Exemple #1
0
 def setUp(self):
     super().setUp()
     Config.objects.set_config('rbac_url', 'http://rbac.example.com')
     self.rbac = RBACWrapper(client_class=FakeRBACClient)
     self.client = self.rbac.client
     self.store = self.client.store
     self.default_pool = (ResourcePool.objects.get_default_resource_pool())
     self.store.add_pool(self.default_pool)
Exemple #2
0
class TestRBACWrapperGetResourcePools(MAASServerTestCase):

    def setUp(self):
        super().setUp()
        Config.objects.set_config('rbac_url', 'http://rbac.example.com')
        self.rbac = RBACWrapper(client_class=FakeRBACClient)
        self.client = self.rbac.client
        self.store = self.client.store
        self.default_pool = (
            ResourcePool.objects.get_default_resource_pool())
        self.store.add_pool(self.default_pool)

    def test_get_resource_pools_unknown_user(self):
        self.store.add_pool(factory.make_ResourcePool())
        self.assertNotIn('user', self.store.allowed)
        self.assertEqual(
            [],
            list(self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW)))

    def test_get_resource_pools_user_allowed_all(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow('user', ALL_RESOURCES, 'view')
        self.assertCountEqual(
            [self.default_pool, pool1, pool2],
            self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW))

    def test_get_resource_pools_user_allowed_other_permission(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow('user', pool1, 'view')
        self.store.allow('user', pool2, 'edit')
        self.assertCountEqual(
            [pool1],
            self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW))
        self.assertCountEqual(
            [],
            self.rbac.get_resource_pools('user', NODE_PERMISSION.ADMIN))

    def test_get_resource_pools_user_allowed_some(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow('user', pool1, 'view')
        self.assertEqual(
            sorted([pool1]),
            sorted(self.rbac.get_resource_pools('user', NODE_PERMISSION.VIEW)))
Exemple #3
0
 def test_candid_disabled(self):
     Config.objects.set_config(
         "external_auth_url", "http://candid.example.com"
     )
     Config.objects.set_config("rbac_url", "")
     rbac = RBACWrapper()
     self.assertFalse(rbac.is_enabled())
Exemple #4
0
 def test_rbac_enabled(self):
     Config.objects.set_config('external_auth_url', '')
     Config.objects.set_config('rbac_url', 'http://rbac.example.com')
     rbac = RBACWrapper()
     self.assertTrue(rbac.is_enabled())
Exemple #5
0
 def test_local_disabled(self):
     Config.objects.set_config('external_auth_url', '')
     Config.objects.set_config('rbac_url', '')
     rbac = RBACWrapper()
     self.assertFalse(rbac.is_enabled())
Exemple #6
0
class TestRBACWrapperGetResourcePools(MAASServerTestCase):
    def setUp(self):
        super().setUp()
        Config.objects.set_config('rbac_url', 'http://rbac.example.com')
        self.rbac = RBACWrapper(client_class=FakeRBACClient)
        self.client = self.rbac.client
        self.store = self.client.store
        self.default_pool = (ResourcePool.objects.get_default_resource_pool())
        self.store.add_pool(self.default_pool)

    def test_get_resource_pool_ids_unknown_user(self):
        self.store.add_pool(factory.make_ResourcePool())
        self.assertNotIn('user', self.store.allowed)
        self.assertEqual([],
                         list(self.rbac.get_resource_pool_ids('user', 'view')))

    def test_get_resource_pools_ids_user_allowed_all(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow('user', ALL_RESOURCES, 'view')
        self.assertCountEqual([self.default_pool.id, pool1.id, pool2.id],
                              self.rbac.get_resource_pool_ids('user', 'view'))

    def test_get_resource_pools_ids_user_allowed_other_permission(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow('user', pool1, 'view')
        self.store.allow('user', pool2, 'edit')
        self.assertCountEqual([pool1.id],
                              self.rbac.get_resource_pool_ids('user', 'view'))
        self.assertCountEqual([],
                              self.rbac.get_resource_pool_ids(
                                  'user', 'admin-machines'))

    def test_get_resource_pool_ids_user_allowed_some(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow('user', pool1, 'view')
        self.assertEqual(
            sorted([pool1.id]),
            sorted(self.rbac.get_resource_pool_ids('user', 'view')))

    def test_get_resource_pool_ids_one_request_per_clear_cache(self):
        self.store.allow('user', self.default_pool, 'view')
        pools_one = self.rbac.get_resource_pool_ids('user', 'view')
        new_pool = factory.make_ResourcePool()
        self.store.allow('user', new_pool, 'view')
        pools_two = self.rbac.get_resource_pool_ids('user', 'view')
        self.rbac.clear_cache()
        pools_three = self.rbac.get_resource_pool_ids('user', 'view')
        self.assertItemsEqual([self.default_pool.id], pools_one)
        self.assertItemsEqual([self.default_pool.id], pools_two)
        self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three)

    def test_get_resource_pool_ids_ALL_RESOURCES_always_returns_all(self):
        self.store.allow('user', ALL_RESOURCES, 'view')
        pools_one = self.rbac.get_resource_pool_ids('user', 'view')
        new_pool = factory.make_ResourcePool()
        pools_two = self.rbac.get_resource_pool_ids('user', 'view')
        self.rbac.clear_cache()
        pools_three = self.rbac.get_resource_pool_ids('user', 'view')
        self.assertItemsEqual([self.default_pool.id], pools_one)
        self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_two)
        self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three)

    def test_can_create_resource_pool_returns_True(self):
        self.store.allow('user', ALL_RESOURCES, 'edit')
        self.assertTrue(self.rbac.can_create_resource_pool('user'))

    def test_can_create_resource_pool_returns_False(self):
        pool = factory.make_ResourcePool()
        self.store.add_pool(pool)
        self.store.allow('user', pool, 'edit')
        self.assertFalse(self.rbac.can_create_resource_pool('user'))
Exemple #7
0
class TestRBACWrapperGetResourcePools(MAASServerTestCase):
    def setUp(self):
        super().setUp()
        Config.objects.set_config("rbac_url", "http://rbac.example.com")
        self.rbac = RBACWrapper(client_class=FakeRBACClient)
        self.client = self.rbac.client
        self.store = self.client.store
        self.default_pool = ResourcePool.objects.get_default_resource_pool()
        self.store.add_pool(self.default_pool)

    def test_get_resource_pool_ids_unknown_user(self):
        self.store.add_pool(factory.make_ResourcePool())
        self.assertNotIn("user", self.store.allowed)
        self.assertEqual([],
                         list(
                             self.rbac.get_resource_pool_ids("user",
                                                             "view")["view"]))

    def test_get_resource_pools_ids_user_allowed_all(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow("user", ALL_RESOURCES, "view")
        self.assertCountEqual(
            {"view": [self.default_pool.id, pool1.id, pool2.id]},
            self.rbac.get_resource_pool_ids("user", "view"),
        )

    def test_get_resource_pools_ids_user_allowed_other_permission(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow("user", pool1, "view")
        self.store.allow("user", pool2, "edit")
        self.assertCountEqual(
            {"view": [pool1.id]},
            self.rbac.get_resource_pool_ids("user", "view"),
        )
        self.assertCountEqual(
            {"admin-machines": []},
            self.rbac.get_resource_pool_ids("user", "admin-machines"),
        )

    def test_get_resource_pool_ids_user_allowed_some(self):
        pool1 = factory.make_ResourcePool()
        pool2 = factory.make_ResourcePool()
        self.store.add_pool(pool1)
        self.store.add_pool(pool2)
        self.store.allow("user", pool1, "view")
        self.assertEqual(
            sorted([pool1.id]),
            sorted(self.rbac.get_resource_pool_ids("user", "view")["view"]),
        )

    def test_get_resource_pool_ids_one_request_per_clear_cache(self):
        self.store.allow("user", self.default_pool, "view")
        pools_one = self.rbac.get_resource_pool_ids("user", "view")["view"]
        new_pool = factory.make_ResourcePool()
        self.store.allow("user", new_pool, "view")
        pools_two = self.rbac.get_resource_pool_ids("user", "view")["view"]
        self.rbac.clear_cache()
        pools_three = self.rbac.get_resource_pool_ids("user", "view")["view"]
        self.assertItemsEqual([self.default_pool.id], pools_one)
        self.assertItemsEqual([self.default_pool.id], pools_two)
        self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three)

    def test_get_resource_pool_ids_ALL_RESOURCES_always_returns_all(self):
        self.store.allow("user", ALL_RESOURCES, "view")
        pools_one = self.rbac.get_resource_pool_ids("user", "view")["view"]
        new_pool = factory.make_ResourcePool()
        pools_two = self.rbac.get_resource_pool_ids("user", "view")["view"]
        self.rbac.clear_cache()
        pools_three = self.rbac.get_resource_pool_ids("user", "view")["view"]
        self.assertItemsEqual([self.default_pool.id], pools_one)
        self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_two)
        self.assertItemsEqual([self.default_pool.id, new_pool.id], pools_three)

    def test_can_create_resource_pool_returns_True(self):
        self.store.allow("user", ALL_RESOURCES, "edit")
        self.assertTrue(self.rbac.can_create_resource_pool("user"))

    def test_can_create_resource_pool_returns_False(self):
        pool = factory.make_ResourcePool()
        self.store.add_pool(pool)
        self.store.allow("user", pool, "edit")
        self.assertFalse(self.rbac.can_create_resource_pool("user"))

    def test_can_delete_resource_pool_returns_True(self):
        self.store.allow("user", ALL_RESOURCES, "edit")
        self.assertTrue(self.rbac.can_delete_resource_pool("user"))

    def test_can_delete_resource_pool_returns_False(self):
        pool = factory.make_ResourcePool()
        self.store.add_pool(pool)
        self.store.allow("user", pool, "edit")
        self.assertFalse(self.rbac.can_delete_resource_pool("user"))
Exemple #8
0
 def test_rbac_enabled(self):
     Config.objects.set_config("external_auth_url", "")
     Config.objects.set_config("rbac_url", "http://rbac.example.com")
     rbac = RBACWrapper()
     self.assertTrue(rbac.is_enabled())