def get_group_queryset(request):
"""Obtain the queryset for groups."""
scope = request.query_params.get(SCOPE_KEY, ACCOUNT_SCOPE)
if scope != ACCOUNT_SCOPE:
return get_object_principal_queryset(request, scope, Group)
username = request.query_params.get('username')
if username:
get_principal(username, request.user.account)
return Group.objects.filter(principals__username__iexact=username) | Group.platform_default_set()
if has_group_all_access(request):
return get_annotated_groups() | Group.platform_default_set()
return Group.objects.none()
def obtain_groups_in(obj, request):
"""Shared function to get the groups the roles is in."""
scope_param = request.query_params.get("scope")
username_param = request.query_params.get("username")
policy_ids = list(obj.policies.values_list("id", flat=True))
if scope_param == "principal" or username_param:
principal = get_principal_from_request(request)
assigned_groups = Group.objects.filter(policies__in=policy_ids, principals__in=[principal])
return (assigned_groups | Group.platform_default_set()).distinct()
return Group.objects.filter(policies__in=policy_ids).distinct()
def get_group_queryset(request):
"""Obtain the queryset for groups."""
scope = request.query_params.get(SCOPE_KEY, ACCOUNT_SCOPE)
if scope != ACCOUNT_SCOPE:
return get_object_principal_queryset(request, scope, Group)
username = request.query_params.get("username")
if username:
principal = get_principal(username, request)
if principal.cross_account:
return Group.objects.none()
return Group.objects.filter(principals__username__iexact=username) | Group.platform_default_set()
if has_group_all_access(request):
return get_annotated_groups() | Group.platform_default_set()
access = user_has_perm(request, "group")
if access == "All":
return get_annotated_groups() | Group.platform_default_set()
if access == "None":
return Group.objects.none()
return Group.objects.filter(uuid__in=access) | Group.platform_default_set()
def setUp(self):
"""Set up the principal cleaner tests."""
super().setUp()
with tenant_context(self.tenant):
self.group = Group(name='groupA')
self.group.save()
class PrincipalCleanerTests(IdentityRequest):
"""Test the principal cleaner functions."""
def setUp(self):
"""Set up the principal cleaner tests."""
super().setUp()
with tenant_context(self.tenant):
self.group = Group(name='groupA')
self.group.save()
def test_principal_cleanup_none(self):
"""Test that we can run a principal clean up on a tenant with no principals."""
try:
clean_tenant_principals(self.tenant)
except Exception:
self.fail(msg='clean_tenant_principals encountered an exception')
with tenant_context(self.tenant):
self.assertEqual(Principal.objects.count(), 0)
@patch('management.principal.proxy.PrincipalProxy._request_principals',
return_value={
'status_code': status.HTTP_200_OK,
'data': []
})
def test_principal_cleanup_princpal_in_group(self, mock_request):
"""Test that we can run a principal clean up on a tenant with a principal in a group."""
with tenant_context(self.tenant):
self.principal = Principal(username='******')
self.principal.save()
self.group.principals.add(self.principal)
self.group.save()
try:
clean_tenant_principals(self.tenant)
except Exception:
self.fail(msg='clean_tenant_principals encountered an exception')
with tenant_context(self.tenant):
self.assertEqual(Principal.objects.count(), 0)
@patch('management.principal.proxy.PrincipalProxy._request_principals',
return_value={
'status_code': status.HTTP_200_OK,
'data': []
})
def test_principal_cleanup_princpal_not_in_group(self, mock_request):
"""Test that we can run a principal clean up on a tenant with a principal not in a group."""
with tenant_context(self.tenant):
self.principal = Principal(username='******')
self.principal.save()
try:
clean_tenant_principals(self.tenant)
except Exception:
self.fail(msg='clean_tenant_principals encountered an exception')
with tenant_context(self.tenant):
self.assertEqual(Principal.objects.count(), 0)
@patch('management.principal.proxy.PrincipalProxy._request_principals',
return_value={
'status_code': status.HTTP_200_OK,
'data': [{
'username': '******'
}]
})
def test_principal_cleanup_princpal_exists(self, mock_request):
"""Test that we can run a principal clean up on a tenant with an existing principal."""
with tenant_context(self.tenant):
self.principal = Principal(username='******')
self.principal.save()
try:
clean_tenant_principals(self.tenant)
except Exception:
self.fail(msg='clean_tenant_principals encountered an exception')
with tenant_context(self.tenant):
self.assertEqual(Principal.objects.count(), 1)
@patch('management.principal.proxy.PrincipalProxy._request_principals',
return_value={'status_code': status.HTTP_504_GATEWAY_TIMEOUT})
def test_principal_cleanup_princpal_error(self, mock_request):
"""Test that we can handle a principal clean up with an unexpected error from proxy."""
with tenant_context(self.tenant):
self.principal = Principal(username='******')
self.principal.save()
try:
clean_tenant_principals(self.tenant)
except Exception:
self.fail(msg='clean_tenant_principals encountered an exception')
with tenant_context(self.tenant):
self.assertEqual(Principal.objects.count(), 1)