def test__contract_authorize_management_invalid_lessee(
self, mock_authorize, mock_get):
mock_get.return_value = test_offer
mock_authorize.side_effect = [
policy.PolicyNotAuthorized('esi_leap:contract:contract_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values()),
policy.PolicyNotAuthorized('esi_leap:offer:offer_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
]
self.assertRaises(policy.PolicyNotAuthorized,
utils.contract_authorize_management, test_contract_3,
lessee_ctx.to_policy_values())
mock_authorize.assert_has_calls([
mock.call('esi_leap:contract:contract_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values()),
mock.call('esi_leap:offer:offer_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
])
mock_get.assert_called_with(test_contract_3.offer_uuid)
def test__contract_authorize_management_invalid_owner(
self, mock_authorize, mock_gbu):
mock_gbu.return_value = test_offer
mock_authorize.side_effect = [
policy.PolicyNotAuthorized('esi_leap:contract:contract_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values()),
policy.PolicyNotAuthorized('esi_leap:offer:offer_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values())
]
self.assertRaises(policy.PolicyNotAuthorized,
ContractsController._contract_authorize_management,
test_contract_3, owner_ctx_2.to_policy_values())
mock_authorize.assert_has_calls([
mock.call('esi_leap:contract:contract_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values()),
mock.call('esi_leap:offer:offer_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values())
])
mock_gbu.assert_called_with(test_contract_3.offer_uuid)
def test_policy_authorize_exception(self, mock_authorize):
mock_authorize.side_effect = oslo_policy.PolicyNotAuthorized(
'esi_leap:offer:offer_admin', lessee_ctx.to_dict(),
lessee_ctx.to_dict())
self.assertRaises(exception.HTTPForbidden, utils.policy_authorize,
'test_policy:test', lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
mock_authorize.assert_called_once_with('test_policy:test',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
def test_policy_not_authorized_exception(self):
req = wsgi_resource.Request({})
language = req.best_match_language()
e = oslo_policy.PolicyNotAuthorized(None, None, None)
result = common.convert_exception_to_http_exc(e, {}, language)
except_res = {'message': 'None is disallowed by policy',
'type': 'PolicyNotAuthorized',
'detail': ''}
self.assertEqual(
except_res, jsonutils.loads(result.body)["TackerError"])
self.assertEqual(500, result.code)
def test__contract_get_authorized_contract_none(self, mock_get, mock_cam):
mock_get.return_value = [test_contract_3]
mock_cam.side_effect = [
policy.PolicyNotAuthorized('esi_leap:offer:contract_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
]
self.assertRaises(
exception.ContractNotFound,
ContractsController._contract_get_authorized_contract, 'c',
lessee_ctx.to_policy_values())
mock_get.assert_called_once_with('c')
mock_cam.assert_has_calls([
mock.call(test_contract_3, lessee_ctx.to_policy_values()),
])
def test__contract_authorize_management_valid_owner(
self, mock_authorize, mock_get):
mock_get.return_value = test_offer
mock_authorize.side_effect = [
policy.PolicyNotAuthorized('esi_leap:contract:contract_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values()), None
]
utils.contract_authorize_management(test_contract,
owner_ctx.to_policy_values())
mock_authorize.assert_called_once_with(
'esi_leap:contract:contract_admin', owner_ctx.to_policy_values(),
owner_ctx.to_policy_values())
mock_get.assert_called_with(test_contract.offer_uuid)
def test__contract_get_authorized_contract_unique(self, mock_get,
mock_cam):
mock_get.return_value = [test_contract, test_contract_3]
mock_cam.side_effect = [
None,
policy.PolicyNotAuthorized('esi_leap:offer:contract_admin',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
]
p = ContractsController._contract_get_authorized_contract(
'c', lessee_ctx.to_policy_values())
mock_get.assert_called_once_with('c')
mock_cam.assert_has_calls([
mock.call(test_contract, lessee_ctx.to_policy_values()),
mock.call(test_contract_3, lessee_ctx.to_policy_values()),
])
assert p.uuid == test_contract.uuid
def test_get_offer_authorized_uuid_available_invalid_owner(
self, mock_offer_get, mock_is_uuid_like, mock_authorize):
mock_is_uuid_like.return_value = True
mock_offer_get.return_value = test_offer
mock_authorize.side_effect = [
policy.PolicyNotAuthorized('esi_leap:offer:offer_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values())
]
self.assertRaises(exception.OfferNotFound,
utils.get_offer_authorized, test_offer.uuid,
owner_ctx_2.to_policy_values(), statuses.AVAILABLE)
mock_is_uuid_like.assert_called_once_with(test_offer.uuid)
mock_offer_get.assert_called_once_with(test_offer.uuid)
mock_authorize.assert_called_once_with('esi_leap:offer:offer_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values())
def test__verify_resource_permission_invalid_owner(self, mock_gro,
mock_authorize,
mock_is_resource_admin):
mock_authorize.side_effect = policy.PolicyNotAuthorized(
'esi_leap:offer:offer_admin', owner_ctx.to_dict(),
owner_ctx.to_dict())
bad_test_offer = offer.Offer(resource_type='test_node',
resource_uuid=test_node_2._uuid,
project_id=owner_ctx.project_id)
self.assertRaises(policy.PolicyNotAuthorized,
OffersController._verify_resource_permission,
owner_ctx_2.to_policy_values(),
bad_test_offer.to_dict())
mock_gro.assert_called_once_with(bad_test_offer.resource_type,
bad_test_offer.resource_uuid)
mock_is_resource_admin.assert_called_once_with(
bad_test_offer.project_id)
mock_authorize.assert_called_once_with('esi_leap:offer:offer_admin',
owner_ctx_2.to_policy_values(),
owner_ctx_2.to_policy_values())
