/mandos/release : revision 237.7.587

44

import logging

45

import io

46

import tempfile

47

import contextlib

48

47

49

48

import dbus

50

49

64

63

65

64

locale.setlocale(locale.LC_ALL, "")

66

65

67

dbus_busname_domain = "se.recompile"

68

dbus_busname = dbus_busname_domain + ".Mandos"

69

server_dbus_path = "/"

70

server_dbus_interface = dbus_busname_domain + ".Mandos"

71

client_dbus_interface = dbus_busname_domain + ".Mandos.Client"

72

del dbus_busname_domain

66

domain = "se.recompile"

67

busname = domain + ".Mandos"

68

server_path = "/"

69

server_interface = domain + ".Mandos"

70

client_interface = domain + ".Mandos.Client"

73

71

version = "1.8.3"

74

72

75

73

277

275

# Abstract classes first

278

276

class Command(object):

279

277

"""Abstract class for commands"""

280

def run(self, clients, bus=None, mandos=None):

278

def run(self, mandos, clients):

281

279

"""Normal commands should implement run_on_one_client(), but

282

280

commands which want to operate on all clients at the same time

283

281

can override this run() method instead."""

284

282

self.mandos = mandos

285

for clientpath, properties in clients.items():

286

log.debug("D-Bus: Connect to: (busname=%r, path=%r)",

287

dbus_busname, str(clientpath))

288

client = bus.get_object(dbus_busname, clientpath)

283

for client, properties in clients.items():

289

284

self.run_on_one_client(client, properties)

290

285

291

286

class PrintCmd(Command):

297

292

"LastApprovalRequest", "ApprovalDelay",

298

293

"ApprovalDuration", "Checker", "ExtendedTimeout",

299

294

"Expires", "LastCheckerStatus")

300

def run(self, clients, bus=None, mandos=None):

301

print(self.output(clients.values()))

302

def output(self, clients):

303

raise NotImplementedError()

295

def run(self, mandos, clients):

296

print(self.output(clients))

304

297

305

298

class PropertyCmd(Command):

306

299

"""Abstract class for Actions for setting one client property"""

307

300

def run_on_one_client(self, client, properties):

308

301

"""Set the Client's D-Bus property"""

309

log.debug("D-Bus: %s:%s:%s.Set(%r, %r, %r)", dbus_busname,

310

client.__dbus_object_path__,

311

dbus.PROPERTIES_IFACE, client_dbus_interface,

312

self.propname, self.value_to_set

313

if not isinstance(self.value_to_set, dbus.Boolean)

314

else bool(self.value_to_set))

315

client.Set(client_dbus_interface, self.propname,

316

self.value_to_set,

302

client.Set(client_interface, self.property, self.value_to_set,

317

303

dbus_interface=dbus.PROPERTIES_IFACE)

318

@property

319

def propname(self):

320

raise NotImplementedError()

321

304

322

class PropertyValueCmd(PropertyCmd):

323

"""Abstract class for PropertyCmd recieving a value as argument"""

305

class ValueArgumentMixIn(object):

306

"""Mixin class for commands taking a value as argument"""

324

307

def __init__(self, value):

325

308

self.value_to_set = value

326

309

327

class MillisecondsPropertyValueArgumentCmd(PropertyValueCmd):

328

"""Abstract class for PropertyValueCmd taking a value argument as

329

a datetime.timedelta() but should store it as milliseconds."""

310

class MillisecondsValueArgumentMixIn(ValueArgumentMixIn):

311

"""Mixin class for commands taking a value argument as

312

milliseconds."""

330

313

@property

331

314

def value_to_set(self):

332

315

return self._vts

333

316

@value_to_set.setter

334

317

def value_to_set(self, value):

335

"""When setting, convert value from a datetime.timedelta"""

318

"""When setting, convert value to a datetime.timedelta"""

336

319

self._vts = int(round(value.total_seconds() * 1000))

337

320

338

321

# Actual (non-abstract) command classes

346

329

keywords = default_keywords

347

330

if self.verbose:

348

331

keywords = self.all_keywords

349

return str(self.TableOfClients(clients, keywords))

332

return str(self.TableOfClients(clients.values(), keywords))

350

333

351

334

class TableOfClients(object):

352

335

tableheaders = {

438

421

return value

439

422

440

423

class IsEnabledCmd(Command):

441

def run(self, clients, bus=None, mandos=None):

442

client, properties = next(iter(clients.items()))

424

def run_on_one_client(self, client, properties):

443

425

if self.is_enabled(client, properties):

444

426

sys.exit(0)

445

427

sys.exit(1)

446

428

def is_enabled(self, client, properties):

447

return properties["Enabled"]

429

return bool(properties["Enabled"])

448

430

449

431

class RemoveCmd(Command):

450

432

def run_on_one_client(self, client, properties):

451

log.debug("D-Bus: %s:%s:%s.RemoveClient(%r)", dbus_busname,

452

server_dbus_path, server_dbus_interface,

453

str(client.__dbus_object_path__))

454

433

self.mandos.RemoveClient(client.__dbus_object_path__)

455

434

456

435

class ApproveCmd(Command):

457

436

def run_on_one_client(self, client, properties):

458

log.debug("D-Bus: %s:%s:%s.Approve(True)", dbus_busname,

459

client.__dbus_object_path__, client_dbus_interface)

460

437

client.Approve(dbus.Boolean(True),

461

dbus_interface=client_dbus_interface)

438

dbus_interface=client_interface)

462

439

463

440

class DenyCmd(Command):

464

441

def run_on_one_client(self, client, properties):

465

log.debug("D-Bus: %s:%s:%s.Approve(False)", dbus_busname,

466

client.__dbus_object_path__, client_dbus_interface)

467

442

client.Approve(dbus.Boolean(False),

468

dbus_interface=client_dbus_interface)

443

dbus_interface=client_interface)

469

444

470

445

class EnableCmd(PropertyCmd):

471

propname = "Enabled"

446

property = "Enabled"

472

447

value_to_set = dbus.Boolean(True)

473

448

474

449

class DisableCmd(PropertyCmd):

475

propname = "Enabled"

450

property = "Enabled"

476

451

value_to_set = dbus.Boolean(False)

477

452

478

453

class BumpTimeoutCmd(PropertyCmd):

479

propname = "LastCheckedOK"

454

property = "LastCheckedOK"

480

455

value_to_set = ""

481

456

482

457

class StartCheckerCmd(PropertyCmd):

483

propname = "CheckerRunning"

458

property = "CheckerRunning"

484

459

value_to_set = dbus.Boolean(True)

485

460

486

461

class StopCheckerCmd(PropertyCmd):

487

propname = "CheckerRunning"

462

property = "CheckerRunning"

488

463

value_to_set = dbus.Boolean(False)

489

464

490

465

class ApproveByDefaultCmd(PropertyCmd):

491

propname = "ApprovedByDefault"

466

property = "ApprovedByDefault"

492

467

value_to_set = dbus.Boolean(True)

493

468

494

469

class DenyByDefaultCmd(PropertyCmd):

495

propname = "ApprovedByDefault"

470

property = "ApprovedByDefault"

496

471

value_to_set = dbus.Boolean(False)

497

472

498

class SetCheckerCmd(PropertyValueCmd):

499

propname = "Checker"

500

501

class SetHostCmd(PropertyValueCmd):

502

propname = "Host"

503

504

class SetSecretCmd(PropertyValueCmd):

505

propname = "Secret"

473

class SetCheckerCmd(PropertyCmd, ValueArgumentMixIn):

474

property = "Checker"

475

476

class SetHostCmd(PropertyCmd, ValueArgumentMixIn):

477

property = "Host"

478

479

class SetSecretCmd(PropertyCmd, ValueArgumentMixIn):

506

480

@property

507

481

def value_to_set(self):

508

482

return self._vts

511

485

"""When setting, read data from supplied file object"""

512

486

self._vts = value.read()

513

487

value.close()

514

515

class SetTimeoutCmd(MillisecondsPropertyValueArgumentCmd):

516

propname = "Timeout"

517

518

class SetExtendedTimeoutCmd(MillisecondsPropertyValueArgumentCmd):

519

propname = "ExtendedTimeout"

520

521

class SetIntervalCmd(MillisecondsPropertyValueArgumentCmd):

522

propname = "Interval"

523

524

class SetApprovalDelayCmd(MillisecondsPropertyValueArgumentCmd):

525

propname = "ApprovalDelay"

526

527

class SetApprovalDurationCmd(MillisecondsPropertyValueArgumentCmd):

528

propname = "ApprovalDuration"

488

property = "Secret"

489

490

class SetTimeoutCmd(PropertyCmd, MillisecondsValueArgumentMixIn):

491

property = "Timeout"

492

493

class SetExtendedTimeoutCmd(PropertyCmd,

494

MillisecondsValueArgumentMixIn):

495

property = "ExtendedTimeout"

496

497

class SetIntervalCmd(PropertyCmd, MillisecondsValueArgumentMixIn):

498

property = "Interval"

499

500

class SetApprovalDelayCmd(PropertyCmd,

501

MillisecondsValueArgumentMixIn):

502

property = "ApprovalDelay"

503

504

class SetApprovalDurationCmd(PropertyCmd,

505

MillisecondsValueArgumentMixIn):

506

property = "ApprovalDuration"

529

507

530

508

def add_command_line_options(parser):

531

509

parser.add_argument("--version", action="version",

587

565

help="Approve any current client request")

588

566

approve_deny.add_argument("-D", "--deny", action="store_true",

589

567

help="Deny any current client request")

590

parser.add_argument("--debug", action="store_true",

591

help="Debug mode (show D-Bus commands)")

592

568

parser.add_argument("--check", action="store_true",

593

569

help="Run self-test")

594

570

parser.add_argument("client", nargs="*", help="Client name")

619

595

if options.is_enabled:

620

596

commands.append(IsEnabledCmd())

621

597

598

if options.remove:

599

commands.append(RemoveCmd())

600

622

601

if options.checker is not None:

623

602

commands.append(SetCheckerCmd(options.checker))

624

603

657

636

if options.deny:

658

637

commands.append(DenyCmd())

659

638

660

if options.remove:

661

commands.append(RemoveCmd())

662

663

639

# If no command option has been given, show table of clients,

664

640

# optionally verbosely

665

641

if not commands:

669

645

670

646

671

647

def check_option_syntax(parser, options):

672

"""Apply additional restrictions on options, not expressible in

673

argparse"""

674

648

675

649

def has_actions(options):

676

650

return any((options.enable,

703

677

parser.error("--all requires an action.")

704

678

if options.is_enabled and len(options.client) > 1:

705

679

parser.error("--is-enabled requires exactly one client")

706

if options.remove:

707

options.remove = False

708

if has_actions(options) and not options.deny:

709

parser.error("--remove can only be combined with --deny")

710

options.remove = True

711

680

712

681

713

682

def main():

721

690

722

691

clientnames = options.client

723

692

724

if options.debug:

725

log.setLevel(logging.DEBUG)

726

727

693

try:

728

694

bus = dbus.SystemBus()

729

log.debug("D-Bus: Connect to: (busname=%r, path=%r)",

730

dbus_busname, server_dbus_path)

731

mandos_dbus_objc = bus.get_object(dbus_busname,

732

server_dbus_path)

695

mandos_dbus_objc = bus.get_object(busname, server_path)

733

696

except dbus.exceptions.DBusException:

734

697

log.critical("Could not connect to Mandos server")

735

698

sys.exit(1)

736

699

737

700

mandos_serv = dbus.Interface(mandos_dbus_objc,

738

dbus_interface=server_dbus_interface)

701

dbus_interface=server_interface)

739

702

mandos_serv_object_manager = dbus.Interface(

740

703

mandos_dbus_objc, dbus_interface=dbus.OBJECT_MANAGER_IFACE)

741

704

747

710

dbus_filter = NullFilter()

748

711

try:

749

712

dbus_logger.addFilter(dbus_filter)

750

log.debug("D-Bus: %s:%s:%s.GetManagedObjects()", dbus_busname,

751

server_dbus_path, dbus.OBJECT_MANAGER_IFACE)

752

mandos_clients = {path: ifs_and_props[client_dbus_interface]

713

mandos_clients = {path: ifs_and_props[client_interface]

753

714

for path, ifs_and_props in

754

715

mandos_serv_object_manager

755

716

.GetManagedObjects().items()

756

if client_dbus_interface in ifs_and_props}

717

if client_interface in ifs_and_props}

757

718

except dbus.exceptions.DBusException as e:

758

719

log.critical("Failed to access Mandos server through D-Bus:"

759

720

"\n%s", e)

766

727

clients = {}

767

728

768

729

if not clientnames:

769

clients = {objpath: properties

770

for objpath, properties in mandos_clients.items()}

730

clients = {bus.get_object(busname, path): properties

731

for path, properties in mandos_clients.items()}

771

732

else:

772

733

for name in clientnames:

773

for objpath, properties in mandos_clients.items():

774

if properties["Name"] == name:

775

clients[objpath] = properties

734

for path, client in mandos_clients.items():

735

if client["Name"] == name:

736

client_objc = bus.get_object(busname, path)

737

clients[client_objc] = client

776

738

break

777

739

else:

778

740

log.critical("Client not found on server: %r", name)

781

743

# Run all commands on clients

782

744

commands = commands_from_options(options)

783

745

for command in commands:

784

command.run(clients, bus, mandos_serv)

746

command.run(mandos_serv, clients)

785

747

786

748

787

749

class Test_milliseconds_to_string(unittest.TestCase):

836

798

testcase = self

837

799

class MockClient(object):

838

800

def __init__(self, name, **attributes):

839

self.__dbus_object_path__ = "/clients/{}".format(name)

801

self.__dbus_object_path__ = "objpath_{}".format(name)

840

802

self.attributes = attributes

841

803

self.attributes["Name"] = name

842

804

self.calls = []

843

def Set(self, interface, propname, value, dbus_interface):

844

testcase.assertEqual(interface, client_dbus_interface)

845

testcase.assertEqual(dbus_interface,

846

dbus.PROPERTIES_IFACE)

847

self.attributes[propname] = value

848

def Get(self, interface, propname, dbus_interface):

849

testcase.assertEqual(interface, client_dbus_interface)

850

testcase.assertEqual(dbus_interface,

851

dbus.PROPERTIES_IFACE)

852

return self.attributes[propname]

805

def Set(self, interface, property, value, dbus_interface):

806

testcase.assertEqual(interface, client_interface)

807

testcase.assertEqual(dbus_interface,

808

dbus.PROPERTIES_IFACE)

809

self.attributes[property] = value

810

def Get(self, interface, property, dbus_interface):

811

testcase.assertEqual(interface, client_interface)

812

testcase.assertEqual(dbus_interface,

813

dbus.PROPERTIES_IFACE)

814

return self.attributes[property]

853

815

def Approve(self, approve, dbus_interface):

854

testcase.assertEqual(dbus_interface,

855

client_dbus_interface)

816

testcase.assertEqual(dbus_interface, client_interface)

856

817

self.calls.append(("Approve", (approve,

857

818

dbus_interface)))

858

819

self.client = MockClient(

905

866

LastCheckerStatus=-2)

906

867

self.clients = collections.OrderedDict(

907

868

[

908

("/clients/foo", self.client.attributes),

909

("/clients/barbar", self.other_client.attributes),

869

(self.client, self.client.attributes),

870

(self.other_client, self.other_client.attributes),

910

871

])

911

self.one_client = {"/clients/foo": self.client.attributes}

912

@property

913

def bus(self):

914

class Bus(object):

915

@staticmethod

916

def get_object(client_bus_name, path):

917

self.assertEqual(client_bus_name, dbus_busname)

918

return {

919

"/clients/foo": self.client,

920

"/clients/barbar": self.other_client,

921

}[path]

922

return Bus()

872

self.one_client = {self.client: self.client.attributes}

923

873

924

874

class TestPrintTableCmd(TestCmd):

925

875

def test_normal(self):

926

output = PrintTableCmd().output(self.clients.values())

876

output = PrintTableCmd().output(self.clients)

927

877

expected_output = """

928

878

Name Enabled Timeout Last Successful Check

929

879

foo Yes 00:05:00 2019-02-03T00:00:00

931

881

"""[1:-1]

932

882

self.assertEqual(output, expected_output)

933

883

def test_verbose(self):

934

output = PrintTableCmd(verbose=True).output(

935

self.clients.values())

884

output = PrintTableCmd(verbose=True).output(self.clients)

936

885

expected_output = """

937

886

Name Enabled Timeout Last Successful Check Created Interval Host Key ID Fingerprint Check Is Running Last Enabled Approval Is Pending Approved By Default Last Approval Request Approval Delay Approval Duration Checker Extended Timeout Expires Last Checker Status

938

887

foo Yes 00:05:00 2019-02-03T00:00:00 2019-01-02T00:00:00 00:02:00 foo.example.org 92ed150794387c03ce684574b1139a6594a34f895daaaf09fd8ea90a27cddb12 778827225BA7DE539C5A7CFA59CFF7CDBD9A5920 No 2019-01-03T00:00:00 No Yes 00:00:00 00:00:01 fping -q -- %(host)s 00:15:00 2019-02-04T00:00:00 0

940

889

"""[1:-1]

941

890

self.assertEqual(output, expected_output)

942

891

def test_one_client(self):

943

output = PrintTableCmd().output(self.one_client.values())

892

output = PrintTableCmd().output(self.one_client)

944

893

expected_output = """

945

894

Name Enabled Timeout Last Successful Check

946

895

foo Yes 00:05:00 2019-02-03T00:00:00

1015

964

for client, properties in self.clients.items()))

1016

965

def test_is_enabled_run_exits_successfully(self):

1017

966

with self.assertRaises(SystemExit) as e:

1018

IsEnabledCmd().run(self.one_client)

967

IsEnabledCmd().run(None, self.one_client)

1019

968

if e.exception.code is not None:

1020

969

self.assertEqual(e.exception.code, 0)

1021

970

else:

1023

972

def test_is_enabled_run_exits_with_failure(self):

1024

973

self.client.attributes["Enabled"] = dbus.Boolean(False)

1025

974

with self.assertRaises(SystemExit) as e:

1026

IsEnabledCmd().run(self.one_client)

975

IsEnabledCmd().run(None, self.one_client)

1027

976

if isinstance(e.exception.code, int):

1028

977

self.assertNotEqual(e.exception.code, 0)

1029

978

else:

1038

987

self.calls.append(("RemoveClient", (dbus_path,)))

1039

988

mandos = MockMandos()

1040

989

super(TestRemoveCmd, self).setUp()

1041

RemoveCmd().run(self.clients, self.bus, mandos)

990

RemoveCmd().run(mandos, self.clients)

1042

991

self.assertEqual(len(mandos.calls), 2)

1043

for clientpath in self.clients:

1044

self.assertIn(("RemoveClient", (clientpath,)),

992

for client in self.clients:

993

self.assertIn(("RemoveClient",

994

(client.__dbus_object_path__,)),

1045

995

mandos.calls)

1046

996

1047

997

class TestApproveCmd(TestCmd):

1048

998

def test_approve(self):

1049

ApproveCmd().run(self.clients, self.bus)

1050

for clientpath in self.clients:

1051

client = self.bus.get_object(dbus_busname, clientpath)

1052

self.assertIn(("Approve", (True, client_dbus_interface)),

999

ApproveCmd().run(None, self.clients)

1000

for client in self.clients:

1001

self.assertIn(("Approve", (True, client_interface)),

1053

1002

client.calls)

1054

1003

1055

1004

class TestDenyCmd(TestCmd):

1056

1005

def test_deny(self):

1057

DenyCmd().run(self.clients, self.bus)

1058

for clientpath in self.clients:

1059

client = self.bus.get_object(dbus_busname, clientpath)

1060

self.assertIn(("Approve", (False, client_dbus_interface)),

1006

DenyCmd().run(None, self.clients)

1007

for client in self.clients:

1008

self.assertIn(("Approve", (False, client_interface)),

1061

1009

client.calls)

1062

1010

1063

1011

class TestEnableCmd(TestCmd):

1064

1012

def test_enable(self):

1065

for clientpath in self.clients:

1066

client = self.bus.get_object(dbus_busname, clientpath)

1013

for client in self.clients:

1067

1014

client.attributes["Enabled"] = False

1068

1015

1069

EnableCmd().run(self.clients, self.bus)

1016

EnableCmd().run(None, self.clients)

1070

1017

1071

for clientpath in self.clients:

1072

client = self.bus.get_object(dbus_busname, clientpath)

1018

for client in self.clients:

1073

1019

self.assertTrue(client.attributes["Enabled"])

1074

1020

1075

1021

class TestDisableCmd(TestCmd):

1076

1022

def test_disable(self):

1077

DisableCmd().run(self.clients, self.bus)

1078

for clientpath in self.clients:

1079

client = self.bus.get_object(dbus_busname, clientpath)

1023

DisableCmd().run(None, self.clients)

1024

1025

for client in self.clients:

1080

1026

self.assertFalse(client.attributes["Enabled"])

1081

1027

1082

1028

class Unique(object):

1092

1038

self.values_to_set)

1093

1039

for value_to_set, value_to_get in zip(self.values_to_set,

1094

1040

values_to_get):

1095

for clientpath in self.clients:

1096

client = self.bus.get_object(dbus_busname, clientpath)

1097

old_value = client.attributes[self.propname]

1041

for client in self.clients:

1042

old_value = client.attributes[self.property]

1098

1043

self.assertNotIsInstance(old_value, Unique)

1099

client.attributes[self.propname] = Unique()

1044

client.attributes[self.property] = Unique()

1100

1045

self.run_command(value_to_set, self.clients)

1101

for clientpath in self.clients:

1102

client = self.bus.get_object(dbus_busname, clientpath)

1103

value = client.attributes[self.propname]

1046

for client in self.clients:

1047

value = client.attributes[self.property]

1104

1048

self.assertNotIsInstance(value, Unique)

1105

1049

self.assertEqual(value, value_to_get)

1106

1050

def run_command(self, value, clients):

1107

self.command().run(clients, self.bus)

1051

self.command().run(None, clients)

1108

1052

1109

1053

class TestBumpTimeoutCmd(TestPropertyCmd):

1110

1054

command = BumpTimeoutCmd

1111

propname = "LastCheckedOK"

1055

property = "LastCheckedOK"

1112

1056

values_to_set = [""]

1113

1057

1114

1058

class TestStartCheckerCmd(TestPropertyCmd):

1115

1059

command = StartCheckerCmd

1116

propname = "CheckerRunning"

1060

property = "CheckerRunning"

1117

1061

values_to_set = [dbus.Boolean(True)]

1118

1062

1119

1063

class TestStopCheckerCmd(TestPropertyCmd):

1120

1064

command = StopCheckerCmd

1121

propname = "CheckerRunning"

1065

property = "CheckerRunning"

1122

1066

values_to_set = [dbus.Boolean(False)]

1123

1067

1124

1068

class TestApproveByDefaultCmd(TestPropertyCmd):

1125

1069

command = ApproveByDefaultCmd

1126

propname = "ApprovedByDefault"

1070

property = "ApprovedByDefault"

1127

1071

values_to_set = [dbus.Boolean(True)]

1128

1072

1129

1073

class TestDenyByDefaultCmd(TestPropertyCmd):

1130

1074

command = DenyByDefaultCmd

1131

propname = "ApprovedByDefault"

1075

property = "ApprovedByDefault"

1132

1076

values_to_set = [dbus.Boolean(False)]

1133

1077

1134

class TestPropertyValueCmd(TestPropertyCmd):

1135

"""Abstract class for tests of PropertyValueCmd classes"""

1078

class TestValueArgumentPropertyCmd(TestPropertyCmd):

1079

"""Abstract class for tests of PropertyCmd classes using the

1080

ValueArgumentMixIn"""

1136

1081

def runTest(self):

1137

if type(self) is TestPropertyValueCmd:

1082

if type(self) is TestValueArgumentPropertyCmd:

1138

1083

return

1139

return super(TestPropertyValueCmd, self).runTest()

1084

return super(TestValueArgumentPropertyCmd, self).runTest()

1140

1085

def run_command(self, value, clients):

1141

self.command(value).run(clients, self.bus)

1086

self.command(value).run(None, clients)

1142

1087

1143

class TestSetCheckerCmd(TestPropertyValueCmd):

1088

class TestSetCheckerCmd(TestValueArgumentPropertyCmd):

1144

1089

command = SetCheckerCmd

1145

propname = "Checker"

1090

property = "Checker"

1146

1091

values_to_set = ["", ":", "fping -q -- %s"]

1147

1092

1148

class TestSetHostCmd(TestPropertyValueCmd):

1093

class TestSetHostCmd(TestValueArgumentPropertyCmd):

1149

1094

command = SetHostCmd

1150

propname = "Host"

1095

property = "Host"

1151

1096

values_to_set = ["192.0.2.3", "foo.example.org"]

1152

1097

1153

class TestSetSecretCmd(TestPropertyValueCmd):

1098

class TestSetSecretCmd(TestValueArgumentPropertyCmd):

1154

1099

command = SetSecretCmd

1155

propname = "Secret"

1156

values_to_set = [io.BytesIO(b""),

1100

property = "Secret"

1101

values_to_set = [open("/dev/null", "rb"),

1157

1102

io.BytesIO(b"secret\0xyzzy\nbar")]

1158

1103

values_to_get = [b"", b"secret\0xyzzy\nbar"]

1159

1104

1160

class TestSetTimeoutCmd(TestPropertyValueCmd):

1105

class TestSetTimeoutCmd(TestValueArgumentPropertyCmd):

1161

1106

command = SetTimeoutCmd

1162

propname = "Timeout"

1107

property = "Timeout"

1163

1108

values_to_set = [datetime.timedelta(),

1164

1109

datetime.timedelta(minutes=5),

1165

1110

datetime.timedelta(seconds=1),

1167

1112

datetime.timedelta(weeks=52)]

1168

1113

values_to_get = [0, 300000, 1000, 604800000, 31449600000]

1169

1114

1170

class TestSetExtendedTimeoutCmd(TestPropertyValueCmd):

1115

class TestSetExtendedTimeoutCmd(TestValueArgumentPropertyCmd):

1171

1116

command = SetExtendedTimeoutCmd

1172

propname = "ExtendedTimeout"

1117

property = "ExtendedTimeout"

1173

1118

values_to_set = [datetime.timedelta(),

1174

1119

datetime.timedelta(minutes=5),

1175

1120

datetime.timedelta(seconds=1),

1177

1122

datetime.timedelta(weeks=52)]

1178

1123

values_to_get = [0, 300000, 1000, 604800000, 31449600000]

1179

1124

1180

class TestSetIntervalCmd(TestPropertyValueCmd):

1125

class TestSetIntervalCmd(TestValueArgumentPropertyCmd):

1181

1126

command = SetIntervalCmd

1182

propname = "Interval"

1127

property = "Interval"

1183

1128

values_to_set = [datetime.timedelta(),

1184

1129

datetime.timedelta(minutes=5),

1185

1130

datetime.timedelta(seconds=1),

1187

1132

datetime.timedelta(weeks=52)]

1188

1133

values_to_get = [0, 300000, 1000, 604800000, 31449600000]

1189

1134

1190

class TestSetApprovalDelayCmd(TestPropertyValueCmd):

1135

class TestSetApprovalDelayCmd(TestValueArgumentPropertyCmd):

1191

1136

command = SetApprovalDelayCmd

1192

propname = "ApprovalDelay"

1137

property = "ApprovalDelay"

1193

1138

values_to_set = [datetime.timedelta(),

1194

1139

datetime.timedelta(minutes=5),

1195

1140

datetime.timedelta(seconds=1),

1197

1142

datetime.timedelta(weeks=52)]

1198

1143

values_to_get = [0, 300000, 1000, 604800000, 31449600000]

1199

1144

1200

class TestSetApprovalDurationCmd(TestPropertyValueCmd):

1145

class TestSetApprovalDurationCmd(TestValueArgumentPropertyCmd):

1201

1146

command = SetApprovalDurationCmd

1202

propname = "ApprovalDuration"

1147

property = "ApprovalDuration"

1203

1148

values_to_set = [datetime.timedelta(),

1204

1149

datetime.timedelta(minutes=5),

1205

1150

datetime.timedelta(seconds=1),

1385

1330

def test_is_enabled_short(self):

1386

1331

self.assert_command_from_args(["-V", "foo"], IsEnabledCmd)

1387

1332

1388

def test_deny_before_remove(self):

1389

options = self.parser.parse_args(["--deny", "--remove", "foo"])

1390

check_option_syntax(self.parser, options)

1391

commands = commands_from_options(options)

1392

self.assertEqual(len(commands), 2)

1393

self.assertIsInstance(commands[0], DenyCmd)

1394

self.assertIsInstance(commands[1], RemoveCmd)

1395

1396

def test_deny_before_remove_reversed(self):

1397

options = self.parser.parse_args(["--remove", "--deny", "--all"])

1398

check_option_syntax(self.parser, options)

1399

commands = commands_from_options(options)

1400

self.assertEqual(len(commands), 2)

1401

self.assertIsInstance(commands[0], DenyCmd)

1402

self.assertIsInstance(commands[1], RemoveCmd)

1403

1404

1405

class Test_check_option_syntax(unittest.TestCase):

1406

# This mostly corresponds to the definition from has_actions() in

1407

# check_option_syntax()

1408

actions = {

1409

# The actual values set here are not that important, but we do

1410

# at least stick to the correct types, even though they are

1411

# never used

1412

"enable": True,

1413

"disable": True,

1414

"bump_timeout": True,

1415

"start_checker": True,

1416

"stop_checker": True,

1417

"is_enabled": True,

1418

"remove": True,

1419

"checker": "x",

1420

"timeout": datetime.timedelta(),

1421

"extended_timeout": datetime.timedelta(),

1422

"interval": datetime.timedelta(),

1423

"approved_by_default": True,

1424

"approval_delay": datetime.timedelta(),

1425

"approval_duration": datetime.timedelta(),

1426

"host": "x",

1427

"secret": io.BytesIO(b"x"),

1428

"approve": True,

1429

"deny": True,

1430

}

1431

1432

def setUp(self):

1433

self.parser = argparse.ArgumentParser()

1434

add_command_line_options(self.parser)

1435

1436

@contextlib.contextmanager

1437

def assertParseError(self):

1438

with self.assertRaises(SystemExit) as e:

1439

with self.temporarily_suppress_stderr():

1440

yield

1441

# Exit code from argparse is guaranteed to be "2". Reference:

1442

# https://docs.python.org/3/library/argparse.html#exiting-methods

1443

self.assertEqual(e.exception.code, 2)

1444

1445

@staticmethod

1446

@contextlib.contextmanager

1447

def temporarily_suppress_stderr():

1448

null = os.open(os.path.devnull, os.O_RDWR)

1449

stderrcopy = os.dup(sys.stderr.fileno())

1450

os.dup2(null, sys.stderr.fileno())

1451

os.close(null)

1452

try:

1453

yield

1454

finally:

1455

# restore stderr

1456

os.dup2(stderrcopy, sys.stderr.fileno())

1457

os.close(stderrcopy)

1458

1459

def check_option_syntax(self, options):

1460

check_option_syntax(self.parser, options)

1461

1462

def test_actions_requires_client_or_all(self):

1463

for action, value in self.actions.items():

1464

options = self.parser.parse_args()

1465

setattr(options, action, value)

1466

with self.assertParseError():

1467

self.check_option_syntax(options)

1468

1469

def test_actions_conflicts_with_verbose(self):

1470

for action, value in self.actions.items():

1471

options = self.parser.parse_args()

1472

setattr(options, action, value)

1473

options.verbose = True

1474

with self.assertParseError():

1475

self.check_option_syntax(options)

1476

1477

def test_dump_json_conflicts_with_verbose(self):

1478

options = self.parser.parse_args()

1479

options.dump_json = True

1480

options.verbose = True

1481

with self.assertParseError():

1482

self.check_option_syntax(options)

1483

1484

def test_dump_json_conflicts_with_action(self):

1485

for action, value in self.actions.items():

1486

options = self.parser.parse_args()

1487

setattr(options, action, value)

1488

options.dump_json = True

1489

with self.assertParseError():

1490

self.check_option_syntax(options)

1491

1492

def test_all_can_not_be_alone(self):

1493

options = self.parser.parse_args()

1494

options.all = True

1495

with self.assertParseError():

1496

self.check_option_syntax(options)

1497

1498

def test_all_is_ok_with_any_action(self):

1499

for action, value in self.actions.items():

1500

options = self.parser.parse_args()

1501

setattr(options, action, value)

1502

options.all = True

1503

self.check_option_syntax(options)

1504

1505

def test_is_enabled_fails_without_client(self):

1506

options = self.parser.parse_args()

1507

options.is_enabled = True

1508

with self.assertParseError():

1509

self.check_option_syntax(options)

1510

1511

def test_is_enabled_works_with_one_client(self):

1512

options = self.parser.parse_args()

1513

options.is_enabled = True

1514

options.client = ["foo"]

1515

self.check_option_syntax(options)

1516

1517

def test_is_enabled_fails_with_two_clients(self):

1518

options = self.parser.parse_args()

1519

options.is_enabled = True

1520

options.client = ["foo", "barbar"]

1521

with self.assertParseError():

1522

self.check_option_syntax(options)

1523

1524

def test_remove_can_only_be_combined_with_action_deny(self):

1525

for action, value in self.actions.items():

1526

if action in {"remove", "deny"}:

1527

continue

1528

options = self.parser.parse_args()

1529

setattr(options, action, value)

1530

options.all = True

1531

options.remove = True

1532

with self.assertParseError():

1533

self.check_option_syntax(options)

1534

1535

1333

1536

1334

1537

1335

def should_only_run_tests():