def test_remove_user_from_namespace_fail_no_such_namespace(idstorage):
idstorage.create_namespace(NamespaceID('foo'))
idstorage.add_user_to_namespace(NamespaceID('foo'),
User(AuthsourceID('as'), Username('u')))
fail_remove_namespace_user(idstorage, NamespaceID('bar'),
User(AuthsourceID('as'), Username('u')),
NoSuchNamespaceError('bar'))
def test_add_user_to_namespace_fail_duplicate(idstorage):
idstorage.create_namespace(NamespaceID('foo'))
idstorage.add_user_to_namespace(NamespaceID('foo'),
User(AuthsourceID('as'), Username('u')))
fail_add_namespace_user(
idstorage, NamespaceID('foo'), User(AuthsourceID('as'), Username('u')),
UserExistsError('User as/u already administrates namespace foo'))
def check_set_namespace_publicly_mappable(pub_value, log_collector):
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set([AuthsourceID('asone')]), storage)
handlers.get_user.return_value = (User(AuthsourceID('asone'), Username('u')), False)
storage.get_namespace.return_value = Namespace(NamespaceID('n'), False, set([
User(AuthsourceID('astwo'), Username('u2')),
User(AuthsourceID('asone'), Username('u')),
User(AuthsourceID('asthree'), Username('u'))]))
idm.set_namespace_publicly_mappable(
AuthsourceID('asone'),
Token('t'),
NamespaceID('n'),
pub_value)
assert handlers.get_user.call_args_list == [((AuthsourceID('asone'), Token('t'),), {})]
assert storage.get_namespace.call_args_list == [((NamespaceID('n'),), {})]
assert storage.set_namespace_publicly_mappable.call_args_list == \
[((NamespaceID('n'), pub_value), {})]
print(log_collector)
assert_logs_correct(log_collector, 'User asone/u set namespace n public map property to ' +
str(pub_value))
def set_up_data_for_get_namespaces(idstorage):
idstorage.create_namespace(NamespaceID('ns1'))
idstorage.set_namespace_publicly_mappable(NamespaceID('ns1'), True)
idstorage.add_user_to_namespace(NamespaceID('ns1'),
User(AuthsourceID('as'), Username('u')))
idstorage.create_namespace(NamespaceID('ns2'))
idstorage.create_namespace(NamespaceID('ns3'))
idstorage.add_user_to_namespace(NamespaceID('ns3'),
User(AuthsourceID('as'), Username('u')))
idstorage.add_user_to_namespace(
NamespaceID('ns3'), User(AuthsourceID('astwo'), Username('u3')))
expected = [
Namespace(NamespaceID('ns1'), True,
set([User(AuthsourceID('as'), Username('u'))])),
Namespace(NamespaceID('ns2'), False),
Namespace(
NamespaceID('ns3'), False,
set([
User(AuthsourceID('as'), Username('u')),
User(AuthsourceID('astwo'), Username('u3'))
]))
]
return expected
def get_mappings(ns):
""" Find mappings. """
ns_filter = request.args.get('namespace_filter')
separate = request.args.get('separate')
if ns_filter and ns_filter.strip():
ns_filter = [NamespaceID(n.strip()) for n in ns_filter.split(',')]
else:
ns_filter = []
ids = _get_object_id_list_from_json(request)
if len(ids) > 1000:
raise IllegalParameterError('A maximum of 1000 ids are allowed')
ret = {}
for id_ in ids:
id_ = id_.strip()
a, o = app.config[_APP].get_mappings(
ObjectID(NamespaceID(ns), id_), ns_filter)
if separate is not None: # empty string if in query with no value
ret[id_] = {
'admin': _objids_to_jsonable(a),
'other': _objids_to_jsonable(o)
}
else:
a.update(o)
ret[id_] = {'mappings': _objids_to_jsonable(a)}
return flask.jsonify(ret)
def test_namespace_id_slots():
assert NamespaceID('foo').__slots__ == ['id']
with raises(Exception) as got:
NamespaceID('foo').attrib = 'whoops'
assert_exception_correct(
got.value,
AttributeError("'NamespaceID' object has no attribute 'attrib'"))
def test_remove_user_from_namespace_fail_no_such_user(idstorage):
idstorage.create_namespace(NamespaceID('foo'))
idstorage.add_user_to_namespace(NamespaceID('foo'),
User(AuthsourceID('as'), Username('u')))
fail_remove_namespace_user(
idstorage, NamespaceID('foo'), User(AuthsourceID('as'),
Username('u1')),
NoSuchUserError('User as/u1 does not administrate namespace foo'))
def test_object_id_init_pass():
a = 'abcdefghijklmnopqrstuvwxyz'
oidstr = a + a.upper() + r'0123456789!@#$%^&*()_+`~{}[]\|/<>,.?' + ('a' *
912)
oid = ObjectID(NamespaceID('foo'), oidstr)
assert oid.namespace_id == NamespaceID('foo')
assert oid.id == oidstr
def test_namespace_id_init_pass():
ns = NamespaceID('abcdefghijklmnopqrstuvwxyz0123456789_')
assert ns.id == 'abcdefghijklmnopqrstuvwxyz0123456789_'
ns = NamespaceID('abcdefghijklmnopqrstuvwxyz0123456789_'.upper())
assert ns.id == 'abcdefghijklmnopqrstuvwxyz0123456789_'.upper()
ns = NamespaceID('a' * 256)
assert ns.id == 'a' * 256
def test_namespace_without_users():
ns = Namespace(
NamespaceID('n'), True,
set([
User(AuthsourceID('a'), Username('u')),
User(AuthsourceID('b'), Username('b'))
]))
assert ns.without_users() == Namespace(NamespaceID('n'), True, set())
assert ns.without_users() == Namespace(NamespaceID('n'), True, None)
def test_add_and_remove_namespace_users(idstorage):
nsid = NamespaceID('foo')
idstorage.create_namespace(nsid)
assert idstorage.get_namespace(NamespaceID('foo')) == Namespace(
NamespaceID('foo'), False)
idstorage.add_user_to_namespace(
nsid, User(AuthsourceID('asone'), Username('u1')))
users = set([User(AuthsourceID('asone'), Username('u1'))])
assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'),
False, users)
idstorage.add_user_to_namespace(
nsid, User(AuthsourceID('astwo'), Username('u2')))
users.add(User(AuthsourceID('astwo'), Username('u2')))
assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'),
False, users)
idstorage.remove_user_from_namespace(
NamespaceID('foo'), User(AuthsourceID('asone'), Username('u1')))
users = set([User(AuthsourceID('astwo'), Username('u2'))])
assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'),
False, users)
idstorage.remove_user_from_namespace(
NamespaceID('foo'), User(AuthsourceID('astwo'), Username('u2')))
assert idstorage.get_namespace(nsid) == Namespace(NamespaceID('foo'),
False)
def test_get_namespaces_only_private():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set(), storage)
storage.get_namespaces.return_value = set([Namespace(NamespaceID('n3'), False),
Namespace(NamespaceID('n4'), False)])
assert idm.get_namespaces() == (set(), set([NamespaceID('n3'), NamespaceID('n4')]))
assert storage.get_namespaces.call_args_list == [((), {})]
def test_get_namespace_no_auth():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set(), storage)
storage.get_namespace.return_value = Namespace(NamespaceID('n'), True, set([
User(AuthsourceID('a'), Username('u')), User(AuthsourceID('a'), Username('u1'))]))
assert idm.get_namespace(NamespaceID('n')) == Namespace(NamespaceID('n'), True)
assert storage.get_namespace.call_args_list == [((NamespaceID('n'), ), {})]
def test_get_mappings_fail_None_inputs():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set(), storage)
oid = ObjectID(NamespaceID('n'), 'o')
n = NamespaceID('n')
fail_get_mappings(idm, None, set([n]), TypeError('oid cannot be None'))
fail_get_mappings(idm, oid, set([n, None]), TypeError('None item in ns_filter'))
def test_get_namespaces_fail_no_such_namepsace(idstorage):
idstorage.create_namespace(NamespaceID('foo'))
fail_get_namespaces(
idstorage, {
NamespaceID('zoo'),
NamespaceID('foo'),
NamespaceID('baz'),
NamespaceID('aioli_compote_drizzled_on_artisian_tater_tots')
},
NoSuchNamespaceError(
"['aioli_compote_drizzled_on_artisian_tater_tots', 'baz', 'zoo']"))
def remove_mapping(admin_ns, other_ns):
""" Remove a mapping. """
authsource, token = _get_auth(request)
ids = _get_object_id_dict_from_json(request)
if len(ids) > 10000:
raise IllegalParameterError('A maximum of 10000 ids are allowed')
for id_ in ids:
app.config[_APP].remove_mapping(
authsource, token, ObjectID(NamespaceID(admin_ns),
id_.strip()),
ObjectID(NamespaceID(other_ns), ids[id_].strip()))
return ('', 204)
def test_get_namespaces_with_nids(idstorage):
assert idstorage.get_namespaces() == set()
expected = set_up_data_for_get_namespaces(idstorage)
assert idstorage.get_namespaces([NamespaceID('ns1')]) == set([expected[0]])
assert idstorage.get_namespaces(nids=set([NamespaceID('ns1')])) == set(
[expected[0]])
nids = {NamespaceID('ns2'), NamespaceID('ns3')}
assert idstorage.get_namespaces(nids) == set([expected[1], expected[2]])
assert idstorage.get_namespaces(nids=nids) == set(
[expected[1], expected[2]])
def test_create_namespace(log_collector):
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set([AuthsourceID('as')]), storage)
handlers.get_user.return_value = (User(AuthsourceID('as'), Username('foo')), True)
idm.create_namespace(AuthsourceID('as'), Token('bar'), NamespaceID('baz'))
assert handlers.get_user.call_args_list == [((AuthsourceID('as'), Token('bar'),), {})]
assert storage.create_namespace.call_args_list == [((NamespaceID('baz'),), {})]
assert_logs_correct(log_collector, 'Admin as/foo created namespace baz')
def test_set_namespace_publicly_mappable_fail_unauthed():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set([AuthsourceID('asone')]), storage)
handlers.get_user.return_value = (User(AuthsourceID('asone'), Username('u')), False)
storage.get_namespace.return_value = Namespace(NamespaceID('n'), False, set([
User(AuthsourceID('asone'), Username('u2')),
User(AuthsourceID('asthree'), Username('u'))]))
fail_set_namespace_publicly_mappable(
idm, AuthsourceID('asone'), Token('t'), NamespaceID('n'),
UnauthorizedError('User asone/u may not administrate namespace n'))
def test_remove_mapping_fail_unauthed_for_admin_namespace():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set(), storage)
handlers.get_user.return_value = (User(AuthsourceID('a'), Username('n')), False)
storage.get_namespace.return_value = Namespace(NamespaceID('n1'), True, set([
User(AuthsourceID('a'), Username('n1')), User(AuthsourceID('a'), Username('n2'))]))
fail_remove_mapping(idm, AuthsourceID('a'), Token('t'),
ObjectID(NamespaceID('n1'), 'o1'),
ObjectID(NamespaceID('n2'), 'o2'),
UnauthorizedError('User a/n may not administrate namespace n1'))
def test_set_public_and_list_namespaces(service_port, mongo):
storage = get_storage_instance(mongo)
lut = Token('foobar')
u = Username('lu')
storage.create_local_user(u, lut.get_hashed_token())
priv = NamespaceID('priv')
storage.create_namespace(priv)
storage.add_user_to_namespace(priv, User(AuthsourceID('local'), u))
storage.set_namespace_publicly_mappable(priv, True)
pub = NamespaceID('pub')
storage.create_namespace(pub)
storage.add_user_to_namespace(pub, User(AuthsourceID('local'), u))
r = requests.put('http://localhost:' + service_port +
'/api/v1/namespace/priv/set?publicly_mappable=false',
headers={'Authorization': 'local ' + lut.token})
assert r.status_code == 204
r = requests.put('http://localhost:' + service_port +
'/api/v1/namespace/pub/set?publicly_mappable=true',
headers={'Authorization': 'local ' + lut.token})
assert r.status_code == 204
r = requests.get('http://localhost:' + service_port + '/api/v1/namespace')
assert r.json() == {
'publicly_mappable': ['pub'],
'privately_mappable': ['priv']
}
r = requests.put('http://localhost:' + service_port +
'/api/v1/namespace/missing/set?publicly_mappable=false',
headers={'Authorization': 'local ' + lut.token})
assert_json_error_correct(
r.json(), {
'error': {
'httpcode': 404,
'httpstatus': 'Not Found',
'appcode': 50010,
'apperror': 'No such namespace',
'message': '50010 No such namespace: missing'
}
})
assert r.status_code == 404
def test_object_id_equals():
assert ObjectID(NamespaceID('foo'),
'baz') == ObjectID(NamespaceID('foo'), 'baz')
assert ObjectID(NamespaceID('foo'), 'baz') != ObjectID(
NamespaceID('bar'), 'baz')
assert ObjectID(NamespaceID('foo'), 'baz') != ObjectID(
NamespaceID('foo'), 'bar')
assert ObjectID(NamespaceID('foo'), 'baz') != NamespaceID('foo')
def test_remove_mapping_fail_None_input():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set(), storage)
a = AuthsourceID('a')
t = Token('t')
o1 = ObjectID(NamespaceID('n2'), 'o1')
o2 = ObjectID(NamespaceID('n2'), 'o2')
# authsource id is checked by the handler set
fail_remove_mapping(idm, a, None, o1, o2, TypeError('token cannot be None'))
fail_remove_mapping(idm, a, t, None, o2, TypeError('administrative_oid cannot be None'))
fail_remove_mapping(idm, a, t, o1, None, TypeError('oid cannot be None'))
def add_user_to_namespace(namespace, authsource, user):
""" Add a user to a namespace. """
admin_authsource, token = _get_auth(request)
app.config[_APP].add_user_to_namespace(
admin_authsource, token, NamespaceID(namespace),
User(AuthsourceID(authsource), Username(user)))
return ('', 204)
def test_remove_user_from_namespace_fail_inputs_None(idstorage):
u = User(AuthsourceID('as'), 'u')
n = NamespaceID('n')
fail_remove_namespace_user(idstorage, None, u,
TypeError('namespace_id cannot be None'))
fail_remove_namespace_user(idstorage, n, None,
TypeError('admin_user cannot be None'))
def test_create_namespace_fail_no_admin_authsource_provider():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set([AuthsourceID('bs')]), storage)
fail_create_namespace(idm, AuthsourceID('as'), Token('t'), NamespaceID('n'), UnauthorizedError(
'Auth source as is not configured as a provider of system administration status'))
def remove_user_from_namespace(namespace, authsource, user):
"""
Remove a user from a namespace. Removing a non-existant user throws an error.
"""
admin_authsource, token = _get_auth(request)
app.config[_APP].remove_user_from_namespace(
admin_authsource, token, NamespaceID(namespace),
User(AuthsourceID(authsource), Username(user)))
return ('', 204)
def test_namespace_hash():
# string hashes will change from instance to instance of the python interpreter, and therefore
# tests can't be written that directly test the hash value. See
# https://docs.python.org/3/reference/datamodel.html#object.__hash__
asid = AuthsourceID('as')
assert hash(Namespace(NamespaceID('foo'), True, None)) == \
hash(Namespace(NamespaceID('foo'), True, set()))
assert hash(Namespace(NamespaceID('foo'), False,
set([User(asid, 'foo'), User(asid, 'baz')]))) == \
hash(Namespace(NamespaceID('foo'), False, set([User(asid, 'baz'), User(asid, 'foo')])))
assert hash(Namespace(NamespaceID('bar'), True, set())) != \
hash(Namespace(NamespaceID('foo'), True, set()))
assert hash(Namespace(NamespaceID('foo'), False, set())) != \
hash(Namespace(NamespaceID('foo'), True, set()))
assert hash(Namespace(NamespaceID('foo'), False,
set([User(asid, 'foo'), User(asid, 'baz')]))) != \
hash(Namespace(NamespaceID('foo'), False, set([User(asid, 'baz'), User(asid, 'fob')])))
def test_object_id_init_fail():
ns = NamespaceID('foo')
fail_object_id_init(None, 'o', TypeError('namespace_id cannot be None'))
fail_object_id_init(ns, None, MissingParameterError('data id'))
fail_object_id_init(ns, ' \t \n ', MissingParameterError('data id'))
fail_object_id_init(
ns, 'a' * 1001,
IllegalParameterError('data id ' + ('a' * 1001) +
' exceeds maximum length of 1000'))
def test_get_mappings_fail_no_namespace():
storage = create_autospec(IDMappingStorage, spec_set=True, instance=True)
handlers = create_autospec(UserLookupSet, spec_set=True, instance=True)
idm = IDMapper(handlers, set(), storage)
storage.get_namespaces.side_effect = NoSuchNamespaceError('n3')
fail_get_mappings(idm, ObjectID(NamespaceID('n'), 'o'), [
NamespaceID('n1'), NamespaceID('n2'),
NamespaceID('n4'), NamespaceID('n4')],
NoSuchNamespaceError('n3'))
assert storage.get_namespaces.call_args_list == [(([NamespaceID('n'),
NamespaceID('n1'),
NamespaceID('n2'),
NamespaceID('n4'),
NamespaceID('n4')],), {})]