test_acl.py 3.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. # -*- coding: utf-8 -*-
  2. # Import python libs
  3. from __future__ import absolute_import
  4. # Import Salt Libs
  5. from salt import acl
  6. # Import Salt Testing Libs
  7. from tests.support.unit import TestCase
  8. class ClientACLTestCase(TestCase):
  9. """
  10. Unit tests for salt.acl.ClientACL
  11. """
  12. def setUp(self):
  13. self.blacklist = {
  14. "users": ["joker", "penguin", "*bad_*", "blocked_.*", "^Homer$"],
  15. "modules": ["cmd.run", "test.fib", "rm-rf.*"],
  16. }
  17. self.whitelist = {
  18. "users": ["testuser", "saltuser"],
  19. "modules": ["test.ping", "grains.items"],
  20. }
  21. def tearDown(self):
  22. del self.blacklist
  23. del self.whitelist
  24. def test_user_is_blacklisted(self):
  25. """
  26. test user_is_blacklisted
  27. """
  28. client_acl = acl.PublisherACL(self.blacklist)
  29. self.assertTrue(client_acl.user_is_blacklisted("joker"))
  30. self.assertTrue(client_acl.user_is_blacklisted("penguin"))
  31. self.assertTrue(client_acl.user_is_blacklisted("bad_"))
  32. self.assertTrue(client_acl.user_is_blacklisted("bad_user"))
  33. self.assertTrue(client_acl.user_is_blacklisted("bad_*"))
  34. self.assertTrue(client_acl.user_is_blacklisted("user_bad_"))
  35. self.assertTrue(client_acl.user_is_blacklisted("blocked_"))
  36. self.assertTrue(client_acl.user_is_blacklisted("blocked_user"))
  37. self.assertTrue(client_acl.user_is_blacklisted("blocked_.*"))
  38. self.assertTrue(client_acl.user_is_blacklisted("Homer"))
  39. self.assertFalse(client_acl.user_is_blacklisted("batman"))
  40. self.assertFalse(client_acl.user_is_blacklisted("robin"))
  41. self.assertFalse(client_acl.user_is_blacklisted("bad"))
  42. self.assertFalse(client_acl.user_is_blacklisted("blocked"))
  43. self.assertFalse(client_acl.user_is_blacklisted("NotHomer"))
  44. self.assertFalse(client_acl.user_is_blacklisted("HomerSimpson"))
  45. def test_cmd_is_blacklisted(self):
  46. """
  47. test cmd_is_blacklisted
  48. """
  49. client_acl = acl.PublisherACL(self.blacklist)
  50. self.assertTrue(client_acl.cmd_is_blacklisted("cmd.run"))
  51. self.assertTrue(client_acl.cmd_is_blacklisted("test.fib"))
  52. self.assertTrue(client_acl.cmd_is_blacklisted("rm-rf.root"))
  53. self.assertFalse(client_acl.cmd_is_blacklisted("cmd.shell"))
  54. self.assertFalse(client_acl.cmd_is_blacklisted("test.versions"))
  55. self.assertFalse(client_acl.cmd_is_blacklisted("arm-rf.root"))
  56. self.assertTrue(client_acl.cmd_is_blacklisted(["cmd.run", "state.sls"]))
  57. self.assertFalse(
  58. client_acl.cmd_is_blacklisted(["state.highstate", "state.sls"])
  59. )
  60. def test_user_is_whitelisted(self):
  61. """
  62. test user_is_whitelisted
  63. """
  64. client_acl = acl.PublisherACL(self.whitelist)
  65. self.assertTrue(client_acl.user_is_whitelisted("testuser"))
  66. self.assertTrue(client_acl.user_is_whitelisted("saltuser"))
  67. self.assertFalse(client_acl.user_is_whitelisted("three"))
  68. self.assertFalse(client_acl.user_is_whitelisted("hans"))
  69. def test_cmd_is_whitelisted(self):
  70. """
  71. test cmd_is_whitelisted
  72. """
  73. client_acl = acl.PublisherACL(self.whitelist)
  74. self.assertTrue(client_acl.cmd_is_whitelisted("test.ping"))
  75. self.assertTrue(client_acl.cmd_is_whitelisted("grains.items"))
  76. self.assertFalse(client_acl.cmd_is_whitelisted("cmd.run"))
  77. self.assertFalse(client_acl.cmd_is_whitelisted("test.version"))