def test_get_quota(self): """ Tests cluster.get_quota() method Verifies: * if no user is passed, return default quota values * if user has quota, return values from Quota * if user doesn't have quota, return default cluster values """ default_quota = {'default': 1, 'ram': 1, 'virtual_cpus': None, 'disk': 3} user_quota = {'default': 0, 'ram': 4, 'virtual_cpus': 5, 'disk': None} cluster = Cluster(hostname='foo.fake.hostname') cluster.__dict__.update(default_quota) cluster.save() user = User(username='******') user.save() # default quota self.assertEqual(default_quota, cluster.get_quota()) # user without quota, defaults to default self.assertEqual(default_quota, cluster.get_quota(user.get_profile())) # user with custom quota quota = Quota(cluster=cluster, user=user.get_profile()) quota.__dict__.update(user_quota) quota.save() self.assertEqual(user_quota, cluster.get_quota(user.get_profile())) quota.delete() cluster.delete() user.delete()
def test_get_quota(self): """ Tests cluster.get_quota() method Verifies: * if no user is passed, return default quota values * if user has quota, return values from Quota * if user doesn't have quota, return default cluster values """ default_quota = { 'default': 1, 'ram': 1, 'virtual_cpus': None, 'disk': 3 } user_quota = {'default': 0, 'ram': 4, 'virtual_cpus': 5, 'disk': None} cluster = Cluster(hostname='foo.fake.hostname') cluster.__dict__.update(default_quota) cluster.save() user = User(username='******') user.save() # default quota self.assertEqual(default_quota, cluster.get_quota()) # user without quota, defaults to default self.assertEqual(default_quota, cluster.get_quota(user.get_profile())) # user with custom quota quota = Quota(cluster=cluster, user=user.get_profile()) quota.__dict__.update(user_quota) quota.save() self.assertEqual(user_quota, cluster.get_quota(user.get_profile())) quota.delete() cluster.delete() user.delete()
def test_view_group_permissions(self): """ Test editing Group permissions on a Cluster """ args = (self.cluster.slug, self.group.id) args_post = self.cluster.slug url = "/cluster/%s/permissions/group/%s" url_post = "/cluster/%s/permissions/" # anonymous user response = self.c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # unauthorized user self.assertTrue(self.c.login(username=self.unauthorized.username, password='******')) response = self.c.get(url % args) self.assertEqual(403, response.status_code) # nonexisent cluster response = self.c.get(url % ("DOES_NOT_EXIST", self.group.id)) self.assertEqual(404, response.status_code) # valid GET authorized user (perm) self.assertTrue(self.c.login(username=self.cluster_admin.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') self.user.revoke('admin', self.cluster) # valid GET authorized user (superuser) self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') # invalid group response = self.c.get(url % (self.cluster.slug, 0)) self.assertEqual(404, response.status_code) # invalid group (POST) data = { 'permissions': ['admin'], 'group': -1, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # no group (POST) data = { 'permissions': ['admin'], 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # valid POST group has permissions self.group.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'group': self.group.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/cluster/group_row.html') self.assertEqual(['admin'], self.group.get_perms(self.cluster)) # add quota to the group user_quota = {'default': 0, 'ram': 51, 'virtual_cpus': 10, 'disk': 3000} quota = Quota(cluster=self.cluster, user=self.group.organization) quota.__dict__.update(user_quota) quota.save() self.assertEqual(user_quota, self.cluster.get_quota(self.group.organization)) # valid POST group has no permissions left data = { 'permissions': [], 'group': self.group.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual([], self.group.get_perms(self.cluster)) self.assertEqual('"group_%s"' % self.group.id, response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.group.organization)['default'] ) self.assertFalse(self.group.organization.quotas.all().exists()) # no permissions specified - user with no quota self.group.grant('create_vm', self.cluster) self.cluster.set_quota(self.group.organization, None) data = { 'permissions': [], 'group': self.group.id, 'obj': self.cluster.pk, } response = self.c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.group.organization)['default'] ) self.assertFalse(self.group.organization.quotas.all().exists())
def test_view_user_permissions(self): """ Tests updating users permissions Verifies: * anonymous user returns 403 * lack of permissions returns 403 * nonexistent cluster returns 404 * invalid user returns 404 * invalid group returns 404 * missing user and group returns error as json * GET returns html for form * If user/group has permissions no html is returned * If user/group has no permissions a json response of -1 is returned """ args = (self.cluster.slug, self.user.id) args_post = self.cluster.slug url = "/cluster/%s/permissions/user/%s" url_post = "/cluster/%s/permissions/" # anonymous user response = self.c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # unauthorized user self.assertTrue(self.c.login(username=self.unauthorized.username, password='******')) response = self.c.get(url % args) self.assertEqual(403, response.status_code) # nonexisent cluster response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id)) self.assertEqual(404, response.status_code) # valid GET authorized user (perm) self.assertTrue(self.c.login(username=self.cluster_admin.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') # valid GET authorized user (superuser) self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') # invalid user response = self.c.get(url % (self.cluster.slug, -1)) self.assertEqual(404, response.status_code) # invalid user (POST) self.user.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'user': -1, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # no user (POST) # XXX double-grant? self.user.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # valid POST user has permissions # XXX triple-grant?! self.user.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'user': self.user.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html') self.assertTrue(self.user.has_perm('admin', self.cluster)) self.assertFalse(self.user.has_perm('create_vm', self.cluster)) # add quota to the user user_quota = {'default': 0, 'ram': 51, 'virtual_cpus': 10, 'disk': 3000} quota = Quota(cluster=self.cluster, user=self.user.get_profile()) quota.__dict__.update(user_quota) quota.save() self.assertEqual(user_quota, self.cluster.get_quota(self.user.get_profile())) # valid POST user has no permissions left data = { 'permissions': [], 'user': self.user.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual([], get_user_perms(self.user, self.cluster)) # XXX this is too hardcoded and can spuriously fail self.assertEqual('"user_2"', response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.user.get_profile())['default'] ) self.assertFalse(self.user.get_profile().quotas.all().exists()) # no permissions specified - user with no quota # XXX quadra-grant!!! self.user.grant('create_vm', self.cluster) self.cluster.set_quota(self.user.get_profile(), None) data = { 'permissions': [], 'user': self.user.id, 'obj': self.cluster.pk, } response = self.c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.user.get_profile())['default'] ) self.assertFalse(self.user.get_profile().quotas.all().exists())
def test_view_group_permissions(self): """ Test editing Group permissions on a Cluster """ args = (self.cluster.slug, self.group.id) args_post = self.cluster.slug url = "/cluster/%s/permissions/group/%s" url_post = "/cluster/%s/permissions/" # anonymous user response = self.c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # unauthorized user self.assertTrue( self.c.login(username=self.unauthorized.username, password='******')) response = self.c.get(url % args) self.assertEqual(403, response.status_code) # nonexisent cluster response = self.c.get(url % ("DOES_NOT_EXIST", self.group.id)) self.assertEqual(404, response.status_code) # valid GET authorized user (perm) self.assertTrue( self.c.login(username=self.cluster_admin.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') self.user.revoke('admin', self.cluster) # valid GET authorized user (superuser) self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') # invalid group response = self.c.get(url % (self.cluster.slug, 0)) self.assertEqual(404, response.status_code) # invalid group (POST) data = { 'permissions': ['admin'], 'group': -1, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # no group (POST) data = { 'permissions': ['admin'], 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # valid POST group has permissions self.group.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'group': self.group.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/cluster/group_row.html') self.assertEqual(['admin'], self.group.get_perms(self.cluster)) # add quota to the group user_quota = { 'default': 0, 'ram': 51, 'virtual_cpus': 10, 'disk': 3000 } quota = Quota(cluster=self.cluster, user=self.group.organization) quota.__dict__.update(user_quota) quota.save() self.assertEqual(user_quota, self.cluster.get_quota(self.group.organization)) # valid POST group has no permissions left data = { 'permissions': [], 'group': self.group.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual([], self.group.get_perms(self.cluster)) self.assertEqual('"group_%s"' % self.group.id, response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.group.organization)['default']) self.assertFalse(self.group.organization.quotas.all().exists()) # no permissions specified - user with no quota self.group.grant('create_vm', self.cluster) self.cluster.set_quota(self.group.organization, None) data = { 'permissions': [], 'group': self.group.id, 'obj': self.cluster.pk, } response = self.c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.group.organization)['default']) self.assertFalse(self.group.organization.quotas.all().exists())
def test_view_user_permissions(self): """ Tests updating users permissions Verifies: * anonymous user returns 403 * lack of permissions returns 403 * nonexistent cluster returns 404 * invalid user returns 404 * invalid group returns 404 * missing user and group returns error as json * GET returns html for form * If user/group has permissions no html is returned * If user/group has no permissions a json response of -1 is returned """ args = (self.cluster.slug, self.user.id) args_post = self.cluster.slug url = "/cluster/%s/permissions/user/%s" url_post = "/cluster/%s/permissions/" # anonymous user response = self.c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # unauthorized user self.assertTrue( self.c.login(username=self.unauthorized.username, password='******')) response = self.c.get(url % args) self.assertEqual(403, response.status_code) # nonexisent cluster response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id)) self.assertEqual(404, response.status_code) # valid GET authorized user (perm) self.assertTrue( self.c.login(username=self.cluster_admin.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') # valid GET authorized user (superuser) self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url % args) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'object_permissions/permissions/form.html') # invalid user response = self.c.get(url % (self.cluster.slug, -1)) self.assertEqual(404, response.status_code) # invalid user (POST) self.user.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'user': -1, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # no user (POST) # XXX double-grant? self.user.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # valid POST user has permissions # XXX triple-grant?! self.user.grant('create_vm', self.cluster) data = { 'permissions': ['admin'], 'user': self.user.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html') self.assertTrue(self.user.has_perm('admin', self.cluster)) self.assertFalse(self.user.has_perm('create_vm', self.cluster)) # add quota to the user user_quota = { 'default': 0, 'ram': 51, 'virtual_cpus': 10, 'disk': 3000 } quota = Quota(cluster=self.cluster, user=self.user.get_profile()) quota.__dict__.update(user_quota) quota.save() self.assertEqual(user_quota, self.cluster.get_quota(self.user.get_profile())) # valid POST user has no permissions left data = { 'permissions': [], 'user': self.user.id, 'obj': self.cluster.pk, } response = self.c.post(url_post % args_post, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual([], get_user_perms(self.user, self.cluster)) # XXX this is too hardcoded and can spuriously fail self.assertEqual('"user_2"', response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.user.get_profile())['default']) self.assertFalse(self.user.get_profile().quotas.all().exists()) # no permissions specified - user with no quota # XXX quadra-grant!!! self.user.grant('create_vm', self.cluster) self.cluster.set_quota(self.user.get_profile(), None) data = { 'permissions': [], 'user': self.user.id, 'obj': self.cluster.pk, } response = self.c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('0', response.content) # quota should be deleted (and showing default) self.assertEqual( 1, self.cluster.get_quota(self.user.get_profile())['default']) self.assertFalse(self.user.get_profile().quotas.all().exists())