Skip to content

Commit

Permalink
Issue #100: create service users and groups (#102)
Browse files Browse the repository at this point in the history 
* Modify create_service_user to pass a revision when the service is nifi

Creating a new user requires a revision with version = 0.

* Create new create_service_user_group function

Create a new function for creating user groups, optionally populated with users

* Change user default from empty list to None

* Modify lines to be less than 80 characters long

* Add tests for create_service_user and create_service_user_group for nifi and registry

* Disable tests for user/group creation due to secure environment requirement

Creating users and groups requires a secure instance of NiFi.  Current testing does not include such an instance.  These tests can be re-enabled if the test environment provides a secure instance in the future.
  • Loading branch information
@jrittenh @Chaffelson
jrittenh authored and Chaffelson committed Jan 31, 2019
1 parent 9a48503 commit cded010
Show file tree
Hide file tree
Showing 2 changed files with 119 additions and 7 deletions.
56 changes: 51 additions & 5 deletions nipyapi/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,12 @@

log = logging.getLogger(__name__)

__all__ = ['create_service_user', 'service_login', 'set_service_auth_token',
'service_logout', 'get_service_access_status',
'add_user_to_access_policy', 'update_access_policy',
'get_access_policy_for_resource', 'create_access_policy',
'list_service_users', 'get_service_user', 'set_service_ssl_context']
__all__ = ['create_service_user', 'create_service_user_group', 'service_login',
'set_service_auth_token', 'service_logout',
'get_service_access_status', 'add_user_to_access_policy',
'update_access_policy', 'get_access_policy_for_resource',
'create_access_policy', 'list_service_users', 'get_service_user',
'set_service_ssl_context']

# These are the known-valid policy actions
_valid_actions = ['read', 'write', 'delete']
Expand Down Expand Up @@ -47,6 +48,9 @@ def create_service_user(identity, service='nifi'):
else:
# must be nifi
user_obj = nipyapi.nifi.UserEntity(
revision=nipyapi.nifi.RevisionDTO(
version=0
),
component=nipyapi.nifi.UserDTO(
identity=identity
)
Expand All @@ -58,6 +62,48 @@ def create_service_user(identity, service='nifi'):
nipyapi.registry.rest.ApiException) as e:
raise ValueError(e.body)

def create_service_user_group(identity, service='nifi', users=None):
"""
Attempts to create a user with the provided identity and member users in
the given service
Args:
identity (str): Identiy string for the user group
service (str): 'nifi' or 'registry'
users (list): A list of UserEntities belonging to the group
Returns:
The new (UserGroup) or (UserGroupEntity) object
"""
assert service in _valid_services
assert isinstance(identity, six.string_types)
assert all(isinstance(user, nipyapi.nifi.UserEntity) for user in users)
if service == 'registry':
pass
user_group_obj = nipyapi.registry.UserGroup(
identity=identity,
users=[{'id': user.id} for user in users]
)
else:
# must be nifi
user_group_obj = nipyapi.nifi.UserGroupEntity(
revision=nipyapi.nifi.RevisionDTO(
version=0
),
component=nipyapi.nifi.UserGroupDTO(
identity=identity,
users=[{'id': user.id} for user in users]
)
)
try:
return getattr(nipyapi, service).TenantsApi().create_user_group(
user_group_obj
)
except (
nipyapi.nifi.rest.ApiException,
nipyapi.registry.rest.ApiException) as e:
raise ValueError(e.body)

def service_login(service='nifi', username=None, password=None,
bool_response=False):
Expand Down
70 changes: 68 additions & 2 deletions tests/test_security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import pytest
from tests import conftest
import nipyapi

from nipyapi import security

def test_bootstrap_secured_nifi():
pass
Expand All @@ -29,6 +29,72 @@ def test_get_access_policy_for_resource(regress_nifi):
# Returns an error stating the NiFi isn't set up for this, rather than
# the bad parameter error reported in issue #66
with pytest.raises(ValueError, match='This NiFi is not configured'):
_ = nipyapi.security.get_access_policy_for_resource('flow', 'read')
_ = security.get_access_policy_for_resource('flow', 'read')
# Note that on a secured NiFi with no valid policy you will get the error:
# "No applicable policies could be found"


def test_create_service_user_nifi():
pass
# ~ nifi_user = security.create_service_user(
# ~ identity='testuser',
# ~ service='nifi'
# ~ )
# ~ assert isinstance(nifi_user, nipyapi.nifi.UserEntity)


def test_create_service_user_registry():
pass
# ~ registry_user = security.create_service_user(
# ~ identity='testuser',
# ~ service='registry'
# ~ )
# ~ assert isinstance(registry_user, nipyapi.registry.User)


def test_create_service_user_group_nifi():
pass
# ~ nifi_user_group = security.create_service_user_group(
# ~ identity='testusergroup',
# ~ service='nifi'
# ~ )
# ~ assert isinstance(nifi_user_group, nipyapi.nifi.UserGroupEntity)


def test_create_service_user_group_registry():
pass
# ~ registry_user_group = security.create_service_user_group(
# ~ identity='testusergroup',
# ~ service='registry'
# ~ )
# ~ assert isinstance(registry_user_group, nipyapi.registry.UserGroup)


def test_create_service_user_group_with_users_nifi():
pass
# ~ nifi_user = security.create_service_user_group(
# ~ identity='testuser',
# ~ service='nifi'
# ~ )
# ~ nifi_user_group = security.create_service_user_group(
# ~ identity='testusergroup',
# ~ service='nifi',
# ~ users=[nifi_user]
# ~ )
# ~ assert isinstance(nifi_user_group, nipyapi.nifi.UserGroupEntity)
# ~ assert nifi_user_group.users.len() == 1


def test_create_service_user_group_with_users_registry():
pass
# ~ registry_user = security.create_service_user_group(
# ~ identity='testuser',
# ~ service='registry'
# ~ )
# ~ registry_user_group = security.create_service_user_group(
# ~ identity='testusergroup',
# ~ service='registry',
# ~ users=[registry_user]
# ~ )
# ~ assert isinstance(registry_user_group, nipyapi.registry.UserGroup)
# ~ assert nifi_user_group.users.len() == 1

0 comments on commit cded010

Please sign in to comment.