def resource_policy_authorize(policy_name, target, creds,
resource_type, resource):
try:
policy_authorize(policy_name, target, creds)
except exception.HTTPForbidden:
raise exception.HTTPResourceForbidden(resource_type=resource_type,
resource=resource)
def test_post_non_admin_no_parent_lease(self, mock_create, mock_cra,
mock_generate_uuid, mock_gpufi,
mock_gro, mock_crla):
fake_uuid = '13921c8d-ce11-4b6d-99ed-10e19d184e5f'
resource = IronicNode(fake_uuid)
mock_gro.return_value = resource
mock_gpufi.return_value = 'lesseeid'
mock_generate_uuid.return_value = self.test_lease.uuid
mock_cra.side_effect = exception.HTTPResourceForbidden(
resource_type='ironic_node', resource=fake_uuid)
mock_crla.return_value = None
data = {
'project_id': 'lesseeid',
'resource_uuid': fake_uuid,
'start_time': '2016-07-17T19:20:30',
'end_time': '2016-08-14T19:20:30'
}
request = self.post_json('/leases', data, expect_errors=True)
mock_gro.assert_called_once_with('ironic_node', fake_uuid)
mock_generate_uuid.assert_called_once()
mock_cra.assert_called_once_with(self.context.to_policy_values(),
resource, self.context.project_id)
mock_crla.assert_called_once_with(
self.context.to_policy_values(), resource, self.context.project_id,
datetime.datetime(2016, 7, 17, 19, 20, 30),
datetime.datetime(2016, 8, 14, 19, 20, 30))
mock_create.assert_not_called()
self.assertEqual(http_client.FORBIDDEN, request.status_int)
def test_post_non_admin_no_parent_lease(self, mock_ogdwai, mock_create,
mock_cra, mock_generate_uuid,
mock_gro, mock_crla):
resource = TestNode(self.test_offer_with_parent.resource_uuid)
mock_gro.return_value = resource
mock_generate_uuid.return_value = self.test_offer_with_parent.uuid
mock_create.return_value = self.test_offer_with_parent
mock_ogdwai.return_value = self.test_offer_with_parent.to_dict()
mock_cra.side_effect = exception.HTTPResourceForbidden(
resource_type='test_node',
resource=self.test_offer_with_parent.resource_uuid)
mock_crla.return_value = None
data = {
'resource_type': self.test_offer_with_parent.resource_type,
'resource_uuid': self.test_offer_with_parent.resource_uuid,
'name': self.test_offer_with_parent.name,
'start_time': '2016-07-16T00:00:00',
'end_time': '2016-10-24T00:00:00'
}
request = self.post_json('/offers', data, expect_errors=True)
mock_gro.assert_called_once_with(
self.test_offer_with_parent.resource_type,
self.test_offer_with_parent.resource_uuid)
mock_cra.assert_called_once_with(self.context.to_policy_values(),
resource, self.context.project_id)
mock_crla.assert_called_once_with(
self.context.to_policy_values(), resource, self.context.project_id,
datetime.datetime(2016, 7, 16, 0, 0, 0),
datetime.datetime(2016, 10, 24, 0, 0, 0))
mock_create.assert_not_called()
mock_ogdwai.assert_not_called()
self.assertEqual(http_client.FORBIDDEN, request.status_int)
def test_check_offer_lessee_non_admin_no_match(self, mock_gppit,
mock_authorize):
mock_authorize.side_effect = exception.HTTPResourceForbidden(
resource_type='offer', resource=test_offer_lessee_no_match.uuid)
mock_gppit.return_value = [lessee_ctx.project_id, 'lesseeidparent']
self.assertRaises(exception.HTTPResourceForbidden,
utils.check_offer_lessee,
lessee_ctx.to_policy_values(),
test_offer_lessee_no_match)
mock_authorize.assert_called_once_with('esi_leap:offer:offer_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
mock_gppit.assert_called_once_with(lessee_ctx.project_id)
def test_post_non_admin_parent_lease(self, mock_create, mock_cra,
mock_generate_uuid, mock_gpufi,
mock_gro, mock_crla, mock_lgdwai):
resource = IronicNode('13921c8d-ce11-4b6d-99ed-10e19d184e5f')
data = {
'project_id': 'lesseeid',
'resource_uuid': '1234567890',
'start_time': '2016-07-17T19:20:30',
'end_time': '2016-08-14T19:20:30'
}
return_data = data.copy()
return_data['owner_id'] = self.context.project_id
return_data['uuid'] = self.test_lease_with_parent.uuid
return_data['resource_type'] = 'ironic_node'
return_data['parent_lease_uuid'] = (
self.test_lease_with_parent.parent_lease_uuid)
lgdwai_return_data = return_data.copy()
lgdwai_return_data['start_time'] = datetime.datetime(
2016, 7, 17, 19, 20, 30)
lgdwai_return_data['end_time'] = datetime.datetime(
2016, 8, 14, 19, 20, 30)
mock_gro.return_value = resource
mock_gpufi.return_value = 'lesseeid'
mock_generate_uuid.return_value = self.test_lease_with_parent.uuid
mock_cra.side_effect = exception.HTTPResourceForbidden(
resource_type='ironic_node', resource='1234567890')
mock_crla.return_value = self.test_lease_with_parent.parent_lease_uuid
mock_lgdwai.return_value = lgdwai_return_data
request = self.post_json('/leases', data)
mock_gro.assert_called_once_with('ironic_node', '1234567890')
mock_generate_uuid.assert_called_once()
mock_cra.assert_called_once_with(self.context.to_policy_values(),
resource, self.context.project_id)
mock_crla.assert_called_once_with(
self.context.to_policy_values(), resource, self.context.project_id,
datetime.datetime(2016, 7, 17, 19, 20, 30),
datetime.datetime(2016, 8, 14, 19, 20, 30))
mock_create.assert_called_once()
mock_lgdwai.assert_called_once()
self.assertEqual(return_data, request.json)
self.assertEqual(http_client.CREATED, request.status_int)
def test_check_resource_admin_invalid_owner(self, mock_authorize, mock_ra):
mock_ra.return_value = owner_ctx_2.project_id
mock_authorize.side_effect = exception.HTTPResourceForbidden(
resource_type='test_node', resource=test_node_2._uuid)
bad_test_offer = offer.Offer(resource_type='test_node',
resource_uuid=test_node_2._uuid,
project_id=owner_ctx.project_id)
self.assertRaises(exception.HTTPResourceForbidden,
utils.check_resource_admin,
owner_ctx_2.to_policy_values(), test_node_2,
bad_test_offer.project_id)
mock_ra.assert_called_once()
mock_authorize.assert_called_once_with('esi_leap:offer:offer_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values(),
'test_node', test_node_2._uuid)