def test_ensure_roles_creates_no_roles_if_no_file_specified(
self, config_mock_none):
"""ensure_roles should not create anything if no auth.role_definition_file
is specified"""
ensure_roles()
assert len(Role.objects.filter(name="testrole1")) == 0
def test_ensure_roles_creates_superuser_role_if_none_exists(
self, monkeypatch):
"""A superuser role with all permissions should be created if none exists"""
monkeypatch.setattr(beer_garden.db.mongo.util,
"_sync_roles_from_role_definition_file", Mock())
assert len(Role.objects.filter(name="superuser")) == 0
ensure_roles()
superuser = Role.objects.get(name="superuser")
assert len(superuser.permissions) == len(Permissions)
def test_ensure_roles_raises_exception_when_file_not_found(
self, config_mock_value):
"""ensure_roles should raise ConfigurationError if the file specified by
auth.role_definition_file is not found"""
def file_not_found(arg1, arg2):
raise FileNotFoundError
with patch("builtins.open", mock_open()) as mock_file_read:
mock_file_read.side_effect = file_not_found
with pytest.raises(ConfigurationError):
ensure_roles()
def test_ensure_roles_preserves_existing_superuser(self, monkeypatch):
"""An existing superuser role should be left untouched by ensure_roles"""
monkeypatch.setattr(beer_garden.db.mongo.util,
"_sync_roles_from_role_definition_file", Mock())
superuser = Role(name="superuser",
permissions=[list(Permissions)[0].value]).save()
monkeypatch.setattr(Role, "save", Mock())
ensure_roles()
assert Role.save.called is False
assert len(superuser.reload().permissions) == 1
def test_ensure_roles_creates_roles_defined_in_file(
self, role_definition_yaml, config_mock_value):
"""ensure_roles should create the roles defined in the auth.role_definition_file
if specified"""
role_definition_file = config.get("auth.role_definition_file")
with patch(
"builtins.open",
mock_open(read_data=role_definition_yaml)) as mock_file_read:
ensure_roles()
mock_file_read.assert_called_with(role_definition_file, "r")
assert len(Role.objects.filter(name="testrole1")) == 1
def test_ensure_roles_raises_exception_on_schema_errors(
self, monkeypatch, role_definition_yaml, config_mock_value):
"""ensure_roles should raise ConfigurationError if the file specified by
raises a schema validation error (i.e. does not conform to the expected format)
"""
from marshmallow.exceptions import ValidationError
def validation_error(arg):
raise ValidationError("error")
monkeypatch.setattr(beer_garden.db.mongo.util, "sync_roles",
validation_error)
with patch("builtins.open", mock_open(read_data=role_definition_yaml)):
with pytest.raises(ConfigurationError):
ensure_roles()
def initial_setup(guest_login_enabled):
"""Do everything necessary to ensure the database is in a 'good' state"""
ensure_model_migration()
for doc in (
beer_garden.db.mongo.models.Job,
beer_garden.db.mongo.models.Request,
beer_garden.db.mongo.models.Role,
beer_garden.db.mongo.models.System,
beer_garden.db.mongo.models.Principal,
):
check_indexes(doc)
ensure_roles()
ensure_users(guest_login_enabled)
def test_ensure_roles_raises_exception_on_permissions_error(
self, monkeypatch, role_definition_yaml, config_mock_value):
"""ensure_roles should raise ConfigurationError if the file specified by
raises a mongo validation error (e.g. one of the specified permissions is not
a recognized, valid permission)
"""
from mongoengine.errors import ValidationError
def validation_error(arg):
raise ValidationError("error")
monkeypatch.setattr(beer_garden.db.mongo.util, "sync_roles",
validation_error)
with patch("builtins.open", mock_open(read_data=role_definition_yaml)):
with pytest.raises(ConfigurationError):
ensure_roles()
def roles(self):
ensure_roles()
yield
Role.drop_collection()