def test_apienforcer_decorator(self, mocker): ''' DrydockPolicy.authorized() should correctly use oslo_policy to enforce RBAC policy based on a DrydockRequestContext instance. authorized() is called via the policy.ApiEnforcer decorator. ''' mocker.patch('oslo_policy.policy.Enforcer') ctx = DrydockRequestContext() policy_engine = policy.DrydockPolicy() # Configure context project_id = str(uuid.uuid4()) ctx.project_id = project_id user_id = str(uuid.uuid4()) ctx.user_id = user_id ctx.roles = ['admin'] ctx.set_policy_engine(policy_engine) # Configure mocked request and response req = mocker.MagicMock() resp = mocker.MagicMock() req.context = ctx self.target_function(req, resp) expected_calls = [ mocker.call.authorize('physical_provisioner:read_task', { 'project_id': project_id, 'user_id': user_id }, ctx.to_policy_view()) ] policy_engine.enforcer.assert_has_calls(expected_calls)
def falcontest(self, drydock_state, deckhand_ingester, deckhand_orchestrator, mock_get_build_data): """Create a test harness for the Falcon API framework.""" policy.policy_engine = policy.DrydockPolicy() policy.policy_engine.register_policy() return testing.TestClient( start_api(state_manager=drydock_state, ingester=deckhand_ingester, orchestrator=deckhand_orchestrator))
def start_drydock(): objects.register_all() # Setup configuration parsing cli_options = [ cfg.BoolOpt('debug', short='d', default=False, help='Enable debug logging'), ] cfg.CONF.register_cli_opts(cli_options) config.config_mgr.register_options() cfg.CONF(sys.argv[1:]) if cfg.CONF.debug: cfg.CONF.set_override(name='log_level', override='DEBUG', group='logging') # Setup root logger logger = logging.getLogger(cfg.CONF.logging.global_logger_name) logger.setLevel(cfg.CONF.logging.log_level) ch = logging.StreamHandler() formatter = logging.Formatter( '%(asctime)s - %(levelname)s - %(filename)s:%(funcName)s - %(message)s' ) ch.setFormatter(formatter) logger.addHandler(ch) # Specalized format for API logging logger = logging.getLogger(cfg.CONF.logging.control_logger_name) logger.propagate = False formatter = logging.Formatter( '%(asctime)s - %(levelname)s - %(user)s - %(req_id)s - %(external_ctx)s - %(message)s' ) ch = logging.StreamHandler() ch.setFormatter(formatter) logger.addHandler(ch) state = statemgmt.DesignState() orchestrator = orch.Orchestrator(cfg.CONF.plugins, state_manager=state) input_ingester = ingester.Ingester() input_ingester.enable_plugins(cfg.CONF.plugins.ingester) # Check if we have an API key in the environment # Hack around until we move MaaS configs to the YAML schema if 'MAAS_API_KEY' in os.environ: cfg.CONF.set_override(name='maas_api_key', override=os.environ['MAAS_API_KEY'], group='maasdriver') # Setup the RBAC policy enforcer policy.policy_engine = policy.DrydockPolicy() policy.policy_engine.register_policy() # Ensure that the policy_engine is initialized before starting the API wsgi_callable = api.start_api(state_manager=state, ingester=input_ingester, orchestrator=orchestrator) # Now that loggers are configured, log the effective config cfg.CONF.log_opt_values( logging.getLogger(cfg.CONF.logging.global_logger_name), logging.DEBUG) return wsgi_callable