def testSuccess(self, mock_metric): non_expired_dt = datetime.datetime.utcnow() + datetime.timedelta( days=1) test_utils.CreateExemption( 'non_expired_host_id', deactivation_dt=non_expired_dt, initial_state=constants.EXEMPTION_STATE.APPROVED) expired_dt = datetime.datetime.utcnow() - datetime.timedelta(days=1) exm_count = 7 expired_exm_keys = [] for host_id in test_utils.RandomStrings(exm_count): exm_key = test_utils.CreateExemption( host_id, deactivation_dt=expired_dt, initial_state=constants.EXEMPTION_STATE.APPROVED) expired_exm_keys.append(exm_key) self.testapp.get(self.ROUTE, headers={'X-AppEngine-Cron': 'true'}, status=httplib.OK) tasks = self.UnpackTaskQueue( queue_name=constants.TASK_QUEUE.EXEMPTIONS) # keys = {args[0] for func, args, kwargs in tasks} actual_exm_keys = {args[0] for func, args, kwargs in tasks} self.assertSameElements(expired_exm_keys, actual_exm_keys) self.assertNoBigQueryInsertions() mock_metric.Set.assert_called_once_with(exm_count)
def testGetPlatform_Success(self): host_id = test_utils.CreateSantaHost().key.id() exm_key = test_utils.CreateExemption(host_id) self.assertEqual( constants.PLATFORM.MACOS, exemption.Exemption.GetPlatform(exm_key)) host_id = test_utils.CreateBit9Host().key.id() exm_key = test_utils.CreateExemption(host_id) self.assertEqual( constants.PLATFORM.WINDOWS, exemption.Exemption.GetPlatform(exm_key))
def testSuccess(self): user = test_utils.CreateUser() host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id() host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id() host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id() exm_1 = test_utils.CreateExemption(host_id_1).get() exm_2 = test_utils.CreateExemption(host_id_2).get() test_utils.CreateExemption(host_id_3) expected_exms = sorted([exm_1, exm_2]) actual_exms = sorted(model_utils.GetExemptionsForUser(user.email)) self.assertListEqual(expected_exms, actual_exms)
def testWithStateFilter(self): user = test_utils.CreateUser() host_id_1 = test_utils.CreateBit9Host(users=[user.nickname]).key.id() host_id_2 = test_utils.CreateSantaHost(primary_user=user.nickname).key.id() host_id_3 = test_utils.CreateSantaHost(primary_user='******').key.id() exm_1 = test_utils.CreateExemption( host_id_1, initial_state=_STATE.APPROVED).get() test_utils.CreateExemption(host_id_2, initial_state=_STATE.EXPIRED) test_utils.CreateExemption(host_id_3, initial_state=_STATE.APPROVED) actual_exms = sorted( model_utils.GetExemptionsForUser(user.email, state=_STATE.APPROVED)) self.assertListEqual([exm_1], actual_exms)
def setUp(self): super(RevokeExemptionHandlerTest, self).setUp() host_key = test_utils.CreateSantaHost().key self.host_id = host_key.id() self.exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.APPROVED)
def testGet_AsAdmin_Success(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) test_utils.CreateExemption(host.key.id()) with self.LoggedInUser(admin=True): self.testapp.get(self.ROUTE % host.key.id(), status=httplib.OK)
def testGet_AsUser_Forbidden(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) test_utils.CreateExemption(host.key.id()) with self.LoggedInUser(): # Without arguments, will log in as a new user. self.testapp.get(self.ROUTE % host.key.id(), status=httplib.FORBIDDEN)
def testPost_Forbidden_Pending(self): other_host_key = test_utils.CreateSantaHost().key other_host_id = other_host_key.id() test_utils.CreateExemption(other_host_id, initial_state=_STATE.PENDING) with self.LoggedInUser(admin=True): self.testapp.post(self.ROUTE % other_host_id, status=httplib.FORBIDDEN)
def setUp(self): super(EscalateExemptionHandlerTest, self).setUp() self.user = test_utils.CreateUser() host_key = test_utils.CreateSantaHost(primary_user=self.user.nickname).key self.host_id = host_key.id() self.exm_key = test_utils.CreateExemption( self.host_id, initial_state=_STATE.DENIED)
def testRenew_Failure(self): host_id = test_utils.CreateBit9Host().key.id() test_utils.CreateExemption(host_id, initial_state=_STATE.ESCALATED) with self.assertRaises(api.InvalidRenewalError): api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY) self.mock_send.assert_not_called()
def setUp(self): super(CancelExemptionHandlerTest, self).setUp() self.valid_user = test_utils.CreateUser() host_key = test_utils.CreateSantaHost( primary_user=self.valid_user.nickname).key self.host_id = host_key.id() self.exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.APPROVED)
def testException_InitialStateChange(self, mock_change_state, mock_metric): mock_change_state.side_effect = exemption_models.InvalidStateChangeError exm_key = test_utils.CreateExemption('12345') self.assertEqual(_STATE.REQUESTED, exm_key.get().state) api.Process(exm_key) self.assertEqual(_STATE.REQUESTED, exm_key.get().state) mock_metric.Increment.assert_called_once()
def testCannotDeterminePlatform(self, mock_metric): MysteryHost(id='host_id').put() exm_key = test_utils.CreateExemption('host_id') api.Process(exm_key) self.assertEqual(_STATE.DENIED, exm_key.get().state) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2) mock_metric.Increment.assert_called_once()
def testInvalidStateChangeError(self): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.APPROVED) with self.assertRaises(api.InvalidStateChangeError): api.Escalate(exm_key) self.assertEqual(_STATE.APPROVED, exm_key.get().state)
def testMacOs(self): host = test_utils.CreateSantaHost(primary_user='******') host_id = host.key.id() exm_key = test_utils.CreateExemption(host_id) notify.SendUpdateEmail(exm_key, _STATE.APPROVED) expected_subject = 'Lockdown exemption update: %s' % host.hostname self.mock_send.assert_called_once_with(expected_subject, mock.ANY, to=['aaaa'], html=True)
def testSuccess(self): # Create a user and some Hosts, some with Exemptions, and some without. user = test_utils.CreateUser() host_key_1 = test_utils.CreateBit9Host(users=[user.nickname]).key exm_1 = test_utils.CreateExemption(host_key_1.id()).get() host_key_2 = test_utils.CreateBit9Host(users=[user.nickname]).key host_key_3 = test_utils.CreateSantaHost(primary_user=user.nickname).key exm_2 = test_utils.CreateExemption(host_key_3.id()).get() host_key_4 = test_utils.CreateSantaHost(primary_user=user.nickname).key host_keys = [host_key_1, host_key_2, host_key_3, host_key_4] results = model_utils.GetExemptionsForHosts(host_keys) self.assertLen(results, 4) self.assertEqual(exm_1, results.get(host_key_1)) self.assertIsNone(results.get(host_key_2)) self.assertEqual(exm_2, results.get(host_key_3)) self.assertIsNone(results.get(host_key_4))
def testSuccess(self): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.PENDING) api.Escalate(exm_key) exm = exm_key.get() self.assertEqual(_STATE.ESCALATED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION)
def testRenew_NoOtherText(self): host_id = test_utils.CreateBit9Host().key.id() test_utils.CreateExemption(host_id, initial_state=_STATE.CANCELLED) api.Request(host_id, _REASON.DEVELOPER_MACOS, None, _DURATION.DAY) self.assertIsNotNone(exemption_models.Exemption.Get(host_id)) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testWindows(self): users = ['aaaa', 'bbbb'] host = test_utils.CreateBit9Host(users=users) host_id = host.key.id() exm_key = test_utils.CreateExemption(host_id) notify.SendUpdateEmail(exm_key, _STATE.APPROVED) expected_subject = 'Lockdown exemption update: %s' % host.hostname self.mock_send.assert_called_once_with(expected_subject, mock.ANY, to=users, html=True)
def testInvalidStateChangeError(self, mock_enable): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.DENIED) with self.assertRaises(api.InvalidStateChangeError): api.Cancel(exm_key) mock_enable.assert_not_called() self.assertEqual(_STATE.DENIED, exm_key.get().state) self.mock_send.assert_not_called()
def testInvalidStateChangeError(self, mock_enable): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.CANCELLED) with self.assertRaises(api.InvalidStateChangeError): api.Revoke(exm_key, ['justification']) mock_enable.assert_not_called() self.assertEqual(_STATE.CANCELLED, exm_key.get().state) self.mock_send.assert_not_called()
def testRenew_Success_NotYetExpired(self): host_id = test_utils.CreateBit9Host().key.id() test_utils.CreateExemption(host_id, initial_state=_STATE.APPROVED) api.Request(host_id, _REASON.DEVELOPER_MACOS, 'other text', _DURATION.DAY) exm = exemption_models.Exemption.Get(host_id) self.assertEqual(_STATE.REQUESTED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testInitialStateChange_Exception(self, mock_change_state, mock_metric): exm_key = test_utils.CreateExemption('12345') self.assertEqual(_STATE.REQUESTED, exm_key.get().state) # If the initial state change fails unexpectedly, ensure that the state # remains as REQUESTED, and noise is made. mock_change_state.side_effect = Exception api.Process(exm_key) self.assertEqual(_STATE.REQUESTED, exm_key.get().state) mock_metric.Increment.assert_called_once()
def testPost_Admin(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) test_utils.CreateExemption(host.key.id()) with self.LoggedInUser(admin=True): response = self.testapp.post(self.ROUTE % host.key.id()) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict)
def testSuccess(self): host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption( host_key.id(), initial_state=_STATE.PENDING) api.Deny(exm_key) exm = exm_key.get() self.assertEqual(_STATE.DENIED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testEmptyPolicy(self, mock_disable): self._PatchPolicyChecks() host_key = test_utils.CreateSantaHost().key exm_key = test_utils.CreateExemption(host_key.id()) api.Process(exm_key) exm = exm_key.get() mock_disable.assert_called() self.assertEqual(_STATE.APPROVED, exm.state) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2)
def testPolicyNotDefinedForPlatform(self, mock_metric): self._PatchPolicyChecks() host_key = test_utils.CreateBit9Host().key exm_key = test_utils.CreateExemption(host_key.id()) api.Process(exm_key) exm = exm_key.get() self.assertEqual(_STATE.DENIED, exm.state) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2) mock_metric.Increment.assert_called_once()
def testGetByUserId_WithExemption(self): user = test_utils.CreateUser() bit9_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id() test_utils.CreateExemption(bit9_host_id).get() with self.LoggedInUser(admin=True): response = self.testapp.get(self.USER_ID_ROUTE % user.key.id()) output = response.json self.assertLen(output, 1) self.assertIn('exemption', output[0]) self.assertIsNotNone(output[0]['exemption'])
def testGetSelf_WithExemption(self): user = test_utils.CreateUser() bit9_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id() test_utils.CreateExemption(bit9_host_id) with self.LoggedInUser(user=user): response = self.testapp.get(self.SELF_ROUTE) output = response.json self.assertLen(output, 1) self.assertIn('exemption', output[0]) self.assertIsNotNone(output[0]['exemption'])
def testEnable_ActiveExemption(self, mock_send, mock_cancel): user = test_utils.CreateUser() host = test_utils.CreateSantaHost( primary_user=user.nickname, transitive_whitelisting_enabled=False) test_utils.CreateExemption( host.key.id(), initial_state=constants.EXEMPTION_STATE.APPROVED) api.ChangeTransitiveWhitelisting(host.key.id(), True) self.assertTrue(host.key.get().transitive_whitelisting_enabled) mock_send.assert_called_once() self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.HOST) mock_cancel.assert_called_once()