• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Python rbac.get_roles_for_user函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Python中st2common.services.rbac.get_roles_for_user函数的典型用法代码示例。如果您正苦于以下问题:Python get_roles_for_user函数的具体用法?Python get_roles_for_user怎么用?Python get_roles_for_user使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了get_roles_for_user函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。

示例1: test_sync_user_same_role_granted_locally_and_remote_via_mapping

    def test_sync_user_same_role_granted_locally_and_remote_via_mapping(self):
        syncer = RBACRemoteGroupToRoleSyncer()
        user_db = self.users['user_6']

        # Insert 2 local assignments for mock_role_7
        role_db = create_role(name='mock_role_7')

        source = 'assignments/user_6_one.yaml'
        assign_role_to_user(role_db=role_db, user_db=user_db, source=source, is_remote=False)

        source = 'assignments/user_6_two.yaml'
        assign_role_to_user(role_db=role_db, user_db=user_db, source=source, is_remote=False)

        # Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
        # to "mock_role_7"
        create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
                                 roles=['mock_role_7'],
                                 source='mappings/stormers.yaml')

        # Create mock mapping which maps CN=testers,OU=groups,DC=stackstorm,DC=net
        # to "mock_role_7"
        create_group_to_role_map(group='CN=testers,OU=groups,DC=stackstorm,DC=net',
                                 roles=['mock_role_7'],
                                 source='mappings/testers.yaml')

        groups = [
            'CN=stormers,OU=groups,DC=stackstorm,DC=net',
            'CN=testers,OU=groups,DC=stackstorm,DC=net'
        ]
        result = syncer.sync(user_db=self.users['user_6'], groups=groups)
        created_role_assignment_dbs = result[0]
        removed_role_assignment_dbs = result[1]
        self.assertEqual(len(created_role_assignment_dbs), 2)
        self.assertEqual(created_role_assignment_dbs[0].role, 'mock_role_7')
        self.assertEqual(created_role_assignment_dbs[1].role, 'mock_role_7')
        self.assertEqual(removed_role_assignment_dbs, [])

        # There should be one role and 4 assignments for the same role
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 1)
        self.assertEqual(role_dbs[0].name, 'mock_role_7')

        role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_6'])
        self.assertEqual(len(role_assignment_dbs), 4)
        self.assertEqual(role_assignment_dbs[0].source, 'assignments/user_6_one.yaml')
        self.assertEqual(role_assignment_dbs[1].source, 'assignments/user_6_two.yaml')
        self.assertEqual(role_assignment_dbs[2].source, 'mappings/stormers.yaml')
        self.assertEqual(role_assignment_dbs[3].source, 'mappings/testers.yaml')

        # Remove one remote group - should be 3 left
        groups = [
            'CN=stormers,OU=groups,DC=stackstorm,DC=net'
        ]
        result = syncer.sync(user_db=self.users['user_6'], groups=groups)
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 1)
        self.assertEqual(role_dbs[0].name, 'mock_role_7')

        role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_6'])
        self.assertEqual(len(role_assignment_dbs), 3)
开发者ID:lyandut,项目名称:st2,代码行数:60,代码来源:test_rbac_syncer.py


示例2: test_group_to_role_sync_is_performed_on_successful_auth_no_groups_returned

    def test_group_to_role_sync_is_performed_on_successful_auth_no_groups_returned(self):
        # Enable group sync
        cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
        cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)

        user_db = self.users['user_1']
        h = handlers.StandaloneAuthHandler()
        request = {}

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])

        # No groups configured should return early
        h._auth_backend.groups = []

        token = h.handle_auth(request, headers={}, remote_addr=None, remote_user=None,
                              authorization=('basic', DUMMY_CREDS))
        self.assertEqual(token.user, 'auser')

        # Verify nothing has changed
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
开发者ID:lyandut,项目名称:st2,代码行数:27,代码来源:test_handlers.py


示例3: test_grant_and_revoke_role

    def test_grant_and_revoke_role(self):
        user_db = UserDB(name='test-user-1')
        user_db = User.add_or_update(user_db)

        # Initial state, no roles
        role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [])

        role_dbs = user_db.get_roles()
        self.assertItemsEqual(role_dbs, [])

        # Assign a role, should have one role assigned
        rbac_services.assign_role_to_user(role_db=self.roles['custom_role_1'],
                                          user_db=user_db)

        role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])

        role_dbs = user_db.get_roles()
        self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])

        # Revoke previously assigned role, should have no roles again
        rbac_services.revoke_role_from_user(role_db=self.roles['custom_role_1'],
                                            user_db=user_db)

        role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [])
        role_dbs = user_db.get_roles()
        self.assertItemsEqual(role_dbs, [])
开发者ID:Bala96,项目名称:st2,代码行数:29,代码来源:test_rbac.py


示例4: test_sync_user_assignments_locally_removed_assignments_are_removed_from_db

    def test_sync_user_assignments_locally_removed_assignments_are_removed_from_db(self):
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertItemsEqual(role_dbs, [])

        # Do the sync with two roles defined
        api = UserRoleAssignmentFileFormatAPI(username='user_2',
                                              roles=['role_1', 'role_2'])
        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertTrue(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['role_1'])
        self.assertEqual(role_dbs[1], self.roles['role_2'])

        # Do the sync with one role defined (one should be removed from the db)
        api = UserRoleAssignmentFileFormatAPI(username='user_2',
                                              roles=['role_2'])
        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertTrue(len(role_dbs), 1)
        self.assertEqual(role_dbs[0], self.roles['role_2'])
开发者ID:agilee,项目名称:st2,代码行数:27,代码来源:test_rbac_syncer.py


示例5: test_group_to_role_sync_is_performed_on_successful_auth_single_group_no_mappings

    def test_group_to_role_sync_is_performed_on_successful_auth_single_group_no_mappings(self):
        # Enable group sync
        cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
        cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)

        user_db = self.users['user_1']
        h = handlers.StandaloneAuthHandler()
        request = {}

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])

        # Single group configured but no group mapping in the database
        h._auth_backend.groups = [
            'CN=stormers,OU=groups,DC=stackstorm,DC=net'
        ]

        token = h.handle_auth(request, headers={}, remote_addr=None, remote_user=None,
                              authorization=('basic', DUMMY_CREDS))
        self.assertEqual(token.user, 'auser')

        # Verify nothing has changed
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
开发者ID:lyandut,项目名称:st2,代码行数:29,代码来源:test_handlers.py


示例6: test_sync_role_assignments_no_assignment_file_on_disk

    def test_sync_role_assignments_no_assignment_file_on_disk(self):
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        user_db = self.users['user_3']
        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [])

        # Do the sync with two roles defined
        api = UserRoleAssignmentFileFormatAPI(
            username=user_db.name, roles=['role_1', 'role_2'],
            file_path='assignments/%s.yaml' % user_db.name)

        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['role_1'])
        self.assertEqual(role_dbs[1], self.roles['role_2'])

        # Do the sync with no roles - existing assignments should be removed from the databse
        syncer.sync_users_role_assignments(role_assignment_apis=[])

        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertEqual(len(role_dbs), 0)
开发者ID:lyandut,项目名称:st2,代码行数:27,代码来源:test_rbac_syncer.py


示例7: test_sync_no_groups_and_on_disk_definitions

    def test_sync_no_groups_and_on_disk_definitions(self):
        syncer = RBACRemoteGroupToRoleSyncer()
        user_db = self.users['user_1']

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])

        # No groups - should result in no new remote assignments but existing local assignments
        # shouldn't be manipulated
        result = syncer.sync(user_db=self.users['user_1'], groups=[])
        created_role_assignment_dbs = result[0]
        removed_role_assignment_dbs = result[1]
        self.assertEqual(created_role_assignment_dbs, [])
        self.assertEqual(removed_role_assignment_dbs, [])

        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])

        # Groups but no mapping to role definitions, should result in no new remote assignments
        groups = ['CN=stormers,OU=groups,DC=stackstorm,DC=net']
        result = syncer.sync(user_db=self.users['user_1'], groups=groups)
        created_role_assignment_dbs = result[0]
        removed_role_assignment_dbs = result[1]
        self.assertEqual(created_role_assignment_dbs, [])
        self.assertEqual(removed_role_assignment_dbs, [])

        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
开发者ID:lyandut,项目名称:st2,代码行数:35,代码来源:test_rbac_syncer.py


示例8: test_sync_no_mappings_exist_for_the_provided_groups

    def test_sync_no_mappings_exist_for_the_provided_groups(self):
        syncer = RBACRemoteGroupToRoleSyncer()
        user_db = self.users['user_1']

        # Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
        # to "mock_remote_role_3" and "mock_remote_role_4"
        create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
                                 roles=['mock_remote_role_3', 'mock_remote_role_4'],
                                 source='mappings/stormers.yaml')

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])

        groups = [
            'CN=testers1,OU=groups,DC=stackstorm,DC=net',
            'CN=testers2,OU=groups,DC=stackstorm,DC=net'
        ]

        # No mappings exist for the groups user is a member of so no new assignments should be
        # created
        result = syncer.sync(user_db=self.users['user_1'], groups=groups)
        created_role_assignment_dbs = result[0]
        removed_role_assignment_dbs = result[1]
        self.assertEqual(created_role_assignment_dbs, [])
        self.assertEqual(removed_role_assignment_dbs, [])
开发者ID:lyandut,项目名称:st2,代码行数:28,代码来源:test_rbac_syncer.py


示例9: test_get_roles_for_user

    def test_get_roles_for_user(self):
        # User with no roles
        user_db = self.users['no_roles']
        role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [])

        role_dbs = user_db.get_roles()
        self.assertItemsEqual(role_dbs, [])

        # User with one custom role
        user_db = self.users['1_custom_role']
        role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])

        role_dbs = user_db.get_roles()
        self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])
开发者ID:Bala96,项目名称:st2,代码行数:16,代码来源:test_rbac.py


示例10: test_sync_user_assignments_single_role_assignment

    def test_sync_user_assignments_single_role_assignment(self):
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        role_dbs = get_roles_for_user(user_db=self.users['user_1'])
        self.assertItemsEqual(role_dbs, [])

        # Do the sync with a single role defined
        api = UserRoleAssignmentFileFormatAPI(username='user_1',
                                              roles=['role_1'])
        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=self.users['user_1'])
        self.assertItemsEqual(role_dbs, [self.roles['role_1']])
开发者ID:agilee,项目名称:st2,代码行数:16,代码来源:test_rbac_syncer.py


示例11: get

    def get(self, requester_user, auth_info):
        """
        Meta API endpoint wich returns information about the currently authenticated user.

            Handle:
                GET /v1/user
        """

        data = {}

        if cfg.CONF.rbac.enable and requester_user:
            role_dbs = get_roles_for_user(user_db=requester_user)
            roles = [role_db.name for role_db in role_dbs]
        else:
            roles = []

        data = {
            'username': requester_user.name,
            'authentication': {
                'method': auth_info['method'],
                'location': auth_info['location']
            },
            'rbac': {
                'enabled': cfg.CONF.rbac.enable,
                'roles': roles,
                'is_admin': rbac_utils.user_is_admin(user_db=requester_user)
            }
        }

        if auth_info.get('token_expire', None):
            token_expire = auth_info['token_expire'].strftime('%Y-%m-%dT%H:%M:%SZ')
            data['authentication']['token_expire'] = token_expire

        return data
开发者ID:lyandut,项目名称:st2,代码行数:34,代码来源:user.py


示例12: test_sync_remote_assignments_are_not_manipulated

    def test_sync_remote_assignments_are_not_manipulated(self):
        # Verify remote assignments are not manipulated.
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        user_db = UserDB(name='doesntexistwhaha')
        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [])

        # Create mock remote role assignment
        role_db = self.roles['role_3']
        source = 'assignments/%s.yaml' % user_db.name
        role_assignment_db = assign_role_to_user(
            role_db=role_db, user_db=user_db, source=source, is_remote=True)
        self.assertTrue(role_assignment_db.is_remote)

        # Verify assignment has been created
        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [self.roles['role_3']])

        # Do the sync with two roles defined - verify remote role assignment hasn't been
        # manipulated with.
        api = UserRoleAssignmentFileFormatAPI(
            username=user_db.name, roles=['role_1', 'role_2'],
            file_path='assignments/%s.yaml' % user_db.name)

        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertEqual(len(role_dbs), 3)
        self.assertEqual(role_dbs[0], self.roles['role_1'])
        self.assertEqual(role_dbs[1], self.roles['role_2'])
        self.assertEqual(role_dbs[2], self.roles['role_3'])

        # Do sync with no roles - verify all roles except remote one are removed.
        api = UserRoleAssignmentFileFormatAPI(
            username=user_db.name, roles=[],
            file_path='assignments/%s.yaml' % user_db.name)

        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertEqual(len(role_dbs), 1)
        self.assertEqual(role_dbs[0], self.roles['role_3'])
开发者ID:lyandut,项目名称:st2,代码行数:46,代码来源:test_rbac_syncer.py


示例13: get_roles

    def get_roles(self):
        """
        Retrieve roles assigned to that user.

        :rtype: ``list`` of :class:`RoleDB`
        """
        result = get_roles_for_user(user_db=self)
        return result
开发者ID:alexmakarski,项目名称:st2,代码行数:8,代码来源:auth.py


示例14: test_sync_user_assignments_multiple_custom_roles_assignments

    def test_sync_user_assignments_multiple_custom_roles_assignments(self):
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertItemsEqual(role_dbs, [])

        # Do the sync with two roles defined
        api = UserRoleAssignmentFileFormatAPI(username='user_2',
                                              roles=['role_1', 'role_2'])
        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertTrue(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['role_1'])
        self.assertEqual(role_dbs[1], self.roles['role_2'])
开发者ID:agilee,项目名称:st2,代码行数:18,代码来源:test_rbac_syncer.py


示例15: test_sync_success_one_existing_remote_assignment

    def test_sync_success_one_existing_remote_assignment(self):
        syncer = RBACRemoteGroupToRoleSyncer()
        user_db = self.users['user_1']

        # Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
        # to "mock_remote_role_3" and "mock_remote_role_4"
        create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
                                 roles=['mock_remote_role_3', 'mock_remote_role_4'],
                                 source='mappings/stormers.yaml')

        # Assign existing remote mock_role_5 to the user
        role_db = self.roles['mock_role_5']
        source = 'mappings/stormers.yaml'
        assign_role_to_user(role_db=role_db, user_db=user_db, source=source, is_remote=True)

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 3)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
        self.assertEqual(role_dbs[2], self.roles['mock_role_5'])

        groups = [
            'CN=stormers,OU=groups,DC=stackstorm,DC=net',
            'CN=testers,OU=groups,DC=stackstorm,DC=net'
        ]
        result = syncer.sync(user_db=self.users['user_1'], groups=groups)
        created_role_assignment_dbs = result[0]
        removed_role_assignment_dbs = result[1]
        self.assertEqual(len(created_role_assignment_dbs), 2)
        self.assertEqual(created_role_assignment_dbs[0].role, 'mock_remote_role_3')
        self.assertEqual(created_role_assignment_dbs[1].role, 'mock_remote_role_4')
        self.assertEqual(len(removed_role_assignment_dbs), 1)
        self.assertEqual(removed_role_assignment_dbs[0].role, 'mock_role_5')

        # User should have two new roles assigned now, but the existing "mock_role_5" remote role
        # removed since it wasn't specified in any mapping
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 4)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
        self.assertEqual(role_dbs[2], self.roles['mock_remote_role_3'])
        self.assertEqual(role_dbs[3], self.roles['mock_remote_role_4'])
开发者ID:lyandut,项目名称:st2,代码行数:43,代码来源:test_rbac_syncer.py


示例16: test_sync_success_no_existing_remote_assignments

    def test_sync_success_no_existing_remote_assignments(self):
        syncer = RBACRemoteGroupToRoleSyncer()
        user_db = self.users['user_1']

        # Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
        # to "mock_remote_role_3" and "mock_remote_role_4"
        create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
                                 roles=['mock_remote_role_3', 'mock_remote_role_4'],
                                 source='mappings/stormers.yaml')

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_1'])

        groups = [
            'CN=stormers,OU=groups,DC=stackstorm,DC=net',
            'CN=testers,OU=groups,DC=stackstorm,DC=net',
            # We repeat the same group to validate that repated groups are correctly de-duplicated
            'CN=stormers,OU=groups,DC=stackstorm,DC=net',
        ]
        result = syncer.sync(user_db=self.users['user_1'], groups=groups)
        created_role_assignment_dbs = result[0]
        removed_role_assignment_dbs = result[1]
        self.assertEqual(len(created_role_assignment_dbs), 2)
        self.assertEqual(created_role_assignment_dbs[0].role, 'mock_remote_role_3')
        self.assertEqual(created_role_assignment_dbs[1].role, 'mock_remote_role_4')
        self.assertEqual(removed_role_assignment_dbs, [])

        # User should have two new roles assigned now
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 4)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
        self.assertEqual(role_dbs[2], self.roles['mock_remote_role_3'])
        self.assertEqual(role_dbs[3], self.roles['mock_remote_role_4'])

        role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_1'])
        self.assertEqual(len(role_assignment_dbs), 4)
        self.assertEqual(role_assignment_dbs[2].source, 'mappings/stormers.yaml')
        self.assertEqual(role_assignment_dbs[3].source, 'mappings/stormers.yaml')
开发者ID:lyandut,项目名称:st2,代码行数:42,代码来源:test_rbac_syncer.py


示例17: get_roles

    def get_roles(self, include_remote=True):
        """
        Retrieve roles assigned to that user.

        :param include_remote: True to also include remote role assignments.
        :type include_remote: ``bool``

        :rtype: ``list`` of :class:`RoleDB`
        """
        result = get_roles_for_user(user_db=self, include_remote=include_remote)
        return result
开发者ID:lyandut,项目名称:st2,代码行数:11,代码来源:auth.py


示例18: test_sync_assignments_user_doesnt_exist_in_db

    def test_sync_assignments_user_doesnt_exist_in_db(self):
        # Make sure that the assignments for the users which don't exist in the db are still saved
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        user_db = UserDB(name='doesntexistwhaha')
        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertItemsEqual(role_dbs, [])

        # Do the sync with two roles defined
        api = UserRoleAssignmentFileFormatAPI(username=user_db.name,
                                              roles=['role_1', 'role_2'])
        syncer.sync_users_role_assignments(role_assignment_apis=[api])

        role_dbs = get_roles_for_user(user_db=user_db)
        self.assertTrue(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['role_1'])
        self.assertEqual(role_dbs[1], self.roles['role_2'])
开发者ID:AlexeyDeyneko,项目名称:st2,代码行数:20,代码来源:test_rbac_syncer.py


示例19: test_sync_user_assignments_multiple_sources_same_role_assignment

    def test_sync_user_assignments_multiple_sources_same_role_assignment(self):
        syncer = RBACDefinitionsDBSyncer()

        self._insert_mock_roles()

        # Initial state, no roles
        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertItemsEqual(role_dbs, [])

        # Do the sync with role defined in separate files
        assignment1 = UserRoleAssignmentFileFormatAPI(
            username='user_2', roles=['role_1'], file_path='assignments/user2a.yaml')

        assignment2 = UserRoleAssignmentFileFormatAPI(
            username='user_2', roles=['role_1'], file_path='assignments/user2b.yaml')

        syncer.sync_users_role_assignments(role_assignment_apis=[assignment1, assignment2])

        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertEqual(len(role_dbs), 1)
        self.assertEqual(role_dbs[0], self.roles['role_1'])

        role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_2'])
        self.assertEqual(len(role_assignment_dbs), 2)

        sources = [r.source for r in role_assignment_dbs]
        self.assertIn('assignments/user2a.yaml', sources)
        self.assertIn('assignments/user2b.yaml', sources)

        # Do another sync with one assignment file removed - only one assignment should be left
        syncer.sync_users_role_assignments(role_assignment_apis=[assignment2])

        role_dbs = get_roles_for_user(user_db=self.users['user_2'])
        self.assertEqual(len(role_dbs), 1)
        self.assertEqual(role_dbs[0], self.roles['role_1'])

        role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_2'])
        self.assertEqual(len(role_assignment_dbs), 1)

        sources = [r.source for r in role_assignment_dbs]
        self.assertIn('assignments/user2b.yaml', sources)
开发者ID:lyandut,项目名称:st2,代码行数:41,代码来源:test_rbac_syncer.py


示例20: test_group_to_role_sync_is_performed_on_successful_auth_with_groups_and_mappings

    def test_group_to_role_sync_is_performed_on_successful_auth_with_groups_and_mappings(self):
        # Enable group sync
        cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
        cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)

        user_db = self.users['user_1']
        h = handlers.StandaloneAuthHandler()
        request = {}

        # Single mapping, new remote assignment should be created
        create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
                                 roles=['mock_role_3', 'mock_role_4'],
                                 source='mappings/stormers.yaml')

        # Verify initial state
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
        self.assertEqual(len(role_dbs), 2)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])

        h._auth_backend.groups = [
            'CN=stormers,OU=groups,DC=stackstorm,DC=net'
        ]

        token = h.handle_auth(request, headers={}, remote_addr=None, remote_user=None,
                              authorization=('basic', DUMMY_CREDS))
        self.assertEqual(token.user, 'auser')

        # Verify a new role assignments based on the group mapping has been created
        role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)

        self.assertEqual(len(role_dbs), 4)
        self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
        self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
        self.assertEqual(role_dbs[2], self.roles['mock_role_3'])
        self.assertEqual(role_dbs[3], self.roles['mock_role_4'])
开发者ID:lyandut,项目名称:st2,代码行数:36,代码来源:test_handlers.py



注:本文中的st2common.services.rbac.get_roles_for_user函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Python triggerwatcher.TriggerWatcher类代码示例发布时间:2022-05-27
下一篇:
Python executions.update_execution函数代码示例发布时间:2022-05-27
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap