/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl

  • Committer: Teddy Hogeborn
  • Date: 2019-03-07 20:57:16 UTC
  • Revision ID: teddy@recompile.se-20190307205716-n1yj0lz23k143u0l
mandos-ctl: Refactor; extract syntax check to separate function

* mandos-ctl (check_option_syntax): New.
  (main): Call check_option_syntax().

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-ctl
42
42
import json
43
43
import unittest
44
44
import logging
 
45
import io
 
46
import tempfile
45
47
 
46
48
import dbus
47
49
 
314
316
    @value_to_set.setter
315
317
    def value_to_set(self, value):
316
318
        """When setting, convert value to a datetime.timedelta"""
317
 
        self._vts = string_to_delta(value).total_seconds() * 1000
 
319
        self._vts = int(round(value.total_seconds() * 1000))
318
320
 
319
321
# Actual (non-abstract) command classes
320
322
 
475
477
    property = "Host"
476
478
 
477
479
class SetSecretCmd(PropertyCmd, ValueArgumentMixIn):
 
480
    @property
 
481
    def value_to_set(self):
 
482
        return self._vts
 
483
    @value_to_set.setter
 
484
    def value_to_set(self, value):
 
485
        """When setting, read data from supplied file object"""
 
486
        self._vts = value.read()
 
487
        value.close()
478
488
    property = "Secret"
479
489
 
480
490
class SetTimeoutCmd(PropertyCmd, MillisecondsValueArgumentMixIn):
495
505
                             MillisecondsValueArgumentMixIn):
496
506
    property = "ApprovalDuration"
497
507
 
498
 
def has_actions(options):
499
 
    return any((options.enable,
500
 
                options.disable,
501
 
                options.bump_timeout,
502
 
                options.start_checker,
503
 
                options.stop_checker,
504
 
                options.is_enabled,
505
 
                options.remove,
506
 
                options.checker is not None,
507
 
                options.timeout is not None,
508
 
                options.extended_timeout is not None,
509
 
                options.interval is not None,
510
 
                options.approved_by_default is not None,
511
 
                options.approval_delay is not None,
512
 
                options.approval_duration is not None,
513
 
                options.host is not None,
514
 
                options.secret is not None,
515
 
                options.approve,
516
 
                options.deny))
517
 
 
518
508
def add_command_line_options(parser):
519
509
    parser.add_argument("--version", action="version",
520
510
                        version="%(prog)s {}".format(version),
546
536
                        help="Remove client")
547
537
    parser.add_argument("-c", "--checker",
548
538
                        help="Set checker command for client")
549
 
    parser.add_argument("-t", "--timeout",
 
539
    parser.add_argument("-t", "--timeout", type=string_to_delta,
550
540
                        help="Set timeout for client")
551
 
    parser.add_argument("--extended-timeout",
 
541
    parser.add_argument("--extended-timeout", type=string_to_delta,
552
542
                        help="Set extended timeout for client")
553
 
    parser.add_argument("-i", "--interval",
 
543
    parser.add_argument("-i", "--interval", type=string_to_delta,
554
544
                        help="Set checker interval for client")
555
545
    approve_deny_default = parser.add_mutually_exclusive_group()
556
546
    approve_deny_default.add_argument(
561
551
        "--deny-by-default", action="store_false",
562
552
        dest="approved_by_default",
563
553
        help="Set client to be denied by default")
564
 
    parser.add_argument("--approval-delay",
 
554
    parser.add_argument("--approval-delay", type=string_to_delta,
565
555
                        help="Set delay before client approve/deny")
566
 
    parser.add_argument("--approval-duration",
 
556
    parser.add_argument("--approval-duration", type=string_to_delta,
567
557
                        help="Set duration of one client approval")
568
558
    parser.add_argument("-H", "--host", help="Set host for client")
569
559
    parser.add_argument("-s", "--secret",
609
599
        commands.append(RemoveCmd())
610
600
 
611
601
    if options.checker is not None:
612
 
        commands.append(SetCheckerCmd())
 
602
        commands.append(SetCheckerCmd(options.checker))
613
603
 
614
604
    if options.timeout is not None:
615
605
        commands.append(SetTimeoutCmd(options.timeout))
619
609
            SetExtendedTimeoutCmd(options.extended_timeout))
620
610
 
621
611
    if options.interval is not None:
622
 
        command.append(SetIntervalCmd(options.interval))
 
612
        commands.append(SetIntervalCmd(options.interval))
623
613
 
624
614
    if options.approved_by_default is not None:
625
615
        if options.approved_by_default:
626
 
            command.append(ApproveByDefaultCmd())
 
616
            commands.append(ApproveByDefaultCmd())
627
617
        else:
628
 
            command.append(DenyByDefaultCmd())
 
618
            commands.append(DenyByDefaultCmd())
629
619
 
630
620
    if options.approval_delay is not None:
631
 
        command.append(SetApprovalDelayCmd(options.approval_delay))
 
621
        commands.append(SetApprovalDelayCmd(options.approval_delay))
632
622
 
633
623
    if options.approval_duration is not None:
634
 
        command.append(
 
624
        commands.append(
635
625
            SetApprovalDurationCmd(options.approval_duration))
636
626
 
637
627
    if options.host is not None:
638
 
        command.append(SetHostCmd(options.host))
 
628
        commands.append(SetHostCmd(options.host))
639
629
 
640
630
    if options.secret is not None:
641
 
        command.append(SetSecretCmd(options.secret))
 
631
        commands.append(SetSecretCmd(options.secret))
642
632
 
643
633
    if options.approve:
644
634
        commands.append(ApproveCmd())
654
644
    return commands
655
645
 
656
646
 
657
 
def main():
658
 
    parser = argparse.ArgumentParser()
659
 
 
660
 
    add_command_line_options(parser)
661
 
 
662
 
    options = parser.parse_args()
 
647
def check_option_syntax(parser, options):
 
648
 
 
649
    def has_actions(options):
 
650
        return any((options.enable,
 
651
                    options.disable,
 
652
                    options.bump_timeout,
 
653
                    options.start_checker,
 
654
                    options.stop_checker,
 
655
                    options.is_enabled,
 
656
                    options.remove,
 
657
                    options.checker is not None,
 
658
                    options.timeout is not None,
 
659
                    options.extended_timeout is not None,
 
660
                    options.interval is not None,
 
661
                    options.approved_by_default is not None,
 
662
                    options.approval_delay is not None,
 
663
                    options.approval_duration is not None,
 
664
                    options.host is not None,
 
665
                    options.secret is not None,
 
666
                    options.approve,
 
667
                    options.deny))
663
668
 
664
669
    if has_actions(options) and not (options.client or options.all):
665
670
        parser.error("Options require clients names or --all.")
673
678
    if options.is_enabled and len(options.client) > 1:
674
679
        parser.error("--is-enabled requires exactly one client")
675
680
 
 
681
 
 
682
def main():
 
683
    parser = argparse.ArgumentParser()
 
684
 
 
685
    add_command_line_options(parser)
 
686
 
 
687
    options = parser.parse_args()
 
688
 
 
689
    check_option_syntax(parser, options)
 
690
 
676
691
    clientnames = options.client
677
692
 
678
693
    try:
1083
1098
class TestSetSecretCmd(TestValueArgumentPropertyCmd):
1084
1099
    command = SetSecretCmd
1085
1100
    property = "Secret"
1086
 
    values_to_set = [b"", b"secret"]
 
1101
    values_to_set = [open("/dev/null", "rb"),
 
1102
                     io.BytesIO(b"secret\0xyzzy\nbar")]
 
1103
    values_to_get = [b"", b"secret\0xyzzy\nbar"]
1087
1104
 
1088
1105
class TestSetTimeoutCmd(TestValueArgumentPropertyCmd):
1089
1106
    command = SetTimeoutCmd
1090
1107
    property = "Timeout"
1091
 
    values_to_set = ["P0D", "PT5M", "PT1S", "PT120S", "P1Y"]
1092
 
    values_to_get = [0, 300000, 1000, 120000, 31449600000]
 
1108
    values_to_set = [datetime.timedelta(),
 
1109
                     datetime.timedelta(minutes=5),
 
1110
                     datetime.timedelta(seconds=1),
 
1111
                     datetime.timedelta(weeks=1),
 
1112
                     datetime.timedelta(weeks=52)]
 
1113
    values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1093
1114
 
1094
1115
class TestSetExtendedTimeoutCmd(TestValueArgumentPropertyCmd):
1095
1116
    command = SetExtendedTimeoutCmd
1096
1117
    property = "ExtendedTimeout"
1097
 
    values_to_set = ["P0D", "PT5M", "PT1S", "PT120S", "P1Y"]
1098
 
    values_to_get = [0, 300000, 1000, 120000, 31449600000]
 
1118
    values_to_set = [datetime.timedelta(),
 
1119
                     datetime.timedelta(minutes=5),
 
1120
                     datetime.timedelta(seconds=1),
 
1121
                     datetime.timedelta(weeks=1),
 
1122
                     datetime.timedelta(weeks=52)]
 
1123
    values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1099
1124
 
1100
1125
class TestSetIntervalCmd(TestValueArgumentPropertyCmd):
1101
1126
    command = SetIntervalCmd
1102
1127
    property = "Interval"
1103
 
    values_to_set = ["P0D", "PT5M", "PT1S", "PT120S", "P1Y"]
1104
 
    values_to_get = [0, 300000, 1000, 120000, 31449600000]
 
1128
    values_to_set = [datetime.timedelta(),
 
1129
                     datetime.timedelta(minutes=5),
 
1130
                     datetime.timedelta(seconds=1),
 
1131
                     datetime.timedelta(weeks=1),
 
1132
                     datetime.timedelta(weeks=52)]
 
1133
    values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1105
1134
 
1106
1135
class TestSetApprovalDelayCmd(TestValueArgumentPropertyCmd):
1107
1136
    command = SetApprovalDelayCmd
1108
1137
    property = "ApprovalDelay"
1109
 
    values_to_set = ["P0D", "PT5M", "PT1S", "PT120S", "P1Y"]
1110
 
    values_to_get = [0, 300000, 1000, 120000, 31449600000]
 
1138
    values_to_set = [datetime.timedelta(),
 
1139
                     datetime.timedelta(minutes=5),
 
1140
                     datetime.timedelta(seconds=1),
 
1141
                     datetime.timedelta(weeks=1),
 
1142
                     datetime.timedelta(weeks=52)]
 
1143
    values_to_get = [0, 300000, 1000, 604800000, 31449600000]
1111
1144
 
1112
1145
class TestSetApprovalDurationCmd(TestValueArgumentPropertyCmd):
1113
1146
    command = SetApprovalDurationCmd
1114
1147
    property = "ApprovalDuration"
1115
 
    values_to_set = ["P0D", "PT5M", "PT1S", "PT120S", "P1Y"]
1116
 
    values_to_get = [0, 300000, 1000, 120000, 31449600000]
 
1148
    values_to_set = [datetime.timedelta(),
 
1149
                     datetime.timedelta(minutes=5),
 
1150
                     datetime.timedelta(seconds=1),
 
1151
                     datetime.timedelta(weeks=1),
 
1152
                     datetime.timedelta(weeks=52)]
 
1153
    values_to_get = [0, 300000, 1000, 604800000, 31449600000]
 
1154
 
 
1155
class Test_command_from_options(unittest.TestCase):
 
1156
    def setUp(self):
 
1157
        self.parser = argparse.ArgumentParser()
 
1158
        add_command_line_options(self.parser)
 
1159
    def assert_command_from_args(self, args, command_cls, **cmd_attrs):
 
1160
        """Assert that parsing ARGS should result in an instance of
 
1161
COMMAND_CLS with (optionally) all supplied attributes (CMD_ATTRS)."""
 
1162
        options = self.parser.parse_args(args)
 
1163
        check_option_syntax(self.parser, options)
 
1164
        commands = commands_from_options(options)
 
1165
        self.assertEqual(len(commands), 1)
 
1166
        command = commands[0]
 
1167
        self.assertIsInstance(command, command_cls)
 
1168
        for key, value in cmd_attrs.items():
 
1169
            self.assertEqual(getattr(command, key), value)
 
1170
    def test_print_table(self):
 
1171
        self.assert_command_from_args([], PrintTableCmd,
 
1172
                                      verbose=False)
 
1173
 
 
1174
    def test_print_table_verbose(self):
 
1175
        self.assert_command_from_args(["--verbose"], PrintTableCmd,
 
1176
                                      verbose=True)
 
1177
 
 
1178
    def test_print_table_verbose_short(self):
 
1179
        self.assert_command_from_args(["-v"], PrintTableCmd,
 
1180
                                      verbose=True)
 
1181
 
 
1182
    def test_enable(self):
 
1183
        self.assert_command_from_args(["--enable", "foo"], EnableCmd)
 
1184
 
 
1185
    def test_enable_short(self):
 
1186
        self.assert_command_from_args(["-e", "foo"], EnableCmd)
 
1187
 
 
1188
    def test_disable(self):
 
1189
        self.assert_command_from_args(["--disable", "foo"],
 
1190
                                      DisableCmd)
 
1191
 
 
1192
    def test_disable_short(self):
 
1193
        self.assert_command_from_args(["-d", "foo"], DisableCmd)
 
1194
 
 
1195
    def test_bump_timeout(self):
 
1196
        self.assert_command_from_args(["--bump-timeout", "foo"],
 
1197
                                      BumpTimeoutCmd)
 
1198
 
 
1199
    def test_bump_timeout_short(self):
 
1200
        self.assert_command_from_args(["-b", "foo"], BumpTimeoutCmd)
 
1201
 
 
1202
    def test_start_checker(self):
 
1203
        self.assert_command_from_args(["--start-checker", "foo"],
 
1204
                                      StartCheckerCmd)
 
1205
 
 
1206
    def test_stop_checker(self):
 
1207
        self.assert_command_from_args(["--stop-checker", "foo"],
 
1208
                                      StopCheckerCmd)
 
1209
 
 
1210
    def test_remove(self):
 
1211
        self.assert_command_from_args(["--remove", "foo"],
 
1212
                                      RemoveCmd)
 
1213
 
 
1214
    def test_remove_short(self):
 
1215
        self.assert_command_from_args(["-r", "foo"], RemoveCmd)
 
1216
 
 
1217
    def test_checker(self):
 
1218
        self.assert_command_from_args(["--checker", ":", "foo"],
 
1219
                                      SetCheckerCmd, value_to_set=":")
 
1220
 
 
1221
    def test_checker_empty(self):
 
1222
        self.assert_command_from_args(["--checker", "", "foo"],
 
1223
                                      SetCheckerCmd, value_to_set="")
 
1224
 
 
1225
    def test_checker_short(self):
 
1226
        self.assert_command_from_args(["-c", ":", "foo"],
 
1227
                                      SetCheckerCmd, value_to_set=":")
 
1228
 
 
1229
    def test_timeout(self):
 
1230
        self.assert_command_from_args(["--timeout", "PT5M", "foo"],
 
1231
                                      SetTimeoutCmd,
 
1232
                                      value_to_set=300000)
 
1233
 
 
1234
    def test_timeout_short(self):
 
1235
        self.assert_command_from_args(["-t", "PT5M", "foo"],
 
1236
                                      SetTimeoutCmd,
 
1237
                                      value_to_set=300000)
 
1238
 
 
1239
    def test_extended_timeout(self):
 
1240
        self.assert_command_from_args(["--extended-timeout", "PT15M",
 
1241
                                       "foo"],
 
1242
                                      SetExtendedTimeoutCmd,
 
1243
                                      value_to_set=900000)
 
1244
 
 
1245
    def test_interval(self):
 
1246
        self.assert_command_from_args(["--interval", "PT2M", "foo"],
 
1247
                                      SetIntervalCmd,
 
1248
                                      value_to_set=120000)
 
1249
 
 
1250
    def test_interval_short(self):
 
1251
        self.assert_command_from_args(["-i", "PT2M", "foo"],
 
1252
                                      SetIntervalCmd,
 
1253
                                      value_to_set=120000)
 
1254
 
 
1255
    def test_approve_by_default(self):
 
1256
        self.assert_command_from_args(["--approve-by-default", "foo"],
 
1257
                                      ApproveByDefaultCmd)
 
1258
 
 
1259
    def test_deny_by_default(self):
 
1260
        self.assert_command_from_args(["--deny-by-default", "foo"],
 
1261
                                      DenyByDefaultCmd)
 
1262
 
 
1263
    def test_approval_delay(self):
 
1264
        self.assert_command_from_args(["--approval-delay", "PT30S",
 
1265
                                       "foo"], SetApprovalDelayCmd,
 
1266
                                      value_to_set=30000)
 
1267
 
 
1268
    def test_approval_duration(self):
 
1269
        self.assert_command_from_args(["--approval-duration", "PT1S",
 
1270
                                       "foo"], SetApprovalDurationCmd,
 
1271
                                      value_to_set=1000)
 
1272
 
 
1273
    def test_host(self):
 
1274
        self.assert_command_from_args(["--host", "foo.example.org",
 
1275
                                       "foo"], SetHostCmd,
 
1276
                                      value_to_set="foo.example.org")
 
1277
 
 
1278
    def test_host_short(self):
 
1279
        self.assert_command_from_args(["-H", "foo.example.org",
 
1280
                                       "foo"], SetHostCmd,
 
1281
                                      value_to_set="foo.example.org")
 
1282
 
 
1283
    def test_secret_devnull(self):
 
1284
        self.assert_command_from_args(["--secret", os.path.devnull,
 
1285
                                       "foo"], SetSecretCmd,
 
1286
                                      value_to_set=b"")
 
1287
 
 
1288
    def test_secret_tempfile(self):
 
1289
        with tempfile.NamedTemporaryFile(mode="r+b") as f:
 
1290
            value = b"secret\0xyzzy\nbar"
 
1291
            f.write(value)
 
1292
            f.seek(0)
 
1293
            self.assert_command_from_args(["--secret", f.name,
 
1294
                                           "foo"], SetSecretCmd,
 
1295
                                          value_to_set=value)
 
1296
 
 
1297
    def test_secret_devnull_short(self):
 
1298
        self.assert_command_from_args(["-s", os.path.devnull, "foo"],
 
1299
                                      SetSecretCmd, value_to_set=b"")
 
1300
 
 
1301
    def test_secret_tempfile_short(self):
 
1302
        with tempfile.NamedTemporaryFile(mode="r+b") as f:
 
1303
            value = b"secret\0xyzzy\nbar"
 
1304
            f.write(value)
 
1305
            f.seek(0)
 
1306
            self.assert_command_from_args(["-s", f.name, "foo"],
 
1307
                                          SetSecretCmd,
 
1308
                                          value_to_set=value)
 
1309
 
 
1310
    def test_approve(self):
 
1311
        self.assert_command_from_args(["--approve", "foo"],
 
1312
                                      ApproveCmd)
 
1313
 
 
1314
    def test_approve_short(self):
 
1315
        self.assert_command_from_args(["-A", "foo"], ApproveCmd)
 
1316
 
 
1317
    def test_deny(self):
 
1318
        self.assert_command_from_args(["--deny", "foo"], DenyCmd)
 
1319
 
 
1320
    def test_deny_short(self):
 
1321
        self.assert_command_from_args(["-D", "foo"], DenyCmd)
 
1322
 
 
1323
    def test_dump_json(self):
 
1324
        self.assert_command_from_args(["--dump-json"], DumpJSONCmd)
 
1325
 
 
1326
    def test_is_enabled(self):
 
1327
        self.assert_command_from_args(["--is-enabled", "foo"],
 
1328
                                      IsEnabledCmd)
 
1329
 
 
1330
    def test_is_enabled_short(self):
 
1331
        self.assert_command_from_args(["-V", "foo"], IsEnabledCmd)
1117
1332
 
1118
1333
 
1119
1334