def getMsg(self, stub, name, typ, opts):
if not name:
raise s_exc.BadSyntaxError(mesg='Action requires a name')
args = {typ: name}
admin = opts.pop('admin', None)
if admin and typ == 'user':
msg = s_tufo.tufo(':'.join([stub, 'admin']),
**args)
return msg
role = opts.pop('role', None)
if role and typ == 'user':
args['role'] = role
msg = s_tufo.tufo(':'.join([stub, 'urole']),
**args)
return msg
rulefo = self.formRulefo(opts)
if rulefo is None:
msg = s_tufo.tufo(':'.join([stub, typ]),
**args)
return msg
mod = self.modmap.get(typ)
if not mod: # pragma: no cover
raise s_exc.BadSyntaxError(mesg='Unknown type encountered',
type=typ)
args['rule'] = rulefo
msg = s_tufo.tufo(':'.join([stub, mod]),
**args)
return msg
def setUp(self):
self.t1 = s_tufo.tufo('bar', baz='faz', derp=20)
self.t2 = s_tufo.tufo(
'bar', **{
'baz': 'faz',
'derp': 20,
'namespace:sound': 'quack'
})
self.t3 = ('duck', {
'tufo:form': 'animal',
'animal:stype': 'duck',
'animal:sound': 'quack'
})
def __authDelAdmin(self, mesg):
mname, mdict = mesg
name = mdict.get('user')
uobj = self.auth.reqUser(name)
uobj.setAdmin(False)
ret = s_tufo.tufo(mname, user=(name, uobj._getAuthData()))
return True, ret
def test_kwargs_tufo_creation(self):
'''
Ensure that tufos' can be created via **kwargs.
'''
tuf0 = s_tufo.tufo('bar', **{'baz': 'faz', 'derp': 20, })
r = s_tufo.equal(tuf0, self.tuf0)
self.true(r)
def test_simple_tufo_creation(self):
'''
Ensure that tufos can be created with explicit arguments.
'''
tuf0 = s_tufo.tufo('bar', baz='faz', derp=20)
r = s_tufo.equal(tuf0, self.tuf0)
self.true(r)
def dump_rows(outp, fd, store, compress=False, genrows_kwargs=None):
outp.printf('Starting row dump')
if not genrows_kwargs:
genrows_kwargs = {}
i = 0
j = 0
cur_bytes = 0
bufs = []
kwargs = preset_args.get(store.getStoreType(), {})
kwargs.update(genrows_kwargs)
tick = time.time()
for rows in store.genStoreRows(**kwargs):
j += len(rows)
i += len(rows)
tufo = s_tufo.tufo('core:save:add:rows', rows=rows)
if compress:
tufo[1]['rows'] = gzip.compress(s_common.msgenpack(rows), 9)
byts = s_common.msgenpack(tufo)
bufs.append(byts)
cur_bytes += len(byts)
if cur_bytes > s_axon.megabyte * DUMP_MEGS:
fd.write(b''.join([byts for byts in bufs]))
outp.printf('Stored {} rows, total {} rows'.format(j, i))
bufs = []
cur_bytes = 0
j = 0
# There still may be rows we need too write out.
if bufs:
fd.write(b''.join([byts for byts in bufs]))
outp.printf('Stored {} rows, total {} rows'.format(j, i))
bufs = []
tock = time.time()
outp.printf('Done dumping rows - took {} seconds.'.format(tock - tick))
outp.printf('Dumped {} rows'.format(i))
def __authDelRoleRule(self, mesg):
mname, mdict = mesg
name = mdict.get('role')
rule = mdict.get('rule')
robj = self.auth.reqRole(name)
robj.delRule(rule)
ret = s_tufo.tufo(mname, role=(name, robj._getAuthData()))
return True, ret
def __authDelUserRule(self, mesg):
mname, mdict = mesg
name = mdict.get('user')
rule = mdict.get('rule')
uobj = self.auth.reqUser(name)
uobj.delRule(rule)
ret = s_tufo.tufo(mname, user=(name, uobj._getAuthData()))
return True, ret
def __authAddUserRole(self, mesg):
mname, mdict = mesg
name = mdict.get('user')
role = mdict.get('role')
uobj = self.auth.reqUser(name)
robj = self.auth.reqRole(role)
uobj.addRole(role)
ret = s_tufo.tufo(mname, user=(name, uobj._getAuthData()))
return True, ret
def formRulefo(self, opts):
rtype = opts.pop('rule', None)
if not rtype:
return None
form = opts.get('form')
prop = opts.get('prop')
tag = opts.get('tag')
if tag:
if form or prop:
raise s_exc.BadSyntaxError(mesg='Cannot form rulefo with tag and (form OR prop)')
else:
return s_tufo.tufo(rtype, tag=tag)
if form and prop:
return s_tufo.tufo(rtype, form=form, prop=prop)
if form and not prop:
return s_tufo.tufo(rtype, form=form)
raise s_exc.BadSyntaxError(mesg='Unable to form rulefo',
prop=prop, form=form, tag=tag, rule=rtype)
def dump_blobs(outp, fd, store):
i = 0
outp.printf('Dumping blobstore')
for key in store.getBlobKeys():
valu = store.getBlobValu(key)
tufo = s_tufo.tufo('syn:core:blob:set', key=key, valu=s_msgpack.en(valu))
byts = s_msgpack.en(tufo)
fd.write(byts)
i += 1
outp.printf('Done dumping {} keys from blobstore.'.format(i))
def gen_backup_tufo(options):
d = {'rows:compress': options.compress,
'synapse:version': synapse.version,
'synapse:rows:output': options.output,
'synapse:cortex:input': options.store,
'synapse:cortex:blob_store': options.dump_blobstore,
'synapse:cortex:revstore': options.revstorage,
'time:created': s_common.now(),
'python:version': s_common.version
}
tufo = s_tufo.tufo('syn:cortex:rowdump:info', **d)
return tufo
def setUp(self):
self.t1 = s_tufo.tufo('bar', baz='faz', derp=20)
self.t2 = s_tufo.tufo('bar', derp=20, baz='faz')
self.t3 = s_tufo.tufo('foo', derp=20, baz='faz')
self.t4 = s_tufo.tufo('bar', derp=20, baz='faz', prop='value')
self.t5 = s_tufo.tufo('bar', **{'baz': 'faz', 'derp': 20, 'namespace:sound': 'quack'})
self.t6 = s_tufo.tufo('bar', **{'baz': 'faz', 'derp': 20})
def runCmdOpts(self, opts):
core = self.getCmdItem() # type: s_auth.AuthMixin
act = opts.pop('act')
typ = opts.pop('type')
name = opts.pop('name', None)
astub = 'auth:add'
dstub = 'auth:del'
# Form our mesg
if act == 'get':
if name:
mesg = s_tufo.tufo('auth:req:%s' % typ,
**{self.typmap.get(typ): name})
else:
mesg = ('auth:get:%s' % self.getmap.get(typ),
{})
elif act == 'add':
mesg = self.getMsg(astub, name, typ, opts)
elif act == 'del':
mesg = self.getMsg(dstub, name, typ, opts)
else: # pragma: no cover
raise s_exc.BadSyntaxError(mesg='Unknown action provided',
act=act)
# Execute remote call
isok, retn = core.authReact(mesg)
retn = s_common.reqok(isok, retn)
# Format output
if opts.get('json'):
outp = json.dumps(retn, indent=2, sort_keys=True)
else:
width, _ = shutil.get_terminal_size((120, 24))
if width == 0:
# In CI we may not have a tty available.
width = 120
outp = pprint.pformat(retn, width=width)
self.printf(outp)
return retn
def test_auth_mixin(self):
rname = 'pennywise'
uname = 'bob'
hatguy = 'hatguy'
nrole = 'ninja'
rule1 = ('node:add', {'form': 'strform'})
with self.getTestDir() as dirn:
foo = TstAthMxn(dirn, root=rname)
# Test decorators
isok, retn = foo.authReact(s_tufo.tufo('auth:get:users'))
self.false(isok)
self.eq(retn[0], 'NoSuchUser')
with s_scope.enter({'syn:user': uname}):
isok, retn = foo.authReact(s_tufo.tufo('auth:get:users'))
self.false(isok)
self.eq(retn[0], 'NoSuchUser')
with s_scope.enter({'syn:user': rname}):
isok, retn = foo.authReact(s_tufo.tufo('auth:get:users'))
self.true(isok)
self.eq(retn[0], 'auth:get:users')
self.isin(rname, retn[1].get('users'))
isok, retn = foo.authReact(s_tufo.tufo('auth:get:roles'))
self.true(isok)
self.eq(retn[0], 'auth:get:roles')
self.eq(retn[1].get('roles'), [])
isok, retn = foo.authReact(
s_tufo.tufo('auth:req:user', user=rname))
self.true(isok)
self.eq(retn[0], 'auth:req:user')
root = retn[1].get('user')
self.istufo(root)
self.eq(root[0], rname)
self.true(root[1].get('admin'))
self.eq(root[1].get('rules'), [])
self.eq(root[1].get('roles'), [])
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:role', role=nrole))
self.true(isok)
self.eq(retn[0], 'auth:add:role')
role = retn[1].get('role')
self.istufo(role)
isok, retn = foo.authReact(s_tufo.tufo('auth:get:roles'))
self.eq(retn[1].get('roles'), [nrole])
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:rrule', role=nrole, rule=rule1))
self.true(isok)
self.eq(retn[0], 'auth:add:rrule')
role = retn[1].get('role')
self.len(1, role[1].get('rules'))
self.eq(role[1].get('rules'), [rule1])
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:urole', role=nrole, user=rname))
self.true(isok)
self.eq(retn[0], 'auth:add:urole')
root = retn[1].get('user')
self.isin(nrole, root[1].get('roles'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:req:role', role=nrole))
self.true(isok)
self.eq(retn[0], 'auth:req:role')
role = retn[1].get('role')
self.istufo(role)
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:user', user=uname))
self.true(isok)
self.eq(retn[0], 'auth:add:user')
user = retn[1].get('user')
self.istufo(user)
self.eq(user[0], uname)
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:urule', user=uname, rule=rule1))
self.true(isok)
self.eq(retn[0], 'auth:add:urule')
user = retn[1].get('user')
self.len(1, user[1].get('rules'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:urole', user=uname, role=nrole))
self.true(isok)
user = retn[1].get('user')
self.len(1, user[1].get('roles'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:user', user=hatguy))
self.true(isok)
user = retn[1].get('user')
self.eq(user[0], hatguy)
self.false(user[1].get('admin'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:add:admin', user=hatguy))
self.true(isok)
self.eq(retn[0], 'auth:add:admin')
user = retn[1].get('user')
self.eq(user[0], hatguy)
self.true(user[1].get('admin'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:del:admin', user=hatguy))
self.true(isok)
self.eq(retn[0], 'auth:del:admin')
user = retn[1].get('user')
self.eq(user[0], hatguy)
self.false(user[1].get('admin'))
# Now that we have the uname user we'll fail in a different way
with s_scope.enter({'syn:user': uname}):
isok, retn = foo.authReact(s_tufo.tufo('auth:get:users'))
self.false(isok)
self.eq(retn[0], 'AuthDeny')
# Destructive testing
with s_scope.enter({'syn:user': rname}):
isok, retn = foo.authReact(
s_tufo.tufo(
'auth:del:rrule',
role=nrole,
rule=rule1,
))
self.true(isok)
self.eq(retn[0], 'auth:del:rrule')
role = retn[1].get('role')
self.len(0, role[1].get('rules'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:del:urule', user=uname, rule=rule1))
self.true(isok)
self.eq(retn[0], 'auth:del:urule')
user = retn[1].get('user')
self.len(0, user[1].get('rules'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:del:urole', user=uname, role=nrole))
self.true(isok)
self.eq(retn[0], 'auth:del:urole')
user = retn[1].get('user')
self.len(0, user[1].get('roles'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:del:user', user=uname))
self.true(isok)
self.eq(retn[0], 'auth:del:user')
self.eq(retn[1].get('user'), uname)
self.true(retn[1].get('deleted'))
isok, retn = foo.authReact(
s_tufo.tufo('auth:del:role', role=nrole))
self.true(isok)
self.eq(retn[0], 'auth:del:role')
self.eq(retn[1].get('role'), nrole)
self.true(retn[1].get('deleted'))
isoke, retn = foo.authReact(
s_tufo.tufo('auth:req:user', user=rname))
root = retn[1].get('user')
self.eq(root[1].get('roles'), [])
# Broken mixin use
class Broken(s_auth.AuthMixin):
def __init__(self):
pass
broke = Broken()
isok, retn = broke.authReact(s_tufo.tufo('auth:get:users'))
self.false(isok)
self.eq(retn[0], 'AttributeError')
def __authAddUser(self, mesg):
mname, mdict = mesg
name = mdict.get('user')
uobj = self.auth.addUser(name)
ret = s_tufo.tufo(mname, user=(name, uobj._getAuthData()))
return True, ret
def __authDelUser(self, mesg):
mname, mdict = mesg
name = mdict.get('user')
_ret = self.auth.delUser(name)
ret = s_tufo.tufo(mname, user=name, deleted=_ret)
return True, ret
def __authDelRole(self, mesg):
mname, mdict = mesg
name = mdict.get('role')
_ret = self.auth.delRole(name)
ret = s_tufo.tufo(mname, role=name, deleted=_ret)
return True, ret
def __authAddRole(self, mesg):
mname, mdict = mesg
name = mdict.get('role')
robj = self.auth.addRole(name)
ret = s_tufo.tufo(mname, role=(name, robj._getAuthData()))
return True, ret
