def testFilterConsidersOffsetAndCount(self): client_id = self.client_ids[0] # Create five approval requests without granting them. for i in range(10): with test_lib.FakeTime(42 + i): self.RequestClientApproval(client_id.Basename(), reason="Request reason %d" % i) args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id, offset=0, count=5) result = self.handler.Handle(args, token=self.token) # Approvals are returned newest to oldest, so the first five approvals # have reason 9 to 5. self.assertEqual(len(result.items), 5) for item, i in zip(result.items, reversed(range(6, 10))): self.assertEqual(item.reason, "Request reason %d" % i) # When no count is specified, take all items from offset to the end. args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id, offset=7) result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), 3) for item, i in zip(result.items, reversed(range(0, 3))): self.assertEqual(item.reason, "Request reason %d" % i)
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("approver") clients = self.SetupClients(2) for client_id in clients: # Delete the certificate as it's being regenerated every time the # client is created. with aff4.FACTORY.Open( client_id, mode="rw", token=self.token) as grr_client: grr_client.DeleteAttribute(grr_client.Schema.CERT) with test_lib.FakeTime(44): approval1_id = self.RequestClientApproval( clients[0].Basename(), reason=self.token.reason, approver="approver", requestor=self.token.username) with test_lib.FakeTime(45): approval2_id = self.RequestClientApproval( clients[1].Basename(), reason=self.token.reason, approver="approver", requestor=self.token.username) with test_lib.FakeTime(84): self.GrantClientApproval( clients[1].Basename(), requestor=self.token.username, approval_id=approval2_id, approver="approver") with test_lib.FakeTime(126): self.Check( "ListClientApprovals", args=user_plugin.ApiListClientApprovalsArgs(), replace={ approval1_id: "approval:111111", approval2_id: "approval:222222" }) self.Check( "ListClientApprovals", args=user_plugin.ApiListClientApprovalsArgs( client_id=clients[0].Basename()), replace={ approval1_id: "approval:111111", approval2_id: "approval:222222" })
def testRendersRequestedClientApprovals(self): self._RequestClientApprovals() args = user_plugin.ApiListClientApprovalsArgs() result = self.handler.Handle(args, token=self.token) # All approvals should be returned. self.assertEqual(len(result.items), self.CLIENT_COUNT)
def testFiltersApprovalsByClientId(self): client_id = self.client_ids[0] self._RequestClientApprovals() # Get approvals for a specific client. There should be exactly one. args = user_plugin.ApiListClientApprovalsArgs(client_id=client_id) result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), 1) self.assertEqual(result.items[0].subject.client_id, client_id)
def testFiltersApprovalsByInvalidState(self): approval_ids = self._RequestClientApprovals() # We only requested approvals so far, so all of them should be invalid. args = user_plugin.ApiListClientApprovalsArgs( state=user_plugin.ApiListClientApprovalsArgs.State.INVALID) result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), self.CLIENT_COUNT) # Grant access to one client. Now all but one should be invalid. self.GrantClientApproval(self.client_ids[0], requestor=self.token.username, approval_id=approval_ids[0]) result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), self.CLIENT_COUNT - 1)
def testFiltersApprovalsByValidState(self): approval_ids = self._RequestClientApprovals() # We only requested approvals so far, so none of them is valid. args = user_plugin.ApiListClientApprovalsArgs( state=user_plugin.ApiListClientApprovalsArgs.State.VALID) result = self.handler.Handle(args, token=self.token) # We do not have any approved approvals yet. self.assertEqual(len(result.items), 0) # Grant access to one client. Now exactly one approval should be valid. self.GrantClientApproval(self.client_ids[0].Basename(), requestor=self.token.username, approval_id=approval_ids[0]) result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), 1) self.assertEqual(result.items[0].subject.client_id, self.client_ids[0])
def testFiltersApprovalsByClientIdAndState(self): client_id = self.client_ids[0] approval_ids = self._RequestClientApprovals() # Grant approval to a certain client. self.GrantClientApproval(client_id.Basename(), requestor=self.token.username, approval_id=approval_ids[0]) args = user_plugin.ApiListClientApprovalsArgs( client_id=client_id, state=user_plugin.ApiListClientApprovalsArgs.State.VALID) result = self.handler.Handle(args, token=self.token) # We have a valid approval for the requested client. self.assertEqual(len(result.items), 1) args.state = user_plugin.ApiListClientApprovalsArgs.State.INVALID result = self.handler.Handle(args, token=self.token) # However, we do not have any invalid approvals for the client. self.assertEqual(len(result.items), 0)
def ListClientApprovals(self, requestor=None): requestor = requestor or self.token.username handler = api_user.ApiListClientApprovalsHandler() return handler.Handle( api_user.ApiListClientApprovalsArgs(), token=access_control.ACLToken(username=requestor)).items