def test_load_users_no_groups(self):
config = SQLStorageConfiguration()
engine = SQLStorageEngine(config)
engine.initialise()
store = SQLUserGroupStore(engine)
yaml_data = yaml.load("""
users:
console:
roles:
user
viewer:
roles:
user
""", Loader=yaml.FullLoader)
store._upload_users(yaml_data, verbose=True)
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store.load_usergroups(authorisor)
self.assertTrue("console" in authorisor.users)
self.assertTrue("viewer" in authorisor.users)
self.assertFalse("sysadmin" in authorisor.groups)
self.assertFalse("local" in authorisor.groups)
self.assertTrue(authorisor.authorise("console", "user"))
self.assertTrue(authorisor.authorise("viewer", "user"))
def test_usersgroups(self):
service_config = BrainSecurityAuthorisationConfiguration("authorisation")
service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml"
service = BasicUserGroupAuthorisationService(service_config)
self.assertIsNotNone(service)
self.assertTrue(service.authorise("console", "root"))
self.assertFalse(service.authorise("console", "uber"))
with self.assertRaises(AuthorisationException):
service.authorise("anyone", "root")
def test_usersgroups(self):
service_config = BrainSecurityConfiguration("authorisation")
service_config._usergroups = os.path.dirname(__file__) + os.sep + "test_usergroups.yaml"
service = BasicUserGroupAuthorisationService(service_config)
self.assertIsNotNone(service)
self.assertTrue(service.authorise("console", "root"))
self.assertFalse(service.authorise("console", "uber"))
with self.assertRaises(AuthorisationException):
service.authorise("anyone", "root")
def assert_upload_from_file(self, store):
store.empty()
store.upload_from_file(os.path.dirname(__file__) + os.sep + "data" + os.sep + "security" + os.sep + "roles.yaml")
config = unittest.mock.Mock()
config.usergroups = "Test"
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
store.load_usergroups(usersgroupsauthorisor)
self.assertTrue(usersgroupsauthorisor.authorise("console", "admin"))
with self.assertRaises(Exception):
self.assertFalse(usersgroupsauthorisor.authorise("offred", "admin"))
def assert_upload_from_file_no_collection(self, store):
store.empty()
config = unittest.mock.Mock()
config.usergroups = "Test"
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
store.load_usergroups(usersgroupsauthorisor)
with self.assertRaises(Exception):
self.assertTrue(usersgroupsauthorisor.authorise(
"console", "admin"))
with self.assertRaises(Exception):
self.assertFalse(usersgroupsauthorisor.authorise(
"offred", "admin"))
def test_load_users_and_groups(self):
config = FileStorageConfiguration()
config._usergroups_storage = FileStoreConfiguration(file=os.path.dirname(__file__) + os.sep + "data" + os.sep + "security" + os.sep + "roles.yaml", fileformat="yaml", encoding="utf-8", delete_on_start=False)
engine = FileStorageEngine(config)
engine.initialise()
store = FileUserGroupStore(engine)
config = unittest.mock.Mock()
config.usergroups = "Test"
usersgroupsauthorisor = BasicUserGroupAuthorisationService(config)
self.assertTrue(store.load_usergroups(usersgroupsauthorisor))
self.assertTrue(usersgroupsauthorisor.authorise("console", "admin"))
with self.assertRaises(Exception):
self.assertFalse(usersgroupsauthorisor.authorise("offred", "admin"))
def test_load_usergroups(self):
config = SQLStorageConfiguration()
engine = SQLStorageEngine(config)
engine.initialise()
store = SQLUserGroupStore(engine)
yaml_data = yaml.load("""
users:
user1:
groups:
group1
user2:
groups:
group4
user3:
groups:
group1
groups:
group1:
roles:
role1, role2, role3
groups:
group1, group2
users:
user1, user2
group2:
roles:
role4, role5
groups:
group5
users:
user3
group3:
roles:
role6
""", Loader=yaml.FullLoader)
store.load_from_yaml(yaml_data, verbose=False)
store.commit()
authorisor = BasicUserGroupAuthorisationService(BrainSecurityAuthorisationConfiguration())
store.load_usergroups(authorisor)
self.assertTrue("user1" in authorisor.users)
self.assertTrue("user2" in authorisor.users)
self.assertTrue("user3" in authorisor.users)
self.assertTrue("group1" in authorisor.groups)
self.assertTrue("group2" in authorisor.groups)
self.assertTrue("group3" in authorisor.groups)
self.assertTrue(authorisor.authorise("user3", "role3"))