|
1344.3.1
by nskaggs
wip grant revoke |
1 |
#!/usr/bin/env python
|
|
1344.4.1
by Nicholas Skaggs
refactoring |
2 |
"""This testsuite is intended to test basic user permissions. Users
|
|
1344.3.12
by Nicholas Skaggs
fix typos and description |
3 |
can be granted read or full privileges by model. Revoking those
|
4 |
privileges should remove them.
|
|
5 |
||
6 |
A read permission user can see things such as status and
|
|
7 |
perform read-only commands. A write permission user has
|
|
8 |
equivalent powers as an admin"""
|
|
|
1344.4.2
by Nicholas Skaggs
flake8 |
9 |
|
|
1344.3.1
by nskaggs
wip grant revoke |
10 |
from __future__ import print_function |
11 |
||
12 |
import argparse |
|
|
1344.3.21
by Nicholas Skaggs
refactored testcase |
13 |
from collections import namedtuple |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
14 |
import copy |
15 |
import json |
|
|
1344.3.1
by nskaggs
wip grant revoke |
16 |
import logging |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
17 |
import random |
18 |
import string |
|
|
1344.3.1
by nskaggs
wip grant revoke |
19 |
import subprocess |
|
1344.4.4
by Nicholas Skaggs
typos and tweaks |
20 |
import sys |
|
1344.3.3
by Nicholas Skaggs
shell in place |
21 |
|
|
1344.3.13
by Nicholas Skaggs
Aaron's suggested tweaks |
22 |
import pexpect |
23 |
||
|
1344.3.1
by nskaggs
wip grant revoke |
24 |
from deploy_stack import ( |
25 |
BootstrapManager, |
|
|
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
26 |
)
|
|
1344.3.1
by nskaggs
wip grant revoke |
27 |
from utility import ( |
|
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
28 |
JujuAssertionError, |
|
1344.3.1
by nskaggs
wip grant revoke |
29 |
add_basic_testing_arguments, |
30 |
configure_logging, |
|
|
1344.3.3
by Nicholas Skaggs
shell in place |
31 |
temp_dir, |
|
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
32 |
)
|
|
1344.3.1
by nskaggs
wip grant revoke |
33 |
|
34 |
__metaclass__ = type |
|
35 |
||
36 |
||
|
1344.3.2
by nskaggs
virtual clients test |
37 |
log = logging.getLogger("assess_user_grant_revoke") |
38 |
||
|
1472.1.4
by Christopher Lee
juju unregister assess test with unit tests |
39 |
User = namedtuple('User', ['name', 'permissions', 'expect']) |
40 |
||
|
1344.3.30
by Nicholas Skaggs
flake8 fixes |
41 |
|
|
1564.1.1
by seman.said at canonical
Added access field in list-user command. |
42 |
USER_LIST_CTRL = [{"access": "superuser", "user-name": "admin", |
43 |
"display-name": "admin"}] |
|
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
44 |
USER_LIST_CTRL_READ = copy.deepcopy(USER_LIST_CTRL) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
45 |
# Created user has no display name, bug 1606354
|
|
1570.2.3
by Christopher Lee
Fix lint issues. |
46 |
USER_LIST_CTRL_READ.append( |
|
1572.1.1
by Christopher Lee
Remove empty display-name as it is no longer included in json output. |
47 |
{"access": "login", "user-name": "readuser"}) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
48 |
USER_LIST_CTRL_WRITE = copy.deepcopy(USER_LIST_CTRL) |
49 |
# bug 1606354
|
|
|
1572.1.1
by Christopher Lee
Remove empty display-name as it is no longer included in json output. |
50 |
USER_LIST_CTRL_WRITE.append({"access": "login", "user-name": "writeuser"}) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
51 |
USER_LIST_CTRL_ADMIN = copy.deepcopy(USER_LIST_CTRL) |
52 |
# bug 1606354
|
|
|
1570.2.3
by Christopher Lee
Fix lint issues. |
53 |
USER_LIST_CTRL_ADMIN.append( |
|
1572.1.1
by Christopher Lee
Remove empty display-name as it is no longer included in json output. |
54 |
{"access": "superuser", "user-name": "adminuser"}) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
55 |
SHARE_LIST_CTRL = {"admin@local": {"display-name": "admin", |
56 |
"access": "admin"}} |
|
57 |
SHARE_LIST_CTRL_READ = copy.deepcopy(SHARE_LIST_CTRL) |
|
58 |
SHARE_LIST_CTRL_READ["readuser@local"] = {"access": "read"} |
|
59 |
SHARE_LIST_CTRL_WRITE = copy.deepcopy(SHARE_LIST_CTRL) |
|
60 |
SHARE_LIST_CTRL_WRITE["writeuser@local"] = {"access": "write"} |
|
61 |
SHARE_LIST_CTRL_ADMIN = copy.deepcopy(SHARE_LIST_CTRL) |
|
62 |
SHARE_LIST_CTRL_ADMIN["adminuser@local"] = {"access": "admin"} |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
63 |
|
64 |
||
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
65 |
def assert_equal(found, expected): |
66 |
found = sorted(found) |
|
67 |
expected = sorted(expected) |
|
68 |
if found != expected: |
|
69 |
raise JujuAssertionError( |
|
70 |
'Found: {}\nExpected: {}'.format(found, expected)) |
|
71 |
||
72 |
||
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
73 |
def list_users(client): |
74 |
"""Test listing all the users"""
|
|
75 |
users_list = json.loads(client.get_juju_output('list-users', '--format', |
|
76 |
'json', include_e=False)) |
|
77 |
for user in users_list: |
|
78 |
user.pop("date-created", None) |
|
79 |
user.pop("last-connection", None) |
|
80 |
return users_list |
|
81 |
||
82 |
||
83 |
def list_shares(client): |
|
84 |
"""Test listing users' shares"""
|
|
|
1597.1.1
by Christopher Lee
Use model name not 'default'. Fakebackend uses the default model name too (of 'name'). |
85 |
model_data = json.loads( |
86 |
client.get_juju_output( |
|
87 |
'show-model', '--format', 'json', include_e=False)) |
|
88 |
share_list = model_data[client.model_name]['users'] |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
89 |
for key, value in share_list.iteritems(): |
90 |
value.pop("last-connection", None) |
|
91 |
return share_list |
|
92 |
||
93 |
||
94 |
def show_user(client): |
|
95 |
"""Test showing a user's status"""
|
|
96 |
user_status = json.loads(client.get_juju_output('show-user', '--format', |
|
97 |
'json', include_e=False)) |
|
98 |
user_status.pop("date-created", None) |
|
99 |
user_status.pop("last-connection", None) |
|
100 |
return user_status |
|
101 |
||
102 |
||
103 |
def assert_read_model(client, permission, has_permission): |
|
104 |
"""Test if the user has or doesn't have the read permission"""
|
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
105 |
log.info('Checking read model acl {}'.format(client.env.user_name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
106 |
if has_permission: |
107 |
try: |
|
108 |
client.show_status() |
|
109 |
except subprocess.CalledProcessError: |
|
110 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
111 |
'FAIL User could not check status with {} permission'.format( |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
112 |
permission)) |
113 |
else: |
|
114 |
try: |
|
115 |
client.show_status() |
|
116 |
except subprocess.CalledProcessError: |
|
117 |
pass
|
|
118 |
else: |
|
119 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
120 |
'FAIL {} checked status without {} permission'.format( |
121 |
client.env.user_name, permission)) |
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
122 |
log.info('PASS {} read acl'.format(client.env.user_name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
123 |
|
124 |
||
125 |
def assert_write_model(client, permission, has_permission): |
|
126 |
"""Test if the user has or doesn't have the write permission"""
|
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
127 |
log.info('Checking write model acl {}'.format(client.env.user_name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
128 |
if has_permission: |
129 |
try: |
|
|
1583.1.1
by Curtis Hovey
Rename get/set/unset model-config calls to match 2.0-beta18. |
130 |
tags = '"{}={}"'.format(client.env.user_name, permission) |
131 |
client.set_env_option('resource-tags', tags) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
132 |
except subprocess.CalledProcessError: |
133 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
134 |
'FAIL {} could not set-model-config with {} permission'.format( |
135 |
client.env.user_name, permission)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
136 |
else: |
137 |
try: |
|
|
1583.1.1
by Curtis Hovey
Rename get/set/unset model-config calls to match 2.0-beta18. |
138 |
tags = '"{}=no-{}"'.format(client.env.user_name, permission) |
139 |
client.set_env_option('resource-tags', tags) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
140 |
except subprocess.CalledProcessError: |
141 |
pass
|
|
142 |
else: |
|
143 |
raise JujuAssertionError( |
|
|
1583.1.1
by Curtis Hovey
Rename get/set/unset model-config calls to match 2.0-beta18. |
144 |
'FAIL User set model-config without {} permission'.format( |
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
145 |
permission)) |
146 |
log.info('PASS {} write model acl'.format(client.env.user_name)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
147 |
|
148 |
||
|
1523.2.1
by Leo Zhang
Added assess_controller_permissions |
149 |
def assert_admin_model(controller_client, client, permission, has_permission): |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
150 |
"""Test if the user has or doesn't have the admin permission"""
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
151 |
log.info('Checking admin acl with {}'.format(client.env.user_name)) |
|
1523.2.1
by Leo Zhang
Added assess_controller_permissions |
152 |
code = ''.join(random.choice( |
153 |
string.ascii_letters + string.digits) for _ in xrange(4)) |
|
154 |
new_user = permission + code |
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
155 |
log.info('Adding user {} for test'.format(new_user)) |
|
1562.2.3
by Aaron Bentley
Extract add_user, rename existing to add_user_perms. |
156 |
controller_client.add_user_perms(new_user, permissions="read") |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
157 |
if has_permission: |
|
1523.2.1
by Leo Zhang
Added assess_controller_permissions |
158 |
try: |
159 |
client.grant(new_user, permission="write") |
|
160 |
except subprocess.CalledProcessError: |
|
161 |
raise JujuAssertionError( |
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
162 |
'FAIL {} could not grant write acl to user'.format( |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
163 |
client.env.user_name, permission)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
164 |
else: |
165 |
try: |
|
|
1523.2.1
by Leo Zhang
Added assess_controller_permissions |
166 |
client.grant(new_user, permission="write") |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
167 |
except subprocess.CalledProcessError: |
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
168 |
log.info('Correctly rejected {} use of grant'.format( |
169 |
client.env.user_name)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
170 |
else: |
171 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
172 |
'FAIL {} granted access without {} permission'.format( |
173 |
client.env.user_name, permission)) |
|
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
174 |
# Remove the user to ensure list-users is sane.
|
175 |
log.info('Removing user {} after test'.format(new_user)) |
|
176 |
controller_client.remove_user(new_user) |
|
177 |
log.info('PASS {} admin acl'.format(client.env.user_name)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
178 |
|
179 |
||
180 |
def assert_user_permissions(user, user_client, controller_client): |
|
181 |
"""Test if users' permissions are within expectations"""
|
|
182 |
expect = iter(user.expect) |
|
183 |
permission = user.permissions |
|
184 |
assert_read_model(user_client, permission, expect.next()) |
|
185 |
assert_write_model(user_client, permission, expect.next()) |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
186 |
assert_admin_model( |
187 |
controller_client, user_client, permission, expect.next()) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
188 |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
189 |
log.info("Revoking {} permission from {}".format( |
190 |
user.permissions, user.name)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
191 |
controller_client.revoke(user.name, permissions=user.permissions) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
192 |
log.info('Revoke accepted') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
193 |
|
194 |
assert_read_model(user_client, permission, expect.next()) |
|
195 |
assert_write_model(user_client, permission, expect.next()) |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
196 |
assert_admin_model( |
197 |
controller_client, user_client, permission, expect.next()) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
198 |
|
199 |
||
200 |
def assert_change_password(client, user): |
|
201 |
"""Test changing user's password"""
|
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
202 |
log.info('Checking change-user-password') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
203 |
try: |
204 |
child = client.expect('change-user-password', (user.name,), |
|
205 |
include_e=False) |
|
206 |
child.expect('(?i)password') |
|
207 |
child.sendline(user.name + '_password_2') |
|
208 |
child.expect('(?i)password') |
|
209 |
child.sendline(user.name + '_password_2') |
|
210 |
child.expect(pexpect.EOF) |
|
211 |
except pexpect.TIMEOUT: |
|
212 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
213 |
'FAIL Changing user password failed: pexpect session timed out') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
214 |
if child.isalive(): |
215 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
216 |
'FAIL Changing user password failed: pexpect session still alive') |
|
1477.3.1
by Andrew Wilkins
beebop |
217 |
child.close() |
218 |
if child.exitstatus != 0: |
|
219 |
raise JujuAssertionError( |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
220 |
'FAIL Changing user password failed: '
|
|
1522.2.4
by Christopher Lee
lint fixes |
221 |
'pexpect process exited with {}'.format(child.exitstatus)) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
222 |
log.info('PASS change-user-password') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
223 |
|
224 |
||
225 |
def assert_disable_enable(controller_client, user): |
|
226 |
"""Test disabling and enabling users"""
|
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
227 |
log.info('Checking disabled {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
228 |
controller_client.disable_user(user.name) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
229 |
log.info('Disabled {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
230 |
user_list = list_users(controller_client) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
231 |
log.info('Checking list-users {}'.format(user.name)) |
|
1570.2.1
by Christopher Lee
Apply Horacios fix for grant revoke. |
232 |
assert_equal(user_list, USER_LIST_CTRL) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
233 |
log.info('Checking enable {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
234 |
controller_client.enable_user(user.name) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
235 |
log.info('Enabled {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
236 |
user_list = list_users(controller_client) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
237 |
log.info('Checking list-users {}'.format(user.name)) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
238 |
assert_equal(user_list, USER_LIST_CTRL_WRITE) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
239 |
|
240 |
||
241 |
def assert_logout_login(controller_client, user_client, user, fake_home): |
|
242 |
"""Test users' login and logout"""
|
|
243 |
user_client.logout() |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
244 |
log.info('Checking list-users after logout') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
245 |
user_list = list_users(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
246 |
assert_equal(user_list, USER_LIST_CTRL_READ) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
247 |
log.info('Checking list-users after login') |
|
1477.2.4
by Leo Zhang
Bug Fixed |
248 |
username = user.name |
249 |
controller_name = '{}_controller'.format(username) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
250 |
client = controller_client.create_cloned_environment( |
|
1477.3.1
by Andrew Wilkins
beebop |
251 |
fake_home, controller_name, user.name) |
|
1585.1.1
by Curtis Hovey
Login uses macaroons, or not prompt for password. |
252 |
if client.env.config['type'] == 'lxd': |
253 |
client.juju( |
|
254 |
'login', (user.name, '-c', controller_name), include_e=False) |
|
255 |
else: |
|
256 |
try: |
|
257 |
child = client.expect('login', (user.name, '-c', controller_name), |
|
258 |
include_e=False) |
|
259 |
# This scenario is pre-macaroon.
|
|
|
1586
by Curtis Hovey
Login uses macaroons, or not prompt for password. |
260 |
# See https://bugs.launchpad.net/bugs/1621532
|
|
1585.1.1
by Curtis Hovey
Login uses macaroons, or not prompt for password. |
261 |
child.expect('(?i)password') |
262 |
child.sendline(user.name + '_password_2') |
|
263 |
# end non-macaroon.
|
|
264 |
child.expect(pexpect.EOF) |
|
265 |
if child.isalive(): |
|
266 |
raise JujuAssertionError( |
|
267 |
'FAIL Login user: pexpect session still alive') |
|
268 |
child.close() |
|
269 |
if child.exitstatus != 0: |
|
270 |
raise JujuAssertionError( |
|
271 |
'FAIL Login user: pexpect process exited with {}'.format( |
|
272 |
child.exitstatus)) |
|
273 |
except pexpect.TIMEOUT: |
|
274 |
raise JujuAssertionError( |
|
275 |
'FAIL Login user failed: pexpect session timed out') |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
276 |
log.info('PASS logout and login') |
277 |
return client |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
278 |
|
279 |
||
280 |
def assert_read_user(controller_client, user): |
|
281 |
"""Assess the operations of read user"""
|
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
282 |
log.info('Checking read {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
283 |
with temp_dir() as fake_home: |
284 |
user_client = controller_client.register_user( |
|
285 |
user, fake_home) |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
286 |
log.info('Checking list-users {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
287 |
user_list = list_users(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
288 |
assert_equal(user_list, USER_LIST_CTRL_READ) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
289 |
log.info('Checking list-shares {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
290 |
share_list = list_shares(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
291 |
assert_equal(share_list, SHARE_LIST_CTRL_READ) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
292 |
assert_change_password(user_client, user) |
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
293 |
user_client = assert_logout_login( |
294 |
controller_client, user_client, user, fake_home) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
295 |
assert_user_permissions(user, user_client, controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
296 |
controller_client.remove_user(user.name) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
297 |
log.info('PASS read {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
298 |
|
299 |
||
300 |
def assert_write_user(controller_client, user): |
|
301 |
"""Assess the operations of write user"""
|
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
302 |
log.info('Checking write {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
303 |
with temp_dir() as fake_home: |
304 |
user_client = controller_client.register_user( |
|
305 |
user, fake_home) |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
306 |
user_client.env.user_name = user.name |
307 |
log.info('Checking list-users {}'.format(user.name)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
308 |
user_list = list_users(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
309 |
assert_equal(user_list, USER_LIST_CTRL_WRITE) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
310 |
log.info('Checking list-shares {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
311 |
share_list = list_shares(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
312 |
assert_equal(share_list, SHARE_LIST_CTRL_WRITE) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
313 |
assert_disable_enable(controller_client, user) |
314 |
assert_user_permissions(user, user_client, controller_client) |
|
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
315 |
controller_client.remove_user(user.name) |
|
1541.2.8
by Curtis Hovey
Remove Use set-model-config instrad of deploy. |
316 |
log.info('PASS write {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
317 |
|
318 |
||
319 |
def assert_admin_user(controller_client, user): |
|
320 |
"""Assess the operations of admin user"""
|
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
321 |
log.info('Checking admin {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
322 |
with temp_dir() as fake_home: |
323 |
user_client = controller_client.register_user( |
|
324 |
user, fake_home) |
|
|
1570.2.1
by Christopher Lee
Apply Horacios fix for grant revoke. |
325 |
controller_client.grant(user_name=user.name, permission="superuser") |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
326 |
user_client.env.user_name = user.name |
327 |
log.info('Checking list-users {}'.format(user.name)) |
|
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
328 |
user_list = list_users(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
329 |
assert_equal(user_list, USER_LIST_CTRL_ADMIN) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
330 |
log.info('Checking list-shares {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
331 |
share_list = list_shares(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
332 |
assert_equal(share_list, SHARE_LIST_CTRL_ADMIN) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
333 |
assert_user_permissions(user, user_client, controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
334 |
controller_client.remove_user(user.name) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
335 |
log.info('PASS admin {}'.format(user.name)) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
336 |
|
337 |
||
338 |
def assess_user_grant_revoke(controller_client): |
|
339 |
"""Test multi-users functionality"""
|
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
340 |
log.info('STARTING grant/revoke permissions') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
341 |
controller_client.env.user_name = 'admin' |
|
1570.2.1
by Christopher Lee
Apply Horacios fix for grant revoke. |
342 |
log.info("Creating Users: readuser, writeuser, adminuser") |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
343 |
read_user = User('readuser', 'read', |
344 |
[True, False, False, False, False, False]) |
|
345 |
write_user = User('writeuser', 'write', |
|
346 |
[True, True, False, True, False, False]) |
|
347 |
admin_user = User('adminuser', 'admin', |
|
348 |
[True, True, True, True, True, True]) |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
349 |
log.info('Checking list-users admin') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
350 |
user_list = list_users(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
351 |
assert_equal(user_list, USER_LIST_CTRL) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
352 |
log.info('Checking list-shares admin') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
353 |
share_list = list_shares(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
354 |
assert_equal(share_list, SHARE_LIST_CTRL) |
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
355 |
log.info('Checking show-user admin') |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
356 |
user_status = show_user(controller_client) |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
357 |
assert_equal(user_status, USER_LIST_CTRL[0]) |
|
1477.2.12
by Leo Zhang
Fake merge of trunk |
358 |
assert_read_user(controller_client, read_user) |
359 |
assert_write_user(controller_client, write_user) |
|
360 |
assert_admin_user(controller_client, admin_user) |
|
|
1541.2.7
by Curtis Hovey
Added logging to follow operations. |
361 |
log.info('SUCCESS grant/revoke permissions') |
|
1477.2.2
by Leo Zhang
Clean up |
362 |
|
|
1344.3.13
by Nicholas Skaggs
Aaron's suggested tweaks |
363 |
|
|
1344.3.1
by nskaggs
wip grant revoke |
364 |
def parse_args(argv): |
365 |
"""Parse all arguments."""
|
|
|
1344.4.2
by Nicholas Skaggs
flake8 |
366 |
parser = argparse.ArgumentParser( |
367 |
description="Test grant and revoke permissions for users") |
|
|
1344.3.1
by nskaggs
wip grant revoke |
368 |
add_basic_testing_arguments(parser) |
369 |
return parser.parse_args(argv) |
|
370 |
||
371 |
||
372 |
def main(argv=None): |
|
373 |
args = parse_args(argv) |
|
|
1344.3.3
by Nicholas Skaggs
shell in place |
374 |
configure_logging(logging.DEBUG) |
|
1344.3.1
by nskaggs
wip grant revoke |
375 |
bs_manager = BootstrapManager.from_args(args) |
376 |
with bs_manager.booted_context(args.upload_tools): |
|
|
1344.3.13
by Nicholas Skaggs
Aaron's suggested tweaks |
377 |
assess_user_grant_revoke(bs_manager.client) |
|
1344.3.1
by nskaggs
wip grant revoke |
378 |
return 0 |
379 |
||
|
1344.4.4
by Nicholas Skaggs
typos and tweaks |
380 |
if __name__ == '__main__': |
381 |
sys.exit(main()) |