def validate_perms(self, new):
f = File.get_file_from_db_id(self.db, self.file1.get_id())
uf = UserFile(f, self.user1)
perms = uf.get_perms(force=True)
for p in new:
self.assertTrue(p in perms, "bad perms set %s != %s" % (new, perms))
self.assertEqual(len(perms), len(new), "perms dont match %s != %s" % (new, perms))
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
if len(args) != 3:
raise AuthzException('CLI_PARAMETER', "You must specify a username filename permssions")
user_name = args[0]
object_name = args[1]
requested_perms = args[2]
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS', "parent %s not found" % (opts.parent))
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
raise AuthzException('FILE_EXISTS', "file %s:%s not found" % (opts.type, object_name))
user = User(db_obj, uu=user_name)
uf = UserFile(file1) # create a uesrfile with owner so we can chmod
uf.chmod(requested_perms, user=user)
pynimbusauthz.print_msg(opts, 0, "changed %s to %s for %s" % (str(file1), requested_perms, str(user)))
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def test_grant(self):
user2 = User(self.db)
self.uf.chmod("R", user=user2)
uf2 = UserFile(self.file1, user2)
p = uf2.get_perms()
self.assertEqual(p, "R", "perms should only be read here")
def test_grant(self):
user2 = User(self.db)
self.uf.chmod("R", user=user2)
uf2 = UserFile(self.file1, user2)
p = uf2.get_perms()
self.assertEqual(p, "R", "perms should only be read here")
def validate_perms(self, new):
f = File.get_file_from_db_id(self.db, self.file1.get_id())
uf = UserFile(f, self.user1)
perms = uf.get_perms(force=True)
for p in new:
self.assertTrue(p in perms,
"bad perms set %s != %s" % (new, perms))
self.assertEqual(len(perms), len(new),
"perms dont match %s != %s" % (new, perms))
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def get_uf(self, bucketName, objectName=None):
file = self.get_file_obj(bucketName, objectName)
if file == None:
pycb.log(logging.INFO,
"b:o not found %s:%s" % (bucketName, str(objectName)))
raise cbException('NoSuchKey')
uf = UserFile(file, self.user)
return uf
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) != 3:
raise AuthzException(
'CLI_PARAMETER',
"You must specify a username filename permssions")
user_name = args[0]
object_name = args[1]
requested_perms = args[2]
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS',
"parent %s not found" % (opts.parent))
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
raise AuthzException(
'FILE_EXISTS',
"file %s:%s not found" % (opts.type, object_name))
user = User(db_obj, uu=user_name)
uf = UserFile(file1) # create a uesrfile with owner so we can chmod
uf.chmod(requested_perms, user=user)
pynimbusauthz.print_msg(
opts, 0, "changed %s to %s for %s" %
(str(file1), requested_perms, str(user)))
db_obj.commit()
except AuthzException, ae:
print ae
return ae.get_rc()
def setUp(self):
(osf, self.fname) = tempfile.mkstemp()
os.close(osf)
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
os.environ['NIMBUS_AUTHZ_DB'] = self.fname
pynimbusauthz.db.make_test_database(self.fname)
self.db = DB(con_str=self.fname)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
self.db.commit()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts, args) = setup_options(argv)
if len(args) == 0:
raise AuthzException('CLI_PARAMETER',
"You must specify a filename")
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS',
"bucket %s not found" % (opts.parent))
object_name = args[0]
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
pynimbusauthz.print_msg(opts, 0, "File not found")
return
uf = UserFile(file1)
msg = "%10s\t%10s\t%10s\t%10s\t%10s" % ("file", "type", "owner",
"user", "perms")
pynimbusauthz.print_msg(opts, 1, msg)
n = uf.get_file().get_name()
t = uf.get_file().get_object_type()
stat_print_uf(opts, uf, n, t)
if opts.all:
user_list = uf.get_file().get_all_users()
for u in user_list:
uf = UserFile(uf.get_file(), u)
stat_print_uf(opts, uf, " ", " ")
except AuthzException, ae:
print ae
return ae.get_rc()
def main(argv=sys.argv[1:]):
try:
con_str = pynimbusauthz.get_db_connection_string()
db_obj = DB(con_str=con_str)
(opts,args) = setup_options(argv)
if len(args) == 0:
raise AuthzException('CLI_PARAMETER', "You must specify a filename")
parent = None
if opts.parent != None:
parent = File.get_file(db_obj, opts.parent, opts.type)
if parent == None:
raise AuthzException('FILE_EXISTS', "bucket %s not found" % (opts.parent))
object_name = args[0]
file1 = File.get_file(db_obj, object_name, opts.type, parent=parent)
if file1 == None:
pynimbusauthz.print_msg(opts, 0, "File not found")
return
uf = UserFile(file1)
msg = "%10s\t%10s\t%10s\t%10s\t%10s" % ("file", "type", "owner", "user", "perms")
pynimbusauthz.print_msg(opts, 1, msg)
n = uf.get_file().get_name()
t = uf.get_file().get_object_type()
stat_print_uf(opts, uf, n, t)
if opts.all:
user_list = uf.get_file().get_all_users()
for u in user_list:
uf = UserFile(uf.get_file(), u)
stat_print_uf(opts, uf, " ", " ")
except AuthzException, ae:
print ae
return ae.get_rc()
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1,
self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def tearDown(self):
self.db.close()
def test_basic_userfile(self):
perms = self.uf.get_perms()
self.assertEqual(len(perms), 4, "Default perms should be none")
self.assertTrue("r" in perms, "read not set")
self.assertTrue("w" in perms, "write not set")
self.assertTrue("R" in perms, "read acl not set")
self.assertTrue("W" in perms, "write acl not set")
f2 = self.uf.get_file()
self.assertEqual(f2, self.file1, "should return the same file")
o2 = self.uf.get_owner()
self.assertEqual(o2, self.user1, "should return the same user")
self.assertTrue(self.uf.can_access("rwRW"))
a = self.uf.get_all_children()
self.assertEqual(len(list(a)), 0, "should be no children")
def test_bad_chmod(self):
try:
self.uf.chmod("KSA")
self.fail("should be a bad parameter exception")
except:
pass
def test_bad_chmod(self):
self.uf.chmod("r")
try:
perms = self.uf.get_perms()
self.fail("should not be able to read acl")
except:
pass
self.uf.chmod("Rr")
perms = self.uf.get_perms()
rc = self.uf.can_access("w")
self.assertFalse(rc, "should not be able to write %d" % (rc))
rc = self.uf.can_access("r")
self.assertTrue(rc, "should be able to read")
self.uf.chmod("RW")
def test_grant(self):
user2 = User(self.db)
self.uf.chmod("R", user=user2)
uf2 = UserFile(self.file1, user2)
p = uf2.get_perms()
self.assertEqual(p, "R", "perms should only be read here")
def test_children(self):
child1 = File.create_file(self.db,
"kid",
self.user1,
self.data,
pynimbusauthz.object_type_s3,
parent=self.file1)
self.db.commit()
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = self.uf.get_all_children()
found = False
for f in x:
if f.get_file() == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
class TestUser(unittest.TestCase):
def setUp(self):
# os.environ['CUMULUS_AUTHZ_DDL'] = "/home/bresnaha/Dev/Nimbus/nimbus/cumulus/authz/etc/acl.sql"
con = pynimbusauthz.db.make_test_database()
self.db = DB(con=con)
self.user1 = User(self.db)
self.name = "/file/name"
self.data = "/etc/group"
self.file1 = File.create_file(self.db, self.name, self.user1, self.data, pynimbusauthz.object_type_s3)
self.uf = UserFile(self.file1)
def tearDown(self):
self.db.close()
def test_basic_userfile(self):
perms = self.uf.get_perms()
self.assertEqual(len(perms), 4, "Default perms should be none")
self.assertTrue("r" in perms, "read not set")
self.assertTrue("w" in perms, "write not set")
self.assertTrue("R" in perms, "read acl not set")
self.assertTrue("W" in perms, "write acl not set")
f2 = self.uf.get_file()
self.assertEqual(f2, self.file1, "should return the same file")
o2 = self.uf.get_owner()
self.assertEqual(o2, self.user1, "should return the same user")
self.assertTrue(self.uf.can_access("rwRW"))
a = self.uf.get_all_children()
self.assertEqual(len(list(a)), 0, "should be no children")
def test_bad_chmod(self):
try:
self.uf.chmod("KSA")
self.fail("should be a bad parameter exception")
except:
pass
def test_bad_chmod(self):
self.uf.chmod("r")
try:
perms = self.uf.get_perms()
self.fail("should not be able to read acl")
except:
pass
self.uf.chmod("Rr")
perms = self.uf.get_perms()
rc = self.uf.can_access("w")
self.assertFalse(rc, "should not be able to write %d" % (rc))
rc = self.uf.can_access("r")
self.assertTrue(rc, "should be able to read")
self.uf.chmod("RW")
def test_grant(self):
user2 = User(self.db)
self.uf.chmod("R", user=user2)
uf2 = UserFile(self.file1, user2)
p = uf2.get_perms()
self.assertEqual(p, "R", "perms should only be read here")
def test_children(self):
child1 = File.create_file(self.db, "kid", self.user1, self.data, pynimbusauthz.object_type_s3, parent=self.file1)
self.db.commit()
x = child1.get_all_children()
self.assertEqual(len(list(x)), 0, "The file should have no children")
x = self.uf.get_all_children()
found = False
for f in x:
if f.get_file() == child1:
found = True
self.assertTrue(found, "We should have found that kid!")
