def Create2HuntsForDifferentUsers(self): # Create 2 hunts. Hunt1 by "otheruser" and hunt2 by us. # Both hunts will be approved by user "approver". hunt1_id = self.CreateSampleHunt(token=access_control.ACLToken( username="******")) hunt2_id = self.CreateSampleHunt(token=access_control.ACLToken( username=self.token.username)) self.CreateAdminUser("approver") token = access_control.ACLToken(username="******") security.HuntApprovalRequestor(subject_urn=hunt1_id, reason=self.reason, approver="approver", token=token).Request() token = access_control.ACLToken(username=self.token.username) security.HuntApprovalRequestor(subject_urn=hunt2_id, reason=self.reason, approver="approver", token=token).Request() token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=hunt1_id, reason=self.reason, delegate="otheruser", token=token).Grant() token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=hunt2_id, reason=self.reason, delegate=self.token.username, token=token).Grant()
def testEmailHuntApprovalGrantNotificationLinkLeadsToCorrectPage(self): hunt_id = self.CreateSampleHunt() security.HuntApprovalRequestor( reason=self.APPROVAL_REASON, subject_urn=hunt_id, approver=self.GRANTOR_TOKEN.username, token=self.token).Request() security.HuntApprovalGrantor( reason=self.APPROVAL_REASON, subject_urn=hunt_id, token=self.GRANTOR_TOKEN, delegate=self.token.username).Grant() # There should be 1 message for approval request and 1 message # for approval grant notification. self.assertEqual(len(self.messages_sent), 2) message = self.messages_sent[1] self.assertTrue(self.APPROVAL_REASON in message) self.assertTrue(self.GRANTOR_TOKEN.username in message) self.assertTrue(hunt_id.Basename() in message) self.Open(self._ExtractLinkFromMessage(message)) # We should end up on hunts's page. self.WaitUntil(self.IsTextPresent, hunt_id.Basename())
def ProcessApproval(): time.sleep(1) self.CreateAdminUser("approver") approver_token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=h.urn, reason="blah", delegate=self.token.username, token=approver_token).Grant()
def _RunTestForNormalApprovals(self): with test_lib.FakeTime(42): self.CreateAdminUser("approver") with self.CreateHunt(description="hunt1") as hunt_obj: hunt1_urn = hunt_obj.urn hunt1_id = hunt1_urn.Basename() with self.CreateHunt(description="hunt2") as hunt_obj: hunt2_urn = hunt_obj.urn hunt2_id = hunt2_urn.Basename() with test_lib.FakeTime(44): approval_urn = security.HuntApprovalRequestor( reason="foo", subject_urn=hunt1_urn, approver="approver", token=self.token).Request() approval1_id = approval_urn.Basename() with test_lib.FakeTime(45): approval_urn = security.HuntApprovalRequestor( reason="bar", subject_urn=hunt2_urn, approver="approver", token=self.token).Request() approval2_id = approval_urn.Basename() with test_lib.FakeTime(84): approver_token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(reason="bar", delegate=self.token.username, subject_urn=hunt2_urn, token=approver_token).Grant() with test_lib.FakeTime(126): self.Check("GetHuntApproval", args=user_plugin.ApiGetHuntApprovalArgs( username=self.token.username, hunt_id=hunt1_id, approval_id=approval1_id), replace={ hunt1_id: "H:123456", approval1_id: "approval:111111" }) self.Check("GetHuntApproval", args=user_plugin.ApiGetHuntApprovalArgs( username=self.token.username, hunt_id=hunt2_id, approval_id=approval2_id), replace={ hunt2_id: "H:567890", approval2_id: "approval:222222" })
def GrantHuntApproval(self, hunt_id, requestor=None, reason=None, approver="approver"): """Grants an approval for a given hunt.""" if not requestor: requestor = self.token.username if not reason: reason = self.token.reason self.CreateAdminUser(approver) approver_token = access_control.ACLToken(username=approver) security.HuntApprovalGrantor( subject_urn=rdfvalue.RDFURN("hunts").Add(hunt_id), reason=reason, delegate=requestor, token=approver_token).Grant()
def testHuntACLWorkflow(self): hunt_id = self.CreateSampleHunt() # Open up and click on View Hunts. self.Open("/") self.WaitUntil(self.IsElementPresent, "client_query") self.Click("css=a[grrtarget=hunts]") self.WaitUntil(self.IsTextPresent, "SampleHunt") # Select a Hunt. self.Click("css=td:contains('SampleHunt')") # Click on Run and wait for dialog again. self.Click("css=button[name=RunHunt]") self.WaitUntil(self.IsTextPresent, "Are you sure you want to run this hunt?") # Click on "Proceed" and wait for authorization dialog to appear. self.Click("css=button[name=Proceed]") # This should be rejected now and a form request is made. self.WaitUntil(self.IsElementPresent, "css=h3:contains('Create a new approval')") # This asks our user to approve the request. self.Type("css=grr-request-approval-dialog input[name=acl_approver]", self.token.username) self.Type("css=grr-request-approval-dialog input[name=acl_reason]", self.reason) self.Click( "css=grr-request-approval-dialog button[name=Proceed]:not([disabled])" ) # "Request Approval" dialog should go away self.WaitUntilNot(self.IsVisible, "css=.modal-open") self.WaitForNotification("aff4:/users/%s" % self.token.username) self.Open("/") self.WaitUntil(lambda: self.GetText("notification_button") != "0") self.Click("notification_button") self.Click("css=td:contains('Please grant access to hunt')") self.WaitUntilContains("Grant access", self.GetText, "css=h2:contains('Grant')") self.WaitUntil(self.IsTextPresent, "The user %s has requested" % self.token.username) # Hunt overview should be visible self.WaitUntil(self.IsTextPresent, "SampleHunt") self.WaitUntil(self.IsTextPresent, "Hunt ID") self.WaitUntil(self.IsTextPresent, "Clients Scheduled") self.Click("css=button:contains('Approve')") self.WaitUntil(self.IsTextPresent, "Approval granted.") self.WaitForNotification("aff4:/users/%s" % self.token.username) self.Open("/") # We should be notified that we have an approval self.WaitUntil(lambda: self.GetText("notification_button") != "0") self.Click("notification_button") self.WaitUntil(self.GetText, "css=td:contains('has granted you access to hunt')") self.Click("css=tr:contains('has granted you access') a") # Run SampleHunt (it should be selected by default). self.WaitUntil(self.IsTextPresent, "SampleHunt") # Click on Run and wait for dialog again. self.Click("css=button[name=RunHunt]:not([disabled])") self.WaitUntil(self.IsTextPresent, "Are you sure you want to run this hunt?") # Click on "Proceed" and wait for authorization dialog to appear. self.Click("css=button[name=Proceed]") # This is insufficient - we need 2 approvers. self.WaitUntilContains( "Need at least 1 additional approver for access.", self.GetText, "css=grr-request-approval-dialog") # Lets add another approver. token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=hunt_id, reason=self.reason, delegate=self.token.username, token=token).Grant() self.WaitForNotification("aff4:/users/%s" % self.token.username) self.Open("/") # We should be notified that we have an approval self.WaitUntil(lambda: self.GetText("notification_button") != "0") self.Click("notification_button") self.Click("css=tr:contains('has granted you access') a") # Wait for modal backdrop to go away. self.WaitUntilNot(self.IsVisible, "css=.modal-open") self.WaitUntil(self.IsTextPresent, "SampleHunt") # Run SampleHunt (it should be selected by default). self.Click("css=button[name=RunHunt]") self.WaitUntil(self.IsTextPresent, "Are you sure you want to run this hunt?") # Click on "Proceed" and wait for authorization dialog to appear. self.Click("css=button[name=Proceed]") # This is still insufficient - one of the approvers should have # "admin" label. self.WaitUntilContains( "Need at least 1 additional approver with the 'admin' label for access", self.GetText, "css=grr-request-approval-dialog") # Let's make "approver" an admin. self.CreateAdminUser("approver") # Check if we see that the approval has already been granted. self.Open("/") self.Click("notification_button") self.Click("css=td:contains('Please grant access to hunt')") self.WaitUntil(self.IsTextPresent, "This approval has already been granted!") # And try again self.Open("/") self.WaitUntil(self.IsElementPresent, "client_query") self.Click("css=a[grrtarget=hunts]") self.WaitUntil(self.IsTextPresent, "SampleHunt") # Select and run SampleHunt. self.Click("css=td:contains('SampleHunt')") # Run SampleHunt (it should be selected by default). self.WaitUntil(self.IsTextPresent, "SampleHunt") self.Click("css=button[name=RunHunt]") self.WaitUntil(self.IsTextPresent, "Are you sure you want to run this hunt?") # Click on "Proceed" and wait for the success status message. self.Click("css=button[name=Proceed]") self.WaitUntil(self.IsTextPresent, "Hunt started successfully!")