diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2023-11-03 08:26:32 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-11-09 17:33:03 +0000 |
| commit | 8cfb94c06cdfe3e6f0ec1ce0154951108bc3df94 (patch) | |
| tree | 046a6d0d98b0b1bfb1467b2d3e4bbc29b181eb9b /bitbake/lib/hashserv/tests.py | |
| parent | 1af725b2eca63fa113cedb6d77eb5c5f1de6e2f0 (diff) | |
| download | poky-8cfb94c06cdfe3e6f0ec1ce0154951108bc3df94.tar.gz | |
bitbake: hashserv: Add become-user API
Adds API that allows a user admin to impersonate another user in the
system. This makes it easier to write external services that have
external authentication, since they can use a common user account to
access the server, then impersonate the logged in user.
(Bitbake rev: 71e2f5b52b686f34df364ae1f2fc058f45cd5e18)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'bitbake/lib/hashserv/tests.py')
| -rw-r--r-- | bitbake/lib/hashserv/tests.py | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/bitbake/lib/hashserv/tests.py b/bitbake/lib/hashserv/tests.py index f92f37c459..311b7b7772 100644 --- a/bitbake/lib/hashserv/tests.py +++ b/bitbake/lib/hashserv/tests.py | |||
| @@ -728,6 +728,45 @@ class HashEquivalenceCommonTests(object): | |||
| 728 | self.assertEqual(user["username"], "test-user") | 728 | self.assertEqual(user["username"], "test-user") |
| 729 | self.assertEqual(user["permissions"], permissions) | 729 | self.assertEqual(user["permissions"], permissions) |
| 730 | 730 | ||
| 731 | def test_auth_become_user(self): | ||
| 732 | admin_client = self.start_auth_server() | ||
| 733 | |||
| 734 | user = admin_client.new_user("test-user", ["@read", "@report"]) | ||
| 735 | user_info = user.copy() | ||
| 736 | del user_info["token"] | ||
| 737 | |||
| 738 | with self.auth_perms() as client, self.assertRaises(InvokeError): | ||
| 739 | client.become_user(user["username"]) | ||
| 740 | |||
| 741 | with self.auth_perms("@user-admin") as client: | ||
| 742 | become = client.become_user(user["username"]) | ||
| 743 | self.assertEqual(become, user_info) | ||
| 744 | |||
| 745 | info = client.get_user() | ||
| 746 | self.assertEqual(info, user_info) | ||
| 747 | |||
| 748 | # Verify become user is preserved across disconnect | ||
| 749 | client.disconnect() | ||
| 750 | |||
| 751 | info = client.get_user() | ||
| 752 | self.assertEqual(info, user_info) | ||
| 753 | |||
| 754 | # test-user doesn't have become_user permissions, so this should | ||
| 755 | # not work | ||
| 756 | with self.assertRaises(InvokeError): | ||
| 757 | client.become_user(user["username"]) | ||
| 758 | |||
| 759 | # No self-service of become | ||
| 760 | with self.auth_client(user) as client, self.assertRaises(InvokeError): | ||
| 761 | client.become_user(user["username"]) | ||
| 762 | |||
| 763 | # Give test user permissions to become | ||
| 764 | admin_client.set_user_perms(user["username"], ["@user-admin"]) | ||
| 765 | |||
| 766 | # It's possible to become yourself (effectively a noop) | ||
| 767 | with self.auth_perms("@user-admin") as client: | ||
| 768 | become = client.become_user(client.username) | ||
| 769 | |||
| 731 | 770 | ||
| 732 | class TestHashEquivalenceUnixServer(HashEquivalenceTestSetup, HashEquivalenceCommonTests, unittest.TestCase): | 771 | class TestHashEquivalenceUnixServer(HashEquivalenceTestSetup, HashEquivalenceCommonTests, unittest.TestCase): |
| 733 | def get_server_addr(self, server_idx): | 772 | def get_server_addr(self, server_idx): |