Merge remote-tracking branch 'upstream/master' into tests_plugin

skoczen · Nov 25, 2019 · 10d63d2 · 10d63d2
2 parents e529d56 + 03e185b
commit 10d63d2
Show file tree

Hide file tree

Showing 15 changed files with 67 additions and 60 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,23 +1,23 @@
 dist: xenial
 language: python
 python:
-  - "2.7"
-  - "3.4"
-  - "3.5"
-  - "3.6"
-  - "3.7"
+  - '2.7'
+  - '3.4'
+  - '3.5'
+  - '3.6'
+  - '3.7'
 sudo: false
 services:
-    - docker
+  - docker
 before_install:
   - sudo apt-get update
   - sudo apt-get install -y libffi-dev libxml2-dev
 install:
-- pip install tox-travis
-- pip install -r will/requirements/dev.txt
+  - pip install tox-travis
+  - pip install -r will/requirements/dev.txt
 script:
-- tox
-- export CTAG="-$TRAVIS_COMMIT"
+  - tox
+  - export CTAG="-$TRAVIS_COMMIT"
 # - "fab docker_build"
 # deploy:
 #   skip_cleanup: true

diff --git a/AUTHORS b/AUTHORS
@@ -55,3 +55,4 @@ Ahmed Osman, https://github.com/Ashex
 Boris Peterbarg, https://github.com/reist
 unicolet, https://github.com/unicolet
 Rob Salmond, https://github.com/rsalmond
+Jeremy Logan, https://github.com/fixedd
diff --git a/docs/config.md b/docs/config.md
@@ -50,6 +50,7 @@ Config.py is where all of your non-sensitive settings should go.   This includes
 - `ALLOW_INSECURE_HIPCHAT_SERVER`: the option to disable SSL checks (seriously, don't),
 - `ENABLE_INTERNAL_ENCRYPTION`: the option to turn off internal encryption (not recommended, but you can do it.)
 - `PROXY_URL`: Proxy server to use, consider exporting it as `WILL_PROXY_URL` environment variable, if it contains sensitive information
+- `ACL`: Define arbitrary groups of users which can be used to restrict access to certain Will commands. See [access control](plugins/builtins/#access-control) for details.
 - and all of your non-sensitive plugin settings.
 
 

diff --git a/docs/img/hangout.gif b/docs/img/hangout.gif
diff --git a/docs/plugins/builtins.md b/docs/plugins/builtins.md
@@ -97,8 +97,13 @@ Here's an example with an ops team, and an admin team:
 # config.py
 
 ACL = {
-    "ops": ["steven", "levi", "susan"],
-    "admins": ["wooh"],
+    "ops": ["U2A06UQHX", #steven
+            "UXHQU60A2", #levi
+            "UABC1234",  #susan
+    ],
+    "admins": [
+            "UDEF5678",  #wooh
+    ],
 }
 ```
 
@@ -119,6 +124,15 @@ def terminate_ec2_instance(self, message, instance_id):
 
 Complex ACL behaviors, simple as that.
 
+### Determinig User ID's
+
+In slack the user ID can be found by visiting [this link](https://api.slack.com/methods/users.info/test), selecting your slack account from the dropdown,
+and then clicking your @name next to the `user` field.
+
+In rocketchat the user ID can by found by visiting the URI /account/tokens on your instance and generating a new (temporary) personal access token, the
+user ID will be presented with the new token, which can then be deleted.
+
+__NOTE__: As hipchat is end-of-life it is not supported and will be removed completely from Will in an upcoming release.
 
 ## Access settings and config
 

diff --git a/docs/plugins/bundled.md b/docs/plugins/bundled.md
@@ -181,12 +181,6 @@ If you want to shorten long URL using Bitly API, Will can do that for you in a f
 
 ![Bitly](../img/bitly.png)
 
-#### Hangout
-
-If you've set a `HANGOUT_URL`, will will toss it in chat for you:
-
-![Hangout](../img/hangout.gif)
-
 #### Image me
 
 Sometimes, a picture is worth a thousand words.

diff --git a/docs/plugins/notice.md b/docs/plugins/notice.md
@@ -68,7 +68,7 @@ It's one of the best things about robots - they never, ever forget.  Will's no e
 ```python
 @periodic(hour='10', minute='0', day_of_week="mon-fri")
 def standup(self):
-    self.say("@all Standup! %s" % settings.WILL_HANGOUT_URL)
+    self.say("@all Standup! %s" % settings.STANDUP_URL)
 ```
 
 Under the hood, `@periodic` uses [apscheduler](https://apscheduler.readthedocs.io/en/v2.1.2/cronschedule.html#available-fields) to provide its options, so you can use any of the following as keyword arguments:

diff --git a/setup.py b/setup.py
@@ -37,7 +37,7 @@
 
 tests_require = [
     'mock',
-    'pytest',
+    'pytest==4.6.6',
     'pytest-cov',
     'pytest-runner',
     'pytest-mock',

diff --git a/will/acl.py b/will/acl.py
@@ -20,18 +20,18 @@ def get_acl_members(acl):
     return acl_members
 
 
-def is_acl_allowed(nick, acl):
+def is_acl_allowed(user_id, acl):
     if not getattr(settings, "ACL", None):
         logging.warning(
             "%s was just allowed to perform actions in %s because no ACL settings exist. This can be a security risk." % (
-                nick,
+                user_id,
                 acl,
             )
         )
         return True
     for a in acl:
         acl_members = get_acl_members(a)
-        if nick in acl_members or nick.lower() in [x.lower() for x in acl_members]:
+        if user_id in acl_members:
             return True
 
     return False
@@ -42,7 +42,7 @@ def verify_acl(message, acl):
         if settings.DISABLE_ACL:
             return True
 
-        allowed = is_acl_allowed(message.sender.handle, acl)
+        allowed = is_acl_allowed(message.sender.id, acl)
         if allowed:
             return True
         if hasattr(message, "data") and hasattr(message.data, "backend_supports_acl"):

diff --git a/will/plugins/productivity/hangout.py b/will/plugins/productivity/hangout.py
diff --git a/will/requirements/base.txt b/will/requirements/base.txt
@@ -24,5 +24,5 @@ regex==2017.9.23
 redis==2.10.6
 requests==2.20.0
 six==1.10.0
-urllib3==1.24.2
+urllib3==1.24.3
 websocket-client==0.44.0
diff --git a/will/requirements/dev.txt b/will/requirements/dev.txt
@@ -10,7 +10,7 @@ nose
 coverage
 yappi
 tox
-pytest
+pytest==4.6.6
 pytest-cov
 pytest-mock
 freezegun
diff --git a/will/requirements/slack.txt b/will/requirements/slack.txt
@@ -1,4 +1,4 @@
 -r base.txt
-slackclient>=1.2.1<1.3.0
+slackclient>=1.2.1,<1.3.0
 markdownify==0.4.1
 
diff --git a/will/scripts/config.py.dist b/will/scripts/config.py.dist
@@ -61,7 +61,6 @@ PLUGINS = [
 
 # Don't load any of the plugins in this list.  Same options as above.
 PLUGIN_BLACKLIST = [
-    "will.plugins.productivity.hangout",   # Because it requires a HANGOUT_URL
     "will.plugins.productivity.bitly",   # Because it requires a BITLY_ACCESS_TOKEN key and the bitly_api library
     "will.plugins.devops.bitbucket_is_up",   # Because most folks use github.
     "will.plugins.devops.pagerduty",  # Because it requires a PAGERDUTY_SUBDOMAIN and PAGERDUTY_API_KEY key
@@ -169,10 +168,19 @@ FUZZY_REGEX_ALLOWABLE_ERRORS = 3
 
 # Access Control: Specify groups of users to be used in the acl=["admins","ceos"] parameter
 # in respond_to and hear actions.
-# Group names can be any string, and the list is composed of user handles.
-# ACL = {
-#     "admins": ["sarah", "sue", "steven"]
-# }
+# Group names can be any string, and the list is composed of user ids.
+#
+# See the ACL docs for help locating user ids.
+# http://skoczen.github.io/will/plugins/builtins/#access-control
+#
+#    ACL = {
+#        "admins":
+#            [
+#                "U2A06UQHX", #sarah
+#                "UXHQU60A2", #sue
+#                "UABC1234"   #steven
+#            ]
+#    }
 #
 # By default, if no ACL is set, all users can perform all actions - but warnings
 # will be printed to the console.  To disable those warnings, set DISABLE_ACL to True

diff --git a/will/tests/test_acl.py b/will/tests/test_acl.py
@@ -6,8 +6,8 @@
 
 # our mock ACL object, just as a user would add to Will's config.py
 ACL = {
-    'ENGINEERING_OPS': ['bob', 'Alice'],
-    'engineering_devs': ['eve']
+    'ENGINEERING_OPS': ['U2A06UQHX', 'UXHQU60A2'],           # slack style user ids
+    'engineering_devs': ['nSYqWzZ4GsKTX4dyK']                # rocketchat style user id
 }
 
 # More than one ACL group can be specified as allowed to trigger a `respond()`
@@ -16,20 +16,20 @@
 # https://docs.pytest.org/en/latest/fixture.html#parametrizing-fixtures
 
 VALID_USERS_AND_GROUPS = [
-    ('bob', {'ENGINEERING_OPS'}),
-    ('Alice', {'ENGINEERING_OPS'}),
-    ('eve', {'engineering_devs'}),
-    ('bob', {'ENGINEERING_OPS', 'engineering_devs'}),
-    ('Alice', {'ENGINEERING_OPS', 'engineering_devs'}),
-    ('eve', {'ENGINEERING_OPS', 'engineering_devs'})
+    ('U2A06UQHX', {'ENGINEERING_OPS'}),
+    ('UXHQU60A2', {'ENGINEERING_OPS'}),
+    ('nSYqWzZ4GsKTX4dyK', {'engineering_devs'}),
+    ('U2A06UQHX', {'ENGINEERING_OPS', 'engineering_devs'}),
+    ('UXHQU60A2', {'ENGINEERING_OPS', 'engineering_devs'}),
+    ('nSYqWzZ4GsKTX4dyK', {'ENGINEERING_OPS', 'engineering_devs'})
 ]
 
 INVALID_USERS_AND_GROUPS = [
-    ('bob', {'engineering_devs'}),
-    ('Alice', {'engineering_devs'}),
-    ('eve', {'ENGINEERING_OPS'}),
-    ('juan', {'ENGINEERING_OPS', 'engineering_devs'}),
-    ('pedro', {'ENGINEERING_OPS', 'engineering_devs'})
+    ('U2A06UQHX', {'engineering_devs'}),
+    ('UXHQU60A2', {'engineering_devs'}),
+    ('nSYqWzZ4GsKTX4dyK', {'ENGINEERING_OPS'}),
+    ('UABC1234', {'ENGINEERING_OPS', 'engineering_devs'}),
+    ('UDEF5678', {'ENGINEERING_OPS', 'engineering_devs'})
 ]
 
 
@@ -58,8 +58,8 @@ def settings_acl():
 @pytest.fixture()
 def build_message_with_acls(person, message):
     def _build_message_with_acls(user_and_groups):
-        user, groups = user_and_groups
-        p = person({"handle": user})
+        user_id, groups = user_and_groups
+        p = person({"id": user_id})
         m = message({"sender": p, "data": message({})})
 
         return m, groups
@@ -90,12 +90,12 @@ def test_get_acl_members(group, settings_acl):
 
 def test_is_acl_allowed_returns_true(allowed_message_with_acls):
     message, acls = allowed_message_with_acls
-    assert is_acl_allowed(message.sender.handle, acls)
+    assert is_acl_allowed(message.sender.id, acls)
 
 
 def test_is_acl_allowed_returns_false(not_allowed_message_with_acls):
     message, acls = not_allowed_message_with_acls
-    assert not is_acl_allowed(message.sender.handle, acls)
+    assert not is_acl_allowed(message.sender.id, acls)
 
 
 def test_verify_acl_is_disabled(not_allowed_message_with_acls):