本文整理汇总了Python中st2common.services.rbac.get_roles_for_user函数的典型用法代码示例。如果您正苦于以下问题:Python get_roles_for_user函数的具体用法?Python get_roles_for_user怎么用?Python get_roles_for_user使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了get_roles_for_user函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_sync_user_same_role_granted_locally_and_remote_via_mapping
def test_sync_user_same_role_granted_locally_and_remote_via_mapping(self):
syncer = RBACRemoteGroupToRoleSyncer()
user_db = self.users['user_6']
# Insert 2 local assignments for mock_role_7
role_db = create_role(name='mock_role_7')
source = 'assignments/user_6_one.yaml'
assign_role_to_user(role_db=role_db, user_db=user_db, source=source, is_remote=False)
source = 'assignments/user_6_two.yaml'
assign_role_to_user(role_db=role_db, user_db=user_db, source=source, is_remote=False)
# Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
# to "mock_role_7"
create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
roles=['mock_role_7'],
source='mappings/stormers.yaml')
# Create mock mapping which maps CN=testers,OU=groups,DC=stackstorm,DC=net
# to "mock_role_7"
create_group_to_role_map(group='CN=testers,OU=groups,DC=stackstorm,DC=net',
roles=['mock_role_7'],
source='mappings/testers.yaml')
groups = [
'CN=stormers,OU=groups,DC=stackstorm,DC=net',
'CN=testers,OU=groups,DC=stackstorm,DC=net'
]
result = syncer.sync(user_db=self.users['user_6'], groups=groups)
created_role_assignment_dbs = result[0]
removed_role_assignment_dbs = result[1]
self.assertEqual(len(created_role_assignment_dbs), 2)
self.assertEqual(created_role_assignment_dbs[0].role, 'mock_role_7')
self.assertEqual(created_role_assignment_dbs[1].role, 'mock_role_7')
self.assertEqual(removed_role_assignment_dbs, [])
# There should be one role and 4 assignments for the same role
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 1)
self.assertEqual(role_dbs[0].name, 'mock_role_7')
role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_6'])
self.assertEqual(len(role_assignment_dbs), 4)
self.assertEqual(role_assignment_dbs[0].source, 'assignments/user_6_one.yaml')
self.assertEqual(role_assignment_dbs[1].source, 'assignments/user_6_two.yaml')
self.assertEqual(role_assignment_dbs[2].source, 'mappings/stormers.yaml')
self.assertEqual(role_assignment_dbs[3].source, 'mappings/testers.yaml')
# Remove one remote group - should be 3 left
groups = [
'CN=stormers,OU=groups,DC=stackstorm,DC=net'
]
result = syncer.sync(user_db=self.users['user_6'], groups=groups)
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 1)
self.assertEqual(role_dbs[0].name, 'mock_role_7')
role_assignment_dbs = get_role_assignments_for_user(user_db=self.users['user_6'])
self.assertEqual(len(role_assignment_dbs), 3)
示例2: test_group_to_role_sync_is_performed_on_successful_auth_no_groups_returned
def test_group_to_role_sync_is_performed_on_successful_auth_no_groups_returned(self):
# Enable group sync
cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
user_db = self.users['user_1']
h = handlers.StandaloneAuthHandler()
request = {}
# Verify initial state
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
# No groups configured should return early
h._auth_backend.groups = []
token = h.handle_auth(request, headers={}, remote_addr=None, remote_user=None,
authorization=('basic', DUMMY_CREDS))
self.assertEqual(token.user, 'auser')
# Verify nothing has changed
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
示例3: test_grant_and_revoke_role
def test_grant_and_revoke_role(self):
user_db = UserDB(name='test-user-1')
user_db = User.add_or_update(user_db)
# Initial state, no roles
role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [])
role_dbs = user_db.get_roles()
self.assertItemsEqual(role_dbs, [])
# Assign a role, should have one role assigned
rbac_services.assign_role_to_user(role_db=self.roles['custom_role_1'],
user_db=user_db)
role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])
role_dbs = user_db.get_roles()
self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])
# Revoke previously assigned role, should have no roles again
rbac_services.revoke_role_from_user(role_db=self.roles['custom_role_1'],
user_db=user_db)
role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [])
role_dbs = user_db.get_roles()
self.assertItemsEqual(role_dbs, [])
示例4: test_sync_user_assignments_locally_removed_assignments_are_removed_from_db
def test_sync_user_assignments_locally_removed_assignments_are_removed_from_db(self):
syncer = RBACDefinitionsDBSyncer()
self._insert_mock_roles()
# Initial state, no roles
role_dbs = get_roles_for_user(user_db=self.users['user_2'])
self.assertItemsEqual(role_dbs, [])
# Do the sync with two roles defined
api = UserRoleAssignmentFileFormatAPI(username='user_2',
roles=['role_1', 'role_2'])
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=self.users['user_2'])
self.assertTrue(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['role_1'])
self.assertEqual(role_dbs[1], self.roles['role_2'])
# Do the sync with one role defined (one should be removed from the db)
api = UserRoleAssignmentFileFormatAPI(username='user_2',
roles=['role_2'])
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=self.users['user_2'])
self.assertTrue(len(role_dbs), 1)
self.assertEqual(role_dbs[0], self.roles['role_2'])
示例5: test_group_to_role_sync_is_performed_on_successful_auth_single_group_no_mappings
def test_group_to_role_sync_is_performed_on_successful_auth_single_group_no_mappings(self):
# Enable group sync
cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
cfg.CONF.set_override(group='rbac', name='sync_remote_groups', override=True)
user_db = self.users['user_1']
h = handlers.StandaloneAuthHandler()
request = {}
# Verify initial state
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
# Single group configured but no group mapping in the database
h._auth_backend.groups = [
'CN=stormers,OU=groups,DC=stackstorm,DC=net'
]
token = h.handle_auth(request, headers={}, remote_addr=None, remote_user=None,
authorization=('basic', DUMMY_CREDS))
self.assertEqual(token.user, 'auser')
# Verify nothing has changed
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
示例6: test_sync_role_assignments_no_assignment_file_on_disk
def test_sync_role_assignments_no_assignment_file_on_disk(self):
syncer = RBACDefinitionsDBSyncer()
self._insert_mock_roles()
# Initial state, no roles
user_db = self.users['user_3']
role_dbs = get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [])
# Do the sync with two roles defined
api = UserRoleAssignmentFileFormatAPI(
username=user_db.name, roles=['role_1', 'role_2'],
file_path='assignments/%s.yaml' % user_db.name)
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=user_db)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['role_1'])
self.assertEqual(role_dbs[1], self.roles['role_2'])
# Do the sync with no roles - existing assignments should be removed from the databse
syncer.sync_users_role_assignments(role_assignment_apis=[])
role_dbs = get_roles_for_user(user_db=user_db)
self.assertEqual(len(role_dbs), 0)
示例7: test_sync_no_groups_and_on_disk_definitions
def test_sync_no_groups_and_on_disk_definitions(self):
syncer = RBACRemoteGroupToRoleSyncer()
user_db = self.users['user_1']
# Verify initial state
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
# No groups - should result in no new remote assignments but existing local assignments
# shouldn't be manipulated
result = syncer.sync(user_db=self.users['user_1'], groups=[])
created_role_assignment_dbs = result[0]
removed_role_assignment_dbs = result[1]
self.assertEqual(created_role_assignment_dbs, [])
self.assertEqual(removed_role_assignment_dbs, [])
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
# Groups but no mapping to role definitions, should result in no new remote assignments
groups = ['CN=stormers,OU=groups,DC=stackstorm,DC=net']
result = syncer.sync(user_db=self.users['user_1'], groups=groups)
created_role_assignment_dbs = result[0]
removed_role_assignment_dbs = result[1]
self.assertEqual(created_role_assignment_dbs, [])
self.assertEqual(removed_role_assignment_dbs, [])
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
示例8: test_sync_no_mappings_exist_for_the_provided_groups
def test_sync_no_mappings_exist_for_the_provided_groups(self):
syncer = RBACRemoteGroupToRoleSyncer()
user_db = self.users['user_1']
# Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
# to "mock_remote_role_3" and "mock_remote_role_4"
create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
roles=['mock_remote_role_3', 'mock_remote_role_4'],
source='mappings/stormers.yaml')
# Verify initial state
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
groups = [
'CN=testers1,OU=groups,DC=stackstorm,DC=net',
'CN=testers2,OU=groups,DC=stackstorm,DC=net'
]
# No mappings exist for the groups user is a member of so no new assignments should be
# created
result = syncer.sync(user_db=self.users['user_1'], groups=groups)
created_role_assignment_dbs = result[0]
removed_role_assignment_dbs = result[1]
self.assertEqual(created_role_assignment_dbs, [])
self.assertEqual(removed_role_assignment_dbs, [])
示例9: test_get_roles_for_user
def test_get_roles_for_user(self):
# User with no roles
user_db = self.users['no_roles']
role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [])
role_dbs = user_db.get_roles()
self.assertItemsEqual(role_dbs, [])
# User with one custom role
user_db = self.users['1_custom_role']
role_dbs = rbac_services.get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])
role_dbs = user_db.get_roles()
self.assertItemsEqual(role_dbs, [self.roles['custom_role_1']])
示例10: test_sync_user_assignments_single_role_assignment
def test_sync_user_assignments_single_role_assignment(self):
syncer = RBACDefinitionsDBSyncer()
self._insert_mock_roles()
# Initial state, no roles
role_dbs = get_roles_for_user(user_db=self.users['user_1'])
self.assertItemsEqual(role_dbs, [])
# Do the sync with a single role defined
api = UserRoleAssignmentFileFormatAPI(username='user_1',
roles=['role_1'])
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=self.users['user_1'])
self.assertItemsEqual(role_dbs, [self.roles['role_1']])
示例11: get
def get(self, requester_user, auth_info):
"""
Meta API endpoint wich returns information about the currently authenticated user.
Handle:
GET /v1/user
"""
data = {}
if cfg.CONF.rbac.enable and requester_user:
role_dbs = get_roles_for_user(user_db=requester_user)
roles = [role_db.name for role_db in role_dbs]
else:
roles = []
data = {
'username': requester_user.name,
'authentication': {
'method': auth_info['method'],
'location': auth_info['location']
},
'rbac': {
'enabled': cfg.CONF.rbac.enable,
'roles': roles,
'is_admin': rbac_utils.user_is_admin(user_db=requester_user)
}
}
if auth_info.get('token_expire', None):
token_expire = auth_info['token_expire'].strftime('%Y-%m-%dT%H:%M:%SZ')
data['authentication']['token_expire'] = token_expire
return data
示例12: test_sync_remote_assignments_are_not_manipulated
def test_sync_remote_assignments_are_not_manipulated(self):
# Verify remote assignments are not manipulated.
syncer = RBACDefinitionsDBSyncer()
self._insert_mock_roles()
# Initial state, no roles
user_db = UserDB(name='doesntexistwhaha')
role_dbs = get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [])
# Create mock remote role assignment
role_db = self.roles['role_3']
source = 'assignments/%s.yaml' % user_db.name
role_assignment_db = assign_role_to_user(
role_db=role_db, user_db=user_db, source=source, is_remote=True)
self.assertTrue(role_assignment_db.is_remote)
# Verify assignment has been created
role_dbs = get_roles_for_user(user_db=user_db)
self.assertItemsEqual(role_dbs, [self.roles['role_3']])
# Do the sync with two roles defined - verify remote role assignment hasn't been
# manipulated with.
api = UserRoleAssignmentFileFormatAPI(
username=user_db.name, roles=['role_1', 'role_2'],
file_path='assignments/%s.yaml' % user_db.name)
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=user_db)
self.assertEqual(len(role_dbs), 3)
self.assertEqual(role_dbs[0], self.roles['role_1'])
self.assertEqual(role_dbs[1], self.roles['role_2'])
self.assertEqual(role_dbs[2], self.roles['role_3'])
# Do sync with no roles - verify all roles except remote one are removed.
api = UserRoleAssignmentFileFormatAPI(
username=user_db.name, roles=[],
file_path='assignments/%s.yaml' % user_db.name)
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=user_db)
self.assertEqual(len(role_dbs), 1)
self.assertEqual(role_dbs[0], self.roles['role_3'])
示例13: get_roles
def get_roles(self):
"""
Retrieve roles assigned to that user.
:rtype: ``list`` of :class:`RoleDB`
"""
result = get_roles_for_user(user_db=self)
return result
示例14: test_sync_user_assignments_multiple_custom_roles_assignments
def test_sync_user_assignments_multiple_custom_roles_assignments(self):
syncer = RBACDefinitionsDBSyncer()
self._insert_mock_roles()
# Initial state, no roles
role_dbs = get_roles_for_user(user_db=self.users['user_2'])
self.assertItemsEqual(role_dbs, [])
# Do the sync with two roles defined
api = UserRoleAssignmentFileFormatAPI(username='user_2',
roles=['role_1', 'role_2'])
syncer.sync_users_role_assignments(role_assignment_apis=[api])
role_dbs = get_roles_for_user(user_db=self.users['user_2'])
self.assertTrue(len(role_dbs), 2)
self.assertEqual(role_dbs[0], self.roles['role_1'])
self.assertEqual(role_dbs[1], self.roles['role_2'])
示例15: test_sync_success_one_existing_remote_assignment
def test_sync_success_one_existing_remote_assignment(self):
syncer = RBACRemoteGroupToRoleSyncer()
user_db = self.users['user_1']
# Create mock mapping which maps CN=stormers,OU=groups,DC=stackstorm,DC=net
# to "mock_remote_role_3" and "mock_remote_role_4"
create_group_to_role_map(group='CN=stormers,OU=groups,DC=stackstorm,DC=net',
roles=['mock_remote_role_3', 'mock_remote_role_4'],
source='mappings/stormers.yaml')
# Assign existing remote mock_role_5 to the user
role_db = self.roles['mock_role_5']
source = 'mappings/stormers.yaml'
assign_role_to_user(role_db=role_db, user_db=user_db, source=source, is_remote=True)
# Verify initial state
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 3)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
self.assertEqual(role_dbs[2], self.roles['mock_role_5'])
groups = [
'CN=stormers,OU=groups,DC=stackstorm,DC=net',
'CN=testers,OU=groups,DC=stackstorm,DC=net'
]
result = syncer.sync(user_db=self.users['user_1'], groups=groups)
created_role_assignment_dbs = result[0]
removed_role_assignment_dbs = result[1]
self.assertEqual(len(created_role_assignment_dbs), 2)
self.assertEqual(created_role_assignment_dbs[0].role, 'mock_remote_role_3')
self.assertEqual(created_role_assignment_dbs[1].role, 'mock_remote_role_4')
self.assertEqual(len(removed_role_assignment_dbs), 1)
self.assertEqual(removed_role_assignment_dbs[0].role, 'mock_role_5')
# User should have two new roles assigned now, but the existing "mock_role_5" remote role
# removed since it wasn't specified in any mapping
role_dbs = get_roles_for_user(user_db=user_db, include_remote=True)
self.assertEqual(len(role_dbs), 4)
self.assertEqual(role_dbs[0], self.roles['mock_local_role_1'])
self.assertEqual(role_dbs[1], self.roles['mock_local_role_2'])
self.assertEqual(role_dbs[2], self.roles['mock_remote_role_3'])
self.assertEqual(role_dbs[3], self.roles['mock_remote_role_4'])