diff --git a/iamvpnlibrary/iamvpnbase.py b/iamvpnlibrary/iamvpnbase.py index f59ff33..bfba067 100644 --- a/iamvpnlibrary/iamvpnbase.py +++ b/iamvpnlibrary/iamvpnbase.py @@ -11,11 +11,7 @@ import re import collections import ast -try: - import configparser -except ImportError: # pragma: no cover - from six.moves import configparser -import six +import configparser ParsedACL = collections.namedtuple( 'ParsedACL', ['rule', 'address', 'portstring', 'description']) @@ -92,7 +88,7 @@ def verify_sudo_user(self, username_is=None, username_as=None): # We will override this only after going through a gauntlet: if username_is and username_as: # ^ bypass on deletes - if (isinstance(self.sudo_username_regexp, six.string_types) and + if (isinstance(self.sudo_username_regexp, str) and isinstance(self.sudo_users, list) and username_is in self.sudo_users): # ^ This is deliberately unforgiving, as a safety measure. # At this point we have: diff --git a/iamvpnlibrary/iamvpnldap.py b/iamvpnlibrary/iamvpnldap.py index a09775c..408cf00 100644 --- a/iamvpnlibrary/iamvpnldap.py +++ b/iamvpnlibrary/iamvpnldap.py @@ -15,7 +15,6 @@ import re import socket import ldap -import six import netaddr from .iamvpnbase import IAMVPNLibraryBase, ParsedACL @@ -140,7 +139,7 @@ def _get_user_dn_by_username(self, input_username): return: str of their DN raises if there's no such user. """ - if not isinstance(input_username, six.string_types): + if not isinstance(input_username, str): raise TypeError(input_username, 'Argument must be a string') res = self.conn.search_s( self.config.get('ldap_base'), ldap.SCOPE_SUBTREE, @@ -269,7 +268,7 @@ def _split_vpn_acl_string(input_string): # pylint: disable=too-many-branches return: ParsedACL raise for horrible inputs """ - if not isinstance(input_string, six.string_types): + if not isinstance(input_string, str): raise TypeError(input_string, 'Argument must be a string') # input_string should be: # '1.1.1.1 # foo.m.c' @@ -361,7 +360,7 @@ def _fetch_vpn_acls_for_user(self, input_email): input_email: "user@company.com" return: ldap response """ - if not isinstance(input_email, six.string_types): + if not isinstance(input_email, str): raise TypeError(input_email, 'Argument must be a string') user_dn = self._get_user_dn_by_username(input_email) rdn_attr = self.config.get('ldap_vpn_acls_rdn_attribute') @@ -401,7 +400,7 @@ def _sanitized_vpn_acls_for_user(self, input_email): # pylint: disable=too-many different people want different results (every ACL? every IP? Just the IPs? What about a CIDR that encapsulates another?) """ - if not isinstance(input_email, six.string_types): + if not isinstance(input_email, str): raise TypeError(input_email, 'Argument must be a string') raw_acls = self._fetch_vpn_acls_for_user(input_email) acls = [] @@ -482,7 +481,7 @@ def user_allowed_to_vpn(self, input_email): Outside user: duo_openvpn Outside user: duo_openvpn kill script """ - if not isinstance(input_email, six.string_types): + if not isinstance(input_email, str): raise TypeError(input_email, 'Argument must be a string') if not self.is_online(): return self.fail_open @@ -513,7 +512,7 @@ def does_user_require_vpn_mfa(self, input_email): Outside user: duo_openvpn """ - if not isinstance(input_email, six.string_types): + if not isinstance(input_email, str): raise TypeError(input_email, 'Argument must be a string') if not self.is_online(): # This is going to be a bit of mental gymnastics. @@ -570,7 +569,7 @@ def get_allowed_vpn_ips(self, input_email): Outside user: openvpn-client-connect """ - if not isinstance(input_email, six.string_types): + if not isinstance(input_email, str): raise TypeError(input_email, 'Argument must be a string') if not self.is_online(): # Absentee server means no IPs @@ -591,7 +590,7 @@ def get_allowed_vpn_acls(self, input_email): Outside user: openvpn-netfilter """ - if not isinstance(input_email, six.string_types): + if not isinstance(input_email, str): raise TypeError(input_email, 'Argument must be a string') if not self.is_online(): # Absentee server means no ACLs @@ -614,9 +613,9 @@ def non_mfa_vpn_authentication(self, input_username, input_password): Outside user: duo_openvpn """ - if not isinstance(input_username, six.string_types): + if not isinstance(input_username, str): raise TypeError(input_username, 'Argument must be a string') - if not isinstance(input_password, six.string_types): + if not isinstance(input_password, str): raise TypeError(input_password, 'Argument must be a string') if not self.is_online(): # A user could not be looked up. fail open as needed. diff --git a/test/test_base.py b/test/test_base.py index 76d3cfe..5dd20e0 100644 --- a/test/test_base.py +++ b/test/test_base.py @@ -12,13 +12,10 @@ import unittest import os +import configparser import test.context # pylint: disable=unused-import import mock from iamvpnlibrary.iamvpnbase import IAMVPNLibraryBase -try: - import configparser -except ImportError: # pragma: no cover - from six.moves import configparser class TestBaseFunctions(unittest.TestCase): diff --git a/test/test_private_ldap.py b/test/test_private_ldap.py index af88331..e053f3c 100644 --- a/test/test_private_ldap.py +++ b/test/test_private_ldap.py @@ -10,7 +10,6 @@ from netaddr import IPNetwork import mock import ldap -import six from iamvpnlibrary.iamvpnldap import IAMVPNLibraryLDAP from iamvpnlibrary.iamvpnbase import ParsedACL @@ -145,7 +144,7 @@ def test_fetch_vpn_acls_for_user(self): # the LDAP format changed. Most of this you don't need to stare at. self.assertIsInstance(acl, tuple, 'Did not get an LDAP ACL tuple') - self.assertIsInstance(acl[0], six.string_types, + self.assertIsInstance(acl[0], str, ('The supposed LDAP ACL tuple did not have ' 'a DN string as arg 0')) self.assertIsInstance(acl[1], dict, @@ -235,7 +234,7 @@ def test_sanitized_vpn_acls(self): self.assertIsInstance(pacl, ParsedACL, 'Did not return a list of ParsedACLs') # rule can be empty - self.assertIsInstance(pacl.rule, six.string_types, + self.assertIsInstance(pacl.rule, str, 'The ParsedACL rule was not a string') # address is an object and must be there self.assertIsInstance(pacl.address, IPNetwork, @@ -243,10 +242,10 @@ def test_sanitized_vpn_acls(self): self.assertGreaterEqual(pacl.address.size, 1, 'The ParsedACL address did not have a size?') # portstring can be empty - self.assertIsInstance(pacl.portstring, six.string_types, + self.assertIsInstance(pacl.portstring, str, 'The ParsedACL portstring was not a string') # description can be empty - self.assertIsInstance(pacl.description, six.string_types, + self.assertIsInstance(pacl.description, str, 'The ParsedACL description was not a string') def test_vpn_mfa_exempt_users(self): @@ -297,7 +296,7 @@ def test_get_user_dn_by_username(self): if self.normal_user is None: # pragma: no cover self.skipTest('Must provide a .normal_user to test') result = self.library._get_user_dn_by_username(self.normal_user) - self.assertIsInstance(result, six.string_types, + self.assertIsInstance(result, str, 'search for username must return a DN string') self.assertIn(','+self.library.config['ldap_base'], result, ('A random user from the set does not match ' diff --git a/test/test_public_methods.py b/test/test_public_methods.py index 57a3c8b..3fcf240 100644 --- a/test/test_public_methods.py +++ b/test/test_public_methods.py @@ -13,7 +13,6 @@ from netaddr import IPNetwork import mock import ldap -import six from iamvpnlibrary import IAMVPNLibrary from iamvpnlibrary.iamvpnbase import ParsedACL from iamvpnlibrary.iamvpnldap import IAMVPNLibraryLDAP @@ -80,7 +79,7 @@ def test_02_serverup_good(self): self.assertGreater(len(result), 5, 'If this failed, someone has very few acls.') addr = result[0] - self.assertIsInstance(addr, six.string_types, + self.assertIsInstance(addr, str, 'Check did not return IP strings') try: # verify that we're returning parseable strings @@ -122,7 +121,7 @@ def test_03_serverup_good(self): self.assertIsInstance(pacl, ParsedACL, 'Did not return a list of ParsedACLs') # rule can be empty - self.assertIsInstance(pacl.rule, six.string_types, + self.assertIsInstance(pacl.rule, str, 'The ParsedACL rule was not a string') # address is an object and must be there self.assertIsInstance(pacl.address, IPNetwork, @@ -130,10 +129,10 @@ def test_03_serverup_good(self): self.assertGreaterEqual(pacl.address.size, 1, 'The ParsedACL address did not have a size?') # portstring can be empty - self.assertIsInstance(pacl.portstring, six.string_types, + self.assertIsInstance(pacl.portstring, str, 'The ParsedACL portstring was not a string') # description can be empty - self.assertIsInstance(pacl.description, six.string_types, + self.assertIsInstance(pacl.description, str, 'The ParsedACL description was not a string') def test_03_serverup_bad(self): diff --git a/test/test_spinup_ldap.py b/test/test_spinup_ldap.py index 7122197..6493a26 100644 --- a/test/test_spinup_ldap.py +++ b/test/test_spinup_ldap.py @@ -8,6 +8,7 @@ # file, so, we tell pylint that we're cool with it: import unittest +import configparser import test.context # pylint: disable=unused-import import netaddr from netaddr import IPNetwork @@ -15,10 +16,6 @@ import ldap from iamvpnlibrary.iamvpnbase import IAMVPNLibraryBase, ParsedACL from iamvpnlibrary.iamvpnldap import IAMVPNLibraryLDAP -try: - import configparser -except ImportError: # pragma: no cover - from six.moves import configparser class TestLDAPSpinup(unittest.TestCase):