Beispiel #1
0
    def setUp(self):
        self.tearDown()

        models.client.GanetiRapiClient = RapiProxy

        cluster = Cluster(hostname='test.example.test', slug='OSL_TEST')
        cluster.save()
        vm = VirtualMachine(hostname='vm1.example.bak', cluster=cluster)
        vm.save()

        User(id=1, username='******').save()
        settings.ANONYMOUS_USER_ID=1

        user = User(id=2, username='******')
        user.set_password('secret')
        user.save()
        user1 = User(id=3, username='******')
        user1.set_password('secret')
        user1.grant("admin", cluster)
        user1.grant("admin", vm)
        user1.save()
        user2 = User(id=4, username="******")
        user2.set_password("secret")
        user2.is_superuser = True
        user2.save()

        dict_ = globals()
        dict_['user'] = user
        dict_['user1'] = user1
        dict_['user2'] = user2
        dict_['cluster'] = cluster
        dict_['vm'] = vm
        dict_['c'] = Client()
Beispiel #2
0
    def test_view_modify_confirm_quota_over(self):
        args = (self.cluster.slug, self.vm.hostname)
        url = '/cluster/%s/%s/edit/confirm' % args

        user = User(id=52, username='******')
        user.set_password('secret2')
        user.save()
        user.grant('modify', self.vm)
        profile = user.get_profile()
        self.vm.owner = profile
        self.vm.save()

        self.cluster.set_quota(profile, dict(ram=1000, disk=2000,
                                             virtual_cpus=10))

        os_list = cluster_os_list(self.cluster)
        edit_form = dict(vcpus=2000,
            acpi=True,
            disk_cache='default',
            initrd_path='',
            kernel_args='ro',
            kvm_flag='',
            mem_path='',
            migration_downtime=30,
            security_domain='',
            security_model='none',
            usb_mouse='',
            use_chroot=False,
            use_localtime=False,
            vnc_bind_address='0.0.0.0',
            vnc_tls=False,
            vnc_x509_path='',
            vnc_x509_verify=False,
            memory=512,
            os='image+debian-osgeo',
            disk_type='paravirtual',
            boot_order='disk',
            nic_type='paravirtual',
            nic_count=1,
            nic_count_original=1,
            nic_link_0='br0',
            nic_mac_0='aa:bb:00:00:33:d2',
            root_path='/dev/vda1',
            kernel_path='/boot/vmlinuz-2.32.6-27-generic',
            serial_console=True,
            cdrom_image_path='')
        data = {'rapi_dict':json.dumps(edit_form), 'save':True}

        # regular user
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        session['edit_form'] = edit_form
        session['os_list'] = os_list
        session.save()
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/virtual_machine/edit_confirm.html')
        self.c.logout()
Beispiel #3
0
    def setUp(self):
        self.tearDown()

        models.client.GanetiRapiClient = RapiProxy

        cluster = Cluster(hostname='test.osuosl.test', slug='OSL_TEST')
        cluster.save()
        vm = VirtualMachine(hostname='vm1.osuosl.bak', cluster=cluster)
        vm.save()
        
        User(id=1, username='******').save()
        settings.ANONYMOUS_USER_ID=1
        
        user = User(id=2, username='******')
        user.set_password('secret')
        user.save()
        user1 = User(id=3, username='******')
        user1.set_password('secret')
        user1.grant("admin", cluster)
        user1.grant("admin", vm)
        user1.save()
        user2 = User(id=4, username="******")
        user2.set_password("secret")
        user2.is_superuser = True
        user2.save()
        
        dict_ = globals()
        dict_['user'] = user
        dict_['user1'] = user1
        dict_['user2'] = user2
        dict_['cluster'] = cluster
        dict_['vm'] = vm
        dict_['c'] = Client()
Beispiel #4
0
    def setUp(self):
        self.tearDown()

        models.client.GanetiRapiClient = RapiProxy

        cluster = Cluster(hostname="test.example.test", slug="OSL_TEST")
        cluster.save()
        vm = VirtualMachine(hostname="vm1.example.bak", cluster=cluster)
        vm.save()

        User(id=1, username="******").save()
        settings.ANONYMOUS_USER_ID = 1

        user = User(id=2, username="******")
        user.set_password("secret")
        user.save()
        user1 = User(id=3, username="******")
        user1.set_password("secret")
        user1.grant("admin", cluster)
        user1.grant("admin", vm)
        user1.save()
        user2 = User(id=4, username="******")
        user2.set_password("secret")
        user2.is_superuser = True
        user2.save()

        dict_ = globals()
        dict_["user"] = user
        dict_["user1"] = user1
        dict_["user2"] = user2
        dict_["cluster"] = cluster
        dict_["vm"] = vm
        dict_["c"] = Client()
Beispiel #5
0
Datei: edit.py Projekt: bsu/GWM2
    def test_view_modify_quota_over(self):
        vm = globals()['vm']
        args = (cluster.slug, vm.hostname)
        url = '/cluster/%s/%s/edit' % args

        user = User(id=52, username='******')
        user.set_password('secret2')
        user.save()
        user.grant('modify', vm)
        profile = user.get_profile()
        vm.owner = profile
        vm.save()

        cluster.set_quota(profile, dict(ram=1000, disk=2000, virtual_cpus=10))

        ## POST
        os_list = cluster_os_list(cluster)
        data = dict(vcpus=2000,
            acpi=True,
            disk_cache='default',
            initrd_path='',
            kernel_args='ro',
            kvm_flag='',
            mem_path='',
            migration_downtime=30,
            security_domain='',
            security_model='none',
            usb_mouse='',
            use_chroot=False,
            use_localtime=False,
            vnc_bind_address='0.0.0.0',
            vnc_tls=False,
            vnc_x509_path='',
            vnc_x509_verify=False,
            memory=512,
            os='image+debian-osgeo',
            disk_type='paravirtual',
            boot_order='disk',
            nic_type='paravirtual',
            nic_count=1,
            nic_count_original=1,
            nic_link_0='br0',
            nic_mac_0='aa:bb:00:00:33:d2',
            root_path='/dev/vda1',
            kernel_path='/boot/vmlinuz-2.32.6-27-generic',
            serial_console=True,
            cdrom_image_path='')

        user.grant('modify', vm)
        self.assertTrue(c.login(username=user.username, password='******'))
        self.assertFalse(user.is_superuser)
        session = c.session
        session['os_list'] = os_list
        session.save()
        response = c.post(url, data)
        self.assertEqual(200, response.status_code) # 302 if success (BAD)
        self.assertTemplateUsed(response, 'ganeti/virtual_machine/edit_kvm.html')
        user.revoke_all(vm)
        c.logout()
Beispiel #6
0
    def test_view_ssh_keys(self):
        """
        Test getting SSH keys belonging to users, who have admin permission on
        specified cluster
        """
        vm = VirtualMachine.objects.create(cluster=self.cluster,
                                           hostname='vm1.example.bak')

        user1 = User(id=3, username='******')
        user1.set_password('secret')
        user1.save()

        # add some keys
        SSHKey.objects.create(key="ssh-rsa test test@test", user=self.user)
        SSHKey.objects.create(key="ssh-dsa test asd@asd", user=self.user)
        SSHKey.objects.create(key="ssh-dsa test foo@bar", user=user1)

        # get API key
        # XXX agh oh god what why are you doing this argfl
        import settings
        key = settings.WEB_MGR_API_KEY

        url = '/cluster/%s/keys/%s/'
        args = (self.cluster.slug, key)

        self.assert_standard_fails(url,
                                   args,
                                   login_required=False,
                                   authorized=False)

        # cluster without users who have admin perms
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals("application/json", response["content-type"])
        self.assertEqual(len(json.loads(response.content)), 0)
        self.assertNotContains(response, "test@test")
        self.assertNotContains(response, "asd@asd")

        # vm with users who have admin perms
        # grant admin permission to first user
        # XXX ...but we aren't using these users anywhere after this...
        self.user.grant("admin", vm)
        user1.grant("admin", self.cluster)

        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals("application/json", response["content-type"])
        self.assertEqual(len(json.loads(response.content)), 3)
        self.assertContains(response, "test@test", count=1)
        self.assertContains(response, "asd@asd", count=1)
        self.assertContains(response, "foo@bar", count=1)

        user1.delete()
Beispiel #7
0
 def setUp(self):
     self.tearDown()
     settings.ANONYMOUS_USER_ID = 0
     user = User(id=1, username="******")
     user.save()
     object_ = Group(name='testing')
     object_.save()
     user.grant('admin', object_)
     g = globals()
     g['anonymous'] = AnonymousUser()
     g['user'] = user
     g['object_'] = object_
 def setUp(self):
     self.tearDown()
     settings.ANONYMOUS_USER_ID = 0
     user = User(id=1, username="******")
     user.save()
     object_ = Group(name='testing')
     object_.save()
     user.grant('admin', object_)
     g = globals()
     g['anonymous'] = AnonymousUser()
     g['user'] = user
     g['object_'] = object_
Beispiel #9
0
    def test_view_ssh_keys(self):
        """
        Test getting SSH keys belonging to users, who have admin permission on
        specified cluster
        """
        vm = VirtualMachine.objects.create(cluster=self.cluster,
                                           hostname='vm1.example.bak')

        user1 = User(id=3, username='******')
        user1.set_password('secret')
        user1.save()

        # add some keys
        SSHKey.objects.create(key="ssh-rsa test test@test", user=self.user)
        SSHKey.objects.create(key="ssh-dsa test asd@asd", user=self.user)
        SSHKey.objects.create(key="ssh-dsa test foo@bar", user=user1)

        # get API key
        # XXX agh oh god what why are you doing this argfl
        import settings
        key = settings.WEB_MGR_API_KEY

        url = '/cluster/%s/keys/%s/'
        args = (self.cluster.slug, key)

        self.assert_standard_fails(url, args,
                                   login_required=False,
                                   authorized=False)

        # cluster without users who have admin perms
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals("application/json", response["content-type"])
        self.assertEqual(len(json.loads(response.content)), 0)
        self.assertNotContains(response, "test@test")
        self.assertNotContains(response, "asd@asd")

        # vm with users who have admin perms
        # grant admin permission to first user
        # XXX ...but we aren't using these users anywhere after this...
        self.user.grant("admin", vm)
        user1.grant("admin", self.cluster)

        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals("application/json", response["content-type"])
        self.assertEqual(len(json.loads(response.content)), 3)
        self.assertContains(response, "test@test", count=1)
        self.assertContains(response, "asd@asd", count=1)
        self.assertContains(response, "foo@bar", count=1)

        user1.delete()
Beispiel #10
0
class NodeImportBase(TestCase):
    url = ''
    c = None
    cluster0 = None
    cluster1 = None

    def setUp(self):
        self.tearDown()

        models.client.GanetiRapiClient = RapiProxy

        self.unauthorized = User(id=2, username='******')
        self.authorized = User(id=3, username='******')
        self.superuser = User(id=4, username='******', is_superuser=True)

        self.unauthorized.set_password('secret')
        self.authorized.set_password('secret')
        self.superuser.set_password('secret')

        self.unauthorized.save()
        self.authorized.save()
        self.superuser.save()

        self.cluster0 = Cluster.objects.create(hostname='test0',
                                               slug='OSL_TEST0')
        self.cluster1 = Cluster.objects.create(hostname='test1',
                                               slug='OSL_TEST1')

        self.authorized.grant('admin', self.cluster0)

        self.cluster0.rapi.GetNodes.response = ['node0', 'node2']
        self.cluster1.rapi.GetNodes.response = ['node3', 'node5']

        self.vm = VirtualMachine.objects.create(hostname='gimager.example.bak',
                                                cluster=self.cluster0)

        self.node0 = Node.objects.create(hostname='node0',
                                         cluster=self.cluster0)
        self.node1 = Node.objects.create(hostname='node1',
                                         cluster=self.cluster0)
        self.node3 = Node.objects.create(hostname='node3',
                                         cluster=self.cluster1)
        self.node4 = Node.objects.create(hostname='node4',
                                         cluster=self.cluster1)

        self.c = Client()

    def tearDown(self):
        # reset proxy object default values, could cause collisions in other tests
        if self.cluster0 is not None:
            self.cluster0.rapi.GetNodes.response = NODES
        if self.cluster1 is not None:
            self.cluster1.rapi.GetNodes.response = NODES

        if self.c is not None:
            self.c.logout()
        Node.objects.all().delete()
        Cluster.objects.all().delete()
        Profile.objects.all().delete()
        User.objects.all().delete()

    def test_anonymous(self):
        """ anonymous user """
        response = self.c.get(self.url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

    def test_unauthorized(self):
        """ unauthorized user """
        self.assertTrue(
            self.c.login(username=self.unauthorized.username,
                         password='******'))
        response = self.c.get(self.url)
        self.assertEqual(403, response.status_code)
Beispiel #11
0
    def test_sync_virtual_machines_in_edit_view(self):
        '''
        Test if sync_virtual_machines is run after editing a cluster
        for the second time
        '''
        #configuring stuff needed to test edit view
        user = User(id=2, username='******')
        user.set_password('secret')
        user.save()
        cluster = Cluster(hostname='test.osuosl.test', slug='OSL_TEST')
        cluster.save()
        url = '/cluster/%s/edit/' % cluster.slug

        dict_ = globals()
        dict_['user'] = user
        dict_['cluster'] = cluster
        dict_['c'] = Client()

        cluster.virtual_machines.all().delete()

        #run view_edit test
        response = c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')
        
        self.assert_(c.login(username=user.username, password='******'))
        response = c.get(url)
        self.assertEqual(403, response.status_code)
        
        user.grant('admin', cluster)
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'cluster/edit.html')
        self.assertEqual(cluster, response.context['cluster'])
        user.revoke('admin', cluster)

        user.is_superuser = True
        user.save()
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'cluster/edit.html')
        
        data = dict(hostname='new-host-1.hostname',
                    slug='new-host-1',
                    port=5080,
                    description='testing editing clusters',
                    username='******',
                    password = '******',
                    confirm_password = '******',
                    virtual_cpus=1,
                    disk=2,
                    ram=3
                    )
        
        data_ = data.copy()
        response = c.post(url, data, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'cluster/detail.html')
        cluster = response.context['cluster']
        del data_['confirm_password']
        for k, v in data_.items():
            self.assertEqual(v, getattr(cluster, k))

        self.assert_(cluster.virtual_machines.all().exists())

        cluster.virtual_machines.all().delete()
        
        #run view_edit again..
        url = '/cluster/%s/edit/' % cluster.slug
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'cluster/edit.html')
        
        data_ = data.copy()
        response = c.post(url, data, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'cluster/detail.html')
        cluster = response.context['cluster']
        del data_['confirm_password']
        for k, v in data_.items():
            self.assertEqual(v, getattr(cluster, k))

        #test success
        self.assert_(cluster.virtual_machines.all().exists())
Beispiel #12
0
class TestNewVirtualMachineFormInit(TestCase, VirtualMachineTestCaseMixin):
    def setUp(self):
        self.user = User(id=67, username='******')
        self.user.set_password('secret')
        self.user.save()
        self.user1 = User(id=70, username='******')
        self.user1.set_password('secret')
        self.user1.save()
        self.group = Group(id=45, name='testing_group')
        self.group.save()

        models.client.GanetiRapiClient = RapiProxy
        self.cluster0 = Cluster.objects.create(hostname='test0', slug='test0')
        self.cluster1 = Cluster.objects.create(hostname='test1', slug='test1')
        self.cluster2 = Cluster.objects.create(hostname='test2', slug='test2')
        self.cluster3 = Cluster.objects.create(hostname='test3', slug='test3')
        self.cluster0.sync_nodes()

        # Give each cluster write permissions, and set it's info
        for cluster in (self.cluster0, self.cluster1, self.cluster2,
                        self.cluster3):
            cluster.username = self.user.username
            cluster.password = '******'
            cluster.info = INFO
            cluster.save()

    def tearDown(self):
        User.objects.all().delete()
        Group.objects.all().delete()
        VirtualMachine.objects.all().delete()
        Cluster.objects.all().delete()

    def test_default_choices(self):
        """
        Test that ChoiceFields have the correct default options
        """
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([(u'', u'---------')],
                         form.fields['nic_type'].choices)
        self.assertEqual([(u'', u'---------'), (u'routed', u'routed'),
                          (u'bridged', u'bridged')],
                         form.fields['nic_mode_0'].choices)
        self.assertEqual([(u'', u'---------')],
                         form.fields['boot_order'].choices)
        self.assertEqual([(u'', u'---------'), (u'plain', u'plain'),
                          (u'drbd', u'drbd'), (u'file', u'file'),
                          (u'diskless', u'diskless')],
                         form.fields['disk_template'].choices)

    def test_init_and_data_params(self):
        """
        Tests that passing initial does not trigger validation

        Verifies:
            * Passing data (arg[0]) will trigger validation
            * Passing initial will not trigger validation
        """
        form = NewVirtualMachineForm(self.user, initial={})
        self.assertEqual({}, form.errors)

        form = NewVirtualMachineForm(self.user, {})
        self.assertNotEqual({}, form.errors)

    def test_cluster_init(self):
        """
        Tests initializing a form with a Cluster

        Verifies:
            * cluster choices are set correctly
            * node choices are set correctly
        """

        # no cluster
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([(u'', u'---------')], form.fields['pnode'].choices)
        self.assertEqual([(u'', u'---------')], form.fields['snode'].choices)
        self.assertEqual([(u'', u'---------')], form.fields['os'].choices)

        # cluster from initial data
        form = NewVirtualMachineForm(self.user, {'cluster': self.cluster0.id})
        self.assertEqual(
            set([(u'', u'---------'),
                 (u'gtest1.example.bak', u'gtest1.example.bak'),
                 (u'gtest2.example.bak', u'gtest2.example.bak'),
                 (u'gtest3.example.bak', u'gtest3.example.bak')]),
            set(form.fields['pnode'].choices))
        self.assertEqual(
            set([(u'', u'---------'),
                 (u'gtest1.example.bak', u'gtest1.example.bak'),
                 (u'gtest2.example.bak', u'gtest2.example.bak'),
                 (u'gtest3.example.bak', u'gtest3.example.bak')]),
            set(form.fields['snode'].choices))
        self.assertEqual(form.fields['os'].choices,
                         [(u'', u'---------'),
                          ('Image', [('image+debian-osgeo', 'Debian Osgeo'),
                                     ('image+ubuntu-lucid', 'Ubuntu Lucid')])])

        # cluster from initial data
        form = NewVirtualMachineForm(self.user, {'cluster': self.cluster0.id})
        self.assertEqual(
            set([(u'', u'---------'),
                 (u'gtest1.example.bak', u'gtest1.example.bak'),
                 (u'gtest2.example.bak', u'gtest2.example.bak'),
                 (u'gtest3.example.bak', u'gtest3.example.bak')]),
            set(form.fields['pnode'].choices))
        self.assertEqual(
            set([(u'', u'---------'),
                 (u'gtest1.example.bak', u'gtest1.example.bak'),
                 (u'gtest2.example.bak', u'gtest2.example.bak'),
                 (u'gtest3.example.bak', u'gtest3.example.bak')]),
            set(form.fields['snode'].choices))
        self.assertEqual(form.fields['os'].choices,
                         [(u'', u'---------'),
                          ('Image', [('image+debian-osgeo', 'Debian Osgeo'),
                                     ('image+ubuntu-lucid', 'Ubuntu Lucid')])])

    def test_cluster_choices_init(self):
        """
        Tests that cluster choices are based on User permissions

        Verifies:
            * superusers have all Clusters as choices
            * if owner is set, only display clusters the owner has permissions
              directly on.  This includes both users and groups
            * if no owner is set, choices include clusters that the user has
              permission directly on, or through a group
        """

        # no owner, no permissions
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(set([(u'', u'---------')]),
                         set(form.fields['cluster'].choices))

        # no owner, group and direct permissions
        self.user.grant('admin', self.cluster0)
        self.user.grant('create_vm', self.cluster1)
        self.group.grant('admin', self.cluster2)
        self.group.user_set.add(self.user)
        self.assertEqual(
            set([(u'', u'---------'), (self.cluster0.pk, u'test0'),
                 (self.cluster1.pk, u'test1'), (self.cluster2.pk, u'test2')]),
            set(form.fields['cluster'].choices))
        self.user.revoke_all(self.cluster0)
        self.user.revoke_all(self.cluster1)
        self.group.revoke_all(self.cluster2)

        # owner, user with no choices
        form = NewVirtualMachineForm(
            self.user, initial={'owner': self.user.get_profile().id})
        self.assertEqual(set([(u'', u'---------')]),
                         set(form.fields['cluster'].choices))

        # owner, user with choices
        self.user.grant('admin', self.cluster0)
        self.user.grant('create_vm', self.cluster1)
        form = NewVirtualMachineForm(
            self.user, initial={'owner': self.user.get_profile().id})
        self.assertEqual(
            set([(u'', u'---------'), (self.cluster0.pk, u'test0'),
                 (self.cluster1.pk, u'test1')]),
            set(form.fields['cluster'].choices))

        # owner, group with no choices
        form = NewVirtualMachineForm(
            self.user, initial={'owner': self.group.organization.id})
        self.assertEqual(set([(u'', u'---------')]),
                         set(form.fields['cluster'].choices))

        # owner, group with choices
        self.group.grant('admin', self.cluster2)
        self.group.grant('create_vm', self.cluster3)
        form = NewVirtualMachineForm(
            self.user, initial={'owner': self.group.organization.id})
        self.assertEqual(
            set([(u'', u'---------'), (self.cluster2.pk, u'test2'),
                 (self.cluster3.pk, u'test3')]),
            set(form.fields['cluster'].choices))

        # user - superuser
        self.user.is_superuser = True
        self.user.save()
        form = NewVirtualMachineForm(
            self.user, initial={'owner': self.user.get_profile().id})
        self.assertEqual(
            set([(u'', u'---------'), (self.cluster0.pk, u'test0'),
                 (self.cluster1.pk, u'test1'), (self.cluster2.pk, u'test2'),
                 (self.cluster3.pk, u'test3')]),
            set(form.fields['cluster'].choices))

        # group - superuser
        form = NewVirtualMachineForm(
            self.user, initial={'owner': self.group.organization.id})
        self.assertEqual(
            set([(u'', u'---------'), (self.cluster0.pk, u'test0'),
                 (self.cluster1.pk, u'test1'), (self.cluster2.pk, u'test2'),
                 (self.cluster3.pk, u'test3')]),
            set(form.fields['cluster'].choices))

    def test_owner_choices_init(self):
        """
        Tests that owner choices are set based on User permissions

        Verifies:
            * superusers have all clusterusers as choices
            * user receives themselves as a choice if they have perms
            * user receives all groups they are a member of
        """

        # user with no choices
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([(u'', u'---------')], form.fields['owner'].choices)

        # user with perms on self, no groups
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([
            (u'', u'---------'),
            (self.user.profile.id, u'tester0'),
        ], form.fields['owner'].choices)
        self.user.set_perms(['create_vm'], self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([
            (u'', u'---------'),
            (self.user.profile.id, u'tester0'),
        ], form.fields['owner'].choices)

        # user with perms on self and groups
        self.group.user_set.add(self.user)
        self.group.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([
            (u'', u'---------'),
            (self.group.organization.id, u'testing_group'),
            (self.user.profile.id, u'tester0'),
        ], form.fields['owner'].choices)
        self.user.revoke_all(self.cluster0)

        # user with no perms on self, but groups
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([
            (u'', u'---------'),
            (self.group.organization.id, u'testing_group'),
        ], form.fields['owner'].choices)
        self.group.set_perms(['create_vm'], self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([
            (u'', u'---------'),
            (self.group.organization.id, u'testing_group'),
        ], form.fields['owner'].choices)
        self.group.revoke_all(self.cluster0)

        # superuser
        self.user.is_superuser = True
        self.user.save()
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([
            (u'', u'---------'),
            (self.user.profile.id, u'tester0'),
            (self.user1.profile.id, u'tester1'),
            (self.group.organization.id, u'testing_group'),
        ], list(form.fields['owner'].choices))

    def test_default_disks(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertTrue('disk_size_0' in form.fields)
        self.assertFalse('disk_size_1' in form.fields)

    def test_no_disks(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(disk_count=0))
        self.assertFalse('disk_size_0' in form.fields)
        self.assertFalse('disk_size_1' in form.fields)

    def test_single_disk(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(disk_count=1))
        self.assertTrue('disk_size_0' in form.fields)
        self.assertFalse('disk_size_1' in form.fields)

    def test_multiple_disks(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(disk_count=2))
        self.assertTrue('disk_size_0' in form.fields)
        self.assertTrue('disk_size_1' in form.fields)

    def test_multiple_disks_from_dict(self):
        self.user.grant('admin', self.cluster0)
        initial = dict(disks=[dict(size=123), dict(size=456)])
        form = NewVirtualMachineForm(self.user, initial)
        self.assertTrue('disk_size_0' in form.fields)
        self.assertTrue('disk_size_1' in form.fields)

        data = form.data
        self.assertEqual(2, data['disk_count'])
        self.assertEqual(123, data['disk_size_0'])
        self.assertEqual(456, data['disk_size_1'])

    def test_default_nics(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertFalse('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertFalse('nic_link_1' in form.fields)

    def test_no_nics(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(nic_count=0))
        self.assertFalse('nic_mode_0' in form.fields)
        self.assertFalse('nic_mode_1' in form.fields)
        self.assertFalse('nic_link_0' in form.fields)
        self.assertFalse('nic_link_1' in form.fields)

    def test_single_nic(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(nic_count=1))
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertFalse('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertFalse('nic_link_1' in form.fields)

    def test_multiple_nics(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(nic_count=2))
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertTrue('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertTrue('nic_link_1' in form.fields)

    def test_multiple_nics_from_dict(self):
        self.user.grant('admin', self.cluster0)
        initial = dict(
            nics=[dict(mode=123, link='br0'),
                  dict(mode=456, link='br1')])
        form = NewVirtualMachineForm(self.user, initial)
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertTrue('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertTrue('nic_link_1' in form.fields)

        data = form.data
        self.assertEqual(2, data['nic_count'])
        self.assertEqual(123, data['nic_mode_0'])
        self.assertEqual(456, data['nic_mode_1'])
        self.assertEqual('br0', data['nic_link_0'])
        self.assertEqual('br1', data['nic_link_1'])
Beispiel #13
0
class ImportViews(TestCase):
    def setUp(self):
        self.tearDown()

        models.client.GanetiRapiClient = RapiProxy

        self.user = User(id=2, username='******')
        self.user.set_password('secret')
        self.user.save()

        self.group = Group(name='testing_group')
        self.group.save()

        self.cluster0 = Cluster(hostname='test0', slug='OSL_TEST0')
        self.cluster0.save()
        self.cluster1 = Cluster(hostname='test1', slug='OSL_TEST1')
        self.cluster1.save()

        self.vm0 = VirtualMachine(hostname='vm0', cluster=self.cluster0)
        self.vm1 = VirtualMachine(hostname='vm1',
                                  cluster=self.cluster0,
                                  owner=self.user.get_profile())
        #self.vm2 = VirtualMachine(hostname='vm2', cluster=cluster0)
        self.vm3 = VirtualMachine(hostname='vm3', cluster=self.cluster1)
        self.vm4 = VirtualMachine(hostname='vm4',
                                  cluster=self.cluster1,
                                  owner=self.user.get_profile())
        #self.vm5 = VirtualMachine(hostname='vm5', cluster=cluster1)
        self.vm0.save()
        self.vm1.save()
        self.vm3.save()
        self.vm4.save()

        self.c = Client()
        self.owner = self.user.get_profile()

    def tearDown(self):
        VirtualMachine.objects.all().delete()
        Cluster.objects.all().delete()
        Organization.objects.all().delete()
        Profile.objects.all().delete()
        User.objects.all().delete()
        Group.objects.all().delete()

    def test_orphans_view(self):
        """
        Test orphans view
        """
        url = '/import/orphans/'

        # anonymous user
        response = self.c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            self.c.login(username=self.user.username, password='******'))
        response = self.c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized get (cluster admin perm)
        self.user.grant('admin', self.cluster0)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertEqual([(self.vm0.id, 'test0', 'vm0')],
                         response.context['vms'])
        self.user.revoke_all(self.cluster0)

        # authorized get (superuser)
        self.user.is_superuser = True
        self.user.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertEqual([(self.vm0.id, 'test0', 'vm0'),
                          (self.vm3.id, 'test1', 'vm3')],
                         response.context['vms'])
        self.user.is_superuser = False
        self.user.save()

        # POST - invalid vm
        self.user.grant('admin', self.cluster0)
        data = {'virtual_machines': [-1], 'owner': self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertTrue(response.context['form'].errors)

        # POST - invalid owner
        data = {'virtual_machines': [self.vm0.id], 'owner': -1}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertTrue(response.context['form'].errors)

        # POST - user does not have perms for cluster
        data = {'virtual_machines': [self.vm3.id], 'owner': self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertTrue(response.context['form'].errors)

        # POST - success
        data = {'virtual_machines': [self.vm0.id], 'owner': self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertFalse(response.context['form'].errors)
        self.assertEqual([], response.context['vms'])

    def test_missing_ganeti(self):
        """
        Tests view for Virtual Machines missing from ganeti
        """
        url = '/import/missing/'
        self.cluster0.rapi.GetInstances.response = ['vm0', 'vm2']
        self.cluster1.rapi.GetInstances.response = ['vm3', 'vm5']

        # anonymous user
        response = self.c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            self.c.login(username=self.user.username, password='******'))
        response = self.c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized get (cluster admin perm)
        self.user.grant('admin', self.cluster0)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertEqual([('vm1', 'test0', 'vm1')], response.context['vms'])
        self.user.revoke_all(self.cluster0)

        # authorized get (superuser)
        self.user.is_superuser = True
        self.user.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertEqual([('vm1', 'test0', 'vm1'), ('vm4', 'test1', 'vm4')],
                         response.context['vms'])
        self.user.is_superuser = False
        self.user.save()

        # POST - invalid vm
        self.user.grant('admin', self.cluster0)
        data = {'virtual_machines': [-1]}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertTrue(response.context['form'].errors)

        # POST - user does not have perms for cluster
        data = {'virtual_machines': [self.vm3.hostname]}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertTrue(response.context['form'].errors)

        # POST - success
        data = {'virtual_machines': ['vm1']}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertFalse(response.context['form'].errors)
        self.assertEqual([], response.context['vms'])

    def test_missing_db(self):
        """
        Tests view for Virtual Machines missing from database
        """
        url = '/import/missing_db/'
        self.cluster0.rapi.GetInstances.response = ['vm0', 'vm2']
        self.cluster1.rapi.GetInstances.response = ['vm3', 'vm5']

        # anonymous user
        response = self.c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            self.c.login(username=self.user.username, password='******'))
        response = self.c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized get (cluster admin perm)
        self.user.grant('admin', self.cluster0)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertEqual([('1:vm2', 'test0', 'vm2')], response.context['vms'])
        self.user.revoke_all(self.cluster0)

        # authorized get (superuser)
        self.user.is_superuser = True
        self.user.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertEqual([('1:vm2', 'test0', 'vm2'),
                          ('2:vm5', 'test1', 'vm5')], response.context['vms'])
        self.user.is_superuser = False
        self.user.save()

        # POST - invalid vm
        self.user.grant('admin', self.cluster0)
        data = {'virtual_machines': [-1]}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertTrue(response.context['form'].errors)

        # POST - invalid owner
        data = {'virtual_machines': [self.vm0.id], 'owner': -1}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertTrue(response.context['form'].errors)

        # POST - user does not have perms for cluster
        data = {
            'virtual_machines': [self.vm3.hostname],
            'owner': self.owner.id
        }
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertTrue(response.context['form'].errors)

        # POST - success
        data = {'virtual_machines': ['1:vm2'], 'owner': self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertFalse(response.context['form'].errors)
        self.assertEqual([], response.context['vms'])
        self.assertTrue(VirtualMachine.objects.filter(hostname='vm2').exists())
class NodeImportBase(TestCase):
    url = ''
    c = None
    cluster0 = None
    cluster1 = None

    def setUp(self):
        self.tearDown()

        self.unauthorized = User(id=2, username='******')
        self.authorized = User(id=3, username='******')
        self.superuser = User(id=4, username='******', is_superuser=True)

        self.unauthorized.set_password('secret')
        self.authorized.set_password('secret')
        self.superuser.set_password('secret')

        self.unauthorized.save()
        self.authorized.save()
        self.superuser.save()

        self.cluster0 = Cluster.objects.create(hostname='test0',
                                               slug='OSL_TEST0')
        self.cluster1 = Cluster.objects.create(hostname='test1',
                                               slug='OSL_TEST1')

        self.authorized.grant('admin', self.cluster0)

        self.cluster0.rapi.GetNodes.response = ['node0', 'node2']
        self.cluster1.rapi.GetNodes.response = ['node3', 'node5']

        self.vm = VirtualMachine.objects.create(hostname='gimager.example.bak',
                                                cluster=self.cluster0)

        self.node0 = Node.objects.create(hostname='node0',
                                         cluster=self.cluster0)
        self.node1 = Node.objects.create(hostname='node1',
                                         cluster=self.cluster0)
        self.node3 = Node.objects.create(hostname='node3',
                                         cluster=self.cluster1)
        self.node4 = Node.objects.create(hostname='node4',
                                         cluster=self.cluster1)

        self.c = Client()

    def tearDown(self):
        # reset proxy object default values,
        # could cause collisions in other tests
        if self.cluster0 is not None:
            self.cluster0.rapi.GetNodes.response = NODES
        if self.cluster1 is not None:
            self.cluster1.rapi.GetNodes.response = NODES

        if self.c is not None:
            self.c.logout()
        Node.objects.all().delete()
        Cluster.objects.all().delete()
        Profile.objects.all().delete()
        User.objects.all().delete()

    def test_anonymous(self):
        """ anonymous user """
        response = self.c.get(self.url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

    def test_unauthorized(self):
        """ unauthorized user """
        self.assertTrue(self.c.login(username=self.unauthorized.username,
                                     password='******'))
        response = self.c.get(self.url)
        self.assertEqual(403, response.status_code)
Beispiel #15
0
class TestGeneralViews(TestCase, ViewTestMixin):

    def setUp(self):
        self.tearDown()

        self.cluster = Cluster(hostname='test.example.test', slug='OSL_TEST')
        self.cluster.save()
        self.vm = VirtualMachine(hostname='vm1.example.bak',
                                 cluster=self.cluster)
        self.vm.save()

        User(id=1, username='******').save()
        settings.ANONYMOUS_USER_ID = 1

        self.user = User(id=2, username='******')
        self.user.set_password('secret')
        self.user.save()
        self.user1 = User(id=3, username='******')
        self.user1.set_password('secret')
        self.user1.grant("admin", self.cluster)
        self.user1.grant("admin", self.vm)
        self.user1.save()
        self.user2 = User(id=4, username="******")
        self.user2.set_password("secret")
        self.user2.is_superuser = True
        self.user2.save()

        self.c = Client()

    def tearDown(self):
        SSHKey.objects.all().delete()
        Cluster.objects.all().delete()
        User.objects.all().delete()
        Group.objects.all().delete()
        Job.objects.all().delete()

    def test_view_overview(self):
        """
        Tests overview (status) page
        """
        # TODO: in future, add Ganeti errors checking

        cluster1 = Cluster(hostname='cluster1', slug='cluster1')
        cluster1.save()
        vm1 = VirtualMachine(hostname='vm2.example.bak', cluster=cluster1)
        vm1.save()
        job = Job(job_id=233, obj=self.vm, cluster=self.cluster,
                  finished="2011-01-07 21:59", status="error")
        job.save()
        job1 = Job(job_id=1234, obj=vm1, cluster=cluster1,
                   finished="2011-01-05 21:59", status="error")
        job1.save()
        job.rapi.GetJobStatus.response = JOB_ERROR

        url = "/"
        args = []
        template = "ganeti/overview.html"
        mimetype = "text/html; charset=utf-8"
        status = 200

        # anonymous user
        response = self.c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # authorized user (non-admin)
        self.user.grant("admin", self.vm)
        self.user.save()
        self.assertTrue(self.c.login(username=self.user.username,
                        password='******'))
        response = self.c.get(url % args)
        self.assertEqual(status, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)
        clusters = response.context['cluster_list']
        self.assertTrue(self.cluster not in clusters)
        self.assertEqual(0, len(clusters))
        self.assertEqual(0, response.context["orphaned"])
        self.assertEqual(0, response.context["missing"])
        self.assertEqual(0, response.context["import_ready"])

        # authorized user (admin on one cluster)
        self.assertTrue(self.c.login(username=self.user1.username,
                        password='******'))
        response = self.c.get(url % args)
        self.assertEqual(status, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)
        clusters = response.context['cluster_list']
        self.assertTrue(self.cluster in clusters)
        self.assertEqual(1, len(clusters))
        self.assertEqual(1, response.context["orphaned"])
        self.assertEqual(1, response.context["missing"])
        self.assertEqual(2, response.context["import_ready"])

        # authorized user (superuser)
        self.assertTrue(self.c.login(username=self.user2.username,
                        password='******'))
        response = self.c.get(url % args)
        self.assertEqual(status, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)
        clusters = response.context['cluster_list']
        self.assertTrue(self.cluster in clusters)
        self.assertTrue(cluster1 in clusters)
        self.assertEqual(2, len(clusters))
        self.assertEqual(2, response.context["orphaned"])
        self.assertEqual(2, response.context["missing"])
        self.assertEqual(4, response.context["import_ready"])

    def test_used_resources(self):
        """ tests the used_resources view """

        group0 = Group.objects.create(name='group0')
        group1 = Group.objects.create(name='group1')
        self.user.groups.add(group0)
        self.user1.groups.add(group1)

        url = "/used_resources/"
        args = {}
        template = "ganeti/overview/used_resources_data.html"
        mimetype = "text/html; charset=utf-8"

        # anonymous user
        response = self.c.get(url, args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # 404 - no id
        self.assertTrue(self.c.login(username=self.user.username,
                        password='******'))
        response = self.c.get(url, {})
        self.assertEqual(404, response.status_code)

        # 404 - invalid id
        response = self.c.get(url, {'id': 1234567})
        self.assertEqual(404, response.status_code)

        # unauthorized user (different user)
        response = self.c.get(url, {'id': self.user2.get_profile().pk})
        self.assertEqual(403, response.status_code)

        # unauthorized user (in different group)
        self.assertTrue(self.c.login(username=self.user.username,
                        password='******'))
        response = self.c.get(url, {'id': group1.organization.pk})
        self.assertEqual(403, response.status_code)

        # authorized user (same user)
        response = self.c.get(url, {'id': self.user.get_profile().pk})
        self.assertEqual(200, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)

        # authorized user (in group)
        response = self.c.get(url, {'id': group0.organization.pk})
        self.assertEqual(200, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)

        # authorized user (superuser)
        self.assertTrue(self.c.login(username=self.user2.username,
                        password='******'))
        response = self.c.get(url, {'id': self.user.get_profile().pk})
        self.assertEqual(200, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)

        # authorized user (superuser)
        self.assertTrue(self.c.login(username=self.user2.username,
                        password='******'))
        response = self.c.get(url, {'id': group1.organization.pk})
        self.assertEqual(200, response.status_code)
        self.assertEqual(mimetype, response['content-type'])
        self.assertTemplateUsed(response, template)

    def test_view_ssh_keys(self):
        """ tests retrieving all sshkeys from the gwm instance """

        # add some keys
        SSHKey.objects.create(key="ssh-rsa test test@test", user=self.user)
        SSHKey.objects.create(key="ssh-dsa test asd@asd", user=self.user)
        SSHKey.objects.create(key="ssh-dsa test foo@bar", user=self.user1)

        self.user.revoke_all(self.vm)
        self.user.revoke_all(self.cluster)
        self.user1.revoke_all(self.vm)
        self.user1.revoke_all(self.cluster)
        self.user2.revoke_all(self.vm)
        self.user2.revoke_all(self.cluster)

        # get API key
        # import settings
        key = settings.WEB_MGR_API_KEY

        url = '/keys/%s/'
        args = (key,)

        # cluster without users who have admin perms
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals("application/json", response["content-type"])
        self.assertEqual(len(json.loads(response.content)), 0)
        self.assertNotContains(response, "test@test")
        self.assertNotContains(response, "asd@asd")

        # vm with users who have admin perms
        # grant admin permission to first user
        self.user.grant("admin", self.vm)
        self.user1.grant("admin", self.cluster)

        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals("application/json", response["content-type"])
        self.assertEqual(len(json.loads(response.content)), 3)
        self.assertContains(response, "test@test", count=1)
        self.assertContains(response, "asd@asd", count=1)
        self.assertContains(response, "foo@bar", count=1)
Beispiel #16
0
class TestGroupViews(TestCase):

    def setUp(self):
        self.anonymous = User(id=1, username='******')
        self.anonymous.save()
        settings.ANONYMOUS_USER_ID = 1

        self.user0 = User(id=2, username='******')
        self.user0.set_password('secret')
        self.user0.save()
        self.user1 = User(id=3, username='******')
        self.user1.set_password('secret')
        self.user1.save()

    def tearDown(self):
        self.anonymous.delete()
        self.user0.delete()
        self.user1.delete()

    def test_save(self, name='test'):
        """ Test saving an Group """
        group = Group(name=name)
        group.save()
        return group

    def test_view_list(self):
        """
        Test viewing list of Groups
        """
        group = self.test_save()
        group0 = self.test_save(name='group1')
        group1 = self.test_save(name='group2')
        group2 = self.test_save(name='group3')
        c = Client()
        url = '/groups/'

        # anonymous user
        response = c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user (user with admin on no groups)
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized (permission)
        self.user0.grant('admin', group)
        self.user0.grant('admin', group1)
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/list.html')
        groups = response.context['groups']
        self.assertTrue(group in groups)
        self.assertTrue(group1 in groups)
        self.assertEqual(2, len(groups))

        # authorized (superuser)
        self.user0.revoke('admin', group0)
        self.user0.revoke('admin', group1)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/list.html')
        groups = response.context['groups']
        self.assertTrue(group in groups)
        self.assertTrue(group0 in groups)
        self.assertTrue(group1 in groups)
        self.assertTrue(group2 in groups)
        self.assertEqual(4, len(groups))

    def test_view_detail(self):
        """
        Test Viewing the detail for a Group

        Verifies:
            * 200 returned for valid group
            * 404 returned for invalid group
        """
        group = self.test_save()
        c = Client()
        url = '/group/%s/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)

        # invalid user group
        response = c.get(url % "DoesNotExist")
        self.assertEqual(404, response.status_code)

        # authorized (permission)
        grant(self.user0, 'admin', group)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/detail.html')

        # authorized (superuser)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/detail.html')

    def test_view_edit(self):
        group = self.test_save()
        c = Client()
        url = '/group/%s/edit/'

        # anonymous user
        response = c.post(url % group.id, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.post(url % group.id)
        self.assertEqual(403, response.status_code)

        # invalid group
        response = c.post(url % "DoesNotExist")
        self.assertEqual(404, response.status_code)

        # get form - authorized (permission)
        # XXX need to implement Class wide permission
        # for creating editing groups
        # grant(user, 'admin', group)
        # response = c.post(url % group.id)
        # self.assertEqual(200, response.status_code)
        # self.assertEquals(
        #       'text/html; charset=utf-8', response['content-type'])
        # self.assertTemplateUsed(response, 'group/edit.html')

        # get form - authorized (permission)
        grant(self.user0, 'admin', group)
        response = c.post(url % group.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # get form - authorized (superuser)
        self.user0.revoke('admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.post(url % group.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # missing name
        data = {'id': group.id}
        response = c.post(url % group.id, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])

        # setup signal
        self.signal_editor = self.signal_group = None

        def callback(sender, editor, **kwargs):
            self.signal_user = self.user0
            self.signal_group = sender
        view_group_edited.connect(callback)

        # successful edit
        data = {'id': group.id, 'name': 'EDITED_NAME'}

        response = c.post(url % group.id, data)
        self.assertRedirects(response, '/group/%s' % group.pk)
        group = Group.objects.get(id=group.id)
        self.assertEqual('EDITED_NAME', group.name)

        # check signal set properties
        self.assertEqual(group, self.signal_group)
        self.assertEqual(self.user0, self.signal_user)

    def test_view_create(self):
        """
        Test creating a new Group
        """
        group = self.test_save()
        c = Client()
        url = '/group/add/'

        # anonymous user
        response = c.post(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.post(url)
        self.assertEqual(403, response.status_code)

        # get form - authorized (permission)
        # XXX need to implement Class level permissions
        # grant(user, 'admin', group)
        # response = c.post(url % group.id)
        # self.assertEqual(200, response.status_code)
        # self.assertEquals(
        #    'text/html; charset=utf-8', response['content-type'])
        # self.assertTemplateUsed(response, 'group/edit.html')

        # get form - authorized (superuser)
        self.user0.revoke('admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.post(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # missing name
        response = c.post(url, {'name': ''})
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # setup signal
        self.signal_editor = self.signal_group = None

        def callback(sender, editor, **kwargs):
            self.signal_user = self.user0
            self.signal_group = sender
        view_group_created.connect(callback)

        # successful edit
        data = {'name': 'ADD_NEW_GROUP'}
        response = c.post(url, data)
        group = Group.objects.get(name='ADD_NEW_GROUP')
        self.assertRedirects(response, '/group/%s' % group.pk)

        self.assertTrue(Group.objects.filter(name='ADD_NEW_GROUP').exists())

        # check signal set properties
        self.assertEqual(group, self.signal_group)
        self.assertEqual(self.user0, self.signal_user)

    def test_view_delete(self):
        """
        Test deleting a group

        Verifies:
            * group is deleted
            * all associated permissions are deleted
        """
        group0 = self.test_save()
        group1 = self.test_save(name='test2')
        c = Client()
        url = '/group/%s/edit/'

        # anonymous user
        response = c.delete(url % group0.id, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.delete(url % group0.id)
        self.assertEqual(403, response.status_code)

        # invalid group
        response = c.delete(url % "DoesNotExist")
        self.assertEqual(404, response.status_code)

        # get form - authorized (permission)
        grant(self.user0, 'admin', group0)
        response = c.delete(url % group0.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(Group.objects.filter(id=group0.id).exists())
        self.assertEqual('1', response.content)

        # setup signal
        self.signal_editor = self.signal_group = None

        def callback(sender, editor, **kwargs):
            self.signal_user = self.user0
            self.signal_group = sender
        view_group_deleted.connect(callback)

        # get form - authorized (superuser)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.delete(url % group1.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(Group.objects.filter(id=group1.id).exists())
        self.assertEqual('1', response.content)

        # check signal set properties
        self.assertEqual(group1.name, self.signal_group.name)
        self.assertEqual(self.user0, self.signal_user)

    def test_view_add_user(self):
        """
        Test view for adding a user:

        Verifies:
            * request from unauthorized user results in 403
            * GET returns a 200 code, response is html
            * POST with a user id adds user, response is html for user
            * POST without user id returns error as json
            * POST for invalid user id returns error as json
            * adding user a second time returns error as json
        """
        group = self.test_save()
        c = Client()
        url = '/group/%d/user/add/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorized get (perm granted)
        grant(self.user0, 'admin', group)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # authorized get (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # missing user id
        response = c.post(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # invalid user
        response = c.post(url % args, {'user': 0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None

        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_add_user.connect(callback)

        # valid post
        data = {'user': self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/user_row.html')
        self.assertTrue(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_add_user.disconnect(callback)

        # same user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)

    def test_view_remove_user(self):
        """
        Test view for adding a user:

        Verifies:
            * GET redirects user to 405
            * POST with a user id remove user, returns 1
            * POST without user id returns error as json
            * users lacking perms receive 403
            * removing user not in group returns error as json
            * removing user that does not exist returns error as json
            * user loses all permissions when removed from group
        """
        group = self.test_save()
        c = Client()
        group.user_set.add(self.user0)
        url = '/group/%d/user/remove/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # invalid permissions
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorize and login
        grant(self.user0, 'admin', group)

        # invalid method
        response = c.get(url % args)
        self.assertEqual(405, response.status_code)

        # valid request (perm)
        data = {'user': self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertEqual([], self.user0.get_perms(group))

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None

        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_remove_user.connect(callback)

        # valid request (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        group.user_set.add(self.user0)
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_remove_user.disconnect(callback)

        # remove user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertNotEqual('1', response.content)

        # remove invalid user
        response = c.post(url % args, {'user': 0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('1', response.content)
Beispiel #17
0
    def test_view_modify_confirm(self):
        """
        Test confirm page for modifying an instance
        """

        args = (self.cluster.slug, self.vm.hostname)
        url = '/cluster/%s/%s/edit/confirm' % args

        user = User(id=52, username='******')
        user.set_password('secret2')
        user.save()

        self.vm.owner = user.get_profile()
        self.vm.save()

        os_list = cluster_os_list(self.cluster)
        edit_form = dict(vcpus=2,
                         acpi=True,
                         disk_cache='default',
                         initrd_path='',
                         kernel_args='ro',
                         kvm_flag='',
                         mem_path='',
                         migration_downtime=30,
                         security_domain='',
                         security_model='none',
                         usb_mouse='',
                         use_chroot=False,
                         use_localtime=False,
                         vnc_bind_address='0.0.0.0',
                         vnc_tls=False,
                         vnc_x509_path='',
                         vnc_x509_verify=False,
                         memory=512,
                         os='image+debian-osgeo',
                         disk_type='paravirtual',
                         boot_order='disk',
                         nic_type='paravirtual',
                         nic_count=1,
                         nic_count_original=1,
                         nic_link_0='br0',
                         nic_mac_0='aa:bb:00:00:33:d2',
                         root_path='/dev/vda1',
                         kernel_path='/boot/vmlinuz-2.32.6-27-generic',
                         serial_console=True,
                         cdrom_image_path='',
                         notes="foo")

        # -- SESSION VARIABLES
        # Make sure session variables are set
        user.is_superuser = True
        user.save()
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        # edit_form
        response = self.c.get(url)
        self.assertEqual(400, response.status_code)
        session['edit_form'] = edit_form
        session.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_confirm.html')

        # session['os_list'] = os_list
        # session.save()
        user.revoke_all(self.vm)
        user.is_superuser = False
        user.save()
        self.c.logout()

        # -- GET
        # Anonymous User
        response = self.c.get(url)
        self.assertEqual(302, response.status_code)

        # User with Modify Permissions
        user.grant('modify', self.vm)
        self.assertFalse(user.is_superuser)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        session['edit_form'] = edit_form
        session['os_list'] = os_list
        session.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8',
                         response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_confirm.html')
        user.revoke_all(self.vm)
        self.c.logout()

        # User with Admin Permissions
        user.grant('admin', self.vm)
        self.assertFalse(user.is_superuser)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        session['edit_form'] = edit_form
        session['os_list'] = os_list
        session.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_confirm.html')
        user.revoke_all(self.vm)
        self.c.logout()

        # Superuser
        user.is_superuser = True
        user.save()
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        session['edit_form'] = edit_form
        session['os_list'] = os_list
        session.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_confirm.html')
        self.c.logout()
        user.is_superuser = False
        user.save()

        # -- POST
        data = {'rapi_dict': json.dumps(edit_form)}
        # Anonymous User
        response = self.c.post(url, data)
        self.assertEqual(302, response.status_code)

        for i in ('cancel', 'edit', 'save', 'reboot'):
            data[i] = True

            # Superuser
            user.is_superuser = True
            user.save()
            self.assertTrue(self.c.login(username=user.username,
                                         password='******'))
            session = self.c.session
            session['edit_form'] = edit_form
            session['os_list'] = os_list
            session.save()
            self.assertTrue(user.is_superuser)
            response = self.c.post(url, data)
            self.assertEqual(302, response.status_code)
            self.assertEqual('text/html; charset=utf-8',
                             response['content-type'])
            self.c.logout()
            user.is_superuser = False
            user.save()

            # User without Permissions
            self.assertTrue(self.c.login(username=user.username,
                                         password='******'))
            self.assertFalse(user.is_superuser)
            response = self.c.post(url, data)
            self.assertEqual(403, response.status_code)
            self.assertTrue(response.context['message'])
            self.assertEqual('text/html; charset=utf-8',
                             response['content-type'])
            self.assertTemplateUsed(response, '403.html')
            self.c.logout()

            # User with Modify Permissions
            user.grant('modify', self.vm)
            user.grant('power', self.vm)
            self.assertTrue(self.c.login(username=user.username,
                                         password='******'))
            session = self.c.session
            session['edit_form'] = edit_form
            session['os_list'] = os_list
            session.save()
            self.assertFalse(user.is_superuser)
            response = self.c.post(url, data)
            self.assertEqual(302, response.status_code)
            self.assertEqual('text/html; charset=utf-8',
                             response['content-type'])
            user.revoke_all(self.vm)
            self.c.logout()

            # User with Admin Permissions
            user.grant('admin', self.vm)
            self.assertTrue(self.c.login(username=user.username,
                                         password='******'))
            session = self.c.session
            session['edit_form'] = edit_form
            session['os_list'] = os_list
            session.save()
            self.assertFalse(user.is_superuser)
            response = self.c.post(url, data)
            self.assertEqual(302, response.status_code)
            self.assertEqual('text/html; charset=utf-8',
                             response['content-type'])
            user.revoke_all(self.vm)
            self.c.logout()

            del data[i]
Beispiel #18
0
class ImportViews(TestCase):

    def setUp(self):
        self.tearDown()

        models.client.GanetiRapiClient = RapiProxy

        self.user = User(id=2, username='******')
        self.user.set_password('secret')
        self.user.save()

        self.group = Group(name='testing_group')
        self.group.save()

        self.cluster0 = Cluster(hostname='test0', slug='OSL_TEST0')
        self.cluster0.save()
        self.cluster1 = Cluster(hostname='test1', slug='OSL_TEST1')
        self.cluster1.save()

        self.vm0 = VirtualMachine(hostname='vm0', cluster=self.cluster0)
        self.vm1 = VirtualMachine(hostname='vm1', cluster=self.cluster0,
                                  owner=self.user.get_profile())
        #self.vm2 = VirtualMachine(hostname='vm2', cluster=cluster0)
        self.vm3 = VirtualMachine(hostname='vm3', cluster=self.cluster1)
        self.vm4 = VirtualMachine(hostname='vm4', cluster=self.cluster1,
                                  owner=self.user.get_profile())
        #self.vm5 = VirtualMachine(hostname='vm5', cluster=cluster1)
        self.vm0.save()
        self.vm1.save()
        self.vm3.save()
        self.vm4.save()

        self.c = Client()
        self.owner = self.user.get_profile()

    def tearDown(self):
        VirtualMachine.objects.all().delete()
        Cluster.objects.all().delete()
        Organization.objects.all().delete()
        Profile.objects.all().delete()
        User.objects.all().delete()
        Group.objects.all().delete()

    def test_orphans_view(self):
        """
        Test orphans view
        """
        url='/import/orphans/'

        # anonymous user
        response = self.c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(self.c.login(username=self.user.username, password='******'))
        response = self.c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized get (cluster admin perm)
        self.user.grant('admin', self.cluster0)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertEqual([(self.vm0.id, 'test0', 'vm0')], response.context['vms'])
        self.user.revoke_all(self.cluster0)

        # authorized get (superuser)
        self.user.is_superuser = True
        self.user.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertEqual([(self.vm0.id, 'test0', 'vm0'), (self.vm3.id, 'test1', 'vm3')], response.context['vms'])
        self.user.is_superuser = False
        self.user.save()

        # POST - invalid vm
        self.user.grant('admin', self.cluster0)
        data = {'virtual_machines':[-1], 'owner':self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertTrue(response.context['form'].errors)

        # POST - invalid owner
        data = {'virtual_machines':[self.vm0.id], 'owner':-1}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertTrue(response.context['form'].errors)

        # POST - user does not have perms for cluster
        data = {'virtual_machines':[self.vm3.id], 'owner':self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertTrue(response.context['form'].errors)

        # POST - success
        data = {'virtual_machines':[self.vm0.id], 'owner':self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/orphans.html')
        self.assertFalse(response.context['form'].errors)
        self.assertEqual([], response.context['vms'])

    def test_missing_ganeti(self):
        """
        Tests view for Virtual Machines missing from ganeti
        """
        url = '/import/missing/'
        self.cluster0.rapi.GetInstances.response = ['vm0','vm2']
        self.cluster1.rapi.GetInstances.response = ['vm3','vm5']

        # anonymous user
        response = self.c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(self.c.login(username=self.user.username, password='******'))
        response = self.c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized get (cluster admin perm)
        self.user.grant('admin', self.cluster0)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertEqual([('vm1','test0','vm1')], response.context['vms'])
        self.user.revoke_all(self.cluster0)

        # authorized get (superuser)
        self.user.is_superuser = True
        self.user.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertEqual([('vm1','test0','vm1'), ('vm4','test1','vm4')], response.context['vms'])
        self.user.is_superuser = False
        self.user.save()

        # POST - invalid vm
        self.user.grant('admin', self.cluster0)
        data = {'virtual_machines':[-1]}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertTrue(response.context['form'].errors)

        # POST - user does not have perms for cluster
        data = {'virtual_machines':[self.vm3.hostname]}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertTrue(response.context['form'].errors)

        # POST - success
        data = {'virtual_machines':['vm1']}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing.html')
        self.assertFalse(response.context['form'].errors)
        self.assertEqual([], response.context['vms'])

    def test_missing_db(self):
        """
        Tests view for Virtual Machines missing from database
        """
        url = '/import/missing_db/'
        self.cluster0.rapi.GetInstances.response = ['vm0','vm2']
        self.cluster1.rapi.GetInstances.response = ['vm3','vm5']

        # anonymous user
        response = self.c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(self.c.login(username=self.user.username, password='******'))
        response = self.c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized get (cluster admin perm)
        self.user.grant('admin', self.cluster0)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertEqual([('1:vm2','test0','vm2')], response.context['vms'])
        self.user.revoke_all(self.cluster0)

        # authorized get (superuser)
        self.user.is_superuser = True
        self.user.save()
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertEqual([('1:vm2','test0','vm2'), ('2:vm5','test1','vm5')], response.context['vms'])
        self.user.is_superuser = False
        self.user.save()

        # POST - invalid vm
        self.user.grant('admin', self.cluster0)
        data = {'virtual_machines':[-1]}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertTrue(response.context['form'].errors)

        # POST - invalid owner
        data = {'virtual_machines':[self.vm0.id], 'owner':-1}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertTrue(response.context['form'].errors)

        # POST - user does not have perms for cluster
        data = {'virtual_machines':[self.vm3.hostname], 'owner':self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertTrue(response.context['form'].errors)

        # POST - success
        data = {'virtual_machines':['1:vm2'], 'owner':self.owner.id}
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/importing/missing_db.html')
        self.assertFalse(response.context['form'].errors)
        self.assertEqual([], response.context['vms'])
        self.assertTrue(VirtualMachine.objects.filter(hostname='vm2').exists())
Beispiel #19
0
    def test_view_modify(self):
        """
        Test modifying an instance
        """

        args = (self.cluster.slug, self.vm.hostname)
        url = '/cluster/%s/%s/edit' % args

        user = User(id=52, username='******')
        user.set_password('secret2')
        user.save()

        # -- GET
        # Anonymous User
        response = self.c.get(url)
        self.assertEqual(302, response.status_code)

        # User with Modify Permissions
        user.grant('modify', self.vm)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        self.assertFalse(user.is_superuser)
        self.assertTrue(user.has_perm('modify', self.vm))
        self.assertFalse(user.has_perm('admin', self.vm))
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_kvm.html')
        user.revoke_all(self.vm)
        self.c.logout()

        # User with Admin Permissions
        user.grant('admin', self.vm)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        self.assertFalse(user.is_superuser)
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_kvm.html')
        user.revoke_all(self.vm)
        self.c.logout()

        # Superuser
        user.is_superuser = True
        user.save()
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        response = self.c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_kvm.html')
        self.c.logout()
        user.is_superuser = False
        user.save()

        # -- POST
        os_list = cluster_os_list(self.cluster)
        data = dict(vcpus=2,
                    acpi=True,
                    disk_cache='default',
                    initrd_path='',
                    kernel_args='ro',
                    kvm_flag='',
                    mem_path='',
                    migration_downtime=30,
                    security_domain='',
                    security_model='none',
                    usb_mouse='',
                    use_chroot=False,
                    use_localtime=False,
                    vnc_bind_address='0.0.0.0',
                    vnc_tls=False,
                    vnc_x509_path='',
                    vnc_x509_verify=False,
                    memory=512,
                    os='image+debian-osgeo',
                    disk_type='paravirtual',
                    boot_order='disk',
                    nic_type='paravirtual',
                    nic_count=1,
                    nic_count_original=1,
                    nic_link_0='br0',
                    nic_mac_0='aa:bb:00:00:33:d2',
                    root_path='/dev/vda1',
                    kernel_path='/boot/vmlinuz-2.32.6-27-generic',
                    serial_console=True,
                    cdrom_image_path='',
                    cdrom2_image_path='')

        # Required Values
        user.grant('modify', self.vm)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        session['os_list'] = os_list
        session.save()
        for property in ['vcpus', 'memory', 'disk_type', 'boot_order',
                         'nic_type']:
            data_ = data.copy()
            del data_[property]
            self.assertFalse(user.is_superuser)
            response = self.c.post(url, data_)
            # If failure then a field that is not required by the model, but
            #  should be required by the form, is not being required by
            #  the form. See the ModifyVirtualMachineForm.required field.
            self.assertNotEqual(response.context['form'][property].errors,
                                [], msg=property)
            self.assertEqual(200, response.status_code)  # 302 if success (BAD)
            self.assertEqual('text/html; charset=utf-8',
                             response['content-type'])
            self.assertTemplateUsed(response,
                                    'ganeti/virtual_machine/edit_kvm.html')
        self.c.logout()
        user.revoke_all(self.vm)

        # Anonymous User
        response = self.c.post(url, data)
        self.assertEqual(302, response.status_code)

        # Superuser
        user.is_superuser = True
        user.save()
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        self.assertTrue(user.is_superuser)
        session = self.c.session
        session['os_list'] = os_list
        session.save()
        response = self.c.post(url, data)
        self.assertEqual(302, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.c.logout()
        user.is_superuser = False
        user.save()

        # User without Permissions
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        self.assertFalse(user.is_superuser)
        session = self.c.session
        session['os_list'] = os_list
        session.save()
        response = self.c.post(url, data)
        self.assertEqual(403, response.status_code)
        self.assertTrue(response.context['message'])
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, '403.html')
        self.c.logout()

        # User with Modify Permissions
        user.grant('modify', self.vm)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        self.assertFalse(user.is_superuser)
        session = self.c.session
        session['os_list'] = os_list
        session.save()
        response = self.c.post(url, data)
        self.assertEqual(302, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        user.revoke_all(self.vm)
        self.c.logout()

        # User with Admin Permissions
        user.grant('admin', self.vm)
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        self.assertFalse(user.is_superuser)
        session = self.c.session
        session['os_list'] = os_list
        session.save()
        response = self.c.post(url, data)
        self.assertEqual(302, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        user.revoke_all(self.vm)
        self.c.logout()
Beispiel #20
0
class TestGroupViews(TestCase):

    def setUp(self):
        self.anonymous = User(id=1, username='******')
        self.anonymous.save()
        settings.ANONYMOUS_USER_ID = 1

        self.user0 = User(id=2, username='******')
        self.user0.set_password('secret')
        self.user0.save()
        self.user1 = User(id=3, username='******')
        self.user1.set_password('secret')
        self.user1.save()

    def tearDown(self):
        self.anonymous.delete()
        self.user0.delete()
        self.user1.delete()

    def test_save(self, name='test'):
        """ Test saving an Group """
        group = Group(name=name)
        group.save()
        return group

    def test_view_list(self):
        """
        Test viewing list of Groups
        """
        group = self.test_save()
        group0 = self.test_save(name='group1')
        group1 = self.test_save(name='group2')
        group2 = self.test_save(name='group3')
        c = Client()
        url = '/groups/'

        # anonymous user
        response = c.get(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user (user with admin on no groups)
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.get(url)
        self.assertEqual(403, response.status_code)

        # authorized (permission)
        self.user0.grant('admin', group)
        self.user0.grant('admin', group1)
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/list.html')
        groups = response.context['groups']
        self.assertTrue(group in groups)
        self.assertTrue(group1 in groups)
        self.assertEqual(2, len(groups))

        # authorized (superuser)
        self.user0.revoke('admin', group0)
        self.user0.revoke('admin', group1)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.get(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/list.html')
        groups = response.context['groups']
        self.assertTrue(group in groups)
        self.assertTrue(group0 in groups)
        self.assertTrue(group1 in groups)
        self.assertTrue(group2 in groups)
        self.assertEqual(4, len(groups))

    def test_view_detail(self):
        """
        Test Viewing the detail for a Group

        Verifies:
            * 200 returned for valid group
            * 404 returned for invalid group
        """
        group = self.test_save()
        c = Client()
        url = '/group/%s/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)

        # invalid user group
        response = c.get(url % "DoesNotExist")
        self.assertEqual(404, response.status_code)

        # authorized (permission)
        grant(self.user0, 'admin', group)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/detail.html')

        # authorized (superuser)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/detail.html')

    def test_view_edit(self):
        group = self.test_save()
        c = Client()
        url = '/group/%s/edit/'

        # anonymous user
        response = c.post(url % group.id, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.post(url % group.id)
        self.assertEqual(403, response.status_code)

        # invalid group
        response = c.post(url % "DoesNotExist")
        self.assertEqual(404, response.status_code)

        # get form - authorized (permission)
        # XXX need to implement Class wide permission for creating editing groups
        #grant(user, 'admin', group)
        #response = c.post(url % group.id)
        #self.assertEqual(200, response.status_code)
        #self.assertEquals('text/html; charset=utf-8', response['content-type'])
        #self.assertTemplateUsed(response, 'group/edit.html')

        # get form - authorized (permission)
        grant(self.user0, 'admin', group)
        response = c.post(url % group.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # get form - authorized (superuser)
        self.user0.revoke('admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.post(url % group.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # missing name
        data = {'id':group.id}
        response = c.post(url % group.id, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])

        # setup signal
        self.signal_editor = self.signal_group = None
        def callback(sender, editor, **kwargs):
            self.signal_user = self.user0
            self.signal_group = sender
        view_group_edited.connect(callback)

        # successful edit
        data = {'id':group.id, 'name':'EDITED_NAME'}

        response = c.post(url % group.id, data)
        self.assertRedirects(response, '/group/%s' % group.pk)
        group = Group.objects.get(id=group.id)
        self.assertEqual('EDITED_NAME', group.name)

        # check signal set properties
        self.assertEqual(group, self.signal_group)
        self.assertEqual(self.user0, self.signal_user)

    def test_view_create(self):
        """
        Test creating a new Group
        """
        group = self.test_save()
        c = Client()
        url = '/group/add/'

        # anonymous user
        response = c.post(url, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.post(url)
        self.assertEqual(403, response.status_code)

        # get form - authorized (permission)
        # XXX need to implement Class level permissions
        #grant(user, 'admin', group)
        #response = c.post(url % group.id)
        #self.assertEqual(200, response.status_code)
        #self.assertEquals('text/html; charset=utf-8', response['content-type'])
        #self.assertTemplateUsed(response, 'group/edit.html')

        # get form - authorized (superuser)
        self.user0.revoke('admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.post(url)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # missing name
        response = c.post(url, {'name':''})
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/edit.html')

        # setup signal
        self.signal_editor = self.signal_group = None
        def callback(sender, editor, **kwargs):
            self.signal_user = self.user0
            self.signal_group = sender
        view_group_created.connect(callback)

        # successful edit
        data = {'name':'ADD_NEW_GROUP'}
        response = c.post(url, data)
        group = Group.objects.get(name='ADD_NEW_GROUP')
        self.assertRedirects(response, '/group/%s' % group.pk)

        self.assertTrue(Group.objects.filter(name='ADD_NEW_GROUP').exists())

        # check signal set properties
        self.assertEqual(group, self.signal_group)
        self.assertEqual(self.user0, self.signal_user)

    def test_view_delete(self):
        """
        Test deleting a group

        Verifies:
            * group is deleted
            * all associated permissions are deleted
        """
        group0 = self.test_save()
        group1 = self.test_save(name='test2')
        c = Client()
        url = '/group/%s/edit/'

        # anonymous user
        response = c.delete(url % group0.id, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.delete(url % group0.id)
        self.assertEqual(403, response.status_code)

        # invalid group
        response = c.delete(url % "DoesNotExist")
        self.assertEqual(404, response.status_code)

        # get form - authorized (permission)
        grant(self.user0, 'admin', group0)
        response = c.delete(url % group0.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(Group.objects.filter(id=group0.id).exists())
        self.assertEqual('1', response.content)

        # setup signal
        self.signal_editor = self.signal_group = None
        def callback(sender, editor, **kwargs):
            self.signal_user = self.user0
            self.signal_group = sender
        view_group_deleted.connect(callback)

        # get form - authorized (superuser)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.delete(url % group1.id)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(Group.objects.filter(id=group1.id).exists())
        self.assertEqual('1', response.content)

        # check signal set properties
        self.assertEqual(group1.name, self.signal_group.name)
        self.assertEqual(self.user0, self.signal_user)

    def test_view_add_user(self):
        """
        Test view for adding a user:

        Verifies:
            * request from unauthorized user results in 403
            * GET returns a 200 code, response is html
            * POST with a user id adds user, response is html for user
            * POST without user id returns error as json
            * POST for invalid user id returns error as json
            * adding user a second time returns error as json
        """
        group = self.test_save()
        c = Client()
        url = '/group/%d/user/add/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorized get (perm granted)
        grant(self.user0, 'admin', group)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # authorized get (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # missing user id
        response = c.post(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # invalid user
        response = c.post(url % args, {'user':0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None
        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_add_user.connect(callback)

        # valid post
        data = {'user':self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'muddle/group/user_row.html')
        self.assertTrue(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_add_user.disconnect(callback)

        # same user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)

    def test_view_remove_user(self):
        """
        Test view for adding a user:

        Verifies:
            * GET redirects user to 405
            * POST with a user id remove user, returns 1
            * POST without user id returns error as json
            * users lacking perms receive 403
            * removing user not in group returns error as json
            * removing user that does not exist returns error as json
            * user loses all permissions when removed from group
        """
        group = self.test_save()
        c = Client()
        group.user_set.add(self.user0)
        url = '/group/%d/user/remove/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # invalid permissions
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorize and login
        grant(self.user0, 'admin', group)

        # invalid method
        response = c.get(url % args)
        self.assertEqual(405, response.status_code)

        # valid request (perm)
        data = {'user':self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertEqual([], self.user0.get_perms(group))

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None
        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_remove_user.connect(callback)

        # valid request (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        group.user_set.add(self.user0)
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_remove_user.disconnect(callback)

        # remove user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertNotEqual('1', response.content)

        # remove invalid user
        response = c.post(url % args, {'user':0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('1', response.content)
Beispiel #21
0
    def test_view_modify_confirm_quota_over(self):
        args = (self.cluster.slug, self.vm.hostname)
        url = '/cluster/%s/%s/edit/confirm' % args

        user = User(id=52, username='******')
        user.set_password('secret2')
        user.save()
        user.grant('modify', self.vm)
        profile = user.get_profile()
        self.vm.owner = profile
        self.vm.save()

        self.cluster.set_quota(profile, dict(ram=1000, disk=2000,
                                             virtual_cpus=10))

        os_list = cluster_os_list(self.cluster)
        edit_form = dict(vcpus=2000,
                         acpi=True,
                         disk_cache='default',
                         initrd_path='',
                         kernel_args='ro',
                         kvm_flag='',
                         mem_path='',
                         migration_downtime=30,
                         security_domain='',
                         security_model='none',
                         usb_mouse='',
                         use_chroot=False,
                         use_localtime=False,
                         vnc_bind_address='0.0.0.0',
                         vnc_tls=False,
                         vnc_x509_path='',
                         vnc_x509_verify=False,
                         memory=512,
                         os='image+debian-osgeo',
                         disk_type='paravirtual',
                         boot_order='disk',
                         nic_type='paravirtual',
                         nic_count=1,
                         nic_count_original=1,
                         nic_link_0='br0',
                         nic_mac_0='aa:bb:00:00:33:d2',
                         root_path='/dev/vda1',
                         kernel_path='/boot/vmlinuz-2.32.6-27-generic',
                         serial_console=True,
                         cdrom_image_path='')
        data = {'rapi_dict': json.dumps(edit_form), 'save': True}

        # regular user
        self.assertTrue(self.c.login(username=user.username,
                                     password='******'))
        session = self.c.session
        session['edit_form'] = edit_form
        session['os_list'] = os_list
        session.save()
        response = self.c.post(url, data)
        self.assertEqual(200, response.status_code)
        self.assertEqual('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'ganeti/virtual_machine/edit_confirm.html')
        self.c.logout()
Beispiel #22
0
class TestNewVirtualMachineFormInit(TestCase, VirtualMachineTestCaseMixin):

    def setUp(self):
        self.user = User(id=67, username='******')
        self.user.set_password('secret')
        self.user.save()
        self.user1 = User(id=70, username='******')
        self.user1.set_password('secret')
        self.user1.save()
        self.group = Group(id=45, name='testing_group')
        self.group.save()

        models.client.GanetiRapiClient = RapiProxy
        self.cluster0 = Cluster.objects.create(hostname='test0', slug='test0')
        self.cluster1 = Cluster.objects.create(hostname='test1', slug='test1')
        self.cluster2 = Cluster.objects.create(hostname='test2', slug='test2')
        self.cluster3 = Cluster.objects.create(hostname='test3', slug='test3')
        self.cluster0.sync_nodes()

        # Give each cluster write permissions, and set it's info
        for cluster in (self.cluster0, self.cluster1, self.cluster2,
                        self.cluster3):
            cluster.username = self.user.username
            cluster.password = '******'
            cluster.info = INFO
            cluster.save()

    def tearDown(self):
        User.objects.all().delete()
        Group.objects.all().delete()
        VirtualMachine.objects.all().delete()
        Cluster.objects.all().delete()

    def test_default_choices(self):
        """
        Test that ChoiceFields have the correct default options
        """
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([(u'', u'---------')],
            form.fields['nic_type'].choices)
        self.assertEqual([(u'', u'---------'),
            (u'routed', u'routed'),
            (u'bridged', u'bridged')],
            form.fields['nic_mode_0'].choices)
        self.assertEqual([(u'', u'---------')],
            form.fields['boot_order'].choices)
        self.assertEqual([(u'', u'---------'),
            (u'plain', u'plain'),
            (u'drbd', u'drbd'),
            (u'file', u'file'),
            (u'diskless', u'diskless')],
            form.fields['disk_template'].choices)

    def test_init_and_data_params(self):
        """
        Tests that passing initial does not trigger validation

        Verifies:
            * Passing data (arg[0]) will trigger validation
            * Passing initial will not trigger validation
        """
        form = NewVirtualMachineForm(self.user, initial={})
        self.assertEqual({}, form.errors)

        form = NewVirtualMachineForm(self.user, {})
        self.assertNotEqual({}, form.errors)

    def test_cluster_init(self):
        """
        Tests initializing a form with a Cluster

        Verifies:
            * cluster choices are set correctly
            * node choices are set correctly
        """

        # no cluster
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([(u'', u'---------')], form.fields['pnode'].choices)
        self.assertEqual([(u'', u'---------')], form.fields['snode'].choices)
        self.assertEqual([(u'', u'---------')], form.fields['os'].choices)

        # cluster from initial data
        form = NewVirtualMachineForm(self.user, {'cluster': self.cluster0.id})
        self.assertEqual(set([(u'', u'---------'), (u'gtest1.example.bak', u'gtest1.example.bak'), (u'gtest2.example.bak', u'gtest2.example.bak'), (u'gtest3.example.bak', u'gtest3.example.bak')]), set(form.fields['pnode'].choices))
        self.assertEqual(set([(u'', u'---------'), (u'gtest1.example.bak', u'gtest1.example.bak'), (u'gtest2.example.bak', u'gtest2.example.bak'), (u'gtest3.example.bak', u'gtest3.example.bak')]), set(form.fields['snode'].choices))
        self.assertEqual(form.fields['os'].choices,
            [
                (u'', u'---------'),
                ('Image',
                    [('image+debian-osgeo', 'Debian Osgeo'),
                    ('image+ubuntu-lucid', 'Ubuntu Lucid')]
                )
            ]
        )

        # cluster from initial data
        form = NewVirtualMachineForm(self.user, {'cluster':self.cluster0.id})
        self.assertEqual(set([(u'', u'---------'), (u'gtest1.example.bak', u'gtest1.example.bak'), (u'gtest2.example.bak', u'gtest2.example.bak'), (u'gtest3.example.bak', u'gtest3.example.bak')]), set(form.fields['pnode'].choices))
        self.assertEqual(set([(u'', u'---------'), (u'gtest1.example.bak', u'gtest1.example.bak'), (u'gtest2.example.bak', u'gtest2.example.bak'), (u'gtest3.example.bak', u'gtest3.example.bak')]), set(form.fields['snode'].choices))
        self.assertEqual(form.fields['os'].choices,
            [
                (u'', u'---------'),
                ('Image',
                    [('image+debian-osgeo', 'Debian Osgeo'),
                    ('image+ubuntu-lucid', 'Ubuntu Lucid')]
                )
            ]
        )

    def test_cluster_choices_init(self):
        """
        Tests that cluster choices are based on User permissions

        Verifies:
            * superusers have all Clusters as choices
            * if owner is set, only display clusters the owner has permissions
              directly on.  This includes both users and groups
            * if no owner is set, choices include clusters that the user has
              permission directly on, or through a group
        """

        # no owner, no permissions
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(set([(u'', u'---------')]), set(form.fields['cluster'].choices))

        # no owner, group and direct permissions
        self.user.grant('admin', self.cluster0)
        self.user.grant('create_vm', self.cluster1)
        self.group.grant('admin', self.cluster2)
        self.group.user_set.add(self.user)
        self.assertEqual(set([(u'', u'---------'), (self.cluster0.pk, u'test0'), (self.cluster1.pk, u'test1'), (self.cluster2.pk, u'test2')]), set(form.fields['cluster'].choices))
        self.user.revoke_all(self.cluster0)
        self.user.revoke_all(self.cluster1)
        self.group.revoke_all(self.cluster2)

        # owner, user with no choices
        form = NewVirtualMachineForm(self.user, initial={'owner':self.user.get_profile().id})
        self.assertEqual(set([(u'', u'---------')]), set(form.fields['cluster'].choices))

        # owner, user with choices
        self.user.grant('admin', self.cluster0)
        self.user.grant('create_vm', self.cluster1)
        form = NewVirtualMachineForm(self.user, initial={'owner':self.user.get_profile().id})
        self.assertEqual(set([(u'', u'---------'), (self.cluster0.pk, u'test0'), (self.cluster1.pk, u'test1')]), set(form.fields['cluster'].choices))

        # owner, group with no choices
        form = NewVirtualMachineForm(self.user, initial={'owner':self.group.organization.id})
        self.assertEqual(set([(u'', u'---------')]), set(form.fields['cluster'].choices))

        # owner, group with choices
        self.group.grant('admin', self.cluster2)
        self.group.grant('create_vm', self.cluster3)
        form = NewVirtualMachineForm(self.user, initial={'owner':self.group.organization.id})
        self.assertEqual(set([(u'', u'---------'), (self.cluster2.pk, u'test2'), (self.cluster3.pk, u'test3')]), set(form.fields['cluster'].choices))

        # user - superuser
        self.user.is_superuser = True
        self.user.save()
        form = NewVirtualMachineForm(self.user, initial={'owner':self.user.get_profile().id})
        self.assertEqual(set([(u'', u'---------'), (self.cluster0.pk, u'test0'), (self.cluster1.pk, u'test1'), (self.cluster2.pk, u'test2'), (self.cluster3.pk, u'test3')]), set(form.fields['cluster'].choices))

        # group - superuser
        form = NewVirtualMachineForm(self.user, initial={'owner':self.group.organization.id})
        self.assertEqual(set([(u'', u'---------'), (self.cluster0.pk, u'test0'), (self.cluster1.pk, u'test1'), (self.cluster2.pk, u'test2'), (self.cluster3.pk, u'test3')]), set(form.fields['cluster'].choices))

    def test_owner_choices_init(self):
        """
        Tests that owner choices are set based on User permissions

        Verifies:
            * superusers have all clusterusers as choices
            * user receives themselves as a choice if they have perms
            * user receives all groups they are a member of
        """

        # user with no choices
        form = NewVirtualMachineForm(self.user)
        self.assertEqual([(u'', u'---------')], form.fields['owner'].choices)

        # user with perms on self, no groups
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(
            [
                (u'', u'---------'),
                (self.user.profile.id, u'tester0'),
            ], form.fields['owner'].choices)
        self.user.set_perms(['create_vm'], self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(
            [
                (u'', u'---------'),
                (self.user.profile.id, u'tester0'),
            ], form.fields['owner'].choices)

        # user with perms on self and groups
        self.group.user_set.add(self.user)
        self.group.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(
            [
                (u'', u'---------'),
                (self.group.organization.id, u'testing_group'),
                (self.user.profile.id, u'tester0'),
            ], form.fields['owner'].choices)
        self.user.revoke_all(self.cluster0)

        # user with no perms on self, but groups
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(
            [
                (u'', u'---------'),
                (self.group.organization.id, u'testing_group'),
            ], form.fields['owner'].choices)
        self.group.set_perms(['create_vm'], self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(
            [
                (u'', u'---------'),
                (self.group.organization.id, u'testing_group'),
            ], form.fields['owner'].choices)
        self.group.revoke_all(self.cluster0)

        # superuser
        self.user.is_superuser = True
        self.user.save()
        form = NewVirtualMachineForm(self.user)
        self.assertEqual(
            [
                (u'', u'---------'),
                (self.user.profile.id, u'tester0'),
                (self.user1.profile.id, u'tester1'),
                (self.group.organization.id, u'testing_group'),
            ], list(form.fields['owner'].choices))

    def test_default_disks(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertTrue('disk_size_0' in form.fields)
        self.assertFalse('disk_size_1' in form.fields)

    def test_no_disks(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(disk_count=0))
        self.assertFalse('disk_size_0' in form.fields)
        self.assertFalse('disk_size_1' in form.fields)

    def test_single_disk(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(disk_count=1))
        self.assertTrue('disk_size_0' in form.fields)
        self.assertFalse('disk_size_1' in form.fields)

    def test_multiple_disks(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(disk_count=2))
        self.assertTrue('disk_size_0' in form.fields)
        self.assertTrue('disk_size_1' in form.fields)

    def test_multiple_disks_from_dict(self):
        self.user.grant('admin', self.cluster0)
        initial = dict(disks=[dict(size=123), dict(size=456)])
        form = NewVirtualMachineForm(self.user, initial)
        self.assertTrue('disk_size_0' in form.fields)
        self.assertTrue('disk_size_1' in form.fields)
        
        data = form.data
        self.assertEqual(2, data['disk_count'])
        self.assertEqual(123, data['disk_size_0'])
        self.assertEqual(456, data['disk_size_1'])

    def test_default_nics(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user)
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertFalse('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertFalse('nic_link_1' in form.fields)

    def test_no_nics(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(nic_count=0))
        self.assertFalse('nic_mode_0' in form.fields)
        self.assertFalse('nic_mode_1' in form.fields)
        self.assertFalse('nic_link_0' in form.fields)
        self.assertFalse('nic_link_1' in form.fields)

    def test_single_nic(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(nic_count=1))
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertFalse('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertFalse('nic_link_1' in form.fields)

    def test_multiple_nics(self):
        self.user.grant('admin', self.cluster0)
        form = NewVirtualMachineForm(self.user, dict(nic_count=2))
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertTrue('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertTrue('nic_link_1' in form.fields)

    def test_multiple_nics_from_dict(self):
        self.user.grant('admin', self.cluster0)
        initial = dict(nics=[dict(mode=123, link='br0'), dict(mode=456, link='br1')])
        form = NewVirtualMachineForm(self.user, initial)
        self.assertTrue('nic_mode_0' in form.fields)
        self.assertTrue('nic_mode_1' in form.fields)
        self.assertTrue('nic_link_0' in form.fields)
        self.assertTrue('nic_link_1' in form.fields)

        data = form.data
        self.assertEqual(2, data['nic_count'])
        self.assertEqual(123, data['nic_mode_0'])
        self.assertEqual(456, data['nic_mode_1'])
        self.assertEqual('br0', data['nic_link_0'])
        self.assertEqual('br1', data['nic_link_1'])