valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #44926 from frogunder/whitelisted_acl

Browse Source 
whitelist_acl_test
This commit is contained in:
Nicole Thomas 2018-04-05 11:09:25 -04:00 committed by GitHub
commit d0f5b43753
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
salt/acl/__init__.py
View File

@ -36,3 +36,15 @@ class PublisherACL(object):
if not salt.utils.check_whitelist_blacklist(fun, blacklist=self.blacklist.get('modules', [])):
return True
return False
def user_is_whitelisted(self, user):
return salt.utils.check_whitelist_blacklist(user, whitelist=self.blacklist.get('users', []))
def cmd_is_whitelisted(self, cmd):
# If this is a regular command, it is a single function
if isinstance(cmd, str):
cmd = [cmd]
for fun in cmd:
if salt.utils.check_whitelist_blacklist(fun, whitelist=self.blacklist.get('modules', [])):
return True
return False

27
tests/unit/acl/test_client.py
View File

@ -19,9 +19,14 @@ class ClientACLTestCase(TestCase):
'users': ['joker', 'penguin', '*bad_*', 'blocked_.*', '^Homer$'],
'modules': ['cmd.run', 'test.fib', 'rm-rf.*'],
}
self.whitelist = {
'users': ['testuser', 'saltuser'],
'modules': ['test.ping', 'grains.items'],
}
def tearDown(self):
del self.blacklist
del self.whitelist
def test_user_is_blacklisted(self):
'''
@ -63,3 +68,25 @@ class ClientACLTestCase(TestCase):
self.assertTrue(client_acl.cmd_is_blacklisted(['cmd.run', 'state.sls']))
self.assertFalse(client_acl.cmd_is_blacklisted(['state.highstate', 'state.sls']))
def test_user_is_whitelisted(self):
'''
test user_is_whitelisted
'''
client_acl = acl.PublisherACL(self.whitelist)
self.assertTrue(client_acl.user_is_whitelisted('testuser'))
self.assertTrue(client_acl.user_is_whitelisted('saltuser'))
self.assertFalse(client_acl.user_is_whitelisted('three'))
self.assertFalse(client_acl.user_is_whitelisted('hans'))
def test_cmd_is_whitelisted(self):
'''
test cmd_is_whitelisted
'''
client_acl = acl.PublisherACL(self.whitelist)
self.assertTrue(client_acl.cmd_is_whitelisted('test.ping'))
self.assertTrue(client_acl.cmd_is_whitelisted('grains.items'))
self.assertFalse(client_acl.cmd_is_whitelisted('cmd.run'))
self.assertFalse(client_acl.cmd_is_whitelisted('test.version'))