def test_system_user_valid_no_check(self):
client = mock.MagicMock()
self.assertTrue(
validate_user_external_auth(get_worker_user(), client=client))
self.assertTrue(
validate_user_external_auth(get_node_init_user(), client=client))
client.get_groups.assert_not_called()
def make_worker_client(rack_controller):
"""Create a test client logged in as if it were `rack_controller`."""
assert (
get_worker_user() == rack_controller.owner
), "Rack controller owner should be the MAAS worker user."
token = create_auth_token(rack_controller.owner)
return MAASSensibleOAuthClient(rack_controller.owner, token=token)
def get_nodegroup_worker_client(nodegroup_uuid):
"""Get a MAASClient that can do work for this nodegroup."""
nodegroup = get_one(NodeGroup.objects.filter(uuid=nodegroup_uuid))
django_client = OAuthAuthenticatedClient(
get_worker_user(), token=nodegroup.api_token)
maas_client = MAASDjangoTestClient(django_client)
return maas_client
def get_nodegroup_worker_client(nodegroup_uuid):
"""Get a MAASClient that can do work for this nodegroup."""
nodegroup = get_one(NodeGroup.objects.filter(uuid=nodegroup_uuid))
django_client = OAuthAuthenticatedClient(get_worker_user(),
token=nodegroup.api_token)
maas_client = MAASDjangoTestClient(django_client)
return maas_client
def test_new_assigns_token_and_key_for_worker_user(self):
nodegroup = NodeGroup.objects.new(factory.make_name('nodegroup'),
factory.make_name('uuid'),
factory.getRandomIPAddress())
self.assertIsNotNone(nodegroup.api_token)
self.assertIsNotNone(nodegroup.api_key)
self.assertEqual(get_worker_user(), nodegroup.api_token.user)
self.assertEqual(nodegroup.api_key, nodegroup.api_token.key)
def test_new_assigns_token_and_key_for_worker_user(self):
nodegroup = NodeGroup.objects.new(
factory.make_name('nodegroup'), factory.make_name('uuid'),
factory.getRandomIPAddress())
self.assertIsNotNone(nodegroup.api_token)
self.assertIsNotNone(nodegroup.api_key)
self.assertEqual(get_worker_user(), nodegroup.api_token.user)
self.assertEqual(nodegroup.api_key, nodegroup.api_token.key)
def save(self, *args, **kwargs):
if self.api_token_id is None:
# Avoid circular imports.
from maasserver.models.user import create_auth_token
from maasserver.worker_user import get_worker_user
api_token = create_auth_token(get_worker_user())
self.api_token = api_token
self.api_key = api_token.key
return super(NodeGroup, self).save(*args, **kwargs)
def save(self, *args, **kwargs):
if self.api_token_id is None:
# Avoid circular imports.
from maasserver.models.user import create_auth_token
from maasserver.worker_user import get_worker_user
api_token = create_auth_token(get_worker_user())
self.api_token = api_token
self.api_key = api_token.key
return super(NodeGroup, self).save(*args, **kwargs)
def test_worker_user_is_system_user(self):
worker_user = get_worker_user()
self.assertIn(worker_user.username, SYSTEM_USERS)
profile = None
try:
profile = worker_user.userprofile
except UserProfile.DoesNotExist:
# Expected.
pass
self.assertIsNone(profile)
def test_system_user_valid_no_check(self):
self.assertTrue(
validate_user_external_auth(get_worker_user(),
self.auth_info,
rbac_client=self.client))
self.assertTrue(
validate_user_external_auth(get_node_init_user(),
self.auth_info,
rbac_client=self.client))
self.client.allowed_for_user.assert_not_called()
def test_get_worker_user_caches_user(self):
get_worker_user()
self.assertNumQueries(0, get_worker_user)
def test_worker_user_is_system_user(self):
worker_user = get_worker_user()
self.assertIn(worker_user.username, SYSTEM_USERS)
self.assertRaises(UserProfile.DoesNotExist, worker_user.get_profile)
def test_get_worker_user_holds_the_worker_user(self):
worker_user = get_worker_user()
self.assertIsInstance(worker_user, User)
self.assertEqual(user_name, worker_user.username)
def test_get_worker_user_always_returns_same_user(self):
self.assertEqual(get_worker_user().id, get_worker_user().id)
def test_worker_user_not_in_default_group(self):
default_group = UserGroup.objects.get_default_usergroup()
self.assertNotIn(get_worker_user(), default_group.users.all())
def test_user_can_access_pool_worker_user(self):
user = get_worker_user()
pool = factory.make_ResourcePool()
self.assertTrue(ResourcePool.objects.user_can_access_pool(user, pool))
def register(system_id=None,
hostname='',
interfaces=None,
url=None,
is_loopback=None,
create_fabrics=True,
version=None):
"""Register a new rack controller if not already registered.
Attempt to see if the rack controller was already registered as a node.
This can be looked up either by system_id, hostname, or mac address. If
found convert the existing node into a rack controller. If not found
create a new rack controller. After the rack controller has been
registered and successfully connected we will refresh all commissioning
data.
The parameter ``is_loopback`` is only referenced if ``url`` is not None.
:return: A ``rack-controller``.
"""
if interfaces is None:
interfaces = {}
# If hostname is actually a FQDN, split the domain off and
# create it as non-authoritative domain if it does not exist already.
domain = Domain.objects.get_default_domain()
if hostname.find('.') > 0:
hostname, domainname = hostname.split('.', 1)
(domain,
_) = Domain.objects.get_or_create(name=domainname,
defaults={'authoritative': False})
this_region = RegionController.objects.get_running_controller()
node = find(system_id, hostname, interfaces)
version_log = "2.2 or below" if version is None else version
if node is None:
node = RackController.objects.create(hostname=hostname, domain=domain)
maaslog.info(
"New rack controller '%s' running version %s was created by "
"region '%s' upon first connection.", node.hostname, version_log,
this_region.hostname)
elif node.is_rack_controller:
if is_master_process():
# Only the master process logs to the maaslog.
maaslog.info(
"Existing rack controller '%s' running version %s has "
"connected to region '%s'.", node.hostname, version_log,
this_region.hostname)
elif node.is_region_controller:
maaslog.info(
"Region controller '%s' running version %s converted into a "
"region and rack controller.", node.hostname, version_log)
node.node_type = NODE_TYPE.REGION_AND_RACK_CONTROLLER
node.pool = None
node.save()
else:
maaslog.info(
"Region controller '%s' converted '%s' running version %s into a "
"rack controller.", this_region.hostname, node.hostname,
version_log)
node.node_type = NODE_TYPE.RACK_CONTROLLER
node.pool = None
node.save()
if node.current_commissioning_script_set is None:
# Create a ScriptSet so the rack can store its commissioning data
# which is sent on connect.
script_set = ScriptSet.objects.create_commissioning_script_set(node)
node.current_commissioning_script_set = script_set
node.save()
rackcontroller = node.as_rack_controller()
# Update `rackcontroller.url` from the given URL, if it has changed.
update_fields = []
if url is not None:
if is_loopback and rackcontroller.url != '':
# There used to be a URL, and now it's localhost, set it to None.
rackcontroller.url = ''
update_fields.append("url")
elif not is_loopback and rackcontroller.url != url.geturl():
# There is a non-loopback URL, and it's different than what the
# database has. Change it.
rackcontroller.url = url.geturl()
update_fields.append("url")
# else:
# The URL is already the correct value, no need to change anything.
if rackcontroller.owner is None:
rackcontroller.owner = worker_user.get_worker_user()
update_fields.append("owner")
rackcontroller.save(update_fields=update_fields)
# Update interfaces, if requested.
rackcontroller.update_interfaces(interfaces, create_fabrics=create_fabrics)
return rackcontroller
def test_worker_user_is_system_user(self):
worker_user = get_worker_user()
self.assertIn(worker_user.username, SYSTEM_USERS)
self.assertRaises(UserProfile.DoesNotExist, worker_user.get_profile)
def test_get_worker_user_caches_user(self):
get_worker_user()
self.assertNumQueries(0, get_worker_user)
def test_worker_user_not_valid(self):
user = get_worker_user()
form = ManageUserGroupsForm(data={'user': [str(user.id)]})
self.assertFalse(form.is_valid())
def register(
system_id=None,
hostname="",
interfaces=None,
url=None,
is_loopback=None,
version=None,
):
"""Register a new rack controller if not already registered.
Attempt to see if the rack controller was already registered as a node.
This can be looked up either by system_id, hostname, or mac address. If
found convert the existing node into a rack controller. If not found
create a new rack controller. After the rack controller has been
registered and successfully connected we will refresh all commissioning
data.
The parameter ``is_loopback`` is only referenced if ``url`` is not None.
:return: A ``rack-controller``.
"""
if interfaces is None:
interfaces = {}
# If hostname is actually a FQDN, split the domain off and
# create it as non-authoritative domain if it does not exist already.
domain = Domain.objects.get_default_domain()
if hostname.find(".") > 0:
hostname, domainname = hostname.split(".", 1)
(domain, _) = Domain.objects.get_or_create(
name=domainname, defaults={"authoritative": False}
)
this_region = RegionController.objects.get_running_controller()
node = find(system_id, hostname, interfaces)
version_log = "2.2 or below" if version is None else version
if node is None:
node = RackController.objects.create(
hostname=hostname,
domain=domain,
status=NODE_STATUS.DEPLOYED,
dynamic=True,
)
maaslog.info(
"New rack controller '%s' running version %s was created by "
"region '%s' upon first connection.",
node.hostname,
version_log,
this_region.hostname,
)
elif node.is_rack_controller:
# Only the master process logs to the maaslog.
maaslog.info(
"Existing rack controller '%s' running version %s has "
"connected to region '%s'.",
node.hostname,
version_log,
this_region.hostname,
)
elif node.is_region_controller:
maaslog.info(
"Region controller '%s' running version %s converted into a "
"region and rack controller.",
node.hostname,
version_log,
)
node.node_type = NODE_TYPE.REGION_AND_RACK_CONTROLLER
node.pool = None
node.save()
else:
maaslog.info(
"Region controller '%s' converted '%s' running version %s into a "
"rack controller.",
this_region.hostname,
node.hostname,
version_log,
)
node.node_type = NODE_TYPE.RACK_CONTROLLER
node.pool = None
node.save()
if node.current_commissioning_script_set is None:
# Create a ScriptSet so the rack can store its commissioning data
# which is sent on connect.
script_set = ScriptSet.objects.create_commissioning_script_set(node)
node.current_commissioning_script_set = script_set
node.save()
rackcontroller = node.as_rack_controller()
# Update `rackcontroller.url` from the given URL, if it has changed.
if url is not None:
if is_loopback:
rackcontroller.url = ""
elif not is_loopback:
rackcontroller.url = url.geturl()
if rackcontroller.owner is None:
rackcontroller.owner = worker_user.get_worker_user()
rackcontroller.save()
# Update the version.
if version is not None:
ControllerInfo.objects.set_version(rackcontroller, version)
return rackcontroller
def test_get_worker_user_always_returns_same_user(self):
self.assertEqual(get_worker_user().id, get_worker_user().id)
def test_get_worker_user_holds_the_worker_user(self):
worker_user = get_worker_user()
self.assertIsInstance(worker_user, User)
self.assertEqual(user_name, worker_user.username)
def test_sets_owner_to_worker_when_none(self):
node = factory.make_Node()
rack_registered = register(system_id=node.system_id)
self.assertEqual(worker_user.get_worker_user(), rack_registered.owner)
def make_worker_client(nodegroup):
"""Create a test client logged in as if it were `nodegroup`."""
return OAuthAuthenticatedClient(
get_worker_user(), token=nodegroup.api_token)