def testAppliesMultipleLabelsToMultipleClients(self):
client_ids = self.SetupClients(3)
for client_id in client_ids:
self.assertFalse(self.GetClientLabels(client_id))
with test_lib.FakeTime(42):
flow.GRRFlow.StartFlow(flow_name="ApplyLabelsToClientsFlow",
clients=client_ids,
labels=["drei", "ein", "zwei"],
token=self.token)
for client_id in client_ids:
self.assertListEqual(
sorted(self.GetClientLabels(client_id),
key=lambda label: label.name),
[
rdfvalue.AFF4ObjectLabel(name="drei",
owner="test",
timestamp=rdfvalue.RDFDatetime().
FromSecondsFromEpoch(42)),
rdfvalue.AFF4ObjectLabel(name="ein",
owner="test",
timestamp=rdfvalue.RDFDatetime().
FromSecondsFromEpoch(42)),
rdfvalue.AFF4ObjectLabel(name="zwei",
owner="test",
timestamp=rdfvalue.RDFDatetime().
FromSecondsFromEpoch(42))
])
def testRegexForStringifiedValueMatchMatchesLabelsInList(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="ein", owner="GRR"))
labels_list.AddLabel(
rdfvalue.AFF4ObjectLabel(name="zwei", owner="test"))
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="drei",
owner="GRR"))
labels_list.AddLabel(
rdfvalue.AFF4ObjectLabel(name="vier", owner="test"))
self.assertTrue(
re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch(
"ein"), str(labels_list)))
self.assertTrue(
re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch(
"zwei"), str(labels_list)))
self.assertTrue(
re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch(
"drei"), str(labels_list)))
self.assertTrue(
re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch(
"vier"), str(labels_list)))
def testStringifiedRepresentationIsSorted(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo", owner="GRR"))
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="bar",
owner="test"))
self.assertEqual(utils.SmartStr(labels_list), "bar,foo")
def testStringifiedValueIsLabelsNamesWithoutOwners(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="bar", owner="GRR"))
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo",
owner="test"))
self.assertEqual(utils.SmartStr(labels_list), "bar,foo")
def testStringifiedValueDoesNotHaveDuplicates(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo", owner="GRR"))
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="bar", owner="GRR"))
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo",
owner="test"))
self.assertEqual(utils.SmartStr(labels_list), "bar,foo")
def testAddLabelAddsLabelWithSameNameButDifferentOwner(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo",
owner="test"))
self.assertEqual(len(labels_list.labels), 1)
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo", owner="GRR"))
self.assertEqual(len(labels_list.labels), 2)
def testAddLabelDoesNotAddLabelWithSameNameAndOwner(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo",
owner="test"))
self.assertEqual(len(labels_list.labels), 1)
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo",
owner="test"))
self.assertEqual(len(labels_list.labels), 1)
def GenerateSample(self, number=0):
label1 = rdfvalue.AFF4ObjectLabel(
name="foo_%d" % number, owner="test",
timestamp=rdfvalue.RDFDatetime().FromSecondsFromEpoch(42))
label2 = rdfvalue.AFF4ObjectLabel(
name="bar_%d" % number, owner="test",
timestamp=rdfvalue.RDFDatetime().FromSecondsFromEpoch(42))
return rdfvalue.AFF4ObjectLabelsList(labels=[label1, label2])
def testMultipleLabelsWithDifferentOwnersAreCorrectlyListed(self):
urn = rdfvalue.RDFURN("aff4:/foo/bar")
with self.CreateIndex(token=self.token) as index:
index.AddLabel(urn, "foo", owner="testuser1")
index.AddLabel(urn, "foo", owner="testuser2")
index = self.ReadIndex(token=self.token)
self.assertItemsEqual(index.ListUsedLabels(), [
rdfvalue.AFF4ObjectLabel(name="foo", owner="testuser1"),
rdfvalue.AFF4ObjectLabel(name="foo", owner="testuser2")
])
def testGetSortedLabelSet(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="foo",
owner="test"))
labels_list.AddLabel(
rdfvalue.AFF4ObjectLabel(name="foo2", owner="test2"))
labels_list.AddLabel(
rdfvalue.AFF4ObjectLabel(name="foo3", owner="test2"))
self.assertItemsEqual(labels_list.GetLabelNames(),
["foo", "foo2", "foo3"])
self.assertItemsEqual(labels_list.GetLabelNames(owner="test2"),
["foo2", "foo3"])
self.assertEqual(labels_list.GetLabelNames(owner="test4"), [])
def testAppliesSingleLabelToMultipleClients(self):
client_ids = self.SetupClients(3)
for client_id in client_ids:
self.assertFalse(self.GetClientLabels(client_id))
with test_lib.FakeTime(42):
flow.GRRFlow.StartFlow(flow_name="ApplyLabelsToClientsFlow",
clients=client_ids,
labels=["foo"],
token=self.token)
for client_id in client_ids:
self.assertListEqual(self.GetClientLabels(client_id), [
rdfvalue.AFF4ObjectLabel(
name="foo",
owner="test",
timestamp=rdfvalue.RDFDatetime().FromSecondsFromEpoch(42))
])
index = aff4.FACTORY.Create(client_index.MAIN_INDEX,
aff4_type="ClientIndex",
mode="rw",
token=self.token)
with test_lib.FakeTime(42):
self.assertListEqual(sorted(client_ids),
sorted(index.LookupClients(["foo"])))
def testUrnWithAddedLabelCanBeFoundViaLabelRegex(self):
with self.CreateIndex(token=self.token) as index:
index.AddLabel(rdfvalue.RDFURN("aff4:/foo/bar1"),
"foo", owner="testuser1")
index.AddLabel(rdfvalue.RDFURN("aff4:/foo/bar2"),
"bar", owner="testuser2")
index.AddLabel(rdfvalue.RDFURN("aff4:/foo/bar3"),
"foo", owner="testuser3")
index = self.ReadIndex(token=self.token)
found_urns = index.FindUrnsByLabelNameRegex("f.*o")
self.assertEqual(len(found_urns), 2)
self.assertListEqual(
found_urns[rdfvalue.AFF4ObjectLabel(name="foo", owner="testuser1")],
[rdfvalue.RDFURN("aff4:/foo/bar1")])
self.assertListEqual(
found_urns[rdfvalue.AFF4ObjectLabel(name="foo", owner="testuser3")],
[rdfvalue.RDFURN("aff4:/foo/bar3")])
def testAddedLabelIsCorrectlyListed(self):
urn = rdfvalue.RDFURN("aff4:/foo/bar")
with self.CreateIndex(token=self.token) as index:
index.AddLabel(urn, "foo", owner="testuser")
index = self.ReadIndex(token=self.token)
self.assertListEqual(
index.ListUsedLabels(),
[rdfvalue.AFF4ObjectLabel(name="foo", owner="testuser")])
def testRegexForStringifiedValueDoesNotMatchLabelsNotInList(self):
labels_list = rdfvalue.AFF4ObjectLabelsList()
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="ein",
owner="GRR"))
labels_list.AddLabel(rdfvalue.AFF4ObjectLabel(name="zwei",
owner="test"))
self.assertFalse(re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch("e"),
str(labels_list)))
self.assertFalse(re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch("in"),
str(labels_list)))
self.assertFalse(re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch("a.zwer"),
str(labels_list)))
self.assertFalse(re.match(
rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch("ein."),
str(labels_list)))
def testDeletedLabelIsNotRemovedFromUsedLabelsList(self):
label = rdfvalue.AFF4ObjectLabel(name="foo", owner="testuser")
urn = rdfvalue.RDFURN("aff4:/foo/bar")
with self.CreateIndex(token=self.token) as index:
index.AddLabel(urn, "foo", owner="testuser")
index = self.ReadIndex(token=self.token)
self.assertListEqual(index.ListUsedLabels(), [label])
with self.CreateIndex(token=self.token) as index:
index.RemoveLabel(urn, "foo", owner="testuser")
index = self.ReadIndex(token=self.token)
self.assertListEqual(index.ListUsedLabels(), [label])
def testAppliesSingleLabelToSingleClient(self):
client_id = self.SetupClients(1)[0]
self.assertFalse(self.GetClientLabels(client_id))
with test_lib.FakeTime(42):
flow.GRRFlow.StartFlow(flow_name="ApplyLabelsToClientsFlow",
clients=[client_id],
labels=["foo"],
token=self.token)
self.assertListEqual(
self.GetClientLabels(client_id),
[rdfvalue.AFF4ObjectLabel(
name="foo", owner="test",
timestamp=rdfvalue.RDFDatetime().FromSecondsFromEpoch(42))])
def testUserAccess(self):
"""Tests access to user objects."""
token = access_control.ACLToken(username="******", reason="For testing")
urn = aff4.ROOT_URN.Add("users")
# We cannot open any user account.
self.assertRaises(access_control.UnauthorizedAccess, aff4.FACTORY.Open,
urn.Add("some_user"), None, "rw", False, token)
# But we can open our own.
aff4.FACTORY.Open(urn.Add("test"), mode="rw", token=token)
# And we can also access our labels.
label_urn = urn.Add("test").Add("labels")
labels = aff4.FACTORY.Open(label_urn, mode="rw", token=token)
# But we cannot write to them.
l = labels.Schema.LABELS()
l.AddLabel(rdfvalue.AFF4ObjectLabel(name="admin", owner="GRR"))
labels.Set(labels.Schema.LABELS, l)
self.assertRaises(access_control.UnauthorizedAccess, labels.Close)
def LabelForIndexName(self, index_name):
label_owner, label_name = utils.SmartStr(index_name).split(
self.SEPARATOR, 1)
return rdfvalue.AFF4ObjectLabel(name=label_name, owner=label_owner)
def GenerateSample(self, number=0):
return rdfvalue.AFF4ObjectLabel(
name="label%d" % number,
owner="test",
timestamp=rdfvalue.RDFDatetime().FromSecondsFromEpoch(42))
def testAlphanumericCharactersAreAllowed(self):
rdfvalue.AFF4ObjectLabel(name="label42", owner="test")
def testForwardSlashIsAllowed(self):
rdfvalue.AFF4ObjectLabel(name="b/label.42:1", owner="test")
def testColonIsAllowed(self):
rdfvalue.AFF4ObjectLabel(name="label.42:1", owner="test")
def testDotIsAllowed(self):
rdfvalue.AFF4ObjectLabel(name="label.42", owner="test")