def test_create(aws, helm, settings, users):
user = users['normal_user']
cluster.User(user).create()
aws.create_user_role.assert_called_with(user)
expected_calls = [
call(
f'init-user-{user.slug}', 'mojanalytics/init-user',
f"--set=NFSHostname={settings.NFS_HOSTNAME},"
f"--set=EFSHostname={settings.EFS_HOSTNAME},"
f"Username={user.slug},"
f"Email={user.email},"
f"Fullname={user.get_full_name()},"
f"Env={settings.ENV},"
f"OidcDomain={settings.OIDC_DOMAIN}"
f'bootstrap-user-{user.slug}', 'mojanalytics/bootstrap-user',
f"--set=Username={user.slug}"),
call(f'bootstrap-user-{user.slug}', 'mojanalytics/bootstrap-user',
f'--namespace=user-{user.slug}', f"--set=Username={user.slug},",
f"Efsvolume={settings.EFS_VOLUME}"),
call(
f'config-user-{user.slug}',
'mojanalytics/config-user',
f'--namespace=user-{user.slug}',
f'--set=Username={user.slug}',
),
]
helm.upgrade_release.has_calls(expected_calls)
def test_delete(aws, helm, users):
user = users['normal_user']
cluster.User(user).delete()
aws.delete_role.assert_called_with(user.iam_role_name)
expected_calls = [
call(helm.list_releases.return_value),
call(f"init-user-{user.slug}"),
]
helm.delete.assert_has_calls(expected_calls)
def test_on_authenticate(helm, users):
"""
If not on EKS, check if the user has an init-user chart, if not, run it.
"""
user_model = users["normal_user"]
helm.list_releases.return_value = []
user = cluster.User(user_model)
user._init_user = MagicMock()
user.on_authenticate()
user._init_user.assert_called_once_with()
def test_delete(aws, helm, users):
user = users['normal_user']
helm.list_releases.return_value = [
"chart-release",
]
cluster.User(user).delete()
aws.delete_role.assert_called_with(user.iam_role_name)
helm.delete.assert_called_once_with("chart-release",
f"init-user-{user.slug}",
f"bootstrap-user-{user.slug}",
f"provision-user-{user.slug}")
def test_delete_with_no_releases(aws, helm, users):
"""
If there are no releases associated with the user, don't try to delete with
an empty list of releases.
"""
user = users['normal_user']
helm.list_releases.return_value = []
cluster.User(user).delete()
aws.delete_role.assert_called_with(user.iam_role_name)
helm.delete.assert_called_once_with(f"init-user-{user.slug}",
f"bootstrap-user-{user.slug}",
f"provision-user-{user.slug}")
def test_reset_home(helm, users):
user = users['normal_user']
cluster.User(user).reset_home()
expected_calls = [
call(
f"reset-user-home-{user.slug}",
f"mojanalytics/reset-user-home",
f"--namespace=user-{user.slug}",
f"--set=Username={user.slug}",
),
]
helm.upgrade_release.assert_has_calls(expected_calls)
def save(self, *args, **kwargs):
existing = User.objects.filter(pk=self.pk).first()
if not existing:
cluster.User(self).create()
already_superuser = existing and existing.is_superuser
if self.is_superuser and not already_superuser:
request = CrequestMiddleware.get_request()
slack.notify_superuser_created(
self.username,
by_username=request.user.username if request else None,
)
return super().save(*args, **kwargs)
def test_on_authenticate_eks_completely_new_user(helm, users):
"""
On EKS, if a completely (non-migrating) user is encountered, the expected
user initialisation takes place.
"""
user_model = users['normal_user']
user_model.migration_state = User.VOID
with patch("controlpanel.api.aws.settings.EKS", True):
user = cluster.User(user_model)
user._init_user = MagicMock()
user.on_authenticate()
user._init_user.assert_called_once_with()
updated_user_model = User.objects.get(username="******")
assert updated_user_model.migration_state == User.VOID
def test_delete_eks_with_no_releases(aws, helm, users):
"""
If there are no releases associated with the user, don't try to delete with
an empty list of releases. Helm 3 version.
"""
user = users['normal_user']
helm.list_releases.return_value = []
with patch("controlpanel.api.aws.settings.EKS", True):
cluster.User(user).delete()
aws.delete_role.assert_called_with(user.iam_role_name)
helm.delete_eks.assert_called_once_with(user.k8s_namespace,
f"init-user-{user.slug}",
f"bootstrap-user-{user.slug}",
f"provision-user-{user.slug}")
def test_on_authenticate_eks_migrated_user_missing_charts(aws, helm, users):
"""
On EKS, if a migrated user logs in, and they are missing their charts,
these are recreated.
"""
user_model = users['normal_user']
user_model.migration_state = User.COMPLETE # the user is migrated.
helm.list_releases.return_value = []
with patch("controlpanel.api.aws.settings.EKS", True):
user = cluster.User(user_model)
user._init_user = MagicMock()
user.on_authenticate()
# The charts are recreated.
assert user._init_user.call_count == 1
# But other "migration" related events don't happen.
assert aws.migrate_user_role.call_count == 0
assert helm.delete.call_count == 0
def test_on_authenticate_eks_migrated_user(aws, helm, users):
"""
On EKS, if a migrated user logs in, they are NOT re-migrated by accident.
"""
user_model = users['normal_user']
user_model.migration_state = User.COMPLETE # the user is migrated.
helm.list_releases.return_value = [
f"bootstrap-user-{user_model.slug}",
f"provision-user-{user_model.slug}",
]
with patch("controlpanel.api.aws.settings.EKS", True):
user = cluster.User(user_model)
user._init_user = MagicMock()
user.on_authenticate()
assert user._init_user.call_count == 0
assert aws.migrate_user_role.call_count == 0
assert helm.delete.call_count == 0
def test_delete_eks(aws, helm, users):
"""
Delete with Helm 3.
"""
user = users['normal_user']
helm.list_releases.return_value = [
"chart-release",
]
with patch("controlpanel.api.aws.settings.EKS", True):
cluster.User(user).delete()
aws.delete_role.assert_called_with(user.iam_role_name)
helm.delete_eks.assert_called_once_with(user.k8s_namespace,
"chart-release",
f"init-user-{user.slug}",
f"bootstrap-user-{user.slug}",
f"provision-user-{user.slug}")
def test_on_authenticate_eks_migrating_existing_user(aws, helm, users):
"""
On EKS, if a migrating user is encountered, the expected user
initialisation takes place.
"""
user_model = users['normal_user']
user_model.migration_state = User.PENDING # the user is ready to migrate.
init_helm_chart = f"init-user-{user_model.slug}"
helm.list_releases.return_value = [
init_helm_chart,
]
with patch("controlpanel.api.aws.settings.EKS", True):
user = cluster.User(user_model)
user._init_user = MagicMock()
user.on_authenticate()
user._init_user.assert_called_once_with()
aws.migrate_user_role.assert_called_once_with(user_model)
helm.delete.assert_called_once_with(user.k8s_namespace,
init_helm_chart)
updated_user_model = User.objects.get(username="******")
assert updated_user_model.migration_state == User.COMPLETE
def authentication_event(self):
cluster.User(self).on_authenticate()
def delete(self, *args, **kwargs):
cluster.User(self).delete()
return super().delete(*args, **kwargs)
def revoke_bucket_access(self):
cluster.User(self.user).revoke_bucket_access(self.s3bucket.arn)
def grant_bucket_access(self):
cluster.User(self.user).grant_bucket_access(
self.s3bucket.arn,
self.access_level,
self.resources,
)
def test_iam_role_name(users):
assert cluster.User(users['normal_user']).iam_role_name == 'test_user_bob'
def iam_role_name(self):
return cluster.User(self).iam_role_name
def k8s_namespace(self):
return cluster.User(self).k8s_namespace
def reset(self):
"""
Update the user's home directory (asynchronous).
"""
self._subprocess = cluster.User(self.user).reset_home()
