synapse 2.165.0__py311-none-any.whl → 2.166.0__py311-none-any.whl

synapse/tests/test_tools_moduser.py

@@ -2,6 +2,32 @@ import synapse.lib.output as s_output
 import synapse.tests.utils as s_test
 import synapse.tools.moduser as s_t_moduser
 
+userlist = '''
+Users:
+  root
+  visi
+'''.strip()
+
+userinfo = s_test.deguidify('''
+User: visi (04dddd4ff39e4ce00b36c7d526b9eac7)
+
+  Locked: False
+  Admin: False
+  Email: visi@test.com
+  Rules:
+    [0  ] - !foo.bar.baz
+    [1  ] - foo.bar
+
+  Roles:
+    576a948f9944c58d3953f0d36bc2da81 - all
+
+  Gates:
+    c7b276154c0c799430668cb3c4cd259d
+      Admin: False
+      [0  ] - !bar.baz.faz
+      [1  ] - bar.baz
+'''.strip())
+
 class ModUserTest(s_test.SynTest):
 
     async def test_tools_moduser(self):
@@ -124,6 +150,78 @@ class ModUserTest(s_test.SynTest):
             self.true(bool(visi.allowed('foo.bar.gaz'.split('.'))))
             self.false(bool(visi.allowed('foo.bar.baz'.split('.'))))
 
+            gateiden = core.getLayer().iden
+            argv = (
+                '--svcurl', svcurl,
+                'visi',
+                '--admin', 'true',
+                '--gate', gateiden,
+            )
+            outp = s_output.OutPutStr()
+            self.eq(0, await s_t_moduser.main(argv, outp=outp))
+            self.isin(f'...setting admin: true on gate {gateiden}', str(outp))
+
+            gate = await core.getAuthGate(gateiden)
+            for user in gate['users']:
+                if user['iden'] == visi.iden:
+                    self.true(user['admin'])
+
+            gateiden = core.getLayer().iden
+            argv = (
+                '--svcurl', svcurl,
+                'visi',
+                '--admin', 'false',
+                '--allow', 'bar.baz',
+                '--deny', 'bar.baz.faz',
+                '--gate', gateiden,
+            )
+            outp = s_output.OutPutStr()
+            self.eq(0, await s_t_moduser.main(argv, outp=outp))
+            self.isin(f'...setting admin: false on gate {gateiden}', str(outp))
+            self.isin(f'...adding allow rule: bar.baz on gate {gateiden}', str(outp))
+            self.isin(f'...adding deny rule: bar.baz.faz on gate {gateiden}', str(outp))
+
+            gate = await core.getAuthGate(gateiden)
+            for user in gate['users']:
+                if user['iden'] == visi.iden:
+                    self.isin((True, ('bar', 'baz')), user['rules'])
+                    self.isin((False, ('bar', 'baz', 'faz')), user['rules'])
+
+            argv = (
+                '--svcurl', svcurl,
+                '--list',
+            )
+            outp = s_output.OutPutStr()
+            self.eq(0, await s_t_moduser.main(argv, outp=outp))
+            self.isin(userlist, str(outp))
+
+            argv = (
+                '--svcurl', svcurl,
+                '--list',
+                'visi',
+            )
+            outp = s_output.OutPutStr()
+            self.eq(0, await s_t_moduser.main(argv, outp=outp))
+            self.isin(userinfo, s_test.deguidify(str(outp)))
+
+            argv = (
+                '--svcurl', svcurl,
+                '--list',
+                'newpuser',
+            )
+            outp = s_output.OutPutStr()
+            self.eq(1, await s_t_moduser.main(argv, outp=outp))
+            self.isin('ERROR: User not found: newpuser', str(outp))
+
+            argv = (
+                '--svcurl', svcurl,
+                'visi',
+                '--gate', 'newp',
+            )
+            outp = s_output.OutPutStr()
+            self.eq(1, await s_t_moduser.main(argv, outp=outp))
+            self.isin('ERROR: No auth gate found with iden: newp', str(outp))
+
             argv = (
                 '--svcurl', svcurl,
                 'visi',
@@ -151,3 +249,10 @@ class ModUserTest(s_test.SynTest):
             outp = s_output.OutPutStr()
             self.eq(1, await s_t_moduser.main(argv, outp=outp))
             self.isin('ERROR: User not found (need --add?): visi', str(outp))
+
+            argv = (
+                '--svcurl', svcurl,
+            )
+            outp = s_output.OutPutStr()
+            self.eq(1, await s_t_moduser.main(argv, outp=outp))
+            self.isin('ERROR: A username argument is required when --list is not specified.', str(outp))

synapse/tools/modrole.py

@@ -11,15 +11,34 @@ descr = '''
 Add or modify a role in a Synapse service.
 '''
 
+def printrole(role, outp):
+
+    outp.printf(f'Role: {role.get("name")} ({role.get("iden")})')
+    outp.printf('')
+    outp.printf('  Rules:')
+    for indx, rule in enumerate(role.get('rules')):
+        outp.printf(f'    [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
+    outp.printf('')
+    outp.printf('  Gates:')
+    for gateiden, gateinfo in role.get('authgates', {}).items():
+        outp.printf(f'    {gateiden}')
+        outp.printf(f'      Admin: {gateinfo.get("admin") == True}')
+        for indx, rule in enumerate(gateinfo.get('rules', ())):
+            outp.printf(f'      [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
 async def main(argv, outp=s_output.stdout):
 
     pars = argparse.ArgumentParser(prog='modrole', description=descr)
     pars.add_argument('--svcurl', default='cell:///vertex/storage', help='The telepath URL of the Synapse service.')
     pars.add_argument('--add', default=False, action='store_true', help='Add the role if they do not already exist.')
     pars.add_argument('--del', dest='delete', default=False, action='store_true', help='Delete the role if it exists.')
+    pars.add_argument('--list', default=False, action='store_true',
+                      help='List existing roles, or rules of a specific role.')
     pars.add_argument('--allow', default=[], action='append', help='A permission string to allow for the role.')
     pars.add_argument('--deny', default=[], action='append', help='A permission string to deny for the role.')
-    pars.add_argument('rolename', help='The rolename to add/edit.')
+    pars.add_argument('--gate', default=None, help='The iden of an auth gate to add/del rules on.')
+    pars.add_argument('rolename', nargs='?', help='The rolename to add/edit.')
 
     opts = pars.parse_args(argv)
 
@@ -31,6 +50,31 @@ async def main(argv, outp=s_output.stdout):
 
         async with await s_telepath.openurl(opts.svcurl) as cell:
 
+            if opts.list:
+                if opts.rolename:
+                    role = await cell.getRoleDefByName(opts.rolename)
+                    if role is None:
+                        outp.printf(f'ERROR: Role not found: {opts.rolename}')
+                        return 1
+
+                    printrole(role, outp)
+
+                else:
+                    outp.printf('Roles:')
+                    for role in await cell.getRoleDefs():
+                        outp.printf(f'  {role.get("iden")} - {role.get("name")}')
+
+                return 0
+            elif opts.rolename is None:
+                outp.printf(f'ERROR: A rolename argument is required when --list is not specified.')
+                return 1
+
+            if opts.gate:
+                gate = await cell.getAuthGate(opts.gate)
+                if gate is None:
+                    outp.printf(f'ERROR: No auth gate found with iden: {opts.gate}')
+                    return 1
+
             role = await cell.getRoleDefByName(opts.rolename)
             if role is not None:
                 outp.printf(f'Modifying role: {opts.rolename}')
@@ -52,15 +96,23 @@ async def main(argv, outp=s_output.stdout):
 
             for allow in opts.allow:
                 perm = allow.lower().split('.')
-                outp.printf(f'...adding allow rule: {allow}')
-                if not await cell.isRoleAllowed(roleiden, perm):
-                    await cell.addRoleRule(roleiden, (True, perm), indx=0)
+                mesg = f'...adding allow rule: {allow}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if not await cell.isRoleAllowed(roleiden, perm, gateiden=opts.gate):
+                    await cell.addRoleRule(roleiden, (True, perm), indx=0, gateiden=opts.gate)
 
             for deny in opts.deny:
                 perm = deny.lower().split('.')
-                outp.printf(f'...adding deny rule: {deny}')
-                if await cell.isRoleAllowed(roleiden, perm):
-                    await cell.addRoleRule(roleiden, (False, perm), indx=0)
+                mesg = f'...adding deny rule: {deny}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if await cell.isRoleAllowed(roleiden, perm, gateiden=opts.gate):
+                    await cell.addRoleRule(roleiden, (False, perm), indx=0, gateiden=opts.gate)
     return 0
 
 if __name__ == '__main__':  # pragma: no cover

synapse/tools/moduser.py

@@ -9,15 +9,44 @@ import synapse.telepath as s_telepath
 import synapse.lib.output as s_output
 
 descr = '''
-Add or modify a user of a Synapse service.
+Add, modify, or list users of a Synapse service.
 '''
 
+def printuser(user, outp):
+
+    admin = user.get('admin')
+    authtype = user.get('type')
+
+    outp.printf(f'User: {user.get("name")} ({user.get("iden")})')
+    outp.printf('')
+    outp.printf(f'  Locked: {user.get("locked")}')
+    outp.printf(f'  Admin: {user.get("admin")}')
+    outp.printf(f'  Email: {user.get("email")}')
+    outp.printf('  Rules:')
+    for indx, rule in enumerate(user.get('rules')):
+        outp.printf(f'    [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
+    outp.printf('')
+    outp.printf('  Roles:')
+    for role in user.get('roles'):
+        outp.printf(f'    {role.get("iden")} - {role.get("name")}')
+
+    outp.printf('')
+    outp.printf('  Gates:')
+    for gateiden, gateinfo in user.get('authgates', {}).items():
+        outp.printf(f'    {gateiden}')
+        outp.printf(f'      Admin: {gateinfo.get("admin") == True}')
+        for indx, rule in enumerate(gateinfo.get('rules', ())):
+            outp.printf(f'      [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
 async def main(argv, outp=s_output.stdout):
 
     pars = argparse.ArgumentParser(prog='moduser', description=descr)
     pars.add_argument('--svcurl', default='cell:///vertex/storage', help='The telepath URL of the Synapse service.')
     pars.add_argument('--add', default=False, action='store_true', help='Add the user if they do not already exist.')
     pars.add_argument('--del', dest='delete', default=False, action='store_true', help='Delete the user if they exist.')
+    pars.add_argument('--list', default=False, action='store_true',
+                      help='List existing users of the service, or details of a specific user.')
     pars.add_argument('--admin', choices=('true', 'false'), default=None, help='Set the user admin status.')
     pars.add_argument('--passwd', action='store', type=str, help='A password to set for the user.')
     pars.add_argument('--email', action='store', type=str, help='An email to set for the user.')
@@ -26,7 +55,8 @@ async def main(argv, outp=s_output.stdout):
     pars.add_argument('--revoke', default=[], action='append', help='A role to revoke from the user.')
     pars.add_argument('--allow', default=[], action='append', help='A permission string to allow for the user.')
     pars.add_argument('--deny', default=[], action='append', help='A permission string to deny for the user.')
-    pars.add_argument('username', help='The username to add/edit.')
+    pars.add_argument('--gate', default=None, help='The iden of an auth gate to add/del rules or set admin status on.')
+    pars.add_argument('username', nargs='?', help='The username to add/edit or show details.')
 
     opts = pars.parse_args(argv)
 
@@ -38,6 +68,32 @@ async def main(argv, outp=s_output.stdout):
 
         async with await s_telepath.openurl(opts.svcurl) as cell:
 
+            if opts.list:
+                if opts.username:
+                    user = await cell.getUserDefByName(opts.username)
+                    if user is None:
+                        outp.printf(f'ERROR: User not found: {opts.username}')
+                        return 1
+
+                    printuser(user, outp)
+
+                else:
+                    outp.printf('Users:')
+                    for user in await cell.getUserDefs():
+                        outp.printf(f'  {user.get("name")}')
+
+                return 0
+
+            elif opts.username is None:
+                outp.printf(f'ERROR: A username argument is required when --list is not specified.')
+                return 1
+
+            if opts.gate:
+                gate = await cell.getAuthGate(opts.gate)
+                if gate is None:
+                    outp.printf(f'ERROR: No auth gate found with iden: {opts.gate}')
+                    return 1
+
             grants = []
             revokes = []
 
@@ -80,8 +136,12 @@ async def main(argv, outp=s_output.stdout):
 
             if opts.admin is not None:
                 admin = s_common.yamlloads(opts.admin)
-                outp.printf(f'...setting admin: {opts.admin}')
-                await cell.setUserAdmin(useriden, admin)
+                mesg = f'...setting admin: {opts.admin}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                await cell.setUserAdmin(useriden, admin, gateiden=opts.gate)
 
             if opts.locked is not None:
                 locked = s_common.yamlloads(opts.locked)
@@ -108,15 +168,23 @@ async def main(argv, outp=s_output.stdout):
 
             for allow in opts.allow:
                 perm = allow.lower().split('.')
-                outp.printf(f'...adding allow rule: {allow}')
-                if not await cell.isUserAllowed(useriden, perm):
-                    await cell.addUserRule(useriden, (True, perm), indx=0)
+                mesg = f'...adding allow rule: {allow}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if not await cell.isUserAllowed(useriden, perm, gateiden=opts.gate):
+                    await cell.addUserRule(useriden, (True, perm), indx=0, gateiden=opts.gate)
 
             for deny in opts.deny:
                 perm = deny.lower().split('.')
-                outp.printf(f'...adding deny rule: {deny}')
-                if await cell.isUserAllowed(useriden, perm):
-                    await cell.addUserRule(useriden, (False, perm), indx=0)
+                mesg = f'...adding deny rule: {deny}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if await cell.isUserAllowed(useriden, perm, gateiden=opts.gate):
+                    await cell.addUserRule(useriden, (False, perm), indx=0, gateiden=opts.gate)
     return 0
 
 if __name__ == '__main__':  # pragma: no cover

{synapse-2.165.0.dist-info → synapse-2.166.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: synapse
-Version: 2.165.0
+Version: 2.166.0
 Summary: Synapse Intelligence Analysis Framework
 Author-email: The Vertex Project LLC <root@vertex.link>
 License: Apache License 2.0
@@ -36,7 +36,7 @@ Requires-Dist: lark ==1.1.9
 Requires-Dist: Pygments <2.18.0,>=2.7.4
 Requires-Dist: packaging <24.0,>=20.0
 Requires-Dist: fastjsonschema <2.20.0,>=2.18.0
-Requires-Dist: stix2-validator <4.0.0,>=3.0.0
+Requires-Dist: stix2-validator <3.2.0,>=3.0.0
 Requires-Dist: vcrpy <5.2.0,>=4.3.1
 Requires-Dist: base58 <2.2.0,>=2.1.0
 Requires-Dist: python-bitcoinlib <0.13.0,>=0.11.0