def post(self):
if config.is_remote_configured():
self.abort_with_error(
409, text='The configuration is managed elsewhere')
try:
importer.write_config(text=self.parse_body().get('config'),
modified_by=auth.get_current_identity())
except ValueError as ex:
self.abort_with_error(400, text=str(ex))
self.send_response({'ok': True})
def post(self):
if config.is_remote_configured():
self.abort_with_error(409, text='The configuration is managed elsewhere')
try:
importer.write_config(
text=self.parse_body().get('config'),
modified_by=auth.get_current_identity())
except ValueError as ex:
self.abort_with_error(400, text=str(ex))
self.send_response({'ok': True})
def test_write_config(self):
put_config('', 'legacy')
importer.write_config('tarball{url:"12"\nsystems:"12"}')
e = importer.config_key().get()
self.assertEqual('legacy', e.config)
self.assertEqual('tarball{url:"12"\nsystems:"12"}', e.config_proto)
def test_import_external_groups(self):
self.mock_now(datetime.datetime(2010, 1, 2, 3, 4, 5, 6))
importer.write_config("""
tarball {
domain: "example.com"
groups: "ldap/new"
oauth_scopes: "scope"
systems: "ldap"
url: "https://fake_tarball"
}
plainlist {
group: "external_1"
oauth_scopes: "scope"
url: "https://fake_external_1"
}
plainlist {
domain: "example.com"
group: "external_2"
oauth_scopes: "scope"
url: "https://fake_external_2"
}
""")
self.mock_urlfetch({
'https://fake_tarball':
build_tar_gz({
'ldap/new': 'a\nb',
}),
'https://fake_external_1':
'[email protected]\[email protected]\n',
'https://fake_external_2':
'123\n456',
})
# Should be deleted during import, since not in a imported bundle.
group('ldap/deleted', []).put()
# Should be updated.
group('external/external_1', ['x', 'y']).put()
# Should be removed, since not in list of external groups.
group('external/deleted', []).put()
# Run the import.
initial_auth_db_rev = model.get_auth_db_revision()
importer.import_external_groups()
self.assertEqual(initial_auth_db_rev + 1, model.get_auth_db_revision())
# Verify final state.
expected_groups = {
'ldap/new': {
'auth_db_rev': 1,
'auth_db_prev_rev': None,
'created_by': model.get_service_self_identity(),
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('a'), ident('b')],
'modified_by': model.get_service_self_identity(),
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
'owners': u'administrators',
},
'external/external_1': {
'auth_db_rev': 1,
'auth_db_prev_rev': None,
'created_by': ident('admin'),
'created_ts': datetime.datetime(1999, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('*****@*****.**'),
ident('*****@*****.**')],
'modified_by': model.get_service_self_identity(),
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
'owners': u'administrators',
},
'external/external_2': {
'auth_db_rev': 1,
'auth_db_prev_rev': None,
'created_by': model.get_service_self_identity(),
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('123'), ident('456')],
'modified_by': model.get_service_self_identity(),
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
'owners': u'administrators',
},
}
self.assertEqual(expected_groups, fetch_groups())
def _update_imports_config(rev, conf):
"""Applies imports.cfg config."""
# Rewrite existing config even if it is the same (to update 'rev').
cur = importer.read_config()
importer.write_config(conf, {'rev': rev.revision, 'url': rev.url})
return cur != conf
def test_importer_config_get(self):
importer.write_config(GOOD_IMPORTER_CONFIG)
response = self.app.get('/auth_service/api/v1/importer/config', status=200)
self.assertEqual({'config': GOOD_IMPORTER_CONFIG}, response.json)
def test_write_config(self):
put_config('', 'legacy')
importer.write_config('tarball{url:"12"\nsystems:"12"}')
e = importer.config_key().get()
self.assertEqual('legacy', e.config)
self.assertEqual('tarball{url:"12"\nsystems:"12"}', e.config_proto)
def test_importer_config_get(self):
importer.write_config(GOOD_IMPORTER_CONFIG)
response = self.app.get('/auth_service/api/v1/importer/config',
status=200)
self.assertEqual({'config': GOOD_IMPORTER_CONFIG}, response.json)
def test_import_external_groups(self):
self.mock_now(datetime.datetime(2010, 1, 2, 3, 4, 5, 6))
importer.write_config("""
tarball {
domain: "example.com"
groups: "ldap/new"
oauth_scopes: "scope"
systems: "ldap"
url: "https://fake_tarball"
}
plainlist {
group: "external_1"
oauth_scopes: "scope"
url: "https://fake_external_1"
}
plainlist {
domain: "example.com"
group: "external_2"
oauth_scopes: "scope"
url: "https://fake_external_2"
}
""")
self.mock_urlfetch({
'https://fake_tarball': build_tar_gz({
'ldap/new': 'a\nb',
}),
'https://fake_external_1': '[email protected]\[email protected]\n',
'https://fake_external_2': '123\n456',
})
# Should be deleted during import, since not in a imported bundle.
group('ldap/deleted', []).put()
# Should be updated.
group('external/external_1', ['x', 'y']).put()
# Should be removed, since not in list of external groups.
group('external/deleted', []).put()
# Run the import.
initial_auth_db_rev = model.get_auth_db_revision()
importer.import_external_groups()
self.assertEqual(initial_auth_db_rev + 1, model.get_auth_db_revision())
# Verify final state.
expected_groups = {
'ldap/new': {
'auth_db_rev': 1,
'auth_db_prev_rev': None,
'created_by': model.get_service_self_identity(),
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('a'), ident('b')],
'modified_by': model.get_service_self_identity(),
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
'owners': u'administrators',
},
'external/external_1': {
'auth_db_rev': 1,
'auth_db_prev_rev': None,
'created_by': ident('admin'),
'created_ts': datetime.datetime(1999, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('*****@*****.**'), ident('*****@*****.**')],
'modified_by': model.get_service_self_identity(),
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
'owners': u'administrators',
},
'external/external_2': {
'auth_db_rev': 1,
'auth_db_prev_rev': None,
'created_by': model.get_service_self_identity(),
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('123'), ident('456')],
'modified_by': model.get_service_self_identity(),
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
'owners': u'administrators',
},
}
self.assertEqual(expected_groups, fetch_groups())
def test_import_external_groups(self):
self.mock_now(datetime.datetime(2010, 1, 2, 3, 4, 5, 6))
service_id = auth.Identity.from_bytes('service:some-service')
self.mock(auth, 'get_service_self_identity', lambda: service_id)
importer.write_config([
{
'domain': 'example.com',
'format': 'tarball',
'groups': ['ldap/new'],
'oauth_scopes': ['scope'],
'systems': ['ldap'],
'url': 'https://fake_tarball',
},
{
'format': 'plainlist',
'group': 'external_1',
'oauth_scopes': ['scope'],
'url': 'https://fake_external_1',
},
{
'description': 'Some external group',
'domain': 'example.com',
'format': 'plainlist',
'group': 'external_2',
'oauth_scopes': ['scope'],
'url': 'https://fake_external_2',
},
])
self.mock_urlfetch({
'https://fake_tarball': build_tar_gz({
'ldap/new': 'a\nb',
}),
'https://fake_external_1': '[email protected]\[email protected]\n',
'https://fake_external_2': '123\n456',
})
# Should be deleted during import, since not in a imported bundle.
group('ldap/deleted', []).put()
# Should be updated.
group('external/external_1', ['x', 'y']).put()
# Should be removed, since not in list of external groups.
group('external/deleted', []).put()
# Run the import.
initial_auth_db_rev = model.get_auth_db_revision()
importer.import_external_groups()
self.assertEqual(initial_auth_db_rev + 1, model.get_auth_db_revision())
# Verify final state.
expected_groups = {
'ldap/new': {
'created_by': service_id,
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('a'), ident('b')],
'modified_by': service_id,
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
},
'external/external_1': {
'created_by': ident('admin'),
'created_ts': datetime.datetime(1999, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('*****@*****.**'), ident('*****@*****.**')],
'modified_by': service_id,
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
},
'external/external_2': {
'created_by': service_id,
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('123'), ident('456')],
'modified_by': service_id,
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
},
}
self.assertEqual(expected_groups, fetch_groups())
def test_import_external_groups(self):
self.mock_now(datetime.datetime(2010, 1, 2, 3, 4, 5, 6))
service_id = auth.Identity.from_bytes('service:some-service')
self.mock(auth, 'get_service_self_identity', lambda: service_id)
importer.write_config([
{
'domain': 'example.com',
'format': 'tarball',
'groups': ['ldap/new'],
'oauth_scopes': ['scope'],
'systems': ['ldap'],
'url': 'https://fake_tarball',
},
{
'format': 'plainlist',
'group': 'external_1',
'oauth_scopes': ['scope'],
'url': 'https://fake_external_1',
},
{
'description': 'Some external group',
'domain': 'example.com',
'format': 'plainlist',
'group': 'external_2',
'oauth_scopes': ['scope'],
'url': 'https://fake_external_2',
},
])
self.mock_urlfetch({
'https://fake_tarball':
build_tar_gz({
'ldap/new': 'a\nb',
}),
'https://fake_external_1':
'[email protected]\[email protected]\n',
'https://fake_external_2':
'123\n456',
})
# Should be deleted during import, since not in a imported bundle.
group('ldap/deleted', []).put()
# Should be updated.
group('external/external_1', ['x', 'y']).put()
# Should be removed, since not in list of external groups.
group('external/deleted', []).put()
# Run the import.
initial_auth_db_rev = model.get_auth_db_revision()
importer.import_external_groups()
self.assertEqual(initial_auth_db_rev + 1, model.get_auth_db_revision())
# Verify final state.
expected_groups = {
'ldap/new': {
'created_by': service_id,
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('a'), ident('b')],
'modified_by': service_id,
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
},
'external/external_1': {
'created_by': ident('admin'),
'created_ts': datetime.datetime(1999, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('*****@*****.**'),
ident('*****@*****.**')],
'modified_by': service_id,
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
},
'external/external_2': {
'created_by': service_id,
'created_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'description': u'',
'globs': [],
'members': [ident('123'), ident('456')],
'modified_by': service_id,
'modified_ts': datetime.datetime(2010, 1, 2, 3, 4, 5, 6),
'nested': [],
},
}
self.assertEqual(expected_groups, fetch_groups())
def post(self):
config = self.parse_body().get('config')
if not importer.is_valid_config(config):
self.abort_with_error(400, text='Invalid config format.')
importer.write_config(config)
self.send_response({'ok': True})
def _update_imports_config(rev, conf):
"""Applies imports.cfg config."""
# Rewrite existing config even if it is the same (to update 'rev').
cur = importer.read_config()
importer.write_config(conf, {'rev': rev.revision, 'url': rev.url})
return cur != conf