Esempio n. 1
0
 def setUp(self):
     super(TestComputeAPI, self).setUp()
     self.api = AccountAPI(
         base_url='http://compute.localhost',
         auth_token=str(uuid.uuid4())
     )
     self.fake_orga_key = str(uuid.uuid4())
 def setUp(self):
     super(TestAccountAPI, self).setUp()
     self.api = AccountAPI(
         base_url='http://compute.localhost',
         auth_token=str(uuid.uuid4())
     )
     self.fake_orga_key = str(uuid.uuid4())
Esempio n. 3
0
    def __init__(self, auth_token="", region='par1'):
        """Constructor."""
        if auth_token == "":
            logging.error("no auth token provided, exiting")
            exit(-1)

        # --------------------------------
        self.auth_token = auth_token
        self.region = region
        self.org_id = None
        # --------------------------------

        logging.debug("init scaleway")
        self.api_compute = ComputeAPI(region=self.region,
                                      auth_token=self.auth_token)
        self.api_account = AccountAPI(auth_token=self.auth_token)
Esempio n. 4
0
 def get_account_data(self):
     api = AccountAPI(auth_token=self.token)
     res = api.query().organizations.get()
     return res
Esempio n. 5
0
    def test_get_resources(self):
        def compare_results(permissions,
                            service=None,
                            name=None,
                            resource=None,
                            result=None,
                            include_locked=False):
            """ Resets the auth API endpoint /tokens/:id/permissions, call
            get_resources and compare results with what is expected.
            """
            if result is None:
                result = []

            self.make_fake_perms(permissions)
            resources = self.api.get_resources(service=service,
                                               name=name,
                                               resource=resource,
                                               include_locked=include_locked)
            # XOR on two sets returns the difference between them
            # Used because we don't know in which order api.get_resources
            # returns the resources.
            self.assertFalse(set(resources) ^ set(result))

            # Check the API has been requested with
            # ?include_locked set to `include_locked`
            self.assertEqual(
                httpretty.last_request().querystring.get('include_locked'),
                [str(include_locked)])

        # No permission, no resource
        compare_results({}, result=[])

        # Simple permissions
        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        resource='server2',
                        result=['server2'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_delete',
                        result=['server1'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_delete',
                        resource='server1',
                        result=['server1'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_write',
                        result=[])

        # Nested permissions
        compare_results(self.fake_permissions,
                        service='account',
                        name='token:read',
                        result=['token1', 'token2', 'token3'])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:read',
                        resource='invalid',
                        result=[])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:read',
                        resource='token2',
                        result=['token2'])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:write',
                        result=['token1', 'token2', 'token4'])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:admin',
                        result=['token1', 'token2'])

        # Include lock set to True
        compare_results(self.fake_permissions,
                        service='account',
                        name='token:admin',
                        result=['token1', 'token2'],
                        include_locked=True)

        # Test JWT
        self.api = AccountAPI(base_url='http://compute.localhost',
                              auth_jwt=str(uuid.uuid4()))
        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        result=['server1', 'server2'])
Esempio n. 6
0
class TestAccountAPI(FakeAPITestCase, unittest.TestCase):

    fake_permissions = {
        'compute': {
            'can_boot': ['server1', 'server2'],
            'can_delete': ['server1'],
        },
        'account': {
            'token:*': ['token1', 'token2'],
            'token:read': ['token2', 'token3'],
            'token:write': ['token4'],
        }
    }

    def setUp(self):
        super(TestAccountAPI, self).setUp()
        self.api = AccountAPI(base_url='http://compute.localhost',
                              auth_token=str(uuid.uuid4()))
        self.fake_orga_key = str(uuid.uuid4())

    def make_fake_perms(self, permissions):
        if self.api.auth_token:
            self.fake_endpoint(self.api,
                               'tokens/%s/permissions/' % self.api.auth_token,
                               body={'permissions': permissions})
        else:
            self.fake_endpoint(self.api,
                               'jwt/permissions/',
                               body={'permissions': permissions})

    def make_fake_quotas(self, quotas):
        self.fake_endpoint(self.api,
                           'organizations/%s/quotas/' % self.fake_orga_key,
                           body={'quotas': quotas})

    def test_perm_matches(self):
        # simple permissions
        self.assertTrue(self.api.perm_matches('read', 'read'))
        self.assertTrue(self.api.perm_matches(None, 'read'))
        self.assertFalse(self.api.perm_matches('write', 'read'))
        # wildcard
        self.assertTrue(self.api.perm_matches('read', '*'))

        # nested permissions
        self.assertTrue(self.api.perm_matches('object:read', 'object:read'))
        self.assertTrue(self.api.perm_matches('object:read', 'object:*'))
        self.assertTrue(self.api.perm_matches(None, 'object:*'))
        self.assertFalse(self.api.perm_matches('object:write', 'object:read'))

        # different nested sizes
        self.assertTrue(self.api.perm_matches('object:read:subperm', '*'))
        self.assertTrue(self.api.perm_matches('object:read:hello', 'object'))
        self.assertFalse(self.api.perm_matches('object', 'object:read:hello'))

    def test_get_resources(self):
        def compare_results(permissions,
                            service=None,
                            name=None,
                            resource=None,
                            result=None,
                            include_locked=False):
            """ Resets the auth API endpoint /tokens/:id/permissions, call
            get_resources and compare results with what is expected.
            """
            if result is None:
                result = []

            self.make_fake_perms(permissions)
            resources = self.api.get_resources(service=service,
                                               name=name,
                                               resource=resource,
                                               include_locked=include_locked)
            # XOR on two sets returns the difference between them
            # Used because we don't know in which order api.get_resources
            # returns the resources.
            self.assertFalse(set(resources) ^ set(result))

            # Check the API has been requested with
            # ?include_locked set to `include_locked`
            self.assertEqual(
                httpretty.last_request().querystring.get('include_locked'),
                [str(include_locked)])

        # No permission, no resource
        compare_results({}, result=[])

        # Simple permissions
        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        resource='server2',
                        result=['server2'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_delete',
                        result=['server1'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_delete',
                        resource='server1',
                        result=['server1'])

        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_write',
                        result=[])

        # Nested permissions
        compare_results(self.fake_permissions,
                        service='account',
                        name='token:read',
                        result=['token1', 'token2', 'token3'])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:read',
                        resource='invalid',
                        result=[])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:read',
                        resource='token2',
                        result=['token2'])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:write',
                        result=['token1', 'token2', 'token4'])

        compare_results(self.fake_permissions,
                        service='account',
                        name='token:admin',
                        result=['token1', 'token2'])

        # Include lock set to True
        compare_results(self.fake_permissions,
                        service='account',
                        name='token:admin',
                        result=['token1', 'token2'],
                        include_locked=True)

        # Test JWT
        self.api = AccountAPI(base_url='http://compute.localhost',
                              auth_jwt=str(uuid.uuid4()))
        compare_results(self.fake_permissions,
                        service='compute',
                        name='can_boot',
                        result=['server1', 'server2'])

    def test_get_resources_with_empty_token(self):
        self.api = AccountAPI()
        self.assertEqual(self.api.get_resources(), [])

    def test_get_resources_with_invalid_token(self):
        url = 'tokens/%s/permissions/' % (self.api.auth_token)

        self.fake_endpoint(self.api, url, status=400)
        self.assertRaises(BadToken, self.api.get_resources)

        self.fake_endpoint(self.api, url, status=404)
        self.assertRaises(BadToken, self.api.get_resources)

        self.fake_endpoint(self.api, url, status=410)
        self.assertRaises(ExpiredToken, self.api.get_resources)

        self.fake_endpoint(self.api, url, status=418)
        self.assertRaises(slumber.exceptions.SlumberHttpBaseException,
                          self.api.get_resources)

        self.fake_endpoint(self.api, url, status=500)
        self.assertRaises(slumber.exceptions.SlumberHttpBaseException,
                          self.api.get_resources)

    def test_has_perm(self):
        def has_perm(permissions, service=None, name=None, resource=None):
            """ Resets the auth API endpoint /tokens/:id/permissions and call
            api.has_perm.
            """
            self.make_fake_perms(permissions)
            return self.api.has_perm(service=service,
                                     name=name,
                                     resource=resource)

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='compute',
                     name='can_boot',
                     resource='server1'))

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='compute',
                     name='can_boot',
                     resource='server2'))

        self.assertFalse(
            has_perm(self.fake_permissions,
                     service='compute',
                     name='can_boot',
                     resource='server3'))

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='account',
                     name='token:read',
                     resource='token1'))

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='account',
                     name='token:write',
                     resource='token1'))

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='account',
                     name='token:write',
                     resource='token4'))

        self.assertFalse(
            has_perm(self.fake_permissions,
                     service='account',
                     name='token:write',
                     resource='token3'))

    def test_get_quota_403(self):
        url = 'organizations/%s/quotas/' % (self.fake_orga_key)
        self.fake_endpoint(self.api, url, status=403)
        self.assertRaises(slumber.exceptions.HttpClientError,
                          self.api.get_quotas, self.fake_orga_key)

    def test_get_quotas(self):
        self.make_fake_quotas({'invites': 5})
        self.assertEqual(self.api.get_quotas(self.fake_orga_key),
                         {'invites': 5})

    def test_get_quota(self):
        self.make_fake_quotas({'invites': 5})
        self.assertEqual(self.api.get_quota(self.fake_orga_key, 'invites'), 5)

    def test_get_quota_None(self):
        self.make_fake_quotas({'invites': 5})
        self.assertEqual(self.api.get_quota(self.fake_orga_key, 'xoxo'), None)

    def test_has_quota(self):
        self.make_fake_quotas({'invites': 5})
        self.assertTrue(self.api.has_quota(self.fake_orga_key, 'invites', 2))
        self.assertFalse(self.api.has_quota(self.fake_orga_key, 'invites', 5))
        self.assertFalse(self.api.has_quota(self.fake_orga_key, 'nope'))
Esempio n. 7
0
 def test_get_resources_with_empty_token(self):
     self.api = AccountAPI()
     self.assertEqual(self.api.get_resources(), [])
    def test_get_resources(self):

        def compare_results(permissions, service=None, name=None,
                            resource=None, result=None, include_locked=False):
            """ Resets the auth API endpoint /tokens/:id/permissions, call
            get_resources and compare results with what is expected.
            """
            if result is None:
                result = []

            self.make_fake_perms(permissions)
            resources = self.api.get_resources(
                service=service, name=name, resource=resource,
                include_locked=include_locked
            )
            # XOR on two sets returns the difference between them
            # Used because we don't know in which order api.get_resources
            # returns the resources.
            self.assertFalse(set(resources) ^ set(result))

            # Check the API has been requested with
            # ?include_locked set to `include_locked`
            self.assertEqual(
                httpretty.last_request().querystring.get('include_locked'),
                [str(include_locked)]
            )

        # No permission, no resource
        compare_results({}, result=[])

        # Simple permissions
        compare_results(self.fake_permissions,
                        service='compute', name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute', name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute', name='can_boot', resource='server2',
                        result=['server2'])

        compare_results(self.fake_permissions,
                        service='compute', name='can_delete',
                        result=['server1'])

        compare_results(
            self.fake_permissions,
            service='compute', name='can_delete', resource='server1',
            result=['server1']
        )

        compare_results(self.fake_permissions,
                        service='compute', name='can_write',
                        result=[])

        # Nested permissions
        compare_results(self.fake_permissions,
                        service='account', name='token:read',
                        result=['token1', 'token2', 'token3'])

        compare_results(
            self.fake_permissions,
            service='account', name='token:read', resource='invalid',
            result=[]
        )

        compare_results(
            self.fake_permissions,
            service='account', name='token:read', resource='token2',
            result=['token2']
        )

        compare_results(
            self.fake_permissions,
            service='account', name='token:write',
            result=['token1', 'token2', 'token4']
        )

        compare_results(
            self.fake_permissions,
            service='account', name='token:admin',
            result=['token1', 'token2']
        )

        # Include lock set to True
        compare_results(
            self.fake_permissions,
            service='account', name='token:admin',
            result=['token1', 'token2'],
            include_locked=True
        )

        # Test JWT
        self.api = AccountAPI(
            base_url='http://compute.localhost',
            auth_jwt=str(uuid.uuid4())
        )
        compare_results(self.fake_permissions,
                        service='compute', name='can_boot',
                        result=['server1', 'server2'])
class TestAccountAPI(FakeAPITestCase, unittest.TestCase):

    fake_permissions = {
        'compute': {
            'can_boot': ['server1', 'server2'],
            'can_delete': ['server1'],
        },
        'account': {
            'token:*': ['token1', 'token2'],
            'token:read': ['token2', 'token3'],
            'token:write': ['token4'],
        }
    }

    def setUp(self):
        super(TestAccountAPI, self).setUp()
        self.api = AccountAPI(
            base_url='http://compute.localhost',
            auth_token=str(uuid.uuid4())
        )
        self.fake_orga_key = str(uuid.uuid4())

    def make_fake_perms(self, permissions):
        if self.api.auth_token:
            self.fake_endpoint(
                self.api,
                'tokens/%s/permissions/' % self.api.auth_token,
                body={
                    'permissions': permissions
                }
            )
        else:
            self.fake_endpoint(
                self.api,
                'jwt/permissions/',
                body={
                    'permissions': permissions
                }
            )

    def make_fake_quotas(self, quotas):
        self.fake_endpoint(
            self.api,
            'organizations/%s/quotas/' % self.fake_orga_key,
            body={
                'quotas': quotas
            }
        )

    def test_perm_matches(self):
        # simple permissions
        self.assertTrue(self.api.perm_matches('read', 'read'))
        self.assertTrue(self.api.perm_matches(None, 'read'))
        self.assertFalse(self.api.perm_matches('write', 'read'))
        # wildcard
        self.assertTrue(self.api.perm_matches('read', '*'))

        # nested permissions
        self.assertTrue(self.api.perm_matches('object:read', 'object:read'))
        self.assertTrue(self.api.perm_matches('object:read', 'object:*'))
        self.assertTrue(self.api.perm_matches(None, 'object:*'))
        self.assertFalse(self.api.perm_matches('object:write', 'object:read'))

        # different nested sizes
        self.assertTrue(self.api.perm_matches('object:read:subperm', '*'))
        self.assertTrue(self.api.perm_matches('object:read:hello', 'object'))
        self.assertFalse(self.api.perm_matches('object', 'object:read:hello'))

    def test_get_resources(self):

        def compare_results(permissions, service=None, name=None,
                            resource=None, result=None, include_locked=False):
            """ Resets the auth API endpoint /tokens/:id/permissions, call
            get_resources and compare results with what is expected.
            """
            if result is None:
                result = []

            self.make_fake_perms(permissions)
            resources = self.api.get_resources(
                service=service, name=name, resource=resource,
                include_locked=include_locked
            )
            # XOR on two sets returns the difference between them
            # Used because we don't know in which order api.get_resources
            # returns the resources.
            self.assertFalse(set(resources) ^ set(result))

            # Check the API has been requested with
            # ?include_locked set to `include_locked`
            self.assertEqual(
                httpretty.last_request().querystring.get('include_locked'),
                [str(include_locked)]
            )

        # No permission, no resource
        compare_results({}, result=[])

        # Simple permissions
        compare_results(self.fake_permissions,
                        service='compute', name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute', name='can_boot',
                        result=['server1', 'server2'])

        compare_results(self.fake_permissions,
                        service='compute', name='can_boot', resource='server2',
                        result=['server2'])

        compare_results(self.fake_permissions,
                        service='compute', name='can_delete',
                        result=['server1'])

        compare_results(
            self.fake_permissions,
            service='compute', name='can_delete', resource='server1',
            result=['server1']
        )

        compare_results(self.fake_permissions,
                        service='compute', name='can_write',
                        result=[])

        # Nested permissions
        compare_results(self.fake_permissions,
                        service='account', name='token:read',
                        result=['token1', 'token2', 'token3'])

        compare_results(
            self.fake_permissions,
            service='account', name='token:read', resource='invalid',
            result=[]
        )

        compare_results(
            self.fake_permissions,
            service='account', name='token:read', resource='token2',
            result=['token2']
        )

        compare_results(
            self.fake_permissions,
            service='account', name='token:write',
            result=['token1', 'token2', 'token4']
        )

        compare_results(
            self.fake_permissions,
            service='account', name='token:admin',
            result=['token1', 'token2']
        )

        # Include lock set to True
        compare_results(
            self.fake_permissions,
            service='account', name='token:admin',
            result=['token1', 'token2'],
            include_locked=True
        )

        # Test JWT
        self.api = AccountAPI(
            base_url='http://compute.localhost',
            auth_jwt=str(uuid.uuid4())
        )
        compare_results(self.fake_permissions,
                        service='compute', name='can_boot',
                        result=['server1', 'server2'])

    def test_get_resources_with_empty_token(self):
        self.api = AccountAPI()
        self.assertEqual(self.api.get_resources(), [])

    def test_get_resources_with_invalid_token(self):
        url = 'tokens/%s/permissions/' % (
            self.api.auth_token
        )

        self.fake_endpoint(self.api, url, status=400)
        self.assertRaises(BadToken, self.api.get_resources)

        self.fake_endpoint(self.api, url, status=404)
        self.assertRaises(BadToken, self.api.get_resources)

        self.fake_endpoint(self.api, url, status=410)
        self.assertRaises(ExpiredToken, self.api.get_resources)

        self.fake_endpoint(self.api, url, status=418)
        self.assertRaises(slumber.exceptions.SlumberHttpBaseException,
                          self.api.get_resources)

        self.fake_endpoint(self.api, url, status=500)
        self.assertRaises(slumber.exceptions.SlumberHttpBaseException,
                          self.api.get_resources)

    def test_has_perm(self):

        def has_perm(permissions, service=None, name=None, resource=None):
            """ Resets the auth API endpoint /tokens/:id/permissions and call
            api.has_perm.
            """
            self.make_fake_perms(permissions)
            return self.api.has_perm(service=service, name=name,
                                     resource=resource)

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='compute', name='can_boot', resource='server1')
        )

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='compute', name='can_boot', resource='server2')
        )

        self.assertFalse(
            has_perm(self.fake_permissions,
                     service='compute', name='can_boot', resource='server3')
        )

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='account', name='token:read', resource='token1')
        )

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='account', name='token:write', resource='token1')
        )

        self.assertTrue(
            has_perm(self.fake_permissions,
                     service='account', name='token:write', resource='token4')
        )

        self.assertFalse(
            has_perm(self.fake_permissions,
                     service='account', name='token:write', resource='token3')
        )

    def test_get_quota_403(self):
        url = 'organizations/%s/quotas/' % (
            self.fake_orga_key
        )
        self.fake_endpoint(self.api, url, status=403)
        self.assertRaises(slumber.exceptions.HttpClientError,
                          self.api.get_quotas,
                          self.fake_orga_key)

    def test_get_quotas(self):
        self.make_fake_quotas({'invites': 5})
        self.assertEqual(self.api.get_quotas(self.fake_orga_key),
                         {'invites': 5})

    def test_get_quota(self):
        self.make_fake_quotas({'invites': 5})
        self.assertEqual(self.api.get_quota(self.fake_orga_key, 'invites'), 5)

    def test_get_quota_None(self):
        self.make_fake_quotas({'invites': 5})
        self.assertEqual(self.api.get_quota(self.fake_orga_key, 'xoxo'), None)

    def test_has_quota(self):
        self.make_fake_quotas({'invites': 5})
        self.assertTrue(self.api.has_quota(self.fake_orga_key, 'invites', 2))
        self.assertFalse(self.api.has_quota(self.fake_orga_key, 'invites', 5))
        self.assertFalse(self.api.has_quota(self.fake_orga_key, 'nope'))
Esempio n. 10
0
 def test_get_resources_with_empty_token(self):
     self.api = AccountAPI()
     self.assertEqual(self.api.get_resources(), [])