def test_read(self):
u = auth.EtcdUser(self.client, 'root')
# Reading an existing user succeeds
try:
u.read()
except Exception:
self.fail("reading the root user raised an exception")
# roles for said user are fetched
self.assertEquals(u.roles, set(['root']))
# The user is correctly rendered out
self.assertEquals(u._to_net(), [{
'user': '******',
'password': None,
'roles': ['root']
}])
# An inexistent user raises the appropriate exception
u = auth.EtcdUser(self.client, 'user.does.not.exist')
self.assertRaises(etcd.EtcdKeyNotFound, u.read)
# Reading with an unauthenticated client raises an exception
u = auth.EtcdUser(self.unauth_client, 'root')
self.assertRaises(etcd.EtcdInsufficientPermissions, u.read)
# Generic errors are caught
c = etcd.Client(port=9999)
u = auth.EtcdUser(c, 'root')
self.assertRaises(etcd.EtcdException, u.read)
def test_write_and_delete(self):
# Create an user
u = auth.EtcdUser(self.client, 'test_user')
u.roles.add('guest')
u.roles.add('root')
# directly from my suitcase
u.password = '******'
try:
u.write()
except:
self.fail("creating a user doesn't work")
# Password gets wiped
self.assertEquals(u.password, None)
u.read()
# Verify we can log in as this user and access the auth (it has the
# root role)
cl = etcd.Client(port=6001, username='******', password='******')
ul = auth.EtcdUser(cl, 'root')
try:
ul.read()
except etcd.EtcdInsufficientPermissions:
self.fail("Reading auth with the new user is not possible")
self.assertEquals(u.name, "test_user")
self.assertEquals(u.roles, set(['guest', 'root']))
# set roles as a list, it works!
u.roles = ['guest', 'test_group']
# We need this or the new API will return an internal error
r = auth.EtcdRole(self.client, 'test_group')
r.acls = {'*': 'R', '/test/*': 'RW'}
r.write()
try:
u.write()
except:
self.fail("updating a user you previously created fails")
u.read()
self.assertIn('test_group', u.roles)
# Unauthorized access is properly handled
ua = auth.EtcdUser(self.unauth_client, 'test_user')
self.assertRaises(etcd.EtcdInsufficientPermissions, ua.write)
# now let's test deletion
du = auth.EtcdUser(self.client, 'user.does.not.exist')
self.assertRaises(etcd.EtcdKeyNotFound, du.delete)
# Delete test_user
u.delete()
self.assertRaises(etcd.EtcdKeyNotFound, u.read)
# Permissions are properly handled
self.assertRaises(etcd.EtcdInsufficientPermissions, ua.delete)
def setUp(self):
# Sets up the root user, toggles auth
u = auth.EtcdUser(self.client, 'root')
u.password = '******'
u.write()
self.client = etcd.Client(port=6001,
username='******',
password='******')
self.unauth_client = etcd.Client(port=6001)
a = auth.Auth(self.client)
a.active = True
def tearDown(self):
u = auth.EtcdUser(self.client, 'test_user')
r = auth.EtcdRole(self.client, 'test_role')
try:
u.delete()
except:
pass
try:
r.delete()
except:
pass
a = auth.Auth(self.client)
a.active = False
def test_names(self):
u = auth.EtcdUser(self.client, 'test_user')
self.assertEquals(u.names, ['root'])
