示例#1
0
    def testWithFlowsWithoutVfsAndSingleProperlyLabeledAndApprovedClient(self):
        self.RequestAndGrantClientApproval(self.client_urn, token=self.token)

        params = api_router.ApiLabelsRestrictedCallRouterParams(
            labels_whitelist=["foo"], allow_flows_access=True)
        router = api_router.ApiLabelsRestrictedCallRouter(params=params)

        self.CheckOnlyFollowingMethodsArePermitted(
            router,
            [
                # Clients methods.
                "SearchClients",
                "ListClientApprovals",
                "GetClient",
                "GetClientVersions",
                "GetClientVersionTimes",
                "CreateClientApproval",
                "GetClientApproval",

                # Flows methods.
                "ListFlows",
                "GetFlow",
                "CreateFlow",
                "CancelFlow",
                "ListFlowResults",
                "GetFlowResultsExportCommand",
                "GetFlowFilesArchive",
                "ListFlowOutputPlugins",
                "ListFlowOutputPluginLogs",
                "ListFlowOutputPluginErrors",
                "ListFlowLogs",
            ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#2
0
  def testWithFlowsWithoutVfsAndSingleProperlyLabeledAndApprovedClient(self):
    self.RequestAndGrantClientApproval(self.client_urn, token=self.token)

    router = api_router.ApiLabelsRestrictedCallRouter(
        labels_whitelist=["foo"], allow_flows=True)

    self.CheckOnlyFollowingMethodsArePermitted(router, [
        "SearchClients",
        "ListUserClientApprovals",

        "GetClient",
        "CreateUserClientApproval",
        "GetUserClientApproval",

        "ListClientFlows",
        "GetFlow",
        "CreateFlow",
        "CancelFlow",
        "ListFlowResults",
        "GetFlowResultsExportCommand",
        "GetFlowFilesArchive",
        "ListFlowOutputPlugins",
        "ListFlowOutputPluginLogs",
        "ListFlowOutputPluginErrors",
        "ListFlowLogs",
    ] + self.NON_ACLED_METHODS)
示例#3
0
    def testWithoutFlowsWithVfsAndSingleProperlyLabeledAndApprovedClient(self):
        self.RequestAndGrantClientApproval(self.client_urn, token=self.token)

        params = api_router.ApiLabelsRestrictedCallRouterParams(
            labels_whitelist=["foo"], allow_vfs_access=True)
        router = api_router.ApiLabelsRestrictedCallRouter(params=params)

        self.CheckOnlyFollowingMethodsArePermitted(
            router,
            [
                # Client methods.
                "SearchClients",
                "ListClientApprovals",
                "GetClient",
                "GetClientVersions",
                "GetClientVersionTimes",
                "CreateClientApproval",
                "GetClientApproval",

                # VFS methods
                "ListFiles",
                "GetFileDetails",
                "GetFileText",
                "GetFileBlob",
                "GetFileVersionTimes",
                "GetFileDownloadCommand",
                "CreateVfsRefreshOperation",
                "GetVfsRefreshOperationState",
                "GetVfsTimeline",
                "GetVfsTimelineAsCsv"
            ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#4
0
  def testWithoutFlowsWithoutVfsAndUnapprovedClientWithoutLabels(self):
    router = api_router.ApiLabelsRestrictedCallRouter()

    self.CheckOnlyFollowingMethodsArePermitted(router, [
        "SearchClients",
        "ListClientApprovals"
    ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#5
0
  def testWithFlowsWithoutVfsAndSingleMislabeledUnapprovedClient(self):
    router = api_router.ApiLabelsRestrictedCallRouter(allow_flows=True)

    self.CheckOnlyFollowingMethodsArePermitted(router, [
        "SearchClients",
        "ListUserClientApprovals",
    ] + self.NON_ACLED_METHODS)
示例#6
0
  def testWithoutFlowsWithoutVfsAndUnapprovedClientWithWrongLabelName(self):
    router = api_router.ApiLabelsRestrictedCallRouter(labels_whitelist=["bar"])

    self.CheckOnlyFollowingMethodsArePermitted(router, [
        "SearchClients",
        "ListUserClientApprovals"
    ] + self.NON_ACLED_METHODS)
示例#7
0
    def testWithoutFlowsWithoutVfsAndUnapprovedClientWithWrongLabelOwner(self):
        params = api_router.ApiLabelsRestrictedCallRouterParams(
            labels_whitelist=["foo"], labels_owners_whitelist=["somebody"])
        router = api_router.ApiLabelsRestrictedCallRouter(params=params)

        self.CheckOnlyFollowingMethodsArePermitted(
            router, ["SearchClients", "ListClientApprovals"] +
            self.NON_ACLED_METHODS)  # pyformat: disable
示例#8
0
 def testWithoutFlowsWithoutVfsAndSingleProperlyLabeledUnapprovedClient(
         self):
     router = api_router.ApiLabelsRestrictedCallRouter(
         labels_whitelist=["foo"])
     self.CheckOnlyFollowingMethodsArePermitted(router, [
         "SearchClients", "ListUserClientApprovals", "GetClient",
         "CreateUserClientApproval", "GetUserClientApproval"
     ] + self.NON_ACLED_METHODS)
示例#9
0
    def testWithFlowsWithoutVfsAndSingleMislabeledUnapprovedClient(self):
        params = api_router.ApiLabelsRestrictedCallRouterParams(
            allow_flows_access=True)
        router = api_router.ApiLabelsRestrictedCallRouter(params=params)

        self.CheckOnlyFollowingMethodsArePermitted(router, [
            "SearchClients",
            "ListClientApprovals",
        ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#10
0
    def testWithoutFlowsWithoutVfsAndSingleProperlyLabeledApprovedClient(self):
        self.RequestAndGrantClientApproval(self.client_urn, token=self.token)

        params = api_router.ApiLabelsRestrictedCallRouterParams(
            labels_whitelist=["foo"])
        router = api_router.ApiLabelsRestrictedCallRouter(params=params)
        self.CheckOnlyFollowingMethodsArePermitted(router, [
            "SearchClients", "ListClientApprovals", "GetClient",
            "CreateClientApproval", "GetClientApproval"
        ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#11
0
  def testWithoutFlowsWithVfsAndSingleMislabeledUnapprovedClient(self):
    router = api_router.ApiLabelsRestrictedCallRouter(allow_vfs_access=True)

    self.CheckOnlyFollowingMethodsArePermitted(router, [
        "SearchClients",
        "ListUserClientApprovals",

        # This operation is always allowed as it doesn't depend on a client id.
        "GetVfsRefreshOperationState"
    ] + self.NON_ACLED_METHODS)
示例#12
0
    def testWithFlowsWithoutVfsAndSingleProperlyLabeledUnapprovedClient(self):
        params = api_router.ApiLabelsRestrictedCallRouterParams(
            labels_whitelist=["foo"], allow_flows_access=True)
        router = api_router.ApiLabelsRestrictedCallRouter(params=params)

        self.CheckOnlyFollowingMethodsArePermitted(router, [
            "SearchClients",
            "ListClientApprovals",
            "GetClient",
            "GetClientVersions",
            "GetClientVersionTimes",
            "CreateClientApproval",
            "GetClientApproval",
        ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#13
0
  def testWithoutFlowsWithVfsAndSingleProperlyLabeledUnapprovedClient(self):
    router = api_router.ApiLabelsRestrictedCallRouter(
        labels_whitelist=["foo"], allow_vfs_access=True)

    self.CheckOnlyFollowingMethodsArePermitted(router, [
        "SearchClients",
        "ListClientApprovals",
        "GetClient",
        "CreateClientApproval",
        "GetClientApproval",

        # This operation is always allowed as it doesn't depend on a client
        # id.
        "GetVfsRefreshOperationState"
    ] + self.NON_ACLED_METHODS)  # pyformat: disable
示例#14
0
 def testReturnsCustomHandlerForSearchClients(self):
     router = api_router.ApiLabelsRestrictedCallRouter()
     handler = router.SearchClients(None, token=self.token)
     self.assertTrue(
         isinstance(handler,
                    api_client.ApiLabelsRestrictedSearchClientsHandler))