def test_create_no_permission(self):
self.patch(auth, 'validate_user_external_auth').return_value = True
self.useFixture(RBACEnabled())
self.become_non_local()
response = self.client.post(reverse('devices_handler'),
{'mac_addresses': ['aa:bb:cc:dd:ee:ff']})
self.assertEqual(response.status_code, http.client.FORBIDDEN)
def test_returns_vcenter_yaml_if_rbac_admin(self):
rbac = self.useFixture(RBACEnabled())
node = factory.make_Node(
status=NODE_STATUS.DEPLOYING,
osystem="esxi",
owner=factory.make_User(),
)
node.nodemetadata_set.create(key="vcenter_registration", value="True")
rbac.store.add_pool(node.pool)
rbac.store.allow(node.owner.username, node.pool, "admin-machines")
vcenter = {
"vcenter_server": factory.make_name("vcenter_server"),
"vcenter_username": factory.make_name("vcenter_username"),
"vcenter_password": factory.make_name("vcenter_password"),
"vcenter_datacenter": factory.make_name("vcenter_datacenter"),
}
for key, value in vcenter.items():
Config.objects.set_config(key, value)
config = get_vendor_data(node, None)
self.assertDictEqual(
{
"write_files": [{
"content": yaml.safe_dump(vcenter),
"path": "/altbootbank/maas/vcenter.yaml",
}]
},
config,
)
def test_has_perm_rbac_read_permission_on_pool(self):
rbac = self.useFixture(RBACEnabled())
user = factory.make_User()
rbac.store.allow(
user.username, factory.make_ResourcePool(), 'view')
form = DeviceForm()
self.assertFalse(form.has_perm(user))
def test_has_perm_rbac_permission_on_pool(self):
rbac = self.useFixture(RBACEnabled())
user = factory.make_User()
rbac.store.allow(user.username, factory.make_ResourcePool(),
"admin-machines")
form = DeviceForm()
self.assertTrue(form.has_perm(user))
def test_update_owned_with_rbac(self):
self.useFixture(RBACEnabled())
user = factory.make_User(is_local=False)
node = factory.make_Node(owner=user, node_type=NODE_TYPE.DEVICE)
handler = DeviceHandler(user, {}, None)
new_hostname = factory.make_name("hostname")
updated_node = handler.update({
"system_id": node.system_id,
'hostname': new_hostname
})
self.assertEqual(updated_node['hostname'], new_hostname)
def test_update_owned_with_rbac(self):
rbac = self.useFixture(RBACEnabled())
user = factory.make_User(is_local=False)
rbac.store.allow(user.username, factory.make_ResourcePool(),
"admin-machines")
node = factory.make_Node(owner=user, node_type=NODE_TYPE.DEVICE)
handler = DeviceHandler(user, {}, None)
new_hostname = factory.make_name("hostname")
updated_node = handler.update({
"system_id": node.system_id,
"hostname": new_hostname
})
self.assertEqual(updated_node["hostname"], new_hostname)
def test_get_power_parameters_rbac_pool_user(self):
self.patch(auth, "validate_user_external_auth").return_value = True
rbac = self.useFixture(RBACEnabled())
self.become_non_local()
power_parameters = {factory.make_string(): factory.make_string()}
node = factory.make_Machine(power_parameters=power_parameters)
rbac.store.add_pool(node.pool)
rbac.store.allow(self.user.username, node.pool, "view")
rbac.store.allow(self.user.username, node.pool, "deploy-machines")
response = self.client.get(self.get_node_uri(node),
{"op": "power_parameters"})
self.assertEqual(http.client.FORBIDDEN, response.status_code,
response.content)
def test_get_power_parameters_rbac_pool_admin(self):
self.patch(auth, 'validate_user_external_auth').return_value = True
rbac = self.useFixture(RBACEnabled())
self.become_non_local()
power_parameters = {factory.make_string(): factory.make_string()}
node = factory.make_Machine(power_parameters=power_parameters)
rbac.store.add_pool(node.pool)
rbac.store.allow(self.user.username, node.pool, 'admin-machines')
response = self.client.get(self.get_node_uri(node),
{'op': 'power_parameters'})
self.assertEqual(http.client.OK, response.status_code,
response.content)
parsed_params = json_load_bytes(response.content)
self.assertEqual(node.power_parameters, parsed_params)
def test_PUT_updates_with_rbac(self):
self.patch(auth, "validate_user_external_auth").return_value = True
self.useFixture(RBACEnabled())
self.become_non_local()
device = factory.make_Node(node_type=NODE_TYPE.DEVICE, owner=self.user)
new_hostname = factory.make_name("hostname")
response = self.client.put(get_device_uri(device),
{"hostname": new_hostname})
self.assertEqual(http.client.OK, response.status_code,
response.content)
device = reload_object(device)
self.assertEqual(new_hostname, device.hostname)
def test_set_zone_does_not_work_if_not_rbac_pool_admin(self):
rbac = self.useFixture(RBACEnabled())
user = factory.make_User()
machine = factory.make_Machine()
rbac.store.add_pool(machine.pool)
rbac.store.allow(user.username, machine.pool, "deploy-machines")
rbac.store.allow(user.username, machine.pool, "view")
form = BulkNodeSetZoneForm(
user=user,
data={
"zone": factory.make_Zone().name,
"system_id": [machine.system_id],
},
)
self.assertFalse(form.is_valid())
def test_POST_set_zone_rbac_pool_admin_allowed(self):
self.patch(auth, 'validate_user_external_auth').return_value = True
rbac = self.useFixture(RBACEnabled())
self.become_non_local()
machine = factory.make_Machine()
zone = factory.make_Zone()
rbac.store.add_pool(machine.pool)
rbac.store.allow(self.user.username, machine.pool, 'admin-machines')
rbac.store.allow(self.user.username, machine.pool, 'view')
response = self.client.post(reverse('nodes_handler'), {
'op': 'set_zone',
'nodes': [machine.system_id],
'zone': zone.name
})
self.assertEqual(http.client.OK, response.status_code)
machine = reload_object(machine)
self.assertEqual(zone, machine.zone)
def test_returns_nothing_if_rbac_user(self):
rbac = self.useFixture(RBACEnabled())
node = factory.make_Node(
status=NODE_STATUS.DEPLOYING, osystem='esxi',
owner=factory.make_User())
node.nodemetadata_set.create(key='vcenter_registration', value='True')
rbac.store.add_pool(node.pool)
rbac.store.allow(node.owner.username, node.pool, 'deploy-machines')
vcenter = {
'vcenter_server': factory.make_name('vcenter_server'),
'vcenter_username': factory.make_name('vcenter_username'),
'vcenter_password': factory.make_name('vcenter_password'),
'vcenter_datacenter': factory.make_name('vcenter_datacenter'),
}
for key, value in vcenter.items():
Config.objects.set_config(key, value)
config = get_vendor_data(node, None)
self.assertDictEqual({}, config)
def test_returns_nothing_if_rbac_user(self):
rbac = self.useFixture(RBACEnabled())
node = factory.make_Node(
status=NODE_STATUS.DEPLOYING,
osystem="esxi",
owner=factory.make_User(),
)
node.nodemetadata_set.create(key="vcenter_registration", value="True")
rbac.store.add_pool(node.pool)
rbac.store.allow(node.owner.username, node.pool, "deploy-machines")
vcenter = {
"vcenter_datacenter": factory.make_name("vcenter_datacenter"),
"vcenter_password": factory.make_name("vcenter_password"),
"vcenter_server": factory.make_name("vcenter_server"),
"vcenter_username": factory.make_name("vcenter_username"),
}
for key, value in vcenter.items():
Config.objects.set_config(key, value)
config = get_vendor_data(node, None)
self.assertNotIn(config, "write_files")
def test_POST_set_zone_rbac_pool_admin_allowed(self):
self.patch(auth, "validate_user_external_auth").return_value = True
rbac = self.useFixture(RBACEnabled())
self.become_non_local()
machine = factory.make_Machine()
zone = factory.make_Zone()
rbac.store.add_pool(machine.pool)
rbac.store.allow(self.user.username, machine.pool, "admin-machines")
rbac.store.allow(self.user.username, machine.pool, "view")
response = self.client.post(
reverse("nodes_handler"),
{
"op": "set_zone",
"nodes": [machine.system_id],
"zone": zone.name,
},
)
self.assertEqual(http.client.OK, response.status_code)
machine = reload_object(machine)
self.assertEqual(zone, machine.zone)
def test_set_zone_works_if_rbac_pool_admin(self):
rbac = self.useFixture(RBACEnabled())
user = factory.make_User()
machine = factory.make_Machine()
zone = factory.make_Zone()
rbac.store.add_pool(machine.pool)
rbac.store.allow(user.username, machine.pool, "admin-machines")
rbac.store.allow(user.username, machine.pool, "view")
form = BulkNodeSetZoneForm(
user=user,
data={
"zone": zone.name,
"system_id": [machine.system_id]
},
)
self.assertTrue(form.is_valid(), form._errors)
done, not_actionable, not_permitted = form.save()
self.assertEqual([1, 0, 0], [done, not_actionable, not_permitted])
machine = reload_object(machine)
self.assertEqual(zone, machine.zone)
def test_returns_vcenter_yaml_if_rbac_admin(self):
rbac = self.useFixture(RBACEnabled())
node = factory.make_Node(
status=NODE_STATUS.DEPLOYING, osystem='esxi',
owner=factory.make_User())
node.nodemetadata_set.create(key='vcenter_registration', value='True')
rbac.store.add_pool(node.pool)
rbac.store.allow(node.owner.username, node.pool, 'admin-machines')
vcenter = {
'vcenter_server': factory.make_name('vcenter_server'),
'vcenter_username': factory.make_name('vcenter_username'),
'vcenter_password': factory.make_name('vcenter_password'),
'vcenter_datacenter': factory.make_name('vcenter_datacenter'),
}
for key, value in vcenter.items():
Config.objects.set_config(key, value)
config = get_vendor_data(node, None)
self.assertDictEqual(
{'write_files': [{
'content': yaml.safe_dump(vcenter),
'path': '/altbootbank/maas/vcenter.yaml',
}]}, config)
def test_has_perm_rbac_no_permision(self):
self.useFixture(RBACEnabled())
form = DeviceForm()
self.assertFalse(form.has_perm(factory.make_User()))
def setUp(self):
super().setUp()
self.patch(auth, 'validate_user_external_auth').return_value = True
rbac = self.useFixture(RBACEnabled())
self.store = rbac.store
self.become_non_local()
def test_has_perm_rbac_global_admin(self):
self.useFixture(RBACEnabled())
user = factory.make_admin()
form = DeviceForm()
self.assertTrue(form.has_perm(user))