent=acl.package_acl_key('a', 'OWNER')) self.assertEqual( { 'groups': [], 'modified_by': ident_a, 'modified_ts': datetime.datetime(2014, 1, 1, 0, 0), 'users': [ident_a, ident_b], }, rev_key.get().to_dict())
def test_modify_roles_empty(self): # Just for code coverage. acl.modify_roles(changes=[], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1))
def test_modify_roles(self): ident_a = auth.Identity.from_bytes('user:[email protected]') ident_b = auth.Identity.from_bytes('user:[email protected]') # Modify a bunch of packages. Include some redundant and self-canceling # changes to test all code paths. acl.modify_roles( changes=[ acl.RoleChange( package_path='a', revoke=False, role='OWNER', user=ident_a, group=None), acl.RoleChange( package_path='a', revoke=False, role='OWNER', user=ident_a, group=None), acl.RoleChange( package_path='a', revoke=False, role='OWNER', user=ident_b, group=None), acl.RoleChange( package_path='a/b', revoke=False, role='OWNER', user=None, group='some-group'), acl.RoleChange( package_path='a/b', revoke=False, role='OWNER', user=None, group='some-group'), acl.RoleChange( package_path='a/b/c', revoke=False, role='OWNER', user=ident_a, group=None), acl.RoleChange( package_path='a/b/c', revoke=True, role='OWNER', user=ident_a, group=None), ], caller=ident_a, now=datetime.datetime(2014, 1, 1)) # Ensure modification have been applied correctly. self.assertEqual({ 'groups': [], 'modified_by': ident_a, 'modified_ts': datetime.datetime(2014, 1, 1, 0, 0), 'rev': 1, 'users': [ident_a, ident_b], }, acl.package_acl_key('a', 'OWNER').get().to_dict()) self.assertEqual({ 'groups': ['some-group'], 'modified_by': ident_a, 'modified_ts': datetime.datetime(2014, 1, 1, 0, 0), 'rev': 1, 'users': [], }, acl.package_acl_key('a/b', 'OWNER').get().to_dict()) self.assertEqual(None, acl.package_acl_key('a/b/c', 'OWNER').get()) # Modify same ACLs again. acl.modify_roles( changes=[ acl.RoleChange( package_path='a', revoke=True, role='OWNER', user=ident_a, group=None), acl.RoleChange( package_path='a', revoke=False, role='OWNER', user=None, group='some-group'), acl.RoleChange( package_path='a/b', revoke=True, role='OWNER', user=None, group='some-group'), ], caller=ident_b, now=datetime.datetime(2015, 1, 1)) # Ensure modification have been applied correctly. self.assertEqual({ 'groups': ['some-group'], 'modified_by': ident_b, 'modified_ts': datetime.datetime(2015, 1, 1, 0, 0), 'rev': 2, 'users': [ident_b], }, acl.package_acl_key('a', 'OWNER').get().to_dict()) # Ensure previous version has been saved in the revision log. rev_key = ndb.Key( acl.PackageACLRevision, 1, parent=acl.package_acl_key('a', 'OWNER')) self.assertEqual({ 'groups': [], 'modified_by': ident_a, 'modified_ts': datetime.datetime(2014, 1, 1, 0, 0), 'users': [ident_a, ident_b], }, rev_key.get().to_dict())
def test_modify_roles_empty(self): # Just for code coverage. acl.modify_roles( changes=[], caller=auth.Identity.from_bytes('user:[email protected]'), now=datetime.datetime(2014, 1, 1))