def test_create_no_permission(self): self.patch(auth, 'validate_user_external_auth').return_value = True self.useFixture(RBACEnabled()) self.become_non_local() response = self.client.post(reverse('devices_handler'), {'mac_addresses': ['aa:bb:cc:dd:ee:ff']}) self.assertEqual(response.status_code, http.client.FORBIDDEN)
def test_returns_vcenter_yaml_if_rbac_admin(self): rbac = self.useFixture(RBACEnabled()) node = factory.make_Node( status=NODE_STATUS.DEPLOYING, osystem="esxi", owner=factory.make_User(), ) node.nodemetadata_set.create(key="vcenter_registration", value="True") rbac.store.add_pool(node.pool) rbac.store.allow(node.owner.username, node.pool, "admin-machines") vcenter = { "vcenter_server": factory.make_name("vcenter_server"), "vcenter_username": factory.make_name("vcenter_username"), "vcenter_password": factory.make_name("vcenter_password"), "vcenter_datacenter": factory.make_name("vcenter_datacenter"), } for key, value in vcenter.items(): Config.objects.set_config(key, value) config = get_vendor_data(node, None) self.assertDictEqual( { "write_files": [{ "content": yaml.safe_dump(vcenter), "path": "/altbootbank/maas/vcenter.yaml", }] }, config, )
def test_has_perm_rbac_read_permission_on_pool(self): rbac = self.useFixture(RBACEnabled()) user = factory.make_User() rbac.store.allow( user.username, factory.make_ResourcePool(), 'view') form = DeviceForm() self.assertFalse(form.has_perm(user))
def test_has_perm_rbac_permission_on_pool(self): rbac = self.useFixture(RBACEnabled()) user = factory.make_User() rbac.store.allow(user.username, factory.make_ResourcePool(), "admin-machines") form = DeviceForm() self.assertTrue(form.has_perm(user))
def test_update_owned_with_rbac(self): self.useFixture(RBACEnabled()) user = factory.make_User(is_local=False) node = factory.make_Node(owner=user, node_type=NODE_TYPE.DEVICE) handler = DeviceHandler(user, {}, None) new_hostname = factory.make_name("hostname") updated_node = handler.update({ "system_id": node.system_id, 'hostname': new_hostname }) self.assertEqual(updated_node['hostname'], new_hostname)
def test_update_owned_with_rbac(self): rbac = self.useFixture(RBACEnabled()) user = factory.make_User(is_local=False) rbac.store.allow(user.username, factory.make_ResourcePool(), "admin-machines") node = factory.make_Node(owner=user, node_type=NODE_TYPE.DEVICE) handler = DeviceHandler(user, {}, None) new_hostname = factory.make_name("hostname") updated_node = handler.update({ "system_id": node.system_id, "hostname": new_hostname }) self.assertEqual(updated_node["hostname"], new_hostname)
def test_get_power_parameters_rbac_pool_user(self): self.patch(auth, "validate_user_external_auth").return_value = True rbac = self.useFixture(RBACEnabled()) self.become_non_local() power_parameters = {factory.make_string(): factory.make_string()} node = factory.make_Machine(power_parameters=power_parameters) rbac.store.add_pool(node.pool) rbac.store.allow(self.user.username, node.pool, "view") rbac.store.allow(self.user.username, node.pool, "deploy-machines") response = self.client.get(self.get_node_uri(node), {"op": "power_parameters"}) self.assertEqual(http.client.FORBIDDEN, response.status_code, response.content)
def test_get_power_parameters_rbac_pool_admin(self): self.patch(auth, 'validate_user_external_auth').return_value = True rbac = self.useFixture(RBACEnabled()) self.become_non_local() power_parameters = {factory.make_string(): factory.make_string()} node = factory.make_Machine(power_parameters=power_parameters) rbac.store.add_pool(node.pool) rbac.store.allow(self.user.username, node.pool, 'admin-machines') response = self.client.get(self.get_node_uri(node), {'op': 'power_parameters'}) self.assertEqual(http.client.OK, response.status_code, response.content) parsed_params = json_load_bytes(response.content) self.assertEqual(node.power_parameters, parsed_params)
def test_PUT_updates_with_rbac(self): self.patch(auth, "validate_user_external_auth").return_value = True self.useFixture(RBACEnabled()) self.become_non_local() device = factory.make_Node(node_type=NODE_TYPE.DEVICE, owner=self.user) new_hostname = factory.make_name("hostname") response = self.client.put(get_device_uri(device), {"hostname": new_hostname}) self.assertEqual(http.client.OK, response.status_code, response.content) device = reload_object(device) self.assertEqual(new_hostname, device.hostname)
def test_set_zone_does_not_work_if_not_rbac_pool_admin(self): rbac = self.useFixture(RBACEnabled()) user = factory.make_User() machine = factory.make_Machine() rbac.store.add_pool(machine.pool) rbac.store.allow(user.username, machine.pool, "deploy-machines") rbac.store.allow(user.username, machine.pool, "view") form = BulkNodeSetZoneForm( user=user, data={ "zone": factory.make_Zone().name, "system_id": [machine.system_id], }, ) self.assertFalse(form.is_valid())
def test_POST_set_zone_rbac_pool_admin_allowed(self): self.patch(auth, 'validate_user_external_auth').return_value = True rbac = self.useFixture(RBACEnabled()) self.become_non_local() machine = factory.make_Machine() zone = factory.make_Zone() rbac.store.add_pool(machine.pool) rbac.store.allow(self.user.username, machine.pool, 'admin-machines') rbac.store.allow(self.user.username, machine.pool, 'view') response = self.client.post(reverse('nodes_handler'), { 'op': 'set_zone', 'nodes': [machine.system_id], 'zone': zone.name }) self.assertEqual(http.client.OK, response.status_code) machine = reload_object(machine) self.assertEqual(zone, machine.zone)
def test_returns_nothing_if_rbac_user(self): rbac = self.useFixture(RBACEnabled()) node = factory.make_Node( status=NODE_STATUS.DEPLOYING, osystem='esxi', owner=factory.make_User()) node.nodemetadata_set.create(key='vcenter_registration', value='True') rbac.store.add_pool(node.pool) rbac.store.allow(node.owner.username, node.pool, 'deploy-machines') vcenter = { 'vcenter_server': factory.make_name('vcenter_server'), 'vcenter_username': factory.make_name('vcenter_username'), 'vcenter_password': factory.make_name('vcenter_password'), 'vcenter_datacenter': factory.make_name('vcenter_datacenter'), } for key, value in vcenter.items(): Config.objects.set_config(key, value) config = get_vendor_data(node, None) self.assertDictEqual({}, config)
def test_returns_nothing_if_rbac_user(self): rbac = self.useFixture(RBACEnabled()) node = factory.make_Node( status=NODE_STATUS.DEPLOYING, osystem="esxi", owner=factory.make_User(), ) node.nodemetadata_set.create(key="vcenter_registration", value="True") rbac.store.add_pool(node.pool) rbac.store.allow(node.owner.username, node.pool, "deploy-machines") vcenter = { "vcenter_datacenter": factory.make_name("vcenter_datacenter"), "vcenter_password": factory.make_name("vcenter_password"), "vcenter_server": factory.make_name("vcenter_server"), "vcenter_username": factory.make_name("vcenter_username"), } for key, value in vcenter.items(): Config.objects.set_config(key, value) config = get_vendor_data(node, None) self.assertNotIn(config, "write_files")
def test_POST_set_zone_rbac_pool_admin_allowed(self): self.patch(auth, "validate_user_external_auth").return_value = True rbac = self.useFixture(RBACEnabled()) self.become_non_local() machine = factory.make_Machine() zone = factory.make_Zone() rbac.store.add_pool(machine.pool) rbac.store.allow(self.user.username, machine.pool, "admin-machines") rbac.store.allow(self.user.username, machine.pool, "view") response = self.client.post( reverse("nodes_handler"), { "op": "set_zone", "nodes": [machine.system_id], "zone": zone.name, }, ) self.assertEqual(http.client.OK, response.status_code) machine = reload_object(machine) self.assertEqual(zone, machine.zone)
def test_set_zone_works_if_rbac_pool_admin(self): rbac = self.useFixture(RBACEnabled()) user = factory.make_User() machine = factory.make_Machine() zone = factory.make_Zone() rbac.store.add_pool(machine.pool) rbac.store.allow(user.username, machine.pool, "admin-machines") rbac.store.allow(user.username, machine.pool, "view") form = BulkNodeSetZoneForm( user=user, data={ "zone": zone.name, "system_id": [machine.system_id] }, ) self.assertTrue(form.is_valid(), form._errors) done, not_actionable, not_permitted = form.save() self.assertEqual([1, 0, 0], [done, not_actionable, not_permitted]) machine = reload_object(machine) self.assertEqual(zone, machine.zone)
def test_returns_vcenter_yaml_if_rbac_admin(self): rbac = self.useFixture(RBACEnabled()) node = factory.make_Node( status=NODE_STATUS.DEPLOYING, osystem='esxi', owner=factory.make_User()) node.nodemetadata_set.create(key='vcenter_registration', value='True') rbac.store.add_pool(node.pool) rbac.store.allow(node.owner.username, node.pool, 'admin-machines') vcenter = { 'vcenter_server': factory.make_name('vcenter_server'), 'vcenter_username': factory.make_name('vcenter_username'), 'vcenter_password': factory.make_name('vcenter_password'), 'vcenter_datacenter': factory.make_name('vcenter_datacenter'), } for key, value in vcenter.items(): Config.objects.set_config(key, value) config = get_vendor_data(node, None) self.assertDictEqual( {'write_files': [{ 'content': yaml.safe_dump(vcenter), 'path': '/altbootbank/maas/vcenter.yaml', }]}, config)
def test_has_perm_rbac_no_permision(self): self.useFixture(RBACEnabled()) form = DeviceForm() self.assertFalse(form.has_perm(factory.make_User()))
def setUp(self): super().setUp() self.patch(auth, 'validate_user_external_auth').return_value = True rbac = self.useFixture(RBACEnabled()) self.store = rbac.store self.become_non_local()
def test_has_perm_rbac_global_admin(self): self.useFixture(RBACEnabled()) user = factory.make_admin() form = DeviceForm() self.assertTrue(form.has_perm(user))