Beispiel #1
0
    def test_get_quota(self):
        """
        Tests cluster.get_quota() method

        Verifies:
            * if no user is passed, return default quota values
            * if user has quota, return values from Quota
            * if user doesn't have quota, return default cluster values
        """
        default_quota = {'default': 1, 'ram': 1,
                         'virtual_cpus': None, 'disk': 3}
        user_quota = {'default': 0, 'ram': 4, 'virtual_cpus': 5, 'disk': None}

        cluster = Cluster(hostname='foo.fake.hostname')
        cluster.__dict__.update(default_quota)
        cluster.save()
        user = User(username='******')
        user.save()

        # default quota
        self.assertEqual(default_quota, cluster.get_quota())

        # user without quota, defaults to default
        self.assertEqual(default_quota, cluster.get_quota(user.get_profile()))

        # user with custom quota
        quota = Quota(cluster=cluster, user=user.get_profile())
        quota.__dict__.update(user_quota)
        quota.save()
        self.assertEqual(user_quota, cluster.get_quota(user.get_profile()))

        quota.delete()
        cluster.delete()
        user.delete()
Beispiel #2
0
    def test_get_quota(self):
        """
        Tests cluster.get_quota() method

        Verifies:
            * if no user is passed, return default quota values
            * if user has quota, return values from Quota
            * if user doesn't have quota, return default cluster values
        """
        default_quota = {
            'default': 1,
            'ram': 1,
            'virtual_cpus': None,
            'disk': 3
        }
        user_quota = {'default': 0, 'ram': 4, 'virtual_cpus': 5, 'disk': None}

        cluster = Cluster(hostname='foo.fake.hostname')
        cluster.__dict__.update(default_quota)
        cluster.save()
        user = User(username='******')
        user.save()

        # default quota
        self.assertEqual(default_quota, cluster.get_quota())

        # user without quota, defaults to default
        self.assertEqual(default_quota, cluster.get_quota(user.get_profile()))

        # user with custom quota
        quota = Quota(cluster=cluster, user=user.get_profile())
        quota.__dict__.update(user_quota)
        quota.save()
        self.assertEqual(user_quota, cluster.get_quota(user.get_profile()))

        quota.delete()
        cluster.delete()
        user.delete()
Beispiel #3
0
    def test_view_group_permissions(self):
        """
        Test editing Group permissions on a Cluster
        """
        args = (self.cluster.slug, self.group.id)
        args_post = self.cluster.slug
        url = "/cluster/%s/permissions/group/%s"
        url_post = "/cluster/%s/permissions/"

        # anonymous user
        response = self.c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(self.c.login(username=self.unauthorized.username,
                                     password='******'))
        response = self.c.get(url % args)
        self.assertEqual(403, response.status_code)

        # nonexisent cluster
        response = self.c.get(url % ("DOES_NOT_EXIST", self.group.id))
        self.assertEqual(404, response.status_code)

        # valid GET authorized user (perm)
        self.assertTrue(self.c.login(username=self.cluster_admin.username,
                                     password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')
        self.user.revoke('admin', self.cluster)

        # valid GET authorized user (superuser)
        self.assertTrue(self.c.login(username=self.superuser.username,
                                     password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')

        # invalid group
        response = self.c.get(url % (self.cluster.slug, 0))
        self.assertEqual(404, response.status_code)

        # invalid group (POST)
        data = {
            'permissions': ['admin'],
            'group': -1,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # no group (POST)
        data = {
            'permissions': ['admin'],
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # valid POST group has permissions
        self.group.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'group': self.group.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/cluster/group_row.html')
        self.assertEqual(['admin'], self.group.get_perms(self.cluster))

        # add quota to the group
        user_quota = {'default': 0, 'ram': 51,
                      'virtual_cpus': 10, 'disk': 3000}
        quota = Quota(cluster=self.cluster, user=self.group.organization)
        quota.__dict__.update(user_quota)
        quota.save()
        self.assertEqual(user_quota,
                         self.cluster.get_quota(self.group.organization))

        # valid POST group has no permissions left
        data = {
            'permissions': [],
            'group': self.group.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual([], self.group.get_perms(self.cluster))
        self.assertEqual('"group_%s"' % self.group.id, response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.group.organization)['default']
        )
        self.assertFalse(self.group.organization.quotas.all().exists())

        # no permissions specified - user with no quota
        self.group.grant('create_vm', self.cluster)
        self.cluster.set_quota(self.group.organization, None)
        data = {
            'permissions': [],
            'group': self.group.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.group.organization)['default']
        )
        self.assertFalse(self.group.organization.quotas.all().exists())
Beispiel #4
0
    def test_view_user_permissions(self):
        """
        Tests updating users permissions

        Verifies:
            * anonymous user returns 403
            * lack of permissions returns 403
            * nonexistent cluster returns 404
            * invalid user returns 404
            * invalid group returns 404
            * missing user and group returns error as json
            * GET returns html for form
            * If user/group has permissions no html is returned
            * If user/group has no permissions a
              json response of -1 is returned
        """
        args = (self.cluster.slug, self.user.id)
        args_post = self.cluster.slug
        url = "/cluster/%s/permissions/user/%s"
        url_post = "/cluster/%s/permissions/"

        # anonymous user
        response = self.c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(self.c.login(username=self.unauthorized.username,
                                     password='******'))
        response = self.c.get(url % args)
        self.assertEqual(403, response.status_code)

        # nonexisent cluster
        response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id))
        self.assertEqual(404, response.status_code)

        # valid GET authorized user (perm)
        self.assertTrue(self.c.login(username=self.cluster_admin.username,
                                     password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')

        # valid GET authorized user (superuser)
        self.assertTrue(self.c.login(username=self.superuser.username,
                                     password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')

        # invalid user
        response = self.c.get(url % (self.cluster.slug, -1))
        self.assertEqual(404, response.status_code)

        # invalid user (POST)
        self.user.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'user': -1,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # no user (POST)
        # XXX double-grant?
        self.user.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # valid POST user has permissions
        # XXX triple-grant?!
        self.user.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'user': self.user.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html')
        self.assertTrue(self.user.has_perm('admin', self.cluster))
        self.assertFalse(self.user.has_perm('create_vm', self.cluster))

        # add quota to the user
        user_quota = {'default': 0, 'ram': 51,
                      'virtual_cpus': 10, 'disk': 3000}
        quota = Quota(cluster=self.cluster, user=self.user.get_profile())
        quota.__dict__.update(user_quota)
        quota.save()
        self.assertEqual(user_quota,
                         self.cluster.get_quota(self.user.get_profile()))

        # valid POST user has no permissions left
        data = {
            'permissions': [],
            'user': self.user.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual([], get_user_perms(self.user, self.cluster))
        # XXX this is too hardcoded and can spuriously fail
        self.assertEqual('"user_2"', response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.user.get_profile())['default']
        )
        self.assertFalse(self.user.get_profile().quotas.all().exists())

        # no permissions specified - user with no quota
        # XXX quadra-grant!!!
        self.user.grant('create_vm', self.cluster)
        self.cluster.set_quota(self.user.get_profile(), None)
        data = {
            'permissions': [],
            'user': self.user.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.user.get_profile())['default']
        )
        self.assertFalse(self.user.get_profile().quotas.all().exists())
Beispiel #5
0
    def test_view_group_permissions(self):
        """
        Test editing Group permissions on a Cluster
        """
        args = (self.cluster.slug, self.group.id)
        args_post = self.cluster.slug
        url = "/cluster/%s/permissions/group/%s"
        url_post = "/cluster/%s/permissions/"

        # anonymous user
        response = self.c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            self.c.login(username=self.unauthorized.username,
                         password='******'))
        response = self.c.get(url % args)
        self.assertEqual(403, response.status_code)

        # nonexisent cluster
        response = self.c.get(url % ("DOES_NOT_EXIST", self.group.id))
        self.assertEqual(404, response.status_code)

        # valid GET authorized user (perm)
        self.assertTrue(
            self.c.login(username=self.cluster_admin.username,
                         password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')
        self.user.revoke('admin', self.cluster)

        # valid GET authorized user (superuser)
        self.assertTrue(
            self.c.login(username=self.superuser.username, password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')

        # invalid group
        response = self.c.get(url % (self.cluster.slug, 0))
        self.assertEqual(404, response.status_code)

        # invalid group (POST)
        data = {
            'permissions': ['admin'],
            'group': -1,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # no group (POST)
        data = {
            'permissions': ['admin'],
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # valid POST group has permissions
        self.group.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'group': self.group.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/cluster/group_row.html')
        self.assertEqual(['admin'], self.group.get_perms(self.cluster))

        # add quota to the group
        user_quota = {
            'default': 0,
            'ram': 51,
            'virtual_cpus': 10,
            'disk': 3000
        }
        quota = Quota(cluster=self.cluster, user=self.group.organization)
        quota.__dict__.update(user_quota)
        quota.save()
        self.assertEqual(user_quota,
                         self.cluster.get_quota(self.group.organization))

        # valid POST group has no permissions left
        data = {
            'permissions': [],
            'group': self.group.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual([], self.group.get_perms(self.cluster))
        self.assertEqual('"group_%s"' % self.group.id, response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.group.organization)['default'])
        self.assertFalse(self.group.organization.quotas.all().exists())

        # no permissions specified - user with no quota
        self.group.grant('create_vm', self.cluster)
        self.cluster.set_quota(self.group.organization, None)
        data = {
            'permissions': [],
            'group': self.group.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.group.organization)['default'])
        self.assertFalse(self.group.organization.quotas.all().exists())
Beispiel #6
0
    def test_view_user_permissions(self):
        """
        Tests updating users permissions

        Verifies:
            * anonymous user returns 403
            * lack of permissions returns 403
            * nonexistent cluster returns 404
            * invalid user returns 404
            * invalid group returns 404
            * missing user and group returns error as json
            * GET returns html for form
            * If user/group has permissions no html is returned
            * If user/group has no permissions a
              json response of -1 is returned
        """
        args = (self.cluster.slug, self.user.id)
        args_post = self.cluster.slug
        url = "/cluster/%s/permissions/user/%s"
        url_post = "/cluster/%s/permissions/"

        # anonymous user
        response = self.c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized user
        self.assertTrue(
            self.c.login(username=self.unauthorized.username,
                         password='******'))
        response = self.c.get(url % args)
        self.assertEqual(403, response.status_code)

        # nonexisent cluster
        response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id))
        self.assertEqual(404, response.status_code)

        # valid GET authorized user (perm)
        self.assertTrue(
            self.c.login(username=self.cluster_admin.username,
                         password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')

        # valid GET authorized user (superuser)
        self.assertTrue(
            self.c.login(username=self.superuser.username, password='******'))
        response = self.c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response,
                                'object_permissions/permissions/form.html')

        # invalid user
        response = self.c.get(url % (self.cluster.slug, -1))
        self.assertEqual(404, response.status_code)

        # invalid user (POST)
        self.user.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'user': -1,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # no user (POST)
        # XXX double-grant?
        self.user.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # valid POST user has permissions
        # XXX triple-grant?!
        self.user.grant('create_vm', self.cluster)
        data = {
            'permissions': ['admin'],
            'user': self.user.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html')
        self.assertTrue(self.user.has_perm('admin', self.cluster))
        self.assertFalse(self.user.has_perm('create_vm', self.cluster))

        # add quota to the user
        user_quota = {
            'default': 0,
            'ram': 51,
            'virtual_cpus': 10,
            'disk': 3000
        }
        quota = Quota(cluster=self.cluster, user=self.user.get_profile())
        quota.__dict__.update(user_quota)
        quota.save()
        self.assertEqual(user_quota,
                         self.cluster.get_quota(self.user.get_profile()))

        # valid POST user has no permissions left
        data = {
            'permissions': [],
            'user': self.user.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url_post % args_post, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual([], get_user_perms(self.user, self.cluster))
        # XXX this is too hardcoded and can spuriously fail
        self.assertEqual('"user_2"', response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.user.get_profile())['default'])
        self.assertFalse(self.user.get_profile().quotas.all().exists())

        # no permissions specified - user with no quota
        # XXX quadra-grant!!!
        self.user.grant('create_vm', self.cluster)
        self.cluster.set_quota(self.user.get_profile(), None)
        data = {
            'permissions': [],
            'user': self.user.id,
            'obj': self.cluster.pk,
        }
        response = self.c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('0', response.content)

        # quota should be deleted (and showing default)
        self.assertEqual(
            1,
            self.cluster.get_quota(self.user.get_profile())['default'])
        self.assertFalse(self.user.get_profile().quotas.all().exists())