def test_secret_serialization(self): """Serializing snapshot with non-trivial AuthSecret.""" secret = model.AuthSecret( id='secret key', parent=model.secret_scope_key('global'), values=['\x00' * 100, ''], modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) snapshot = make_snapshot_obj(secrets=[secret]) self.assert_serialization_works(snapshot)
def test_non_empty(self): self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1)) state = model.AuthReplicationState( key=model.replication_state_key(), primary_id='blah', primary_url='https://blah', auth_db_rev=123) state.put() global_config = model.AuthGlobalConfig( key=model.root_key(), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]'), oauth_client_id='oauth_client_id', oauth_client_secret='oauth_client_secret', oauth_additional_client_ids=['a', 'b']) global_config.put() group = model.AuthGroup( key=model.group_key('Some group'), members=[model.Identity.from_bytes('user:[email protected]')], globs=[model.IdentityGlob.from_bytes('user:*@example.com')], nested=[], description='Some description', created_ts=utils.utcnow(), created_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) group.put() another = model.AuthGroup( key=model.group_key('Another group'), nested=['Some group']) another.put() global_secret = model.AuthSecret( id='global_secret', parent=model.secret_scope_key('global'), values=['1234', '5678'], modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) global_secret.put() # Local secret should not appear in a snapshot. local_secret = model.AuthSecret( id='local_secret', parent=model.secret_scope_key('local'), values=['1234', '5678'], modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) local_secret.put() ip_whitelist = model.AuthIPWhitelist( key=model.ip_whitelist_key('bots'), subnets=['127.0.0.1/32'], description='Some description', created_ts=utils.utcnow(), created_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) ip_whitelist.put() ip_whitelist_assignments = model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key(), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]'), assignments=[ model.AuthIPWhitelistAssignments.Assignment( identity=model.Identity.from_bytes('user:[email protected]'), ip_whitelist='bots', comment='some comment', created_ts=utils.utcnow(), created_by=model.Identity.from_bytes('user:[email protected]')), ]) ip_whitelist_assignments.put() captured_state, snapshot = replication.new_auth_db_snapshot() expected_state = { 'auth_db_rev': 123, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'primary_id': u'blah', 'primary_url': u'https://blah', } self.assertEqual(expected_state, captured_state.to_dict()) expected_snapshot = { 'global_config': { '__id__': 'root', '__parent__': None, 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': model.Identity(kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'oauth_additional_client_ids': [u'a', u'b'], 'oauth_client_id': u'oauth_client_id', 'oauth_client_secret': u'oauth_client_secret', }, 'groups': [ { '__id__': 'Another group', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': None, 'description': '', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': None, 'nested': [u'Some group'], }, { '__id__': 'Some group', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': model.Identity(kind='user', name='*****@*****.**'), 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'Some description', 'globs': [model.IdentityGlob(kind='user', pattern='*@example.com')], 'members': [model.Identity(kind='user', name='*****@*****.**')], 'modified_by': model.Identity( kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], }, ], 'secrets': [ { '__id__': 'global_secret', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': model.Identity( kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': ['1234', '5678'], }, ], 'ip_whitelists': [ { '__id__': 'bots', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': model.Identity(kind='user', name='*****@*****.**'), 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'Some description', 'modified_by': model.Identity( kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': ['127.0.0.1/32'], }, ], 'ip_whitelist_assignments': { '__id__': 'default', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'assignments': [ { 'comment': 'some comment', 'created_by': model.Identity( kind='user', name='*****@*****.**'), 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity( kind='user', name='*****@*****.**'), 'ip_whitelist': 'bots', }, ], 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': model.Identity(kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), }, } self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))
def secret(name, scope, **kwargs): return model.AuthSecret( id=name, parent=model.secret_scope_key(scope), **kwargs)
def test_works(self): self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1)) self.configure_as_replica(0) # Prepare auth db state. model.AuthGlobalConfig( key=model.root_key(), modified_ts=utils.utcnow(), oauth_client_id='oauth_client_id', oauth_client_secret='oauth_client_secret', oauth_additional_client_ids=['a', 'b']).put() def group(name, **kwargs): return model.AuthGroup( key=model.group_key(name), created_ts=utils.utcnow(), modified_ts=utils.utcnow(), **kwargs) group('Modify').put() group('Delete').put() group('Keep').put() def secret(name, scope, **kwargs): return model.AuthSecret( id=name, parent=model.secret_scope_key(scope), **kwargs) secret('modify', 'global').put() secret('delete', 'global').put() secret('keep', 'global').put() secret('local', 'local').put() def ip_whitelist(name, **kwargs): return model.AuthIPWhitelist( key=model.ip_whitelist_key(name), created_ts=utils.utcnow(), modified_ts=utils.utcnow(), **kwargs) ip_whitelist('modify').put() ip_whitelist('delete').put() ip_whitelist('keep').put() def assignment(ident, ip_whitelist): return model.AuthIPWhitelistAssignments.Assignment( identity=model.Identity.from_bytes(ident), ip_whitelist=ip_whitelist, created_ts=utils.utcnow(), comment='comment') model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key(), modified_ts=utils.utcnow(), assignments=[ assignment('user:[email protected]', 'modify'), assignment('user:[email protected]', 'delete'), assignment('user:[email protected]', 'keep'), ]).put() # Prepare snapshot. snapshot = replication.AuthDBSnapshot( global_config=model.AuthGlobalConfig( key=model.root_key(), modified_ts=utils.utcnow(), oauth_client_id='another_oauth_client_id', oauth_client_secret='another_oauth_client_secret', oauth_additional_client_ids=[]), groups=[ group('New'), group('Modify', description='blah'), group('Keep'), ], secrets=[ secret('new', 'global'), secret('modify', 'global', values=['1234']), secret('keep', 'global'), ], ip_whitelists=[ ip_whitelist('new', subnets=['1.1.1.1/32']), ip_whitelist('modify', subnets=['127.0.0.1/32', '192.168.0.1/32']), ip_whitelist('keep'), ], ip_whitelist_assignments=model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key(), assignments=[ assignment('user:[email protected]', 'new'), assignment('user:[email protected]', 'modify'), assignment('user:[email protected]', 'keep'), ], ), ) # Push it. updated, state = replication.replace_auth_db( auth_db_rev=1234, modified_ts=datetime.datetime(2014, 1, 1, 1, 1, 1), snapshot=snapshot) self.assertTrue(updated) expected_state = { 'auth_db_rev': 1234, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'primary_id': u'primary', 'primary_url': u'https://primary', } self.assertEqual(expected_state, state.to_dict()) # Verify expected Auth db state. current_state, current_snapshot = replication.new_auth_db_snapshot() self.assertEqual(expected_state, current_state.to_dict()) expected_auth_db = { 'global_config': { '__id__': 'root', '__parent__': None, 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'oauth_additional_client_ids': [], 'oauth_client_id': u'another_oauth_client_id', 'oauth_client_secret': u'another_oauth_client_secret'}, 'groups': [ { '__id__': 'Keep', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': '', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], }, { '__id__': 'Modify', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'blah', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], }, { '__id__': 'New', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': '', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], }, ], 'secrets': [ { '__id__': 'keep', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': [], }, { '__id__': 'modify', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': ['1234'], }, { '__id__': 'new', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': [], }, ], 'ip_whitelists': [ { '__id__': 'keep', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': '', 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': [], }, { '__id__': 'modify', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': '', 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': ['127.0.0.1/32', '192.168.0.1/32'], }, { '__id__': 'new', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': '', 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': ['1.1.1.1/32'], }, ], 'ip_whitelist_assignments': { '__id__': 'default', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'assignments': [ { 'comment': 'comment', 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity(kind='user', name='*****@*****.**'), 'ip_whitelist': 'new', }, { 'comment': 'comment', 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity(kind='user', name='*****@*****.**'), 'ip_whitelist': 'modify', }, { 'comment': 'comment', 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity(kind='user', name='*****@*****.**'), 'ip_whitelist': 'keep', }, ], 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': None, 'modified_ts': None, # not transfered currently in proto }, } self.assertEqual(expected_auth_db, snapshot_to_dict(current_snapshot)) # Ensure local secret was left intact. local_secrets = model.AuthSecret.query( ancestor=model.secret_scope_key('local')) expected_local_secrets = [ { '__id__': 'local', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'local'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': [], }, ] self.assertEqual( expected_local_secrets, [entity_to_dict(s) for s in local_secrets])
def test_non_empty(self): self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1)) state = model.AuthReplicationState( key=model.replication_state_key(), primary_id='blah', primary_url='https://blah', auth_db_rev=123) state.put() global_config = model.AuthGlobalConfig( key=model.root_key(), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]'), oauth_client_id='oauth_client_id', oauth_client_secret='oauth_client_secret', oauth_additional_client_ids=['a', 'b']) global_config.put() group = model.AuthGroup( key=model.group_key('Some group'), members=[model.Identity.from_bytes('user:[email protected]')], globs=[model.IdentityGlob.from_bytes('user:*@example.com')], nested=[], description='Some description', owners='owning-group', created_ts=utils.utcnow(), created_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) group.put() another = model.AuthGroup( key=model.group_key('Another group'), nested=['Some group']) another.put() global_secret = model.AuthSecret( id='global_secret', parent=model.secret_scope_key('global'), values=['1234', '5678'], modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) global_secret.put() # Local secret should not appear in a snapshot. local_secret = model.AuthSecret( id='local_secret', parent=model.secret_scope_key('local'), values=['1234', '5678'], modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) local_secret.put() ip_whitelist = model.AuthIPWhitelist( key=model.ip_whitelist_key('bots'), subnets=['127.0.0.1/32'], description='Some description', created_ts=utils.utcnow(), created_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]')) ip_whitelist.put() ip_whitelist_assignments = model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key(), modified_ts=utils.utcnow(), modified_by=model.Identity.from_bytes('user:[email protected]'), assignments=[ model.AuthIPWhitelistAssignments.Assignment( identity=model.Identity.from_bytes('user:[email protected]'), ip_whitelist='bots', comment='some comment', created_ts=utils.utcnow(), created_by=model.Identity.from_bytes('user:[email protected]')), ]) ip_whitelist_assignments.put() captured_state, snapshot = replication.new_auth_db_snapshot() expected_state = { 'auth_db_rev': 123, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'primary_id': u'blah', 'primary_url': u'https://blah', } self.assertEqual(expected_state, captured_state.to_dict()) expected_snapshot = { 'global_config': { '__id__': 'root', '__parent__': None, 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': model.Identity(kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'oauth_additional_client_ids': [u'a', u'b'], 'oauth_client_id': u'oauth_client_id', 'oauth_client_secret': u'oauth_client_secret', }, 'groups': [ { '__id__': 'Another group', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': None, 'description': u'', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': None, 'nested': [u'Some group'], 'owners': u'administrators', }, { '__id__': 'Some group', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': model.Identity(kind='user', name='*****@*****.**'), 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'Some description', 'globs': [model.IdentityGlob(kind='user', pattern='*@example.com')], 'members': [model.Identity(kind='user', name='*****@*****.**')], 'modified_by': model.Identity( kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], 'owners': u'owning-group', }, ], 'secrets': [ { '__id__': 'global_secret', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': model.Identity( kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': ['1234', '5678'], }, ], 'ip_whitelists': [ { '__id__': 'bots', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': model.Identity(kind='user', name='*****@*****.**'), 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'Some description', 'modified_by': model.Identity( kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': [u'127.0.0.1/32'], }, ], 'ip_whitelist_assignments': { '__id__': 'default', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'assignments': [ { 'comment': u'some comment', 'created_by': model.Identity( kind='user', name='*****@*****.**'), 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity( kind='user', name='*****@*****.**'), 'ip_whitelist': u'bots', }, ], 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': model.Identity(kind='user', name='*****@*****.**'), 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), }, } self.assertEqual(expected_snapshot, snapshot_to_dict(snapshot))
def test_works(self): self.mock_now(datetime.datetime(2014, 1, 1, 1, 1, 1)) self.configure_as_replica(0) # Prepare auth db state. model.AuthGlobalConfig( key=model.root_key(), modified_ts=utils.utcnow(), oauth_client_id='oauth_client_id', oauth_client_secret='oauth_client_secret', oauth_additional_client_ids=['a', 'b']).put() def group(name, **kwargs): return model.AuthGroup( key=model.group_key(name), created_ts=utils.utcnow(), modified_ts=utils.utcnow(), **kwargs) group('Modify').put() group('Delete').put() group('Keep').put() def secret(name, scope, **kwargs): return model.AuthSecret( id=name, parent=model.secret_scope_key(scope), **kwargs) secret('modify', 'global').put() secret('delete', 'global').put() secret('keep', 'global').put() secret('local', 'local').put() def ip_whitelist(name, **kwargs): return model.AuthIPWhitelist( key=model.ip_whitelist_key(name), created_ts=utils.utcnow(), modified_ts=utils.utcnow(), **kwargs) ip_whitelist('modify').put() ip_whitelist('delete').put() ip_whitelist('keep').put() def assignment(ident, ip_whitelist): return model.AuthIPWhitelistAssignments.Assignment( identity=model.Identity.from_bytes(ident), ip_whitelist=ip_whitelist, created_ts=utils.utcnow(), comment='comment') model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key(), modified_ts=utils.utcnow(), assignments=[ assignment('user:[email protected]', 'modify'), assignment('user:[email protected]', 'delete'), assignment('user:[email protected]', 'keep'), ]).put() # Prepare snapshot. snapshot = replication.AuthDBSnapshot( global_config=model.AuthGlobalConfig( key=model.root_key(), modified_ts=utils.utcnow(), oauth_client_id='another_oauth_client_id', oauth_client_secret='another_oauth_client_secret', oauth_additional_client_ids=[]), groups=[ group('New'), group('Modify', description='blah', owners='some-other-owners'), group('Keep'), ], secrets=[ secret('new', 'global'), secret('modify', 'global', values=['1234']), secret('keep', 'global'), ], ip_whitelists=[ ip_whitelist('new', subnets=['1.1.1.1/32']), ip_whitelist('modify', subnets=['127.0.0.1/32', '192.168.0.1/32']), ip_whitelist('keep'), ], ip_whitelist_assignments=model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key(), assignments=[ assignment('user:[email protected]', 'new'), assignment('user:[email protected]', 'modify'), assignment('user:[email protected]', 'keep'), ], ), ) # Push it. updated, state = replication.replace_auth_db( auth_db_rev=1234, modified_ts=datetime.datetime(2014, 1, 1, 1, 1, 1), snapshot=snapshot) self.assertTrue(updated) expected_state = { 'auth_db_rev': 1234, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'primary_id': u'primary', 'primary_url': u'https://primary', } self.assertEqual(expected_state, state.to_dict()) # Verify expected Auth db state. current_state, current_snapshot = replication.new_auth_db_snapshot() self.assertEqual(expected_state, current_state.to_dict()) expected_auth_db = { 'global_config': { '__id__': 'root', '__parent__': None, 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'oauth_additional_client_ids': [], 'oauth_client_id': u'another_oauth_client_id', 'oauth_client_secret': u'another_oauth_client_secret'}, 'groups': [ { '__id__': 'Keep', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], 'owners': u'administrators', }, { '__id__': 'Modify', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'blah', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], 'owners': u'some-other-owners', }, { '__id__': 'New', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'', 'globs': [], 'members': [], 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'nested': [], 'owners': u'administrators', }, ], 'secrets': [ { '__id__': 'keep', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': [], }, { '__id__': 'modify', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': ['1234'], }, { '__id__': 'new', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'global'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': [], }, ], 'ip_whitelists': [ { '__id__': 'keep', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'', 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': [], }, { '__id__': 'modify', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'', 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': [u'127.0.0.1/32', u'192.168.0.1/32'], }, { '__id__': 'new', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'auth_db_rev': None, 'auth_db_prev_rev': None, 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'description': u'', 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'subnets': [u'1.1.1.1/32'], }, ], 'ip_whitelist_assignments': { '__id__': 'default', '__parent__': ndb.Key('AuthGlobalConfig', 'root'), 'assignments': [ { 'comment': u'comment', 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity(kind='user', name='*****@*****.**'), 'ip_whitelist': u'new', }, { 'comment': u'comment', 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity(kind='user', name='*****@*****.**'), 'ip_whitelist': u'modify', }, { 'comment': u'comment', 'created_by': None, 'created_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'identity': model.Identity(kind='user', name='*****@*****.**'), 'ip_whitelist': u'keep', }, ], 'auth_db_rev': None, 'auth_db_prev_rev': None, 'modified_by': None, 'modified_ts': None, # not transfered currently in proto }, } self.assertEqual(expected_auth_db, snapshot_to_dict(current_snapshot)) # Ensure local secret was left intact. local_secrets = model.AuthSecret.query( ancestor=model.secret_scope_key('local')) expected_local_secrets = [ { '__id__': 'local', '__parent__': ndb.Key( 'AuthGlobalConfig', 'root', 'AuthSecretScope', 'local'), 'modified_by': None, 'modified_ts': datetime.datetime(2014, 1, 1, 1, 1, 1), 'values': [], }, ] self.assertEqual( expected_local_secrets, [entity_to_dict(s) for s in local_secrets])