def test_get_resource_pool_ids_unknown_user(self):
self.store.add_pool(factory.make_ResourcePool())
self.assertNotIn('user', self.store.allowed)
self.assertEqual([],
list(
self.rbac.get_resource_pool_ids('user',
'view')['view']))
def test_remove_user_would_lose_machine_access(self):
user = factory.make_User()
group = factory.make_UserGroup(users=[user])
pool = factory.make_ResourcePool()
factory.make_Role(pools=[pool], groups=[group])
factory.make_Node(owner=user, pool=pool)
self.assertRaises(ValidationError, group.remove, user)
def test_remove_user_with_direct_access_to_machine(self):
user = factory.make_User()
group = factory.make_UserGroup(users=[user])
pool = factory.make_ResourcePool(users=[user])
factory.make_Role(pools=[pool], groups=[group])
group.remove(user)
self.assertTrue(ResourcePool.objects.user_can_access_pool(user, pool))
def test__admin_edit_returns_resource_pool(self):
admin = factory.make_admin()
pool = factory.make_ResourcePool()
self.assertEqual(
pool,
ResourcePool.objects.get_resource_pool_or_404(
pool.id, admin, ResourcePoolPermission.edit))
def test_renames_pool(self):
pool = factory.make_ResourcePool()
new_name = factory.make_name('pool')
form = ResourcePoolForm(data={'name': new_name}, instance=pool)
form.save()
pool = reload_object(pool)
self.assertEqual(pool.name, new_name)
def test_has_perm_rbac_read_permission_on_pool(self):
rbac = self.useFixture(RBACEnabled())
user = factory.make_User()
rbac.store.allow(
user.username, factory.make_ResourcePool(), 'view')
form = DeviceForm()
self.assertFalse(form.has_perm(user))
def test__user_view_returns_resource_pool(self):
user = factory.make_User()
pool = factory.make_ResourcePool()
self.assertEqual(
pool,
ResourcePool.objects.get_resource_pool_or_404(
pool.id, user, ResourcePoolPermission.view))
def test_DELETE_is_idempotent(self):
self.become_admin()
pool = factory.make_ResourcePool()
response = self.client.delete(
reverse('resourcepool_handler', args=[pool.id]))
self.assertEqual(response.status_code, http.client.NO_CONTENT)
self.assertIsNone(reload_object(pool))
def test_DELETE_removes_pool_by_name(self):
self.become_admin()
pool = factory.make_ResourcePool()
response = self.client.delete(
reverse('resourcepool_handler', args=[pool.name]), {})
self.assertEqual(response.status_code, http.client.NO_CONTENT)
self.assertIsNone(reload_object(pool))
def make_resource_pools(self):
rpools = [factory.make_ResourcePool() for _ in range(3)]
return rpools, sorted([
Resource(identifier=rpool.id, name=rpool.name)
for rpool in ResourcePool.objects.all()
],
key=attrgetter('identifier'))
def test_compose_composes_with_pool(self):
self.patch(pods, "post_commit_do")
pod = make_pod_with_hints()
# Mock the RPC client.
client = MagicMock()
mock_getClient = self.patch(pods, "getClientFromIdentifiers")
mock_getClient.return_value = succeed(client)
# Mock the result of the composed machine.
composed_machine, pod_hints = make_compose_machine_result(pod)
mock_compose_machine = self.patch(pods, "compose_machine")
mock_compose_machine.return_value = succeed(
(composed_machine, pod_hints))
# Mock start_commissioning so it doesn't use post commit hooks.
self.patch(Machine, "start_commissioning")
pool = factory.make_ResourcePool()
response = self.client.post(get_pod_uri(pod), {
"op": "compose",
"pool": pool.id
})
self.assertEqual(http.client.OK, response.status_code,
response.content)
parsed_machine = json_load_bytes(response.content)
self.assertItemsEqual(parsed_machine.keys(),
["resource_uri", "system_id"])
machine = Machine.objects.get(system_id=parsed_machine["system_id"])
self.assertEqual(machine.pool, pool)
def test_GET_nodes_hides_invisible_nodes(self):
user2 = factory.make_User()
node1 = factory.make_Node()
node2 = factory.make_Node(status=NODE_STATUS.ALLOCATED, owner=user2)
node3 = factory.make_Node(pool=factory.make_ResourcePool())
tag = factory.make_Tag()
node1.tags.add(tag)
node2.tags.add(tag)
node3.tags.add(tag)
response = self.client.get(self.get_tag_uri(tag), {'op': 'nodes'})
self.assertEqual(http.client.OK, response.status_code)
parsed_result = json.loads(
response.content.decode(settings.DEFAULT_CHARSET))
self.assertEqual([node1.system_id],
[r['system_id'] for r in parsed_result])
# The other user can also see his node
client2 = MAASSensibleOAuthClient(user2)
response = client2.get(self.get_tag_uri(tag), {'op': 'nodes'})
self.assertEqual(http.client.OK, response.status_code)
parsed_result = json.loads(
response.content.decode(settings.DEFAULT_CHARSET))
self.assertItemsEqual([node1.system_id, node2.system_id],
[r['system_id'] for r in parsed_result])
def test_PUT_updates(self):
self.become_admin()
pod = factory.make_Pod(pod_type='virsh')
new_name = factory.make_name('pod')
new_tags = [factory.make_name('tag'), factory.make_name('tag')]
new_pool = factory.make_ResourcePool()
new_zone = factory.make_Zone()
new_power_parameters = {
'power_address': 'qemu+ssh://1.2.3.4/system',
'power_pass': factory.make_name('pass'),
}
discovered_pod, _, _ = self.fake_pod_discovery()
response = self.client.put(get_pod_uri(pod), {
'name': new_name,
'tags': ','.join(new_tags),
'power_address': new_power_parameters['power_address'],
'power_pass': new_power_parameters['power_pass'],
'zone': new_zone.name,
'pool': new_pool.name,
})
self.assertEqual(
http.client.OK, response.status_code, response.content)
pod.refresh_from_db()
self.assertEqual(new_name, pod.name)
self.assertEqual(new_pool, pod.pool)
self.assertItemsEqual(new_tags, pod.tags)
self.assertEqual(new_power_parameters, pod.power_parameters)
self.assertEqual(new_zone, pod.zone)
def test_user_can_access_pool(self):
user = factory.make_User()
pool = factory.make_ResourcePool()
manager = ResourcePool.objects
self.assertFalse(manager.user_can_access_pool(user, pool))
pool.grant_user(user)
self.assertTrue(manager.user_can_access_pool(user, pool))
def test_update(self):
pool = factory.make_ResourcePool()
new_name = factory.make_name('pool')
handler = ResourcePoolHandler(factory.make_admin(), {}, None)
handler.update({"id": pool.id, "name": new_name})
pool = reload_object(pool)
self.assertEqual(new_name, pool.name)
def test_list(self):
user = factory.make_User()
handler = ResourcePoolHandler(user, {}, None)
pool = factory.make_ResourcePool()
returned_pool_names = [
data['name'] for data in handler.list({})]
self.assertEqual(['default', pool.name], returned_pool_names)
def make_pod(
self,
cpu=0,
mem=0,
cpu_over_commit=1,
mem_over_commit=1,
pod_type="virsh",
):
# Make one pod
zone = factory.make_Zone()
pool = factory.make_ResourcePool()
ip = factory.make_ipv4_address()
power_parameters = {
"power_address": "qemu+ssh://%s/system" % ip,
"power_pass": "******",
}
return factory.make_Pod(
pod_type=pod_type,
zone=zone,
pool=pool,
cores=cpu,
memory=mem,
cpu_over_commit_ratio=cpu_over_commit,
memory_over_commit_ratio=mem_over_commit,
parameters=power_parameters,
)
def test_get_machine_count(self):
user = factory.make_User()
handler = ResourcePoolHandler(user, {}, None)
pool = factory.make_ResourcePool()
factory.make_Machine(pool=pool)
result = handler.get({"id": pool.id})
self.assertEqual(1, result['machine_total_count'])
def test_updates_pool(self):
pool = factory.make_ResourcePool()
new_description = factory.make_string()
form = ResourcePoolForm(data={"description": new_description},
instance=pool)
form.save()
pool = reload_object(pool)
self.assertEqual(pool.description, new_description)
def test__sets_up_pool_default(self):
request = MagicMock()
pod = make_pod_with_hints()
pool = factory.make_ResourcePool()
pod.pool = pool
pod.save()
form = ComposeMachineForm(request=request, pod=pod)
self.assertEqual(pool, form.initial['pool'])
def test_DELETE_forbidden(self):
self.become_admin()
pool = factory.make_ResourcePool()
self.store.add_pool(pool)
self.store.allow(self.user.username, pool, 'view')
response = self.client.delete(
reverse('resourcepool_handler', args=[pool.name]), {})
self.assertEqual(response.status_code, http.client.FORBIDDEN)
def test_revoke_group_with_machine_other_group_access(self):
user = factory.make_User()
group1 = factory.make_UserGroup(users=[user])
group2 = factory.make_UserGroup(users=[user])
pool = factory.make_ResourcePool(groups=[group1, group2])
factory.make_Node(owner=user, pool=pool)
pool.revoke_group(group1)
self.assertIn(pool, ResourcePool.objects.get_user_resource_pools(user))
def test_get_rbac_fails(self):
self.enable_rbac()
user = factory.make_User()
handler = ResourcePoolHandler(user, {}, None)
pool = factory.make_ResourcePool()
self.rbac_store.add_pool(pool)
self.assertRaises(
HandlerDoesNotExistError, handler.get, {"id": pool.id})
def test_user_cannot_view_node_other_pool(self):
self.enable_rbac()
user = factory.make_User()
node = factory.make_Node()
pool = factory.make_ResourcePool()
self.rbac_store.add_pool(pool)
self.rbac_store.allow(user.username, pool, 'view')
backend = MAASAuthorizationBackend()
self.assertFalse(backend.has_perm(user, NodePermission.view, node))
def test_edit_requires_admin(self):
backend = MAASAuthorizationBackend()
pool = factory.make_ResourcePool()
user = factory.make_User()
admin = factory.make_admin()
self.assertFalse(
backend.has_perm(user, ResourcePoolPermission.edit, pool))
self.assertTrue(
backend.has_perm(admin, ResourcePoolPermission.edit, pool))
def test_view_always_viewable(self):
backend = MAASAuthorizationBackend()
pool = factory.make_ResourcePool()
user = factory.make_User()
admin = factory.make_admin()
self.assertTrue(
backend.has_perm(user, ResourcePoolPermission.view, pool))
self.assertTrue(
backend.has_perm(admin, ResourcePoolPermission.view, pool))
def test_user_sees_all_nodes_in_own_pools(self):
user = factory.make_User()
own_node = make_allocated_node(owner=user)
other_owned_node = make_allocated_node()
unowned_node = factory.make_Node()
factory.make_Node(pool=factory.make_ResourcePool())
self.assertItemsEqual([own_node, unowned_node, other_owned_node],
Node.objects.get_nodes(own_node.owner,
NODE_PERMISSION.VIEW))
def test_creates_pod_with_pool(self):
self.fake_pod_discovery()
pod_info = self.make_pod_info()
pool = factory.make_ResourcePool()
pod_info['pool'] = pool.name
form = PodForm(data=pod_info, request=self.request)
self.assertTrue(form.is_valid(), form._errors)
pod = form.save()
self.assertEqual(pool.id, pod.pool.id)
def test_DELETE_removes_pool(self):
self.become_admin()
pool = factory.make_ResourcePool()
self.store.add_pool(pool)
self.store.allow(self.user.username, pool, 'edit')
response = self.client.delete(
reverse('resourcepool_handler', args=[pool.id]), {})
self.assertEqual(response.status_code, http.client.NO_CONTENT)
self.assertIsNone(reload_object(pool))
def test_get_machine_ready_count(self):
user = factory.make_User()
handler = ResourcePoolHandler(user, {}, None)
pool = factory.make_ResourcePool()
factory.make_Machine(pool=pool, status=NODE_STATUS.NEW)
factory.make_Machine(pool=pool, status=NODE_STATUS.READY)
result = handler.get({"id": pool.id})
self.assertEqual(2, result['machine_total_count'])
self.assertEqual(1, result['machine_ready_count'])
