Make create_user work for new installations and add basic test.

albu-diku · albu-diku · commit ec397eb79873 · 2025-01-27T22:21:19.000+01:00
Allow user creation to provision the directries necessary for user
creation to succeed in addition to the database file itself given the
state that exists after config generation is run to completion for a
new installation.

Cover the very basic operation of creat_user ensuring that a user db
is created (along with its lock file) and that a user entry is added
to the database.
diff --git a/mig/shared/useradm.py b/mig/shared/useradm.py
@@ -35,7 +35,9 @@
 from past.builtins import basestring
 
 from email.utils import parseaddr
+import codecs
 import datetime
+import errno
 import fnmatch
 import os
 import re
@@ -102,6 +104,10 @@
 https_authdigests = user_db_filename
 
 
+_USERADM_CONFIG_DIR_KEYS = ('user_db_home', 'user_home', 'user_settings',
+                            'user_cache', 'mrsl_files_dir', 'resource_pending')
+
+
 def init_user_adm(dynamic_db_path=True):
     """Shared init function for all user administration scripts.
     The optional dynamic_db_path argument toggles dynamic user db path lookup
@@ -458,6 +464,21 @@ def verify_user_peers(configuration, db_path, client_id, user, now, verify_peer,
     return accepted_peer_list, effective_expire
 
 
+def _check_directories_unprovisioned(configuration, db_path):
+    user_db_home = os.path.dirname(db_path)
+    return not os.path.exists(db_path) and not os.path.exists(user_db_home)
+
+
+def _provision_directories(configuration):
+    for config_attr in _USERADM_CONFIG_DIR_KEYS:
+        try:
+            dir_to_create = getattr(configuration, config_attr)
+            os.makedirs(dir_to_create)
+        except OSError as oserr:
+            if oserr.errno != errno.ENOENT:  # FileNotFoundError
+                raise
+
+
 def create_user_in_db(configuration, db_path, client_id, user, now, authorized,
                       reset_token, reset_auth_type, accepted_peer_list, force,
                       verbose, ask_renew, default_renew, do_lock,
@@ -470,8 +491,25 @@ def create_user_in_db(configuration, db_path, client_id, user, now, authorized,
     flock = None
     user_db = {}
     renew = default_renew
+
+    retry_lock = False
     if do_lock:
+        try:
+            flock = lock_user_db(db_path)
+        except (IOError, OSError) as oserr:
+            if oserr.errno != errno.ENOENT:  # FileNotFoundError
+                raise
+
+            if _check_directories_unprovisioned(configuration, db_path=db_path):
+                _provision_directories(configuration)
+                retry_lock = True
+            else:
+                raise Exception("Failed to lock user DB: '%s'" % db_path)
+
+    if retry_lock:
         flock = lock_user_db(db_path)
+        if not flock:
+            raise Exception("Failed to lock user DB: '%s'" % db_path)
 
     if not os.path.exists(db_path):
         # Auto-create missing user DB if either auto_create_db or force is set
@@ -1027,7 +1065,9 @@ def create_user(user, conf_path, db_path, force=False, verbose=False,
     format as a first step.
     """
 
-    if conf_path:
+    if isinstance(conf_path, Configuration):
+        configuration = conf_path
+    elif conf_path:
         if isinstance(conf_path, basestring):
 
             # has been checked for accessibility above...
diff --git a/tests/support/__init__.py b/tests/support/__init__.py
@@ -41,6 +41,7 @@
 from unittest import TestCase, main as testmain
 
 from tests.support.configsupp import FakeConfiguration
+from tests.support.pathsupp import is_path_within
 from tests.support.suppconst import MIG_BASE, TEST_BASE, TEST_FIXTURE_DIR, \
     TEST_DATA_DIR, TEST_OUTPUT_DIR, ENVHELP_OUTPUT_DIR
 
@@ -296,16 +297,6 @@ def pretty_display_path(absolute_path):
         return relative_path
 
 
-def is_path_within(path, start=None, _msg=None):
-    """Check if path is within start directory"""
-    try:
-        assert os.path.isabs(path), _msg
-        relative = os.path.relpath(path, start=start)
-    except:
-        return False
-    return not relative.startswith('..')
-
-
 def ensure_dirs_exist(absolute_dir):
     """A simple helper to create absolute_dir and any parents if missing"""
     try:
diff --git a/tests/support/pathsupp.py b/tests/support/pathsupp.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# --- BEGIN_HEADER ---
+#
+# __init__ - package marker and core package functions
+# Copyright (C) 2003-2024  The MiG Project by the Science HPC Center at UCPH
+#
+# This file is part of MiG.
+#
+# MiG is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# MiG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# -- END_HEADER ---
+#
+
+"""Path related details within the test support library."""
+
+import os
+
+
+def is_path_within(path, start=None, _msg=None):
+    """Check if path is within start directory"""
+    try:
+        assert os.path.isabs(path), _msg
+        relative = os.path.relpath(path, start=start)
+    except AssertionError:
+        return False
+    return not relative.startswith('..')
diff --git a/tests/support/picklesupp.py b/tests/support/picklesupp.py
@@ -0,0 +1,12 @@
+import pickle
+
+from tests.support.suppconst import TEST_OUTPUT_DIR
+from tests.support.pathsupp import is_path_within
+
+
+class PickleAssertMixin:
+    def assertPickledFile(self, pickle_file_path):
+        assert is_path_within(pickle_file_path, TEST_OUTPUT_DIR)
+
+        with open(pickle_file_path, 'rb') as picklefile:
+            return pickle.load(picklefile)
diff --git a/tests/test_mig_shared_usreadm.py b/tests/test_mig_shared_usreadm.py
@@ -0,0 +1,142 @@
+# -*- coding: utf-8 -*-
+#
+# --- BEGIN_HEADER ---
+#
+# test_mig_server-createuser - unit tests for the migrid createuser CLI
+# Copyright (C) 2003-2024  The MiG Project by the Science HPC Center at UCPH
+#
+# This file is part of MiG.
+#
+# MiG is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# MiG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+# USA.
+#
+# --- END_HEADER ---
+#
+
+"""Unit tests for the migrid module pointed to in the filename"""
+
+from __future__ import print_function
+import codecs
+import os
+import shutil
+import sys
+import unittest
+
+from tests.support import MIG_BASE, TEST_OUTPUT_DIR, MigTestCase, testmain
+from tests.support.picklesupp import PickleAssertMixin
+
+from mig.shared.base import keyword_auto
+from mig.shared.useradm import create_user
+
+_USERADM_CONFIG_DIR_KEYS = ('user_db_home', 'user_home', 'user_settings',
+                            'user_cache', 'mrsl_files_dir', 'resource_pending')
+
+
+def _as_bytes(value):
+    if isinstance(value, str):
+        return codecs.encode(value, 'utf8')
+    else:
+        return value
+
+
+class TestMigSharedUsedadm_create_user(MigTestCase, PickleAssertMixin):
+    def before_each(self):
+        configuration = self.configuration
+        test_state_path = configuration.state_path
+
+        for config_key in _USERADM_CONFIG_DIR_KEYS:
+            dir_path = getattr(configuration, config_key)[0:-1]
+            try:
+                shutil.rmtree(dir_path)
+            except:
+                pass
+
+        self.expected_user_db_home = configuration.user_db_home[0:-1]
+        self.expected_user_db_file = os.path.join(
+            self.expected_user_db_home, 'MiG-users.db')
+
+    def _provide_configuration(self):
+        return 'testconfig'
+
+    def test_user_db_is_created(self):
+        user_dict = {}
+        user_dict['full_name'] = "Test User"
+        user_dict['organization'] = "Test Org"
+        user_dict['state'] = "NA"
+        user_dict['country'] = "DK"
+        user_dict['email'] = "user@example.com"
+        user_dict['comment'] = "This is the create comment"
+        user_dict['password'] = "password"
+        create_user(user_dict, self.configuration,
+                    keyword_auto, default_renew=True)
+
+        # presence of user home
+        path_kind = MigTestCase._absolute_path_kind(self.expected_user_db_home)
+        self.assertEqual(path_kind, 'dir')
+
+        # presence of user db
+        path_kind = MigTestCase._absolute_path_kind(self.expected_user_db_file)
+        self.assertEqual(path_kind, 'file')
+
+    def test_user_entry_is_recorded(self):
+        def _generate_salt():
+            return b'CCCC12344321CCCC'
+
+        expected_user_id = '/C=DK/ST=NA/L=NA/O=Test Org/OU=NA/CN=Test User/emailAddress=user@example.com'
+        expected_user_unique_id = 'OUejmKGMFWPWLyi5chqQalxDgltTuG1SoZUsqGyj32yY3275GjA2GfMo5odeWuKQ'
+        expected_user_password_hash = "PBKDF2$sha256$10000$b'CCCC12344321CCCC'$b'bph8p/avUq42IYeOdJoJuUqrJ7Q32eaT'"
+
+        user_dict = {}
+        user_dict['full_name'] = "Test User"
+        user_dict['organization'] = "Test Org"
+        user_dict['state'] = "NA"
+        user_dict['country'] = "DK"
+        user_dict['email'] = "user@example.com"
+        user_dict['comment'] = "This is the create comment"
+        user_dict['password'] = "password"
+
+        create_user(user_dict, self.configuration,
+                    keyword_auto, default_renew=True)
+
+        pickled = self.assertPickledFile(self.expected_user_db_file)
+        # FIXME: Python3 pickle appears to be keyed by bytes
+        picked_expected_user_id = _as_bytes(expected_user_id)
+        self.assertIn(picked_expected_user_id, pickled)
+
+        actual_user_object = pickled[picked_expected_user_id]
+
+        # TODO: remove resetting the handful of keys here done because changes
+        #       to make them assertion frienfly values will increase the size
+        #       of the diff which, at time of commit, are best minimised.
+        actual_user_object[b'created'] = 9999999999.9999999
+        actual_user_object[b'unique_id'] = '__UNIQUE_ID__'
+
+        self.assertEqual(actual_user_object, {
+            b'full_name': b'Test User',
+            b'organization': b'Test Org',
+            b'state': b'NA',
+            b'country': b'DK',
+            b'email': b'user@example.com',
+            b'comment': b'This is the create comment',
+            b'password': b'password',
+            b'distinguished_name': picked_expected_user_id,
+            b'created': 9999999999.9999999,
+            b'unique_id': '__UNIQUE_ID__',
+            b'openid_names': [],
+        })
+
+
+if __name__ == '__main__':
+    testmain()
