To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos-ctl
- browse files at revision 237.7.598
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.598
- Committer: Teddy Hogeborn
- Date: 2019-03-10 02:35:22 UTC
- mto: This revision was merged to the branch mainline in revision 382.
- Revision ID: teddy@recompile.se-20190310023522-cvos2tw2si6t7if3
mandos-ctl: Minimize number of D-Bus calls
* mandos-ctl (Command.run): Now takes a {objpath: properties} dict,
followed by optional "bus" and "mandos"
arguments. Use "bus" to connect to
clients when dispatching to method
run_on_one_client(). All callers changed.
(IsEnabledCmd.run): New.
(IsEnabledCmd.run_on_one_client): Remove.
(ApproveCmd.run_on_one_client): Add busname to debug output.
(DenyCmd.run_on_one_client): - '' -
(main): In D-Bus debug output, change "name" to "busname". Also,
don't connect to clients, just use the object path as the
key of the "clients" dict passed to Command.run().
(TestCmd.clients): Changed to an {objpath: properties} dict.
(TestCmd.one_client): - '' -
(TestCmd.bus): New mock bus object having a get_object() method.
* mandos-ctl (Command.run): Now takes a {objpath: properties} dict,
followed by optional "bus" and "mandos"
arguments. Use "bus" to connect to
clients when dispatching to method
run_on_one_client(). All callers changed.
(IsEnabledCmd.run): New.
(IsEnabledCmd.run_on_one_client): Remove.
(ApproveCmd.run_on_one_client): Add busname to debug output.
(DenyCmd.run_on_one_client): - '' -
(main): In D-Bus debug output, change "name" to "busname". Also,
don't connect to clients, just use the object path as the
key of the "clients" dict passed to Command.run().
(TestCmd.clients): Changed to an {objpath: properties} dict.
(TestCmd.one_client): - '' -
(TestCmd.bus): New mock bus object having a get_object() method.
- files modified:
- mandos-ctl
added
removed
mandos-ctl
64
64
65
65
locale.setlocale(locale.LC_ALL, "")
66
66
67
dbus_busname_domain = "se.recompile"
68
dbus_busname = dbus_busname_domain + ".Mandos"
69
server_dbus_path = "/"
70
server_dbus_interface = dbus_busname_domain + ".Mandos"
71
client_dbus_interface = dbus_busname_domain + ".Mandos.Client"
72
del dbus_busname_domain
67
domain = "se.recompile"
68
busname = domain + ".Mandos"
69
server_path = "/"
70
server_interface = domain + ".Mandos"
71
client_interface = domain + ".Mandos.Client"
73
72
version = "1.8.3"
74
73
75
74
79
78
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
80
79
81
80
82
def main():
83
parser = argparse.ArgumentParser()
84
85
add_command_line_options(parser)
86
87
options = parser.parse_args()
88
89
check_option_syntax(parser, options)
90
91
clientnames = options.client
92
93
if options.debug:
94
log.setLevel(logging.DEBUG)
95
96
try:
97
bus = dbus.SystemBus()
98
log.debug("D-Bus: Connect to: (busname=%r, path=%r)",
99
dbus_busname, server_dbus_path)
100
mandos_dbus_objc = bus.get_object(dbus_busname,
101
server_dbus_path)
102
except dbus.exceptions.DBusException:
103
log.critical("Could not connect to Mandos server")
104
sys.exit(1)
105
106
mandos_serv = dbus.Interface(mandos_dbus_objc,
107
dbus_interface=server_dbus_interface)
108
mandos_serv_object_manager = dbus.Interface(
109
mandos_dbus_objc, dbus_interface=dbus.OBJECT_MANAGER_IFACE)
110
111
# Filter out log message from dbus module
112
dbus_logger = logging.getLogger("dbus.proxies")
113
class NullFilter(logging.Filter):
114
def filter(self, record):
115
return False
116
dbus_filter = NullFilter()
117
try:
118
dbus_logger.addFilter(dbus_filter)
119
log.debug("D-Bus: %s:%s:%s.GetManagedObjects()", dbus_busname,
120
server_dbus_path, dbus.OBJECT_MANAGER_IFACE)
121
mandos_clients = {path: ifs_and_props[client_dbus_interface]
122
for path, ifs_and_props in
123
mandos_serv_object_manager
124
.GetManagedObjects().items()
125
if client_dbus_interface in ifs_and_props}
126
except dbus.exceptions.DBusException as e:
127
log.critical("Failed to access Mandos server through D-Bus:"
128
"\n%s", e)
129
sys.exit(1)
130
finally:
131
# restore dbus logger
132
dbus_logger.removeFilter(dbus_filter)
133
134
# Compile dict of (clients: properties) to process
135
clients = {}
136
137
if not clientnames:
138
clients = {objpath: properties
139
for objpath, properties in mandos_clients.items()}
140
else:
141
for name in clientnames:
142
for objpath, properties in mandos_clients.items():
143
if properties["Name"] == name:
144
clients[objpath] = properties
145
break
146
else:
147
log.critical("Client not found on server: %r", name)
148
sys.exit(1)
149
150
# Run all commands on clients
151
commands = commands_from_options(options)
152
for command in commands:
153
command.run(clients, bus, mandos_serv)
154
155
156
def add_command_line_options(parser):
157
parser.add_argument("--version", action="version",
158
version="%(prog)s {}".format(version),
159
help="show version number and exit")
160
parser.add_argument("-a", "--all", action="store_true",
161
help="Select all clients")
162
parser.add_argument("-v", "--verbose", action="store_true",
163
help="Print all fields")
164
parser.add_argument("-j", "--dump-json", action="store_true",
165
help="Dump client data in JSON format")
166
enable_disable = parser.add_mutually_exclusive_group()
167
enable_disable.add_argument("-e", "--enable", action="store_true",
168
help="Enable client")
169
enable_disable.add_argument("-d", "--disable",
170
action="store_true",
171
help="disable client")
172
parser.add_argument("-b", "--bump-timeout", action="store_true",
173
help="Bump timeout for client")
174
start_stop_checker = parser.add_mutually_exclusive_group()
175
start_stop_checker.add_argument("--start-checker",
176
action="store_true",
177
help="Start checker for client")
178
start_stop_checker.add_argument("--stop-checker",
179
action="store_true",
180
help="Stop checker for client")
181
parser.add_argument("-V", "--is-enabled", action="store_true",
182
help="Check if client is enabled")
183
parser.add_argument("-r", "--remove", action="store_true",
184
help="Remove client")
185
parser.add_argument("-c", "--checker",
186
help="Set checker command for client")
187
parser.add_argument("-t", "--timeout", type=string_to_delta,
188
help="Set timeout for client")
189
parser.add_argument("--extended-timeout", type=string_to_delta,
190
help="Set extended timeout for client")
191
parser.add_argument("-i", "--interval", type=string_to_delta,
192
help="Set checker interval for client")
193
approve_deny_default = parser.add_mutually_exclusive_group()
194
approve_deny_default.add_argument(
195
"--approve-by-default", action="store_true",
196
default=None, dest="approved_by_default",
197
help="Set client to be approved by default")
198
approve_deny_default.add_argument(
199
"--deny-by-default", action="store_false",
200
dest="approved_by_default",
201
help="Set client to be denied by default")
202
parser.add_argument("--approval-delay", type=string_to_delta,
203
help="Set delay before client approve/deny")
204
parser.add_argument("--approval-duration", type=string_to_delta,
205
help="Set duration of one client approval")
206
parser.add_argument("-H", "--host", help="Set host for client")
207
parser.add_argument("-s", "--secret",
208
type=argparse.FileType(mode="rb"),
209
help="Set password blob (file) for client")
210
approve_deny = parser.add_mutually_exclusive_group()
211
approve_deny.add_argument(
212
"-A", "--approve", action="store_true",
213
help="Approve any current client request")
214
approve_deny.add_argument("-D", "--deny", action="store_true",
215
help="Deny any current client request")
216
parser.add_argument("--debug", action="store_true",
217
help="Debug mode (show D-Bus commands)")
218
parser.add_argument("--check", action="store_true",
219
help="Run self-test")
220
parser.add_argument("client", nargs="*", help="Client name")
221
222
223
def string_to_delta(interval):
224
"""Parse a string and return a datetime.timedelta"""
225
226
try:
227
return rfc3339_duration_to_delta(interval)
228
except ValueError as e:
229
log.warning("%s - Parsing as pre-1.6.1 interval instead",
230
' '.join(e.args))
231
return parse_pre_1_6_1_interval(interval)
81
def milliseconds_to_string(ms):
82
td = datetime.timedelta(0, 0, 0, ms)
83
return ("{days}{hours:02}:{minutes:02}:{seconds:02}"
84
.format(days="{}T".format(td.days) if td.days else "",
85
hours=td.seconds // 3600,
86
minutes=(td.seconds % 3600) // 60,
87
seconds=td.seconds % 60))
232
88
233
89
234
90
def rfc3339_duration_to_delta(duration):
361
217
return value
362
218
363
219
220
def string_to_delta(interval):
221
"""Parse a string and return a datetime.timedelta"""
222
223
try:
224
return rfc3339_duration_to_delta(interval)
225
except ValueError as e:
226
log.warning("%s - Parsing as pre-1.6.1 interval instead",
227
' '.join(e.args))
228
return parse_pre_1_6_1_interval(interval)
229
230
364
231
def parse_pre_1_6_1_interval(interval):
365
232
"""Parse an interval string as documented by Mandos before 1.6.1,
366
233
and return a datetime.timedelta
404
271
return value
405
272
406
273
407
def check_option_syntax(parser, options):
408
"""Apply additional restrictions on options, not expressible in
409
argparse"""
410
411
def has_actions(options):
412
return any((options.enable,
413
options.disable,
414
options.bump_timeout,
415
options.start_checker,
416
options.stop_checker,
417
options.is_enabled,
418
options.remove,
419
options.checker is not None,
420
options.timeout is not None,
421
options.extended_timeout is not None,
422
options.interval is not None,
423
options.approved_by_default is not None,
424
options.approval_delay is not None,
425
options.approval_duration is not None,
426
options.host is not None,
427
options.secret is not None,
428
options.approve,
429
options.deny))
430
431
if has_actions(options) and not (options.client or options.all):
432
parser.error("Options require clients names or --all.")
433
if options.verbose and has_actions(options):
434
parser.error("--verbose can only be used alone.")
435
if options.dump_json and (options.verbose
436
or has_actions(options)):
437
parser.error("--dump-json can only be used alone.")
438
if options.all and not has_actions(options):
439
parser.error("--all requires an action.")
440
if options.is_enabled and len(options.client) > 1:
441
parser.error("--is-enabled requires exactly one client")
442
if options.remove:
443
options.remove = False
444
if has_actions(options) and not options.deny:
445
parser.error("--remove can only be combined with --deny")
446
options.remove = True
447
448
449
def commands_from_options(options):
450
451
commands = []
452
453
if options.is_enabled:
454
commands.append(IsEnabledCmd())
455
456
if options.approve:
457
commands.append(ApproveCmd())
458
459
if options.deny:
460
commands.append(DenyCmd())
461
462
if options.remove:
463
commands.append(RemoveCmd())
464
465
if options.dump_json:
466
commands.append(DumpJSONCmd())
467
468
if options.enable:
469
commands.append(EnableCmd())
470
471
if options.disable:
472
commands.append(DisableCmd())
473
474
if options.bump_timeout:
475
commands.append(BumpTimeoutCmd())
476
477
if options.start_checker:
478
commands.append(StartCheckerCmd())
479
480
if options.stop_checker:
481
commands.append(StopCheckerCmd())
482
483
if options.approved_by_default is not None:
484
if options.approved_by_default:
485
commands.append(ApproveByDefaultCmd())
486
else:
487
commands.append(DenyByDefaultCmd())
488
489
if options.checker is not None:
490
commands.append(SetCheckerCmd(options.checker))
491
492
if options.host is not None:
493
commands.append(SetHostCmd(options.host))
494
495
if options.secret is not None:
496
commands.append(SetSecretCmd(options.secret))
497
498
if options.timeout is not None:
499
commands.append(SetTimeoutCmd(options.timeout))
500
501
if options.extended_timeout:
502
commands.append(
503
SetExtendedTimeoutCmd(options.extended_timeout))
504
505
if options.interval is not None:
506
commands.append(SetIntervalCmd(options.interval))
507
508
if options.approval_delay is not None:
509
commands.append(SetApprovalDelayCmd(options.approval_delay))
510
511
if options.approval_duration is not None:
512
commands.append(
513
SetApprovalDurationCmd(options.approval_duration))
514
515
# If no command option has been given, show table of clients,
516
# optionally verbosely
517
if not commands:
518
commands.append(PrintTableCmd(verbose=options.verbose))
519
520
return commands
521
522
274
## Classes for commands.
275
276
# Abstract classes first
523
277
class Command(object):
524
278
"""Abstract class for commands"""
525
279
def run(self, clients, bus=None, mandos=None):
529
283
self.mandos = mandos
530
284
for clientpath, properties in clients.items():
531
285
log.debug("D-Bus: Connect to: (busname=%r, path=%r)",
532
dbus_busname, str(clientpath))
533
client = bus.get_object(dbus_busname, clientpath)
286
busname, str(clientpath))
287
client = bus.get_object(busname, clientpath)
534
288
self.run_on_one_client(client, properties)
535
289
536
537
class IsEnabledCmd(Command):
538
def run(self, clients, bus=None, mandos=None):
539
client, properties = next(iter(clients.items()))
540
if self.is_enabled(client, properties):
541
sys.exit(0)
542
sys.exit(1)
543
def is_enabled(self, client, properties):
544
return properties["Enabled"]
545
546
547
class ApproveCmd(Command):
548
def run_on_one_client(self, client, properties):
549
log.debug("D-Bus: %s:%s:%s.Approve(True)", dbus_busname,
550
client.__dbus_object_path__, client_dbus_interface)
551
client.Approve(dbus.Boolean(True),
552
dbus_interface=client_dbus_interface)
553
554
555
class DenyCmd(Command):
556
def run_on_one_client(self, client, properties):
557
log.debug("D-Bus: %s:%s:%s.Approve(False)", dbus_busname,
558
client.__dbus_object_path__, client_dbus_interface)
559
client.Approve(dbus.Boolean(False),
560
dbus_interface=client_dbus_interface)
561
562
563
class RemoveCmd(Command):
564
def run_on_one_client(self, client, properties):
565
log.debug("D-Bus: %s:%s:%s.RemoveClient(%r)", dbus_busname,
566
server_dbus_path, server_dbus_interface,
567
str(client.__dbus_object_path__))
568
self.mandos.RemoveClient(client.__dbus_object_path__)
569
570
571
class OutputCmd(Command):
572
"""Abstract class for commands outputting client details"""
290
class PrintCmd(Command):
291
"""Abstract class for commands printing client details"""
573
292
all_keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK",
574
293
"Created", "Interval", "Host", "KeyID",
575
294
"Fingerprint", "CheckerRunning", "LastEnabled",
582
301
def output(self, clients):
583
302
raise NotImplementedError()
584
303
585
586
class DumpJSONCmd(OutputCmd):
587
def output(self, clients):
588
data = {client["Name"]:
589
{key: self.dbus_boolean_to_bool(client[key])
590
for key in self.all_keywords}
591
for client in clients.values()}
592
return json.dumps(data, indent=4, separators=(',', ': '))
593
@staticmethod
594
def dbus_boolean_to_bool(value):
595
if isinstance(value, dbus.Boolean):
596
value = bool(value)
597
return value
598
599
600
class PrintTableCmd(OutputCmd):
304
class PropertyCmd(Command):
305
"""Abstract class for Actions for setting one client property"""
306
def run_on_one_client(self, client, properties):
307
"""Set the Client's D-Bus property"""
308
log.debug("D-Bus: %s:%s:%s.Set(%r, %r, %r)", busname,
309
client.__dbus_object_path__,
310
dbus.PROPERTIES_IFACE, client_interface,
311
self.propname, self.value_to_set
312
if not isinstance(self.value_to_set, dbus.Boolean)
313
else bool(self.value_to_set))
314
client.Set(client_interface, self.propname, self.value_to_set,
315
dbus_interface=dbus.PROPERTIES_IFACE)
316
@property
317
def propname(self):
318
raise NotImplementedError()
319
320
class ValueArgumentMixIn(object):
321
"""Mixin class for commands taking a value as argument"""
322
def __init__(self, value):
323
self.value_to_set = value
324
325
class MillisecondsValueArgumentMixIn(ValueArgumentMixIn):
326
"""Mixin class for commands taking a value argument as
327
milliseconds."""
328
@property
329
def value_to_set(self):
330
return self._vts
331
@value_to_set.setter
332
def value_to_set(self, value):
333
"""When setting, convert value to a datetime.timedelta"""
334
self._vts = int(round(value.total_seconds() * 1000))
335
336
# Actual (non-abstract) command classes
337
338
class PrintTableCmd(PrintCmd):
601
339
def __init__(self, verbose=False):
602
340
self.verbose = verbose
603
341
604
342
def output(self, clients):
605
default_keywords = ("Name", "Enabled", "Timeout",
606
"LastCheckedOK")
343
default_keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK")
607
344
keywords = default_keywords
608
345
if self.verbose:
609
346
keywords = self.all_keywords
666
403
def string_from_client(self, client, key):
667
404
return self.valuetostring(client[key], key)
668
405
669
@classmethod
670
def valuetostring(cls, value, keyword):
406
@staticmethod
407
def valuetostring(value, keyword):
671
408
if isinstance(value, dbus.Boolean):
672
409
return "Yes" if value else "No"
673
410
if keyword in ("Timeout", "Interval", "ApprovalDelay",
674
411
"ApprovalDuration", "ExtendedTimeout"):
675
return cls.milliseconds_to_string(value)
412
return milliseconds_to_string(value)
676
413
return str(value)
677
414
678
415
def header_line(self, format_string):
683
420
**{key: self.string_from_client(client, key)
684
421
for key in self.keywords})
685
422
686
@staticmethod
687
def milliseconds_to_string(ms):
688
td = datetime.timedelta(0, 0, 0, ms)
689
return ("{days}{hours:02}:{minutes:02}:{seconds:02}"
690
.format(days="{}T".format(td.days)
691
if td.days else "",
692
hours=td.seconds // 3600,
693
minutes=(td.seconds % 3600) // 60,
694
seconds=td.seconds % 60))
695
696
697
class PropertyCmd(Command):
698
"""Abstract class for Actions for setting one client property"""
699
def run_on_one_client(self, client, properties):
700
"""Set the Client's D-Bus property"""
701
log.debug("D-Bus: %s:%s:%s.Set(%r, %r, %r)", dbus_busname,
702
client.__dbus_object_path__,
703
dbus.PROPERTIES_IFACE, client_dbus_interface,
704
self.propname, self.value_to_set
705
if not isinstance(self.value_to_set, dbus.Boolean)
706
else bool(self.value_to_set))
707
client.Set(client_dbus_interface, self.propname,
708
self.value_to_set,
709
dbus_interface=dbus.PROPERTIES_IFACE)
710
@property
711
def propname(self):
712
raise NotImplementedError()
713
423
424
425
class DumpJSONCmd(PrintCmd):
426
def output(self, clients):
427
data = {client["Name"]:
428
{key: self.dbus_boolean_to_bool(client[key])
429
for key in self.all_keywords}
430
for client in clients.values()}
431
return json.dumps(data, indent=4, separators=(',', ': '))
432
@staticmethod
433
def dbus_boolean_to_bool(value):
434
if isinstance(value, dbus.Boolean):
435
value = bool(value)
436
return value
437
438
class IsEnabledCmd(Command):
439
def run(self, clients, bus=None, mandos=None):
440
client, properties = next(iter(clients.items()))
441
if self.is_enabled(client, properties):
442
sys.exit(0)
443
sys.exit(1)
444
def is_enabled(self, client, properties):
445
return properties["Enabled"]
446
447
class RemoveCmd(Command):
448
def run_on_one_client(self, client, properties):
449
log.debug("D-Bus: %s:%s:%s.RemoveClient(%r)", busname,
450
server_path, server_interface,
451
str(client.__dbus_object_path__))
452
self.mandos.RemoveClient(client.__dbus_object_path__)
453
454
class ApproveCmd(Command):
455
def run_on_one_client(self, client, properties):
456
log.debug("D-Bus: %s:%s:%s.Approve(True)", busname,
457
client.__dbus_object_path__, client_interface)
458
client.Approve(dbus.Boolean(True),
459
dbus_interface=client_interface)
460
461
class DenyCmd(Command):
462
def run_on_one_client(self, client, properties):
463
log.debug("D-Bus: %s:%s:%s.Approve(False)", busname,
464
client.__dbus_object_path__, client_interface)
465
client.Approve(dbus.Boolean(False),
466
dbus_interface=client_interface)
714
467
715
468
class EnableCmd(PropertyCmd):
716
469
propname = "Enabled"
717
470
value_to_set = dbus.Boolean(True)
718
471
719
720
472
class DisableCmd(PropertyCmd):
721
473
propname = "Enabled"
722
474
value_to_set = dbus.Boolean(False)
723
475
724
725
476
class BumpTimeoutCmd(PropertyCmd):
726
477
propname = "LastCheckedOK"
727
478
value_to_set = ""
728
479
729
730
480
class StartCheckerCmd(PropertyCmd):
731
481
propname = "CheckerRunning"
732
482
value_to_set = dbus.Boolean(True)
733
483
734
735
484
class StopCheckerCmd(PropertyCmd):
736
485
propname = "CheckerRunning"
737
486
value_to_set = dbus.Boolean(False)
738
487
739
740
488
class ApproveByDefaultCmd(PropertyCmd):
741
489
propname = "ApprovedByDefault"
742
490
value_to_set = dbus.Boolean(True)
743
491
744
745
492
class DenyByDefaultCmd(PropertyCmd):
746
493
propname = "ApprovedByDefault"
747
494
value_to_set = dbus.Boolean(False)
748
495
749
750
class PropertyValueCmd(PropertyCmd):
751
"""Abstract class for PropertyCmd recieving a value as argument"""
752
def __init__(self, value):
753
self.value_to_set = value
754
755
756
class SetCheckerCmd(PropertyValueCmd):
496
class SetCheckerCmd(PropertyCmd, ValueArgumentMixIn):
757
497
propname = "Checker"
758
498
759
760
class SetHostCmd(PropertyValueCmd):
499
class SetHostCmd(PropertyCmd, ValueArgumentMixIn):
761
500
propname = "Host"
762
501
763
764
class SetSecretCmd(PropertyValueCmd):
502
class SetSecretCmd(PropertyCmd, ValueArgumentMixIn):
765
503
propname = "Secret"
766
504
@property
767
505
def value_to_set(self):
772
510
self._vts = value.read()
773
511
value.close()
774
512
775
776
class MillisecondsPropertyValueArgumentCmd(PropertyValueCmd):
777
"""Abstract class for PropertyValueCmd taking a value argument as
778
a datetime.timedelta() but should store it as milliseconds."""
779
@property
780
def value_to_set(self):
781
return self._vts
782
@value_to_set.setter
783
def value_to_set(self, value):
784
"""When setting, convert value from a datetime.timedelta"""
785
self._vts = int(round(value.total_seconds() * 1000))
786
787
788
class SetTimeoutCmd(MillisecondsPropertyValueArgumentCmd):
513
class SetTimeoutCmd(PropertyCmd, MillisecondsValueArgumentMixIn):
789
514
propname = "Timeout"
790
515
791
792
class SetExtendedTimeoutCmd(MillisecondsPropertyValueArgumentCmd):
516
class SetExtendedTimeoutCmd(PropertyCmd,
517
MillisecondsValueArgumentMixIn):
793
518
propname = "ExtendedTimeout"
794
519
795
796
class SetIntervalCmd(MillisecondsPropertyValueArgumentCmd):
520
class SetIntervalCmd(PropertyCmd, MillisecondsValueArgumentMixIn):
797
521
propname = "Interval"
798
522
799
800
class SetApprovalDelayCmd(MillisecondsPropertyValueArgumentCmd):
523
class SetApprovalDelayCmd(PropertyCmd,
524
MillisecondsValueArgumentMixIn):
801
525
propname = "ApprovalDelay"
802
526
803
804
class SetApprovalDurationCmd(MillisecondsPropertyValueArgumentCmd):
527
class SetApprovalDurationCmd(PropertyCmd,
528
MillisecondsValueArgumentMixIn):
805
529
propname = "ApprovalDuration"
806
530
531
def add_command_line_options(parser):
532
parser.add_argument("--version", action="version",
533
version="%(prog)s {}".format(version),
534
help="show version number and exit")
535
parser.add_argument("-a", "--all", action="store_true",
536
help="Select all clients")
537
parser.add_argument("-v", "--verbose", action="store_true",
538
help="Print all fields")
539
parser.add_argument("-j", "--dump-json", action="store_true",
540
help="Dump client data in JSON format")
541
enable_disable = parser.add_mutually_exclusive_group()
542
enable_disable.add_argument("-e", "--enable", action="store_true",
543
help="Enable client")
544
enable_disable.add_argument("-d", "--disable",
545
action="store_true",
546
help="disable client")
547
parser.add_argument("-b", "--bump-timeout", action="store_true",
548
help="Bump timeout for client")
549
start_stop_checker = parser.add_mutually_exclusive_group()
550
start_stop_checker.add_argument("--start-checker",
551
action="store_true",
552
help="Start checker for client")
553
start_stop_checker.add_argument("--stop-checker",
554
action="store_true",
555
help="Stop checker for client")
556
parser.add_argument("-V", "--is-enabled", action="store_true",
557
help="Check if client is enabled")
558
parser.add_argument("-r", "--remove", action="store_true",
559
help="Remove client")
560
parser.add_argument("-c", "--checker",
561
help="Set checker command for client")
562
parser.add_argument("-t", "--timeout", type=string_to_delta,
563
help="Set timeout for client")
564
parser.add_argument("--extended-timeout", type=string_to_delta,
565
help="Set extended timeout for client")
566
parser.add_argument("-i", "--interval", type=string_to_delta,
567
help="Set checker interval for client")
568
approve_deny_default = parser.add_mutually_exclusive_group()
569
approve_deny_default.add_argument(
570
"--approve-by-default", action="store_true",
571
default=None, dest="approved_by_default",
572
help="Set client to be approved by default")
573
approve_deny_default.add_argument(
574
"--deny-by-default", action="store_false",
575
dest="approved_by_default",
576
help="Set client to be denied by default")
577
parser.add_argument("--approval-delay", type=string_to_delta,
578
help="Set delay before client approve/deny")
579
parser.add_argument("--approval-duration", type=string_to_delta,
580
help="Set duration of one client approval")
581
parser.add_argument("-H", "--host", help="Set host for client")
582
parser.add_argument("-s", "--secret",
583
type=argparse.FileType(mode="rb"),
584
help="Set password blob (file) for client")
585
approve_deny = parser.add_mutually_exclusive_group()
586
approve_deny.add_argument(
587
"-A", "--approve", action="store_true",
588
help="Approve any current client request")
589
approve_deny.add_argument("-D", "--deny", action="store_true",
590
help="Deny any current client request")
591
parser.add_argument("--debug", action="store_true",
592
help="Debug mode (show D-Bus commands)")
593
parser.add_argument("--check", action="store_true",
594
help="Run self-test")
595
parser.add_argument("client", nargs="*", help="Client name")
596
597
598
def commands_from_options(options):
599
600
commands = []
601
602
if options.dump_json:
603
commands.append(DumpJSONCmd())
604
605
if options.enable:
606
commands.append(EnableCmd())
607
608
if options.disable:
609
commands.append(DisableCmd())
610
611
if options.bump_timeout:
612
commands.append(BumpTimeoutCmd())
613
614
if options.start_checker:
615
commands.append(StartCheckerCmd())
616
617
if options.stop_checker:
618
commands.append(StopCheckerCmd())
619
620
if options.is_enabled:
621
commands.append(IsEnabledCmd())
622
623
if options.checker is not None:
624
commands.append(SetCheckerCmd(options.checker))
625
626
if options.timeout is not None:
627
commands.append(SetTimeoutCmd(options.timeout))
628
629
if options.extended_timeout:
630
commands.append(
631
SetExtendedTimeoutCmd(options.extended_timeout))
632
633
if options.interval is not None:
634
commands.append(SetIntervalCmd(options.interval))
635
636
if options.approved_by_default is not None:
637
if options.approved_by_default:
638
commands.append(ApproveByDefaultCmd())
639
else:
640
commands.append(DenyByDefaultCmd())
641
642
if options.approval_delay is not None:
643
commands.append(SetApprovalDelayCmd(options.approval_delay))
644
645
if options.approval_duration is not None:
646
commands.append(
647
SetApprovalDurationCmd(options.approval_duration))
648
649
if options.host is not None:
650
commands.append(SetHostCmd(options.host))
651
652
if options.secret is not None:
653
commands.append(SetSecretCmd(options.secret))
654
655
if options.approve:
656
commands.append(ApproveCmd())
657
658
if options.deny:
659
commands.append(DenyCmd())
660
661
if options.remove:
662
commands.append(RemoveCmd())
663
664
# If no command option has been given, show table of clients,
665
# optionally verbosely
666
if not commands:
667
commands.append(PrintTableCmd(verbose=options.verbose))
668
669
return commands
670
671
672
def check_option_syntax(parser, options):
673
"""Apply additional restrictions on options, not expressible in
674
argparse"""
675
676
def has_actions(options):
677
return any((options.enable,
678
options.disable,
679
options.bump_timeout,
680
options.start_checker,
681
options.stop_checker,
682
options.is_enabled,
683
options.remove,
684
options.checker is not None,
685
options.timeout is not None,
686
options.extended_timeout is not None,
687
options.interval is not None,
688
options.approved_by_default is not None,
689
options.approval_delay is not None,
690
options.approval_duration is not None,
691
options.host is not None,
692
options.secret is not None,
693
options.approve,
694
options.deny))
695
696
if has_actions(options) and not (options.client or options.all):
697
parser.error("Options require clients names or --all.")
698
if options.verbose and has_actions(options):
699
parser.error("--verbose can only be used alone.")
700
if options.dump_json and (options.verbose
701
or has_actions(options)):
702
parser.error("--dump-json can only be used alone.")
703
if options.all and not has_actions(options):
704
parser.error("--all requires an action.")
705
if options.is_enabled and len(options.client) > 1:
706
parser.error("--is-enabled requires exactly one client")
707
if options.remove:
708
options.remove = False
709
if has_actions(options) and not options.deny:
710
parser.error("--remove can only be combined with --deny")
711
options.remove = True
712
713
714
def main():
715
parser = argparse.ArgumentParser()
716
717
add_command_line_options(parser)
718
719
options = parser.parse_args()
720
721
check_option_syntax(parser, options)
722
723
clientnames = options.client
724
725
if options.debug:
726
log.setLevel(logging.DEBUG)
727
728
try:
729
bus = dbus.SystemBus()
730
log.debug("D-Bus: Connect to: (busname=%r, path=%r)", busname,
731
server_path)
732
mandos_dbus_objc = bus.get_object(busname, server_path)
733
except dbus.exceptions.DBusException:
734
log.critical("Could not connect to Mandos server")
735
sys.exit(1)
736
737
mandos_serv = dbus.Interface(mandos_dbus_objc,
738
dbus_interface=server_interface)
739
mandos_serv_object_manager = dbus.Interface(
740
mandos_dbus_objc, dbus_interface=dbus.OBJECT_MANAGER_IFACE)
741
742
# Filter out log message from dbus module
743
dbus_logger = logging.getLogger("dbus.proxies")
744
class NullFilter(logging.Filter):
745
def filter(self, record):
746
return False
747
dbus_filter = NullFilter()
748
try:
749
dbus_logger.addFilter(dbus_filter)
750
log.debug("D-Bus: %s:%s:%s.GetManagedObjects()", busname,
751
server_path, dbus.OBJECT_MANAGER_IFACE)
752
mandos_clients = {path: ifs_and_props[client_interface]
753
for path, ifs_and_props in
754
mandos_serv_object_manager
755
.GetManagedObjects().items()
756
if client_interface in ifs_and_props}
757
except dbus.exceptions.DBusException as e:
758
log.critical("Failed to access Mandos server through D-Bus:"
759
"\n%s", e)
760
sys.exit(1)
761
finally:
762
# restore dbus logger
763
dbus_logger.removeFilter(dbus_filter)
764
765
# Compile dict of (clients: properties) to process
766
clients = {}
767
768
if not clientnames:
769
clients = {objpath: properties
770
for objpath, properties in mandos_clients.items()}
771
else:
772
for name in clientnames:
773
for objpath, properties in mandos_clients.items():
774
if properties["Name"] == name:
775
clients[objpath] = properties
776
break
777
else:
778
log.critical("Client not found on server: %r", name)
779
sys.exit(1)
780
781
# Run all commands on clients
782
commands = commands_from_options(options)
783
for command in commands:
784
command.run(clients, bus, mandos_serv)
807
785
808
786
787
class Test_milliseconds_to_string(unittest.TestCase):
788
def test_all(self):
789
self.assertEqual(milliseconds_to_string(93785000),
790
"1T02:03:05")
791
def test_no_days(self):
792
self.assertEqual(milliseconds_to_string(7385000), "02:03:05")
793
def test_all_zero(self):
794
self.assertEqual(milliseconds_to_string(0), "00:00:00")
795
def test_no_fractional_seconds(self):
796
self.assertEqual(milliseconds_to_string(400), "00:00:00")
797
self.assertEqual(milliseconds_to_string(900), "00:00:00")
798
self.assertEqual(milliseconds_to_string(1900), "00:00:01")
799
809
800
class Test_string_to_delta(unittest.TestCase):
810
801
def test_handles_basic_rfc3339(self):
811
802
self.assertEqual(string_to_delta("PT0S"),
839
830
self.assertEqual(value, datetime.timedelta(0, 7200))
840
831
841
832
842
class Test_check_option_syntax(unittest.TestCase):
843
def setUp(self):
844
self.parser = argparse.ArgumentParser()
845
add_command_line_options(self.parser)
846
847
def test_actions_requires_client_or_all(self):
848
for action, value in self.actions.items():
849
options = self.parser.parse_args()
850
setattr(options, action, value)
851
with self.assertParseError():
852
self.check_option_syntax(options)
853
854
# This mostly corresponds to the definition from has_actions() in
855
# check_option_syntax()
856
actions = {
857
# The actual values set here are not that important, but we do
858
# at least stick to the correct types, even though they are
859
# never used
860
"enable": True,
861
"disable": True,
862
"bump_timeout": True,
863
"start_checker": True,
864
"stop_checker": True,
865
"is_enabled": True,
866
"remove": True,
867
"checker": "x",
868
"timeout": datetime.timedelta(),
869
"extended_timeout": datetime.timedelta(),
870
"interval": datetime.timedelta(),
871
"approved_by_default": True,
872
"approval_delay": datetime.timedelta(),
873
"approval_duration": datetime.timedelta(),
874
"host": "x",
875
"secret": io.BytesIO(b"x"),
876
"approve": True,
877
"deny": True,
878
}
879
880
@contextlib.contextmanager
881
def assertParseError(self):
882
with self.assertRaises(SystemExit) as e:
883
with self.temporarily_suppress_stderr():
884
yield
885
# Exit code from argparse is guaranteed to be "2". Reference:
886
# https://docs.python.org/3/library
887
# /argparse.html#exiting-methods
888
self.assertEqual(e.exception.code, 2)
889
890
@staticmethod
891
@contextlib.contextmanager
892
def temporarily_suppress_stderr():
893
null = os.open(os.path.devnull, os.O_RDWR)
894
stderrcopy = os.dup(sys.stderr.fileno())
895
os.dup2(null, sys.stderr.fileno())
896
os.close(null)
897
try:
898
yield
899
finally:
900
# restore stderr
901
os.dup2(stderrcopy, sys.stderr.fileno())
902
os.close(stderrcopy)
903
904
def check_option_syntax(self, options):
905
check_option_syntax(self.parser, options)
906
907
def test_actions_conflicts_with_verbose(self):
908
for action, value in self.actions.items():
909
options = self.parser.parse_args()
910
setattr(options, action, value)
911
options.verbose = True
912
with self.assertParseError():
913
self.check_option_syntax(options)
914
915
def test_dump_json_conflicts_with_verbose(self):
916
options = self.parser.parse_args()
917
options.dump_json = True
918
options.verbose = True
919
with self.assertParseError():
920
self.check_option_syntax(options)
921
922
def test_dump_json_conflicts_with_action(self):
923
for action, value in self.actions.items():
924
options = self.parser.parse_args()
925
setattr(options, action, value)
926
options.dump_json = True
927
with self.assertParseError():
928
self.check_option_syntax(options)
929
930
def test_all_can_not_be_alone(self):
931
options = self.parser.parse_args()
932
options.all = True
933
with self.assertParseError():
934
self.check_option_syntax(options)
935
936
def test_all_is_ok_with_any_action(self):
937
for action, value in self.actions.items():
938
options = self.parser.parse_args()
939
setattr(options, action, value)
940
options.all = True
941
self.check_option_syntax(options)
942
943
def test_is_enabled_fails_without_client(self):
944
options = self.parser.parse_args()
945
options.is_enabled = True
946
with self.assertParseError():
947
self.check_option_syntax(options)
948
949
def test_is_enabled_works_with_one_client(self):
950
options = self.parser.parse_args()
951
options.is_enabled = True
952
options.client = ["foo"]
953
self.check_option_syntax(options)
954
955
def test_is_enabled_fails_with_two_clients(self):
956
options = self.parser.parse_args()
957
options.is_enabled = True
958
options.client = ["foo", "barbar"]
959
with self.assertParseError():
960
self.check_option_syntax(options)
961
962
def test_remove_can_only_be_combined_with_action_deny(self):
963
for action, value in self.actions.items():
964
if action in {"remove", "deny"}:
965
continue
966
options = self.parser.parse_args()
967
setattr(options, action, value)
968
options.all = True
969
options.remove = True
970
with self.assertParseError():
971
self.check_option_syntax(options)
972
973
974
class Test_commands_from_options(unittest.TestCase):
975
def setUp(self):
976
self.parser = argparse.ArgumentParser()
977
add_command_line_options(self.parser)
978
979
def test_is_enabled(self):
980
self.assert_command_from_args(["--is-enabled", "foo"],
981
IsEnabledCmd)
982
983
def assert_command_from_args(self, args, command_cls,
984
**cmd_attrs):
985
"""Assert that parsing ARGS should result in an instance of
986
COMMAND_CLS with (optionally) all supplied attributes (CMD_ATTRS)."""
987
options = self.parser.parse_args(args)
988
check_option_syntax(self.parser, options)
989
commands = commands_from_options(options)
990
self.assertEqual(len(commands), 1)
991
command = commands[0]
992
self.assertIsInstance(command, command_cls)
993
for key, value in cmd_attrs.items():
994
self.assertEqual(getattr(command, key), value)
995
996
def test_is_enabled_short(self):
997
self.assert_command_from_args(["-V", "foo"], IsEnabledCmd)
998
999
def test_approve(self):
1000
self.assert_command_from_args(["--approve", "foo"],
1001
ApproveCmd)
1002
1003
def test_approve_short(self):
1004
self.assert_command_from_args(["-A", "foo"], ApproveCmd)
1005
1006
def test_deny(self):
1007
self.assert_command_from_args(["--deny", "foo"], DenyCmd)
1008
1009
def test_deny_short(self):
1010
self.assert_command_from_args(["-D", "foo"], DenyCmd)
1011
1012
def test_remove(self):
1013
self.assert_command_from_args(["--remove", "foo"],
1014
RemoveCmd)
1015
1016
def test_deny_before_remove(self):
1017
options = self.parser.parse_args(["--deny", "--remove",
1018
"foo"])
1019
check_option_syntax(self.parser, options)
1020
commands = commands_from_options(options)
1021
self.assertEqual(len(commands), 2)
1022
self.assertIsInstance(commands[0], DenyCmd)
1023
self.assertIsInstance(commands[1], RemoveCmd)
1024
1025
def test_deny_before_remove_reversed(self):
1026
options = self.parser.parse_args(["--remove", "--deny",
1027
"--all"])
1028
check_option_syntax(self.parser, options)
1029
commands = commands_from_options(options)
1030
self.assertEqual(len(commands), 2)
1031
self.assertIsInstance(commands[0], DenyCmd)
1032
self.assertIsInstance(commands[1], RemoveCmd)
1033
1034
def test_remove_short(self):
1035
self.assert_command_from_args(["-r", "foo"], RemoveCmd)
1036
1037
def test_dump_json(self):
1038
self.assert_command_from_args(["--dump-json"], DumpJSONCmd)
1039
1040
def test_enable(self):
1041
self.assert_command_from_args(["--enable", "foo"], EnableCmd)
1042
1043
def test_enable_short(self):
1044
self.assert_command_from_args(["-e", "foo"], EnableCmd)
1045
1046
def test_disable(self):
1047
self.assert_command_from_args(["--disable", "foo"],
1048
DisableCmd)
1049
1050
def test_disable_short(self):
1051
self.assert_command_from_args(["-d", "foo"], DisableCmd)
1052
1053
def test_bump_timeout(self):
1054
self.assert_command_from_args(["--bump-timeout", "foo"],
1055
BumpTimeoutCmd)
1056
1057
def test_bump_timeout_short(self):
1058
self.assert_command_from_args(["-b", "foo"], BumpTimeoutCmd)
1059
1060
def test_start_checker(self):
1061
self.assert_command_from_args(["--start-checker", "foo"],
1062
StartCheckerCmd)
1063
1064
def test_stop_checker(self):
1065
self.assert_command_from_args(["--stop-checker", "foo"],
1066
StopCheckerCmd)
1067
1068
def test_approve_by_default(self):
1069
self.assert_command_from_args(["--approve-by-default", "foo"],
1070
ApproveByDefaultCmd)
1071
1072
def test_deny_by_default(self):
1073
self.assert_command_from_args(["--deny-by-default", "foo"],
1074
DenyByDefaultCmd)
1075
1076
def test_checker(self):
1077
self.assert_command_from_args(["--checker", ":", "foo"],
1078
SetCheckerCmd, value_to_set=":")
1079
1080
def test_checker_empty(self):
1081
self.assert_command_from_args(["--checker", "", "foo"],
1082
SetCheckerCmd, value_to_set="")
1083
1084
def test_checker_short(self):
1085
self.assert_command_from_args(["-c", ":", "foo"],
1086
SetCheckerCmd, value_to_set=":")
1087
1088
def test_host(self):
1089
self.assert_command_from_args(["--host", "foo.example.org",
1090
"foo"], SetHostCmd,
1091
value_to_set="foo.example.org")
1092
1093
def test_host_short(self):
1094
self.assert_command_from_args(["-H", "foo.example.org",
1095
"foo"], SetHostCmd,
1096
value_to_set="foo.example.org")
1097
1098
def test_secret_devnull(self):
1099
self.assert_command_from_args(["--secret", os.path.devnull,
1100
"foo"], SetSecretCmd,
1101
value_to_set=b"")
1102
1103
def test_secret_tempfile(self):
1104
with tempfile.NamedTemporaryFile(mode="r+b") as f:
1105
value = b"secret\0xyzzy\nbar"
1106
f.write(value)
1107
f.seek(0)
1108
self.assert_command_from_args(["--secret", f.name,
1109
"foo"], SetSecretCmd,
1110
value_to_set=value)
1111
1112
def test_secret_devnull_short(self):
1113
self.assert_command_from_args(["-s", os.path.devnull, "foo"],
1114
SetSecretCmd, value_to_set=b"")
1115
1116
def test_secret_tempfile_short(self):
1117
with tempfile.NamedTemporaryFile(mode="r+b") as f:
1118
value = b"secret\0xyzzy\nbar"
1119
f.write(value)
1120
f.seek(0)
1121
self.assert_command_from_args(["-s", f.name, "foo"],
1122
SetSecretCmd,
1123
value_to_set=value)
1124
1125
def test_timeout(self):
1126
self.assert_command_from_args(["--timeout", "PT5M", "foo"],
1127
SetTimeoutCmd,
1128
value_to_set=300000)
1129
1130
def test_timeout_short(self):
1131
self.assert_command_from_args(["-t", "PT5M", "foo"],
1132
SetTimeoutCmd,
1133
value_to_set=300000)
1134
1135
def test_extended_timeout(self):
1136
self.assert_command_from_args(["--extended-timeout", "PT15M",
1137
"foo"],
1138
SetExtendedTimeoutCmd,
1139
value_to_set=900000)
1140
1141
def test_interval(self):
1142
self.assert_command_from_args(["--interval", "PT2M", "foo"],
1143
SetIntervalCmd,
1144
value_to_set=120000)
1145
1146
def test_interval_short(self):
1147
self.assert_command_from_args(["-i", "PT2M", "foo"],
1148
SetIntervalCmd,
1149
value_to_set=120000)
1150
1151
def test_approval_delay(self):
1152
self.assert_command_from_args(["--approval-delay", "PT30S",
1153
"foo"], SetApprovalDelayCmd,
1154
value_to_set=30000)
1155
1156
def test_approval_duration(self):
1157
self.assert_command_from_args(["--approval-duration", "PT1S",
1158
"foo"], SetApprovalDurationCmd,
1159
value_to_set=1000)
1160
1161
def test_print_table(self):
1162
self.assert_command_from_args([], PrintTableCmd,
1163
verbose=False)
1164
1165
def test_print_table_verbose(self):
1166
self.assert_command_from_args(["--verbose"], PrintTableCmd,
1167
verbose=True)
1168
1169
def test_print_table_verbose_short(self):
1170
self.assert_command_from_args(["-v"], PrintTableCmd,
1171
verbose=True)
1172
1173
1174
833
class TestCmd(unittest.TestCase):
1175
834
"""Abstract class for tests of command classes"""
1176
835
def setUp(self):
1182
841
self.attributes["Name"] = name
1183
842
self.calls = []
1184
843
def Set(self, interface, propname, value, dbus_interface):
1185
testcase.assertEqual(interface, client_dbus_interface)
844
testcase.assertEqual(interface, client_interface)
1186
845
testcase.assertEqual(dbus_interface,
1187
846
dbus.PROPERTIES_IFACE)
1188
847
self.attributes[propname] = value
1189
848
def Get(self, interface, propname, dbus_interface):
1190
testcase.assertEqual(interface, client_dbus_interface)
849
testcase.assertEqual(interface, client_interface)
1191
850
testcase.assertEqual(dbus_interface,
1192
851
dbus.PROPERTIES_IFACE)
1193
852
return self.attributes[propname]
1194
853
def Approve(self, approve, dbus_interface):
1195
testcase.assertEqual(dbus_interface,
1196
client_dbus_interface)
854
testcase.assertEqual(dbus_interface, client_interface)
1197
855
self.calls.append(("Approve", (approve,
1198
856
dbus_interface)))
1199
857
self.client = MockClient(
1239
897
ApprovedByDefault=dbus.Boolean(False),
1240
898
LastApprovalRequest="2019-01-03T00:00:00",
1241
899
ApprovalDelay=30000,
1242
ApprovalDuration=93785000,
900
ApprovalDuration=1000,
1243
901
Checker=":",
1244
902
ExtendedTimeout=900000,
1245
903
Expires="2019-02-05T00:00:00",
1255
913
class Bus(object):
1256
914
@staticmethod
1257
915
def get_object(client_bus_name, path):
1258
self.assertEqual(client_bus_name, dbus_busname)
916
self.assertEqual(client_bus_name, busname)
1259
917
return {
1260
918
"/clients/foo": self.client,
1261
919
"/clients/barbar": self.other_client,
1262
920
}[path]
1263
921
return Bus()
1264
922
1265
1266
class TestIsEnabledCmd(TestCmd):
1267
def test_is_enabled(self):
1268
self.assertTrue(all(IsEnabledCmd().is_enabled(client,
1269
properties)
1270
for client, properties
1271
in self.clients.items()))
1272
def test_is_enabled_run_exits_successfully(self):
1273
with self.assertRaises(SystemExit) as e:
1274
IsEnabledCmd().run(self.one_client)
1275
if e.exception.code is not None:
1276
self.assertEqual(e.exception.code, 0)
1277
else:
1278
self.assertIsNone(e.exception.code)
1279
def test_is_enabled_run_exits_with_failure(self):
1280
self.client.attributes["Enabled"] = dbus.Boolean(False)
1281
with self.assertRaises(SystemExit) as e:
1282
IsEnabledCmd().run(self.one_client)
1283
if isinstance(e.exception.code, int):
1284
self.assertNotEqual(e.exception.code, 0)
1285
else:
1286
self.assertIsNotNone(e.exception.code)
1287
1288
1289
class TestApproveCmd(TestCmd):
1290
def test_approve(self):
1291
ApproveCmd().run(self.clients, self.bus)
1292
for clientpath in self.clients:
1293
client = self.bus.get_object(dbus_busname, clientpath)
1294
self.assertIn(("Approve", (True, client_dbus_interface)),
1295
client.calls)
1296
1297
1298
class TestDenyCmd(TestCmd):
1299
def test_deny(self):
1300
DenyCmd().run(self.clients, self.bus)
1301
for clientpath in self.clients:
1302
client = self.bus.get_object(dbus_busname, clientpath)
1303
self.assertIn(("Approve", (False, client_dbus_interface)),
1304
client.calls)
1305
1306
class TestRemoveCmd(TestCmd):
1307
def test_remove(self):
1308
class MockMandos(object):
1309
def __init__(self):
1310
self.calls = []
1311
def RemoveClient(self, dbus_path):
1312
self.calls.append(("RemoveClient", (dbus_path,)))
1313
mandos = MockMandos()
1314
super(TestRemoveCmd, self).setUp()
1315
RemoveCmd().run(self.clients, self.bus, mandos)
1316
self.assertEqual(len(mandos.calls), 2)
1317
for clientpath in self.clients:
1318
self.assertIn(("RemoveClient", (clientpath,)),
1319
mandos.calls)
1320
923
class TestPrintTableCmd(TestCmd):
924
def test_normal(self):
925
output = PrintTableCmd().output(self.clients.values())
926
expected_output = """
927
Name Enabled Timeout Last Successful Check
928
foo Yes 00:05:00 2019-02-03T00:00:00
929
barbar Yes 00:05:00 2019-02-04T00:00:00
930
"""[1:-1]
931
self.assertEqual(output, expected_output)
932
def test_verbose(self):
933
output = PrintTableCmd(verbose=True).output(
934
self.clients.values())
935
expected_output = """
936
Name Enabled Timeout Last Successful Check Created Interval Host Key ID Fingerprint Check Is Running Last Enabled Approval Is Pending Approved By Default Last Approval Request Approval Delay Approval Duration Checker Extended Timeout Expires Last Checker Status
937
foo Yes 00:05:00 2019-02-03T00:00:00 2019-01-02T00:00:00 00:02:00 foo.example.org 92ed150794387c03ce684574b1139a6594a34f895daaaf09fd8ea90a27cddb12 778827225BA7DE539C5A7CFA59CFF7CDBD9A5920 No 2019-01-03T00:00:00 No Yes 00:00:00 00:00:01 fping -q -- %(host)s 00:15:00 2019-02-04T00:00:00 0
938
barbar Yes 00:05:00 2019-02-04T00:00:00 2019-01-03T00:00:00 00:02:00 192.0.2.3 0558568eedd67d622f5c83b35a115f796ab612cff5ad227247e46c2b020f441c 3E393AEAEFB84C7E89E2F547B3A107558FCA3A27 Yes 2019-01-04T00:00:00 No No 2019-01-03T00:00:00 00:00:30 00:00:01 : 00:15:00 2019-02-05T00:00:00 -2
939
"""[1:-1]
940
self.assertEqual(output, expected_output)
941
def test_one_client(self):
942
output = PrintTableCmd().output(self.one_client.values())
943
expected_output = """
944
Name Enabled Timeout Last Successful Check
945
foo Yes 00:05:00 2019-02-03T00:00:00
946
"""[1:-1]
947
self.assertEqual(output, expected_output)
1321
948
1322
949
class TestDumpJSONCmd(TestCmd):
1323
950
def setUp(self):
1364
991
"ApprovedByDefault": False,
1365
992
"LastApprovalRequest": "2019-01-03T00:00:00",
1366
993
"ApprovalDelay": 30000,
1367
"ApprovalDuration": 93785000,
994
"ApprovalDuration": 1000,
1368
995
"Checker": ":",
1369
996
"ExtendedTimeout": 900000,
1370
997
"Expires": "2019-02-05T00:00:00",
1381
1008
expected_json = {"foo": self.expected_json["foo"]}
1382
1009
self.assertDictEqual(json_data, expected_json)
1383
1010
1384
1385
class TestPrintTableCmd(TestCmd):
1386
def test_normal(self):
1387
output = PrintTableCmd().output(self.clients.values())
1388
expected_output = "\n".join((
1389
"Name Enabled Timeout Last Successful Check",
1390
"foo Yes 00:05:00 2019-02-03T00:00:00 ",
1391
"barbar Yes 00:05:00 2019-02-04T00:00:00 ",
1392
))
1393
self.assertEqual(output, expected_output)
1394
def test_verbose(self):
1395
output = PrintTableCmd(verbose=True).output(
1396
self.clients.values())
1397
columns = (
1398
(
1399
"Name ",
1400
"foo ",
1401
"barbar ",
1402
),(
1403
"Enabled ",
1404
"Yes ",
1405
"Yes ",
1406
),(
1407
"Timeout ",
1408
"00:05:00 ",
1409
"00:05:00 ",
1410
),(
1411
"Last Successful Check ",
1412
"2019-02-03T00:00:00 ",
1413
"2019-02-04T00:00:00 ",
1414
),(
1415
"Created ",
1416
"2019-01-02T00:00:00 ",
1417
"2019-01-03T00:00:00 ",
1418
),(
1419
"Interval ",
1420
"00:02:00 ",
1421
"00:02:00 ",
1422
),(
1423
"Host ",
1424
"foo.example.org ",
1425
"192.0.2.3 ",
1426
),(
1427
("Key ID "
1428
" "),
1429
("92ed150794387c03ce684574b1139a6594a34f895daaaf09fd8"
1430
"ea90a27cddb12 "),
1431
("0558568eedd67d622f5c83b35a115f796ab612cff5ad227247e"
1432
"46c2b020f441c "),
1433
),(
1434
"Fingerprint ",
1435
"778827225BA7DE539C5A7CFA59CFF7CDBD9A5920 ",
1436
"3E393AEAEFB84C7E89E2F547B3A107558FCA3A27 ",
1437
),(
1438
"Check Is Running ",
1439
"No ",
1440
"Yes ",
1441
),(
1442
"Last Enabled ",
1443
"2019-01-03T00:00:00 ",
1444
"2019-01-04T00:00:00 ",
1445
),(
1446
"Approval Is Pending ",
1447
"No ",
1448
"No ",
1449
),(
1450
"Approved By Default ",
1451
"Yes ",
1452
"No ",
1453
),(
1454
"Last Approval Request ",
1455
" ",
1456
"2019-01-03T00:00:00 ",
1457
),(
1458
"Approval Delay ",
1459
"00:00:00 ",
1460
"00:00:30 ",
1461
),(
1462
"Approval Duration ",
1463
"00:00:01 ",
1464
"1T02:03:05 ",
1465
),(
1466
"Checker ",
1467
"fping -q -- %(host)s ",
1468
": ",
1469
),(
1470
"Extended Timeout ",
1471
"00:15:00 ",
1472
"00:15:00 ",
1473
),(
1474
"Expires ",
1475
"2019-02-04T00:00:00 ",
1476
"2019-02-05T00:00:00 ",
1477
),(
1478
"Last Checker Status",
1479
"0 ",
1480
"-2 ",
1481
)
1482
)
1483
num_lines = max(len(rows) for rows in columns)
1484
expected_output = "\n".join("".join(rows[line]
1485
for rows in columns)
1486
for line in range(num_lines))
1487
self.assertEqual(output, expected_output)
1488
def test_one_client(self):
1489
output = PrintTableCmd().output(self.one_client.values())
1490
expected_output = "\n".join((
1491
"Name Enabled Timeout Last Successful Check",
1492
"foo Yes 00:05:00 2019-02-03T00:00:00 ",
1493
))
1494
self.assertEqual(output, expected_output)
1495
1011
class TestIsEnabledCmd(TestCmd):
1012
def test_is_enabled(self):
1013
self.assertTrue(all(IsEnabledCmd().is_enabled(client, properties)
1014
for client, properties in self.clients.items()))
1015
def test_is_enabled_run_exits_successfully(self):
1016
with self.assertRaises(SystemExit) as e:
1017
IsEnabledCmd().run(self.one_client)
1018
if e.exception.code is not None:
1019
self.assertEqual(e.exception.code, 0)
1020
else:
1021
self.assertIsNone(e.exception.code)
1022
def test_is_enabled_run_exits_with_failure(self):
1023
self.client.attributes["Enabled"] = dbus.Boolean(False)
1024
with self.assertRaises(SystemExit) as e:
1025
IsEnabledCmd().run(self.one_client)
1026
if isinstance(e.exception.code, int):
1027
self.assertNotEqual(e.exception.code, 0)
1028
else:
1029
self.assertIsNotNone(e.exception.code)
1030
1031
class TestRemoveCmd(TestCmd):
1032
def test_remove(self):
1033
class MockMandos(object):
1034
def __init__(self):
1035
self.calls = []
1036
def RemoveClient(self, dbus_path):
1037
self.calls.append(("RemoveClient", (dbus_path,)))
1038
mandos = MockMandos()
1039
super(TestRemoveCmd, self).setUp()
1040
RemoveCmd().run(self.clients, self.bus, mandos)
1041
self.assertEqual(len(mandos.calls), 2)
1042
for clientpath in self.clients:
1043
self.assertIn(("RemoveClient", (clientpath,)),
1044
mandos.calls)
1045
1046
class TestApproveCmd(TestCmd):
1047
def test_approve(self):
1048
ApproveCmd().run(self.clients, self.bus)
1049
for clientpath in self.clients:
1050
client = self.bus.get_object(busname, clientpath)
1051
self.assertIn(("Approve", (True, client_interface)),
1052
client.calls)
1053
1054
class TestDenyCmd(TestCmd):
1055
def test_deny(self):
1056
DenyCmd().run(self.clients, self.bus)
1057
for clientpath in self.clients:
1058
client = self.bus.get_object(busname, clientpath)
1059
self.assertIn(("Approve", (False, client_interface)),
1060
client.calls)
1061
1062
class TestEnableCmd(TestCmd):
1063
def test_enable(self):
1064
for clientpath in self.clients:
1065
client = self.bus.get_object(busname, clientpath)
1066
client.attributes["Enabled"] = False
1067
1068
EnableCmd().run(self.clients, self.bus)
1069
1070
for clientpath in self.clients:
1071
client = self.bus.get_object(busname, clientpath)
1072
self.assertTrue(client.attributes["Enabled"])
1073
1074
class TestDisableCmd(TestCmd):
1075
def test_disable(self):
1076
DisableCmd().run(self.clients, self.bus)
1077
for clientpath in self.clients:
1078
client = self.bus.get_object(busname, clientpath)
1079
self.assertFalse(client.attributes["Enabled"])
1496
1080
1497
1081
class Unique(object):
1498
1082
"""Class for objects which exist only to be unique objects, since
1499
1083
unittest.mock.sentinel only exists in Python 3.3"""
1500
1084
1501
1502
1085
class TestPropertyCmd(TestCmd):
1503
1086
"""Abstract class for tests of PropertyCmd classes"""
1504
1087
def runTest(self):
1509
1092
for value_to_set, value_to_get in zip(self.values_to_set,
1510
1093
values_to_get):
1511
1094
for clientpath in self.clients:
1512
client = self.bus.get_object(dbus_busname, clientpath)
1095
client = self.bus.get_object(busname, clientpath)
1513
1096
old_value = client.attributes[self.propname]
1514
1097
self.assertNotIsInstance(old_value, Unique)
1515
1098
client.attributes[self.propname] = Unique()
1516
1099
self.run_command(value_to_set, self.clients)
1517
1100
for clientpath in self.clients:
1518
client = self.bus.get_object(dbus_busname, clientpath)
1101
client = self.bus.get_object(busname, clientpath)
1519
1102
value = client.attributes[self.propname]
1520
1103
self.assertNotIsInstance(value, Unique)
1521
1104
self.assertEqual(value, value_to_get)
1522
1105
def run_command(self, value, clients):
1523
1106
self.command().run(clients, self.bus)
1524
1107
1525
1526
class TestEnableCmd(TestPropertyCmd):
1527
command = EnableCmd
1528
propname = "Enabled"
1529
values_to_set = [dbus.Boolean(True)]
1530
1531
1532
class TestDisableCmd(TestPropertyCmd):
1533
command = DisableCmd
1534
propname = "Enabled"
1535
values_to_set = [dbus.Boolean(False)]
1536
1537
1538
1108
class TestBumpTimeoutCmd(TestPropertyCmd):
1539
1109
command = BumpTimeoutCmd
1540
1110
propname = "LastCheckedOK"
1541
1111
values_to_set = [""]
1542
1112
1543
1544
1113
class TestStartCheckerCmd(TestPropertyCmd):
1545
1114
command = StartCheckerCmd
1546
1115
propname = "CheckerRunning"
1547
1116
values_to_set = [dbus.Boolean(True)]
1548
1117
1549
1550
1118
class TestStopCheckerCmd(TestPropertyCmd):
1551
1119
command = StopCheckerCmd
1552
1120
propname = "CheckerRunning"
1553
1121
values_to_set = [dbus.Boolean(False)]
1554
1122
1555
1556
1123
class TestApproveByDefaultCmd(TestPropertyCmd):
1557
1124
command = ApproveByDefaultCmd
1558
1125
propname = "ApprovedByDefault"
1559
1126
values_to_set = [dbus.Boolean(True)]
1560
1127
1561
1562
1128
class TestDenyByDefaultCmd(TestPropertyCmd):
1563
1129
command = DenyByDefaultCmd
1564
1130
propname = "ApprovedByDefault"
1565
1131
values_to_set = [dbus.Boolean(False)]
1566
1132
1567
1568
class TestPropertyValueCmd(TestPropertyCmd):
1569
"""Abstract class for tests of PropertyValueCmd classes"""
1133
class TestValueArgumentPropertyCmd(TestPropertyCmd):
1134
"""Abstract class for tests of PropertyCmd classes using the
1135
ValueArgumentMixIn"""
1570
1136
def runTest(self):
1571
if type(self) is TestPropertyValueCmd:
1137
if type(self) is TestValueArgumentPropertyCmd:
1572
1138
return
1573
return super(TestPropertyValueCmd, self).runTest()
1139
return super(TestValueArgumentPropertyCmd, self).runTest()
1574
1140
def run_command(self, value, clients):
1575
1141
self.command(value).run(clients, self.bus)
1576
1142
1577
1578
class TestSetCheckerCmd(TestPropertyValueCmd):
1143
class TestSetCheckerCmd(TestValueArgumentPropertyCmd):
1579
1144
command = SetCheckerCmd
1580
1145
propname = "Checker"
1581
1146
values_to_set = ["", ":", "fping -q -- %s"]
1582
1147
1583
1584
class TestSetHostCmd(TestPropertyValueCmd):
1148
class TestSetHostCmd(TestValueArgumentPropertyCmd):
1585
1149
command = SetHostCmd
1586
1150
propname = "Host"
1587
1151
values_to_set = ["192.0.2.3", "foo.example.org"]
1588
1152
1589
1590
class TestSetSecretCmd(TestPropertyValueCmd):
1153
class TestSetSecretCmd(TestValueArgumentPropertyCmd):
1591
1154
command = SetSecretCmd
1592
1155
propname = "Secret"
1593
1156
values_to_set = [io.BytesIO(b""),
1594
1157
io.BytesIO(b"secret\0xyzzy\nbar")]
1595
1158
values_to_get = [b"", b"secret\0xyzzy\nbar"]
1596
1159
1597
1598
class TestSetTimeoutCmd(TestPropertyValueCmd):
1160
class TestSetTimeoutCmd(TestValueArgumentPropertyCmd):
1599
1161
command = SetTimeoutCmd
1600
1162
propname = "Timeout"
1601
1163
values_to_set = [datetime.timedelta(),
1605
1167
datetime.timedelta(weeks=52)]
1606
1168
values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1607
1169
1608
1609
class TestSetExtendedTimeoutCmd(TestPropertyValueCmd):
1170
class TestSetExtendedTimeoutCmd(TestValueArgumentPropertyCmd):
1610
1171
command = SetExtendedTimeoutCmd
1611
1172
propname = "ExtendedTimeout"
1612
1173
values_to_set = [datetime.timedelta(),
1616
1177
datetime.timedelta(weeks=52)]
1617
1178
values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1618
1179
1619
1620
class TestSetIntervalCmd(TestPropertyValueCmd):
1180
class TestSetIntervalCmd(TestValueArgumentPropertyCmd):
1621
1181
command = SetIntervalCmd
1622
1182
propname = "Interval"
1623
1183
values_to_set = [datetime.timedelta(),
1627
1187
datetime.timedelta(weeks=52)]
1628
1188
values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1629
1189
1630
1631
class TestSetApprovalDelayCmd(TestPropertyValueCmd):
1190
class TestSetApprovalDelayCmd(TestValueArgumentPropertyCmd):
1632
1191
command = SetApprovalDelayCmd
1633
1192
propname = "ApprovalDelay"
1634
1193
values_to_set = [datetime.timedelta(),
1638
1197
datetime.timedelta(weeks=52)]
1639
1198
values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1640
1199
1641
1642
class TestSetApprovalDurationCmd(TestPropertyValueCmd):
1200
class TestSetApprovalDurationCmd(TestValueArgumentPropertyCmd):
1643
1201
command = SetApprovalDurationCmd
1644
1202
propname = "ApprovalDuration"
1645
1203
values_to_set = [datetime.timedelta(),
1649
1207
datetime.timedelta(weeks=52)]
1650
1208
values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1651
1209
1210
class Test_command_from_options(unittest.TestCase):
1211
def setUp(self):
1212
self.parser = argparse.ArgumentParser()
1213
add_command_line_options(self.parser)
1214
def assert_command_from_args(self, args, command_cls, **cmd_attrs):
1215
"""Assert that parsing ARGS should result in an instance of
1216
COMMAND_CLS with (optionally) all supplied attributes (CMD_ATTRS)."""
1217
options = self.parser.parse_args(args)
1218
check_option_syntax(self.parser, options)
1219
commands = commands_from_options(options)
1220
self.assertEqual(len(commands), 1)
1221
command = commands[0]
1222
self.assertIsInstance(command, command_cls)
1223
for key, value in cmd_attrs.items():
1224
self.assertEqual(getattr(command, key), value)
1225
def test_print_table(self):
1226
self.assert_command_from_args([], PrintTableCmd,
1227
verbose=False)
1228
1229
def test_print_table_verbose(self):
1230
self.assert_command_from_args(["--verbose"], PrintTableCmd,
1231
verbose=True)
1232
1233
def test_print_table_verbose_short(self):
1234
self.assert_command_from_args(["-v"], PrintTableCmd,
1235
verbose=True)
1236
1237
def test_enable(self):
1238
self.assert_command_from_args(["--enable", "foo"], EnableCmd)
1239
1240
def test_enable_short(self):
1241
self.assert_command_from_args(["-e", "foo"], EnableCmd)
1242
1243
def test_disable(self):
1244
self.assert_command_from_args(["--disable", "foo"],
1245
DisableCmd)
1246
1247
def test_disable_short(self):
1248
self.assert_command_from_args(["-d", "foo"], DisableCmd)
1249
1250
def test_bump_timeout(self):
1251
self.assert_command_from_args(["--bump-timeout", "foo"],
1252
BumpTimeoutCmd)
1253
1254
def test_bump_timeout_short(self):
1255
self.assert_command_from_args(["-b", "foo"], BumpTimeoutCmd)
1256
1257
def test_start_checker(self):
1258
self.assert_command_from_args(["--start-checker", "foo"],
1259
StartCheckerCmd)
1260
1261
def test_stop_checker(self):
1262
self.assert_command_from_args(["--stop-checker", "foo"],
1263
StopCheckerCmd)
1264
1265
def test_remove(self):
1266
self.assert_command_from_args(["--remove", "foo"],
1267
RemoveCmd)
1268
1269
def test_remove_short(self):
1270
self.assert_command_from_args(["-r", "foo"], RemoveCmd)
1271
1272
def test_checker(self):
1273
self.assert_command_from_args(["--checker", ":", "foo"],
1274
SetCheckerCmd, value_to_set=":")
1275
1276
def test_checker_empty(self):
1277
self.assert_command_from_args(["--checker", "", "foo"],
1278
SetCheckerCmd, value_to_set="")
1279
1280
def test_checker_short(self):
1281
self.assert_command_from_args(["-c", ":", "foo"],
1282
SetCheckerCmd, value_to_set=":")
1283
1284
def test_timeout(self):
1285
self.assert_command_from_args(["--timeout", "PT5M", "foo"],
1286
SetTimeoutCmd,
1287
value_to_set=300000)
1288
1289
def test_timeout_short(self):
1290
self.assert_command_from_args(["-t", "PT5M", "foo"],
1291
SetTimeoutCmd,
1292
value_to_set=300000)
1293
1294
def test_extended_timeout(self):
1295
self.assert_command_from_args(["--extended-timeout", "PT15M",
1296
"foo"],
1297
SetExtendedTimeoutCmd,
1298
value_to_set=900000)
1299
1300
def test_interval(self):
1301
self.assert_command_from_args(["--interval", "PT2M", "foo"],
1302
SetIntervalCmd,
1303
value_to_set=120000)
1304
1305
def test_interval_short(self):
1306
self.assert_command_from_args(["-i", "PT2M", "foo"],
1307
SetIntervalCmd,
1308
value_to_set=120000)
1309
1310
def test_approve_by_default(self):
1311
self.assert_command_from_args(["--approve-by-default", "foo"],
1312
ApproveByDefaultCmd)
1313
1314
def test_deny_by_default(self):
1315
self.assert_command_from_args(["--deny-by-default", "foo"],
1316
DenyByDefaultCmd)
1317
1318
def test_approval_delay(self):
1319
self.assert_command_from_args(["--approval-delay", "PT30S",
1320
"foo"], SetApprovalDelayCmd,
1321
value_to_set=30000)
1322
1323
def test_approval_duration(self):
1324
self.assert_command_from_args(["--approval-duration", "PT1S",
1325
"foo"], SetApprovalDurationCmd,
1326
value_to_set=1000)
1327
1328
def test_host(self):
1329
self.assert_command_from_args(["--host", "foo.example.org",
1330
"foo"], SetHostCmd,
1331
value_to_set="foo.example.org")
1332
1333
def test_host_short(self):
1334
self.assert_command_from_args(["-H", "foo.example.org",
1335
"foo"], SetHostCmd,
1336
value_to_set="foo.example.org")
1337
1338
def test_secret_devnull(self):
1339
self.assert_command_from_args(["--secret", os.path.devnull,
1340
"foo"], SetSecretCmd,
1341
value_to_set=b"")
1342
1343
def test_secret_tempfile(self):
1344
with tempfile.NamedTemporaryFile(mode="r+b") as f:
1345
value = b"secret\0xyzzy\nbar"
1346
f.write(value)
1347
f.seek(0)
1348
self.assert_command_from_args(["--secret", f.name,
1349
"foo"], SetSecretCmd,
1350
value_to_set=value)
1351
1352
def test_secret_devnull_short(self):
1353
self.assert_command_from_args(["-s", os.path.devnull, "foo"],
1354
SetSecretCmd, value_to_set=b"")
1355
1356
def test_secret_tempfile_short(self):
1357
with tempfile.NamedTemporaryFile(mode="r+b") as f:
1358
value = b"secret\0xyzzy\nbar"
1359
f.write(value)
1360
f.seek(0)
1361
self.assert_command_from_args(["-s", f.name, "foo"],
1362
SetSecretCmd,
1363
value_to_set=value)
1364
1365
def test_approve(self):
1366
self.assert_command_from_args(["--approve", "foo"],
1367
ApproveCmd)
1368
1369
def test_approve_short(self):
1370
self.assert_command_from_args(["-A", "foo"], ApproveCmd)
1371
1372
def test_deny(self):
1373
self.assert_command_from_args(["--deny", "foo"], DenyCmd)
1374
1375
def test_deny_short(self):
1376
self.assert_command_from_args(["-D", "foo"], DenyCmd)
1377
1378
def test_dump_json(self):
1379
self.assert_command_from_args(["--dump-json"], DumpJSONCmd)
1380
1381
def test_is_enabled(self):
1382
self.assert_command_from_args(["--is-enabled", "foo"],
1383
IsEnabledCmd)
1384
1385
def test_is_enabled_short(self):
1386
self.assert_command_from_args(["-V", "foo"], IsEnabledCmd)
1387
1388
def test_deny_before_remove(self):
1389
options = self.parser.parse_args(["--deny", "--remove", "foo"])
1390
check_option_syntax(self.parser, options)
1391
commands = commands_from_options(options)
1392
self.assertEqual(len(commands), 2)
1393
self.assertIsInstance(commands[0], DenyCmd)
1394
self.assertIsInstance(commands[1], RemoveCmd)
1395
1396
def test_deny_before_remove_reversed(self):
1397
options = self.parser.parse_args(["--remove", "--deny", "--all"])
1398
check_option_syntax(self.parser, options)
1399
commands = commands_from_options(options)
1400
self.assertEqual(len(commands), 2)
1401
self.assertIsInstance(commands[0], DenyCmd)
1402
self.assertIsInstance(commands[1], RemoveCmd)
1403
1404
1405
class Test_check_option_syntax(unittest.TestCase):
1406
# This mostly corresponds to the definition from has_actions() in
1407
# check_option_syntax()
1408
actions = {
1409
# The actual values set here are not that important, but we do
1410
# at least stick to the correct types, even though they are
1411
# never used
1412
"enable": True,
1413
"disable": True,
1414
"bump_timeout": True,
1415
"start_checker": True,
1416
"stop_checker": True,
1417
"is_enabled": True,
1418
"remove": True,
1419
"checker": "x",
1420
"timeout": datetime.timedelta(),
1421
"extended_timeout": datetime.timedelta(),
1422
"interval": datetime.timedelta(),
1423
"approved_by_default": True,
1424
"approval_delay": datetime.timedelta(),
1425
"approval_duration": datetime.timedelta(),
1426
"host": "x",
1427
"secret": io.BytesIO(b"x"),
1428
"approve": True,
1429
"deny": True,
1430
}
1431
1432
def setUp(self):
1433
self.parser = argparse.ArgumentParser()
1434
add_command_line_options(self.parser)
1435
1436
@contextlib.contextmanager
1437
def assertParseError(self):
1438
with self.assertRaises(SystemExit) as e:
1439
with self.temporarily_suppress_stderr():
1440
yield
1441
# Exit code from argparse is guaranteed to be "2". Reference:
1442
# https://docs.python.org/3/library/argparse.html#exiting-methods
1443
self.assertEqual(e.exception.code, 2)
1444
1445
@staticmethod
1446
@contextlib.contextmanager
1447
def temporarily_suppress_stderr():
1448
null = os.open(os.path.devnull, os.O_RDWR)
1449
stderrcopy = os.dup(sys.stderr.fileno())
1450
os.dup2(null, sys.stderr.fileno())
1451
os.close(null)
1452
try:
1453
yield
1454
finally:
1455
# restore stderr
1456
os.dup2(stderrcopy, sys.stderr.fileno())
1457
os.close(stderrcopy)
1458
1459
def check_option_syntax(self, options):
1460
check_option_syntax(self.parser, options)
1461
1462
def test_actions_requires_client_or_all(self):
1463
for action, value in self.actions.items():
1464
options = self.parser.parse_args()
1465
setattr(options, action, value)
1466
with self.assertParseError():
1467
self.check_option_syntax(options)
1468
1469
def test_actions_conflicts_with_verbose(self):
1470
for action, value in self.actions.items():
1471
options = self.parser.parse_args()
1472
setattr(options, action, value)
1473
options.verbose = True
1474
with self.assertParseError():
1475
self.check_option_syntax(options)
1476
1477
def test_dump_json_conflicts_with_verbose(self):
1478
options = self.parser.parse_args()
1479
options.dump_json = True
1480
options.verbose = True
1481
with self.assertParseError():
1482
self.check_option_syntax(options)
1483
1484
def test_dump_json_conflicts_with_action(self):
1485
for action, value in self.actions.items():
1486
options = self.parser.parse_args()
1487
setattr(options, action, value)
1488
options.dump_json = True
1489
with self.assertParseError():
1490
self.check_option_syntax(options)
1491
1492
def test_all_can_not_be_alone(self):
1493
options = self.parser.parse_args()
1494
options.all = True
1495
with self.assertParseError():
1496
self.check_option_syntax(options)
1497
1498
def test_all_is_ok_with_any_action(self):
1499
for action, value in self.actions.items():
1500
options = self.parser.parse_args()
1501
setattr(options, action, value)
1502
options.all = True
1503
self.check_option_syntax(options)
1504
1505
def test_is_enabled_fails_without_client(self):
1506
options = self.parser.parse_args()
1507
options.is_enabled = True
1508
with self.assertParseError():
1509
self.check_option_syntax(options)
1510
1511
def test_is_enabled_works_with_one_client(self):
1512
options = self.parser.parse_args()
1513
options.is_enabled = True
1514
options.client = ["foo"]
1515
self.check_option_syntax(options)
1516
1517
def test_is_enabled_fails_with_two_clients(self):
1518
options = self.parser.parse_args()
1519
options.is_enabled = True
1520
options.client = ["foo", "barbar"]
1521
with self.assertParseError():
1522
self.check_option_syntax(options)
1523
1524
def test_remove_can_only_be_combined_with_action_deny(self):
1525
for action, value in self.actions.items():
1526
if action in {"remove", "deny"}:
1527
continue
1528
options = self.parser.parse_args()
1529
setattr(options, action, value)
1530
options.all = True
1531
options.remove = True
1532
with self.assertParseError():
1533
self.check_option_syntax(options)
1534
1652
1535
1653
1536
1654
1537
def should_only_run_tests():
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0