def setUp(self): super().setUp() Config.objects.set_config('rbac_url', 'http://rbac.example.com') self.rbac = RBACWrapper(client_class=FakeRBACClient) self.client = self.rbac.client self.store = self.client.store self.default_pool = (ResourcePool.objects.get_default_resource_pool()) self.store.add_pool(self.default_pool)
class TestRBACWrapperGetResourcePools(MAASServerTestCase): def setUp(self): super().setUp() Config.objects.set_config('rbac_url', 'http://rbac.example.com') self.rbac = RBACWrapper(client_class=FakeRBACClient) self.client = self.rbac.client self.store = self.client.store self.default_pool = ( ResourcePool.objects.get_default_resource_pool()) self.store.add_pool(self.default_pool) def test_get_resource_pools_unknown_user(self): self.store.add_pool(factory.make_ResourcePool()) self.assertNotIn('user', self.store.allowed) self.assertEqual( [], list(self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW))) def test_get_resource_pools_user_allowed_all(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow('user', ALL_RESOURCES, 'view') self.assertCountEqual( [self.default_pool, pool1, pool2], self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW)) def test_get_resource_pools_user_allowed_other_permission(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow('user', pool1, 'view') self.store.allow('user', pool2, 'edit') self.assertCountEqual( [pool1], self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW)) self.assertCountEqual( [], self.rbac.get_resource_pools('user', NODE_PERMISSION.ADMIN)) def test_get_resource_pools_user_allowed_some(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow('user', pool1, 'view') self.assertEqual( sorted([pool1]), sorted(self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW)))
def test_candid_disabled(self): Config.objects.set_config( "external_auth_url", "http://candid.example.com" ) Config.objects.set_config("rbac_url", "") rbac = RBACWrapper() self.assertFalse(rbac.is_enabled())
def test_rbac_enabled(self): Config.objects.set_config('external_auth_url', '') Config.objects.set_config('rbac_url', 'http://rbac.example.com') rbac = RBACWrapper() self.assertTrue(rbac.is_enabled())
def test_local_disabled(self): Config.objects.set_config('external_auth_url', '') Config.objects.set_config('rbac_url', '') rbac = RBACWrapper() self.assertFalse(rbac.is_enabled())
class TestRBACWrapperGetResourcePools(MAASServerTestCase): def setUp(self): super().setUp() Config.objects.set_config('rbac_url', 'http://rbac.example.com') self.rbac = RBACWrapper(client_class=FakeRBACClient) self.client = self.rbac.client self.store = self.client.store self.default_pool = (ResourcePool.objects.get_default_resource_pool()) self.store.add_pool(self.default_pool) def test_get_resource_pool_ids_unknown_user(self): self.store.add_pool(factory.make_ResourcePool()) self.assertNotIn('user', self.store.allowed) self.assertEqual([], list(self.rbac.get_resource_pool_ids('user', 'view'))) def test_get_resource_pools_ids_user_allowed_all(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow('user', ALL_RESOURCES, 'view') self.assertCountEqual([self.default_pool.id, pool1.id, pool2.id], self.rbac.get_resource_pool_ids('user', 'view')) def test_get_resource_pools_ids_user_allowed_other_permission(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow('user', pool1, 'view') self.store.allow('user', pool2, 'edit') self.assertCountEqual([pool1.id], self.rbac.get_resource_pool_ids('user', 'view')) self.assertCountEqual([], self.rbac.get_resource_pool_ids( 'user', 'admin-machines')) def test_get_resource_pool_ids_user_allowed_some(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow('user', pool1, 'view') self.assertEqual( sorted([pool1.id]), sorted(self.rbac.get_resource_pool_ids('user', 'view'))) def test_get_resource_pool_ids_one_request_per_clear_cache(self): self.store.allow('user', self.default_pool, 'view') pools_one = self.rbac.get_resource_pool_ids('user', 'view') new_pool = factory.make_ResourcePool() self.store.allow('user', new_pool, 'view') pools_two = self.rbac.get_resource_pool_ids('user', 'view') self.rbac.clear_cache() pools_three = self.rbac.get_resource_pool_ids('user', 'view') self.assertItemsEqual([self.default_pool.id], pools_one) self.assertItemsEqual([self.default_pool.id], pools_two) self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three) def test_get_resource_pool_ids_ALL_RESOURCES_always_returns_all(self): self.store.allow('user', ALL_RESOURCES, 'view') pools_one = self.rbac.get_resource_pool_ids('user', 'view') new_pool = factory.make_ResourcePool() pools_two = self.rbac.get_resource_pool_ids('user', 'view') self.rbac.clear_cache() pools_three = self.rbac.get_resource_pool_ids('user', 'view') self.assertItemsEqual([self.default_pool.id], pools_one) self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_two) self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three) def test_can_create_resource_pool_returns_True(self): self.store.allow('user', ALL_RESOURCES, 'edit') self.assertTrue(self.rbac.can_create_resource_pool('user')) def test_can_create_resource_pool_returns_False(self): pool = factory.make_ResourcePool() self.store.add_pool(pool) self.store.allow('user', pool, 'edit') self.assertFalse(self.rbac.can_create_resource_pool('user'))
class TestRBACWrapperGetResourcePools(MAASServerTestCase): def setUp(self): super().setUp() Config.objects.set_config("rbac_url", "http://rbac.example.com") self.rbac = RBACWrapper(client_class=FakeRBACClient) self.client = self.rbac.client self.store = self.client.store self.default_pool = ResourcePool.objects.get_default_resource_pool() self.store.add_pool(self.default_pool) def test_get_resource_pool_ids_unknown_user(self): self.store.add_pool(factory.make_ResourcePool()) self.assertNotIn("user", self.store.allowed) self.assertEqual([], list( self.rbac.get_resource_pool_ids("user", "view")["view"])) def test_get_resource_pools_ids_user_allowed_all(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow("user", ALL_RESOURCES, "view") self.assertCountEqual( {"view": [self.default_pool.id, pool1.id, pool2.id]}, self.rbac.get_resource_pool_ids("user", "view"), ) def test_get_resource_pools_ids_user_allowed_other_permission(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow("user", pool1, "view") self.store.allow("user", pool2, "edit") self.assertCountEqual( {"view": [pool1.id]}, self.rbac.get_resource_pool_ids("user", "view"), ) self.assertCountEqual( {"admin-machines": []}, self.rbac.get_resource_pool_ids("user", "admin-machines"), ) def test_get_resource_pool_ids_user_allowed_some(self): pool1 = factory.make_ResourcePool() pool2 = factory.make_ResourcePool() self.store.add_pool(pool1) self.store.add_pool(pool2) self.store.allow("user", pool1, "view") self.assertEqual( sorted([pool1.id]), sorted(self.rbac.get_resource_pool_ids("user", "view")["view"]), ) def test_get_resource_pool_ids_one_request_per_clear_cache(self): self.store.allow("user", self.default_pool, "view") pools_one = self.rbac.get_resource_pool_ids("user", "view")["view"] new_pool = factory.make_ResourcePool() self.store.allow("user", new_pool, "view") pools_two = self.rbac.get_resource_pool_ids("user", "view")["view"] self.rbac.clear_cache() pools_three = self.rbac.get_resource_pool_ids("user", "view")["view"] self.assertItemsEqual([self.default_pool.id], pools_one) self.assertItemsEqual([self.default_pool.id], pools_two) self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three) def test_get_resource_pool_ids_ALL_RESOURCES_always_returns_all(self): self.store.allow("user", ALL_RESOURCES, "view") pools_one = self.rbac.get_resource_pool_ids("user", "view")["view"] new_pool = factory.make_ResourcePool() pools_two = self.rbac.get_resource_pool_ids("user", "view")["view"] self.rbac.clear_cache() pools_three = self.rbac.get_resource_pool_ids("user", "view")["view"] self.assertItemsEqual([self.default_pool.id], pools_one) self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_two) self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three) def test_can_create_resource_pool_returns_True(self): self.store.allow("user", ALL_RESOURCES, "edit") self.assertTrue(self.rbac.can_create_resource_pool("user")) def test_can_create_resource_pool_returns_False(self): pool = factory.make_ResourcePool() self.store.add_pool(pool) self.store.allow("user", pool, "edit") self.assertFalse(self.rbac.can_create_resource_pool("user")) def test_can_delete_resource_pool_returns_True(self): self.store.allow("user", ALL_RESOURCES, "edit") self.assertTrue(self.rbac.can_delete_resource_pool("user")) def test_can_delete_resource_pool_returns_False(self): pool = factory.make_ResourcePool() self.store.add_pool(pool) self.store.allow("user", pool, "edit") self.assertFalse(self.rbac.can_delete_resource_pool("user"))
def test_rbac_enabled(self): Config.objects.set_config("external_auth_url", "") Config.objects.set_config("rbac_url", "http://rbac.example.com") rbac = RBACWrapper() self.assertTrue(rbac.is_enabled())