def setUpClass(cls):
super(RBACUtilsTestCase, cls).setUpClass()
# TODO: Put in the base rbac db test case
insert_system_roles()
# Add mock users - system admin, admin, non-admin
cls.system_admin_user = UserDB(name='system_admin_user')
cls.system_admin_user.save()
cls.admin_user = UserDB(name='admin_user')
cls.admin_user.save()
cls.regular_user = UserDB(name='regular_user')
cls.regular_user.save()
# Add system admin role assignment
role_assignment_1 = UserRoleAssignmentDB(
user=cls.system_admin_user.name, role=SystemRole.SYSTEM_ADMIN,
source='assignments/%s.yaml' % cls.system_admin_user.name)
role_assignment_1.save()
# Add admin role assignment
role_assignment_2 = UserRoleAssignmentDB(
user=cls.admin_user.name, role=SystemRole.ADMIN,
source='assignments/%s.yaml' % cls.admin_user.name)
role_assignment_2.save()
def setUpClass(cls):
super(RBACUtilsTestCase, cls).setUpClass()
# TODO: Put in the base rbac db test case
insert_system_roles()
# Add mock users - system admin, admin, non-admin
cls.system_admin_user = UserDB(name='system_admin_user')
cls.system_admin_user.save()
cls.admin_user = UserDB(name='admin_user')
cls.admin_user.save()
cls.regular_user = UserDB(name='regular_user')
cls.regular_user.save()
# Add system admin role assignment
role_assignment_1 = UserRoleAssignmentDB(user=cls.system_admin_user.name,
role=SystemRole.SYSTEM_ADMIN)
role_assignment_1.save()
# Add admin role assignment
role_assignment_2 = UserRoleAssignmentDB(user=cls.admin_user.name,
role=SystemRole.ADMIN)
role_assignment_2.save()
def setup(service, config, setup_db=True, register_mq_exchanges=True,
register_signal_handlers=True, run_migrations=True):
"""
Common setup function.
Currently it performs the following operations:
1. Parses config and CLI arguments
2. Establishes DB connection
3. Set log level for all the loggers to DEBUG if --debug flag is present
4. Registers RabbitMQ exchanges
5. Registers common signal handlers
:param service: Name of the service.
:param config: Config object to use to parse args.
"""
# Set up logger which logs everything which happens during and before config
# parsing to sys.stdout
logging.setup(DEFAULT_LOGGING_CONF_PATH)
# Parse args to setup config.
config.parse_args()
config_file_paths = cfg.CONF.config_file
config_file_paths = [os.path.abspath(path) for path in config_file_paths]
LOG.debug('Using config files: %s', ','.join(config_file_paths))
# Setup logging.
logging_config_path = config.get_logging_config_path()
logging_config_path = os.path.abspath(logging_config_path)
LOG.debug('Using logging config: %s', logging_config_path)
logging.setup(logging_config_path)
if cfg.CONF.debug:
set_log_level_for_all_loggers(level=stdlib_logging.DEBUG)
# All other setup which requires config to be parsed and logging to
# be correctly setup.
if setup_db:
db_setup()
if register_mq_exchanges:
register_exchanges()
if register_signal_handlers:
register_common_signal_handlers()
# TODO: This is a "not so nice" workaround until we have a proper migration system in place
if run_migrations:
insert_system_roles()
if cfg.CONF.rbac.enable and not cfg.CONF.auth.enable:
msg = ('Authentication is not enabled. RBAC only works when authentication is enabled.'
'You can either enable authentication or disable RBAC.')
raise Exception(msg)
def test_insert_system_roles(self):
role_dbs = rbac_service.get_all_roles()
self.assertItemsEqual(role_dbs, [])
insert_system_roles()
role_dbs = rbac_service.get_all_roles()
self.assertTrue(len(role_dbs), 3)
role_names = [role_db.name for role_db in role_dbs]
self.assertTrue('system_admin' in role_names)
self.assertTrue('admin' in role_names)
self.assertTrue('observer' in role_names)
def test_insert_system_roles(self):
role_dbs = get_all_roles()
self.assertItemsEqual(role_dbs, [])
insert_system_roles()
role_dbs = get_all_roles()
self.assertTrue(len(role_dbs), 3)
role_names = [role_db.name for role_db in role_dbs]
self.assertTrue('system_admin' in role_names)
self.assertTrue('admin' in role_names)
self.assertTrue('observer' in role_names)
def setUp(self):
super(BasePermissionsResolverTestCase, self).setUp()
# Make sure RBAC is enabeld
cfg.CONF.set_override(name='enable', override=True, group='rbac')
self.users = {}
self.roles = {}
self.resources = {}
# Run role "migrations"
insert_system_roles()
# Insert common mock objects
self._insert_common_mocks()
def setUp(self):
super(BasePermissionsResolverTestCase, self).setUp()
# Make sure RBAC is enabeld
cfg.CONF.set_override(name='enable', override=True, group='rbac')
self.users = {}
self.roles = {}
self.resources = {}
# Run role "migrations"
insert_system_roles()
# Insert common mock objects
self._insert_common_mocks()
def setUpClass(cls):
super(RBACUtilsTestCase, cls).setUpClass()
# TODO: Put in the base rbac db test case
insert_system_roles()
# Add two mock users - one admin and one non-admin
cls.admin_user = UserDB(name='admin_user')
cls.admin_user.save()
cls.regular_user = UserDB(name='regular_user')
cls.regular_user.save()
# TODO: Add admin role assignment
role_assignment_1 = UserRoleAssignmentDB(user=cls.admin_user.name,
role=SystemRole.ADMIN)
role_assignment_1.save()
def setup(service,
config,
setup_db=True,
register_mq_exchanges=True,
register_signal_handlers=True,
run_migrations=True):
"""
Common setup function.
Currently it performs the following operations:
1. Parses config and CLI arguments
2. Establishes DB connection
3. Set log level for all the loggers to DEBUG if --debug flag is present
4. Registers RabbitMQ exchanges
5. Registers common signal handlers
:param service: Name of the service.
:param config: Config object to use to parse args.
"""
# Set up logger which logs everything which happens during and before config
# parsing to sys.stdout
logging.setup(DEFAULT_LOGGING_CONF_PATH)
# Parse args to setup config.
config.parse_args()
config_file_paths = cfg.CONF.config_file
config_file_paths = [os.path.abspath(path) for path in config_file_paths]
LOG.debug('Using config files: %s', ','.join(config_file_paths))
# Setup logging.
logging_config_path = config.get_logging_config_path()
logging_config_path = os.path.abspath(logging_config_path)
LOG.debug('Using logging config: %s', logging_config_path)
logging.setup(logging_config_path)
if cfg.CONF.debug:
set_log_level_for_all_loggers(level=stdlib_logging.DEBUG)
# All other setup which requires config to be parsed and logging to
# be correctly setup.
if setup_db:
db_setup()
if register_mq_exchanges:
register_exchanges()
if register_signal_handlers:
register_common_signal_handlers()
# TODO: This is a "not so nice" workaround until we have a proper migration system in place
if run_migrations:
insert_system_roles()
if cfg.CONF.rbac.enable and not cfg.CONF.auth.enable:
msg = (
'Authentication is not enabled. RBAC only works when authentication is enabled.'
'You can either enable authentication or disable RBAC.')
raise Exception(msg)