| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright 2016 The LUCI Authors. All rights reserved. | 2 # Copyright 2016 The LUCI Authors. All rights reserved. |
| 3 # Use of this source code is governed under the Apache License, Version 2.0 | 3 # Use of this source code is governed under the Apache License, Version 2.0 |
| 4 # that can be found in the LICENSE file. | 4 # that can be found in the LICENSE file. |
| 5 | 5 |
| 6 import logging | 6 import logging |
| 7 import sys | 7 import sys |
| 8 import unittest | 8 import unittest |
| 9 | 9 |
| 10 import test_env | 10 import test_env |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 # Default names of authorization groups. | 25 # Default names of authorization groups. |
| 26 ADMINS_GROUP = 'administrators' | 26 ADMINS_GROUP = 'administrators' |
| 27 PRIVILEGED_USERS_GROUP = ADMINS_GROUP | 27 PRIVILEGED_USERS_GROUP = ADMINS_GROUP |
| 28 USERS_GROUP = ADMINS_GROUP | 28 USERS_GROUP = ADMINS_GROUP |
| 29 BOT_BOOTSTRAP_GROUP = ADMINS_GROUP | 29 BOT_BOOTSTRAP_GROUP = ADMINS_GROUP |
| 30 | 30 |
| 31 | 31 |
| 32 class AclTest(test_case.TestCase): | 32 class AclTest(test_case.TestCase): |
| 33 def setUp(self): | 33 def setUp(self): |
| 34 super(AclTest, self).setUp() | 34 super(AclTest, self).setUp() |
| 35 | |
| 36 auth_testing.reset_local_state() | 35 auth_testing.reset_local_state() |
| 37 utils.clear_cache(config.settings) | 36 def settings(): |
| 37 return config_pb2.SettingsCfg( |
| 38 auth=config_pb2.AuthSettings( |
| 39 admins_group='admins', |
| 40 privileged_users_group='privileged_users', |
| 41 users_group='users', |
| 42 view_all_bots_group='view_all_bots', |
| 43 view_all_tasks_group='view_all_tasks')) |
| 44 self.mock(config, 'settings', settings) |
| 38 | 45 |
| 39 @staticmethod | 46 @staticmethod |
| 40 def add_to_group(group): | 47 def add_to_group(group): |
| 41 auth.bootstrap_group(group, [auth.get_current_identity()]) | 48 auth.bootstrap_group(group, [auth.get_current_identity()]) |
| 49 auth_testing.reset_local_state() |
| 42 | 50 |
| 43 def add_to_admin(self): | 51 def add_to_admin(self): |
| 44 auth_testing.mock_is_admin(self, True) | 52 auth_testing.mock_is_admin(self, True) |
| 45 | 53 |
| 46 def mock_auth_config(self, **kwargs): | |
| 47 cfg = config_pb2.SettingsCfg(auth=config_pb2.AuthSettings(**kwargs)) | |
| 48 self.mock(config, '_get_settings', lambda: ('test_rev', cfg)) | |
| 49 | |
| 50 def test_is_admin_app_admin(self): | 54 def test_is_admin_app_admin(self): |
| 51 self.add_to_admin() | 55 self.add_to_admin() |
| 52 self.assertTrue(acl.is_admin()) | 56 self.assertTrue(acl._is_admin()) |
| 53 self.assertEqual(acl.get_user_type(), 'admin') | 57 self.assertEqual(acl.get_user_type(), 'admin') |
| 54 | 58 |
| 55 def test_is_admin_not_app_admin(self): | 59 def test_is_admin_not_app_admin(self): |
| 56 self.assertFalse(acl.is_admin()) | 60 self.assertFalse(acl._is_admin()) |
| 57 self.assertIsNone(acl.get_user_type()) | 61 self.assertIsNone(acl.get_user_type()) |
| 58 | 62 |
| 59 def test_is_admin_default_group(self): | 63 def test_can_access(self): |
| 60 self.add_to_group(ADMINS_GROUP) | 64 self.assertFalse(acl.can_access()) |
| 61 self.assertTrue(acl.is_admin()) | 65 self.add_to_group('users') |
| 62 self.assertEqual(acl.get_user_type(), 'admin') | 66 self.assertTrue(acl.can_access()) |
| 63 | |
| 64 def test_is_admin_custom_group(self): | |
| 65 self.mock_auth_config(admins_group='test_group') | |
| 66 self.add_to_group('test_group') | |
| 67 self.assertTrue(acl.is_admin()) | |
| 68 self.assertEqual(acl.get_user_type(), 'admin') | |
| 69 | |
| 70 def test_is_privileged_user_admin(self): | |
| 71 self.add_to_admin() | |
| 72 self.assertTrue(acl.is_privileged_user()) | |
| 73 self.assertEqual(acl.get_user_type(), 'admin') | |
| 74 | |
| 75 def test_is_privileged_user_default_group(self): | |
| 76 self.add_to_group(PRIVILEGED_USERS_GROUP) | |
| 77 self.assertTrue(acl.is_privileged_user()) | |
| 78 self.assertEqual(acl.get_user_type(), 'admin') | |
| 79 | |
| 80 def test_is_privileged_user_custom_group(self): | |
| 81 self.mock_auth_config(privileged_users_group='test_group') | |
| 82 self.add_to_group('test_group') | |
| 83 self.assertTrue(acl.is_privileged_user()) | |
| 84 self.assertEqual(acl.get_user_type(), 'privileged user') | |
| 85 | |
| 86 def test_is_privileged_user_wrong_group(self): | |
| 87 self.mock_auth_config(privileged_users_group='test_group') | |
| 88 self.add_to_group('wrong_test_group') | |
| 89 self.assertFalse(acl.is_privileged_user()) | |
| 90 self.assertIsNone(acl.get_user_type()) | |
| 91 | |
| 92 def test_is_user_privileged(self): | |
| 93 self.mock_auth_config(privileged_users_group='test_group') | |
| 94 self.add_to_group('test_group') | |
| 95 self.assertTrue(acl.is_user()) | |
| 96 self.assertEqual(acl.get_user_type(), 'privileged user') | |
| 97 | |
| 98 def test_is_user_default_group(self): | |
| 99 self.add_to_group(USERS_GROUP) | |
| 100 self.assertTrue(acl.is_user()) | |
| 101 self.assertEqual(acl.get_user_type(), 'admin') | |
| 102 | |
| 103 def test_is_user_custom_group(self): | |
| 104 self.mock_auth_config(users_group='test_group') | |
| 105 self.add_to_group('test_group') | |
| 106 self.assertTrue(acl.is_user()) | |
| 107 self.assertEqual(acl.get_user_type(), 'user') | 67 self.assertEqual(acl.get_user_type(), 'user') |
| 108 | 68 |
| 109 def test_is_user_wrong_group(self): | |
| 110 self.mock_auth_config(users_group='test_group') | |
| 111 self.add_to_group('wrong_test_group') | |
| 112 self.assertFalse(acl.is_user()) | |
| 113 self.assertIsNone(acl.get_user_type()) | |
| 114 | |
| 115 def test_is_bootstrapper_admin(self): | |
| 116 self.add_to_admin() | |
| 117 self.assertTrue(acl.is_bootstrapper()) | |
| 118 self.assertEqual(acl.get_user_type(), 'admin') | |
| 119 | |
| 120 def test_is_bootstrapper_default_group(self): | |
| 121 self.add_to_group(BOT_BOOTSTRAP_GROUP) | |
| 122 self.assertTrue(acl.is_bootstrapper()) | |
| 123 self.assertEqual(acl.get_user_type(), 'admin') | |
| 124 | |
| 125 def test_is_bootstrapper_custom_group(self): | |
| 126 self.mock_auth_config(bot_bootstrap_group='test_group') | |
| 127 self.add_to_group('test_group') | |
| 128 self.assertTrue(acl.is_bootstrapper()) | |
| 129 self.assertIsNone(acl.get_user_type()) | |
| 130 | |
| 131 def test_is_bootstrapper_wrong_group(self): | |
| 132 self.mock_auth_config(privileged_users_group='test_wrong_group', | |
| 133 bot_bootstrap_group='test_correct_group') | |
| 134 self.add_to_group('test_wrong_group') | |
| 135 self.assertFalse(acl.is_bootstrapper()) | |
| 136 self.assertEqual(acl.get_user_type(), 'privileged user') | |
| 137 | |
| 138 | 69 |
| 139 if __name__ == '__main__': | 70 if __name__ == '__main__': |
| 140 if '-v' in sys.argv: | 71 if '-v' in sys.argv: |
| 141 unittest.TestCase.maxDiff = None | 72 unittest.TestCase.maxDiff = None |
| 142 logging.basicConfig( | 73 logging.basicConfig( |
| 143 level=logging.DEBUG if '-v' in sys.argv else logging.CRITICAL) | 74 level=logging.DEBUG if '-v' in sys.argv else logging.CRITICAL) |
| 144 unittest.main() | 75 unittest.main() |
| 145 | 76 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2984843002:
swarming: switch to a 'capability focused' ACL system (Closed)
