def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("approver")
clients = self.SetupClients(2)
for client_id in clients:
# Delete the certificate as it's being regenerated every time the
# client is created.
with aff4.FACTORY.Open(
client_id, mode="rw", token=self.token) as grr_client:
grr_client.DeleteAttribute(grr_client.Schema.CERT)
with test_lib.FakeTime(44):
approval1_id = self.RequestClientApproval(
clients[0].Basename(),
reason="foo",
approver="approver",
requestor=self.token.username)
with test_lib.FakeTime(45):
approval2_id = self.RequestClientApproval(
clients[1].Basename(),
reason="bar",
approver="approver",
requestor=self.token.username)
with test_lib.FakeTime(84):
self.GrantClientApproval(
clients[1].Basename(),
approval_id=approval2_id,
approver="approver",
requestor=self.token.username)
with test_lib.FakeTime(126):
self.Check(
"GetClientApproval",
args=user_plugin.ApiGetClientApprovalArgs(
client_id=clients[0].Basename(),
approval_id=approval1_id,
username=self.token.username),
replace={approval1_id: "approval:111111"})
self.Check(
"GetClientApproval",
args=user_plugin.ApiGetClientApprovalArgs(
client_id=clients[1].Basename(),
approval_id=approval2_id,
username=self.token.username),
replace={approval2_id: "approval:222222"})
def testRendersRequestedClientApproval(self):
approval_id = self.RequestClientApproval(
self.client_id.Basename(),
requestor=self.token.username,
reason="blah",
approver="approver",
email_cc_address="*****@*****.**")
args = user_plugin.ApiGetClientApprovalArgs(
client_id=self.client_id,
approval_id=approval_id,
username=self.token.username)
result = self.handler.Handle(args, token=self.token)
self.assertEqual(result.subject.client_id, self.client_id)
self.assertEqual(result.reason, "blah")
self.assertEqual(result.is_valid, False)
self.assertEqual(result.is_valid_message,
"Need at least 1 additional approver for access.")
self.assertEqual(result.notified_users, ["approver"])
self.assertEqual(result.email_cc_addresses, ["*****@*****.**"])
# Every approval is self-approved by default.
self.assertEqual(result.approvers, [self.token.username])
def testRaisesWhenApprovalIsNotFound(self):
args = user_plugin.ApiGetClientApprovalArgs(
client_id=self.client_id,
approval_id="approval:112233",
username=self.token.username)
with self.assertRaises(api_call_handler_base.ResourceNotFoundError):
self.handler.Handle(args, token=self.token)
def testIncludesApproversInResultWhenApprovalIsGranted(self):
approval_id = self.RequestAndGrantClientApproval(
self.client_id.Basename(),
reason="blah",
approver="approver",
requestor=self.token.username)
args = user_plugin.ApiGetClientApprovalArgs(
client_id=self.client_id,
approval_id=approval_id,
username=self.token.username)
result = self.handler.Handle(args, token=self.token)
self.assertTrue(result.is_valid)
self.assertEqual(sorted(result.approvers),
sorted([self.token.username, "approver"]))
