Skip to content

Added read only permissions to duo-client #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sfazilud wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added read only permissions to duo-client #308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions duo_client/admin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,9 +126,11 @@
{'adminapi_admins': <bool:admins permission (0|1)>,
'adminapi_info': <bool:info permission (0|1)>,
'adminapi_integrations': <bool:integrations permission (0|1)>,
'adminapi_integrations_read': <bool:integrations read permission (0|1)>,
'adminapi_read_log': <bool:read log permission (0|1)>,
'adminapi_read_resource': <bool:read resource permission (0|1)>,
'adminapi_settings': <bool:settings permission (0|1)>,
'adminapi_settings_read': <bool:settings read permission (0|1)>,
'adminapi_write_resource': <bool:write resource permission (0|1)>,
'self_service_allowed': <bool:self service permission (0|1)>,
'enroll_policy': <str:enroll policy (enroll|allow|deny)>,
Expand Down Expand Up @@ -2624,12 +2626,16 @@ def create_integration(self,
enroll_policy=None,
username_normalization_policy=None,
adminapi_admins=None,
adminapi_admins_read=None,
adminapi_info=None,
adminapi_integrations=None,
adminapi_integrations_read=None,
adminapi_read_log=None,
adminapi_read_resource=None,
adminapi_settings=None,
adminapi_settings_read=None,
adminapi_write_resource=None,
adminapi_allow_to_set_permissions=None,
trusted_device_days=None,
ip_whitelist=None,
ip_whitelist_enroll_policy=None,
Expand All @@ -2655,9 +2661,11 @@ def create_integration(self,
adminapi_admins - <bool: admins permission>|None
adminapi_info - <bool: info permission>|None
adminapi_integrations - <bool:integrations permission>|None
adminapi_integrations_read - <bool:integrations read permission>|None
adminapi_read_log - <bool:read log permission>|None
adminapi_read_resource - <bool: read resource permission>|None
adminapi_settings - <bool: settings permission>|None
adminapi_settings_read - <bool:settings read permission>|None
adminapi_write_resource - <bool:write resource permission>|None
groups_allowed - <str: CSV list of gkeys of groups allowed to auth>
self_service_allowed - <bool: self service permission>|None
Expand Down Expand Up @@ -2693,20 +2701,28 @@ def create_integration(self,
params['ip_whitelist_enroll_policy'] = ip_whitelist_enroll_policy
if adminapi_admins is not None:
params['adminapi_admins'] = '1' if adminapi_admins else '0'
if adminapi_admins_read is not None:
params['adminapi_admins_read'] = '1' if adminapi_admins_read else '0'
if adminapi_info is not None:
params['adminapi_info'] = '1' if adminapi_info else '0'
if adminapi_integrations is not None:
params['adminapi_integrations'] = '1' if adminapi_integrations else '0'
if adminapi_integrations_read is not None:
params['adminapi_integrations_read'] = '1' if adminapi_integrations_read else '0'
if adminapi_read_log is not None:
params['adminapi_read_log'] = '1' if adminapi_read_log else '0'
if adminapi_read_resource is not None:
params['adminapi_read_resource'] = (
'1' if adminapi_read_resource else '0')
if adminapi_settings is not None:
params['adminapi_settings'] = '1' if adminapi_settings else '0'
if adminapi_settings_read is not None:
params['adminapi_settings_read'] = '1' if adminapi_settings_read else '0'
if adminapi_write_resource is not None:
params['adminapi_write_resource'] = (
'1' if adminapi_write_resource else '0')
if adminapi_allow_to_set_permissions is not None:
params['adminapi_allow_to_set_permissions'] = '1' if adminapi_allow_to_set_permissions else '0'
if groups_allowed is not None:
params['groups_allowed'] = groups_allowed
if self_service_allowed is not None:
Expand Down Expand Up @@ -2827,11 +2843,14 @@ def update_integration(self,
enroll_policy=None,
username_normalization_policy=None,
adminapi_admins=None,
adminapi_admins_read=None,
adminapi_info=None,
adminapi_integrations=None,
adminapi_integrations_read=None,
adminapi_read_log=None,
adminapi_read_resource=None,
adminapi_settings=None,
adminapi_settings_read=None,
adminapi_write_resource=None,
reset_secret_key=None,
trusted_device_days=None,
Expand All @@ -2856,11 +2875,14 @@ def update_integration(self,
ip_whitelist_enroll_policy - <bool: policy>
See adminapi docs for more details.
adminapi_admins - <int:0|1>|None
adminapi_admins_read - True|False|None
adminapi_info - True|False|None
adminapi_integrations - True|False|None
adminapi_integrations_read - True|False|None
adminapi_read_log - True|False|None
adminapi_read_resource - True|False|None
adminapi_settings - True|False|None
adminapi_settings_read - True|False|None
adminapi_write_resource - True|False|None
reset_secret_key - <any value>|None
groups_allowed - <str: CSV list of gkeys of groups allowed to auth>
Expand Down Expand Up @@ -2901,17 +2923,23 @@ def update_integration(self,
params['ip_whitelist_enroll_policy'] = ip_whitelist_enroll_policy
if adminapi_admins is not None:
params['adminapi_admins'] = '1' if adminapi_admins else '0'
if adminapi_admins_read is not None:
params['adminapi_admins_read'] = '1' if adminapi_admins_read else '0'
if adminapi_info is not None:
params['adminapi_info'] = '1' if adminapi_info else '0'
if adminapi_integrations is not None:
params['adminapi_integrations'] = '1' if adminapi_integrations else '0'
if adminapi_integrations_read is not None:
params['adminapi_integrations_read'] = '1' if adminapi_integrations_read else '0'
if adminapi_read_log is not None:
params['adminapi_read_log'] = '1' if adminapi_read_log else '0'
if adminapi_read_resource is not None:
params['adminapi_read_resource'] = (
'1' if adminapi_read_resource else '0')
if adminapi_settings is not None:
params['adminapi_settings'] = '1' if adminapi_settings else '0'
if adminapi_settings_read is not None:
params['adminapi_settings_read'] = '1' if adminapi_settings_read else '0'
if adminapi_write_resource is not None:
params['adminapi_write_resource'] = (
'1' if adminapi_write_resource else '0')
Expand Down
120 changes: 120 additions & 0 deletions tests/admin/test_integration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,5 +76,125 @@ def test_update_integration_success(self):
}
)

def test_create_integration_with_permissions(self):
response = self.client.create_integration(
name="Admin API integration",
integration_type="adminapi",
adminapi_admins=True,
adminapi_admins_read=True,
adminapi_info=True,
adminapi_integrations=True,
adminapi_integrations_read=True,
adminapi_read_log=True,
adminapi_read_resource=True,
adminapi_settings=True,
adminapi_settings_read=True,
adminapi_write_resource=True,
adminapi_allow_to_set_permissions=True,
self_service_allowed=True,
)

self.assertEqual(response['method'], 'POST')
self.assertEqual(response['uri'], '/admin/v3/integrations')
self.assertEqual(json.loads(response['body']),
{
"account_id": self.client.account_id,
"name": "Admin API integration",
"type": "adminapi",
"adminapi_admins": "1",
"adminapi_admins_read": "1",
"adminapi_info": "1",
"adminapi_integrations": "1",
"adminapi_integrations_read": "1",
"adminapi_read_log": "1",
"adminapi_read_resource": "1",
"adminapi_settings": "1",
"adminapi_settings_read": "1",
"adminapi_write_resource": "1",
"adminapi_allow_to_set_permissions": "1",
"self_service_allowed": "1",
}
)

def test_create_integration_with_permissions_disabled(self):
response = self.client.create_integration(
name="Admin API integration",
integration_type="adminapi",
adminapi_admins=False,
adminapi_admins_read=False,
adminapi_integrations_read=False,
adminapi_settings_read=False,
adminapi_allow_to_set_permissions=False,
)

self.assertEqual(response['method'], 'POST')
self.assertEqual(response['uri'], '/admin/v3/integrations')
self.assertEqual(json.loads(response['body']),
{
"account_id": self.client.account_id,
"name": "Admin API integration",
"type": "adminapi",
"adminapi_admins": "0",
"adminapi_admins_read": "0",
"adminapi_integrations_read": "0",
"adminapi_settings_read": "0",
"adminapi_allow_to_set_permissions": "0",
}
)

def test_update_integration_with_permissions(self):
response = self.client.update_integration(
self.integration_key,
adminapi_admins=True,
adminapi_admins_read=True,
adminapi_info=True,
adminapi_integrations=True,
adminapi_integrations_read=True,
adminapi_read_log=True,
adminapi_read_resource=True,
adminapi_settings=True,
adminapi_settings_read=True,
adminapi_write_resource=True,
self_service_allowed=True,
)

self.assertEqual(response['method'], 'POST')
self.assertEqual(response['uri'], '/admin/v3/integrations/{}'.format(self.integration_key))
self.assertEqual(json.loads(response['body']),
{
"account_id": self.client.account_id,
"adminapi_admins": "1",
"adminapi_admins_read": "1",
"adminapi_info": "1",
"adminapi_integrations": "1",
"adminapi_integrations_read": "1",
"adminapi_read_log": "1",
"adminapi_read_resource": "1",
"adminapi_settings": "1",
"adminapi_settings_read": "1",
"adminapi_write_resource": "1",
"self_service_allowed": "1",
}
)

def test_update_integration_with_permissions_disabled(self):
response = self.client.update_integration(
self.integration_key,
adminapi_admins_read=False,
adminapi_integrations_read=False,
adminapi_settings_read=False,
)

self.assertEqual(response['method'], 'POST')
self.assertEqual(response['uri'], '/admin/v3/integrations/{}'.format(self.integration_key))
self.assertEqual(json.loads(response['body']),
{
"account_id": self.client.account_id,
"adminapi_admins_read": "0",
"adminapi_integrations_read": "0",
"adminapi_settings_read": "0",
}
)

if __name__ == '__main__':
unittest.main()
Loading