def test_get_tenant_user_not_found(self):
"""Test that a 401 is returned."""
mock_user = Mock(username='******', system=False)
mock_request = Mock(path='/api/v1/providers/', user=mock_user)
middleware = IdentityHeaderMiddleware()
result = middleware.process_request(mock_request)
self.assertIsInstance(result, HttpResponseUnauthorizedRequest)
def test_get_tenant_with_user(self):
"""Test that the customer tenant is returned."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
result = middleware.get_tenant(Tenant, "localhost", mock_request)
self.assertEqual(result.schema_name,
create_schema_name(mock_request.user.account))
def test_race_condition_customer(self):
"""Test case where another request may create the tenant in a race condition."""
customer = self._create_customer_data()
account_id = customer['account_id']
orig_cust = IdentityHeaderMiddleware._create_tenant(account_id) # pylint: disable=W0212
dup_cust = IdentityHeaderMiddleware._create_tenant(account_id) # pylint: disable=W0212
self.assertEqual(orig_cust, dup_cust)
def test_process_response(self):
"""Test that the process response functions correctly."""
mock_request = Mock(path='/api/v1/status/')
mock_response = Mock(status_code=200)
middleware = IdentityHeaderMiddleware()
response = middleware.process_response(mock_request, mock_response)
self.assertEqual(response, mock_response)
def test_race_condition_customer(self):
"""Test case where another request may create the tenant in a race condition."""
mock_request = self.request
mock_request.user = User()
mock_request.user.username = self.user_data['username']
mock_request.user.account = self.customer_data['account_id']
orig_cust = IdentityHeaderMiddleware().get_tenant(None, None, mock_request)
dup_cust = IdentityHeaderMiddleware().get_tenant(None, None, mock_request)
self.assertEqual(orig_cust, dup_cust)
def test_process_not_status(self):
"""Test that the customer, tenant and user are created."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, 'user'))
self.assertEqual(mock_request.user.username, self.user_data['username'])
tenant = Tenant.objects.get(schema_name=self.schema_name)
self.assertIsNotNone(tenant)
def test_get_tenant_with_no_user(self):
"""Test that a 401 is returned."""
request_context = self._create_request_context(self.customer,
None,
create_customer=False)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
middleware = IdentityHeaderMiddleware()
result = middleware.process_request(mock_request)
self.assertIsInstance(result, HttpResponseUnauthorizedRequest)
def test_process_no_customer(self):
"""Test that the customer, tenant and user are not created."""
customer = self._create_customer_data()
account_id = customer["account_id"]
del customer["account_id"]
request_context = self._create_request_context(customer,
self.user_data,
create_customer=False)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, "user"))
with self.assertRaises(Tenant.DoesNotExist):
Tenant.objects.get(schema_name=self.schema_name)
def test_principal_with_access_with_wildcard_access(self):
"""Test a user with definded access with wildcard access."""
principal = Principal.objects.create(username='******')
group = Group.objects.create(name='group1')
group.principals.add(principal)
group.save()
role = Role.objects.create(name='role1')
access = Access.objects.create(permission='rbac:*:*', role=role)
policy = Policy.objects.create(name='policy1', group=group)
policy.roles.add(role)
policy.save()
access = IdentityHeaderMiddleware._get_access_for_user(
'test_user', self.tenant)
expected = {
'group': {
'read': ['*'],
'write': ['*']
},
'role': {
'read': ['*'],
'write': ['*']
},
'policy': {
'read': ['*'],
'write': ['*']
}
}
self.assertEqual(expected, access)
def test_principal_with_access_with_wildcard_access(self):
"""Test a user with defined access with wildcard access."""
principal = Principal.objects.create(username="******")
group = Group.objects.create(name="group1")
group.principals.add(principal)
group.save()
role = Role.objects.create(name="role1")
perm = Permission.objects.create(permission="rbac:*:*")
access = Access.objects.create(permission=perm, role=role)
policy = Policy.objects.create(name="policy1", group=group)
policy.roles.add(role)
policy.save()
access = IdentityHeaderMiddleware._get_access_for_user(
"test_user", self.tenant)
expected = {
"group": {
"read": ["*"],
"write": ["*"]
},
"role": {
"read": ["*"],
"write": ["*"]
},
"policy": {
"read": ["*"],
"write": ["*"]
},
}
self.assertEqual(expected, access)
def test_process_cross_account_request(self):
"""Test that the process request functions correctly for cross account request."""
middleware = IdentityHeaderMiddleware()
# User without redhat email will fail.
request_context = self._create_request_context(self.customer,
self.user_data,
create_customer=False,
cross_account=True,
is_internal=True)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
response = middleware.process_request(mock_request)
self.assertIsInstance(response, HttpResponseUnauthorizedRequest)
# User with is_internal equal to False will fail.
self.user_data["email"] = "*****@*****.**"
request_context = self._create_request_context(self.customer,
self.user_data,
create_customer=False,
cross_account=True)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
response = middleware.process_request(mock_request)
self.assertIsInstance(response, HttpResponseUnauthorizedRequest)
# Success pass if user is internal and with redhat email
self.user_data["email"] = "*****@*****.**"
request_context = self._create_request_context(self.customer,
self.user_data,
create_customer=False,
cross_account=True,
is_internal=True)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
response = middleware.process_request(mock_request)
self.assertEqual(response, None)
def test_principal_with_access_with_res_defs(self):
"""Test a user with defined access with any resource definitions."""
principal = Principal.objects.create(username="******")
group = Group.objects.create(name="group1")
group.principals.add(principal)
group.save()
role = Role.objects.create(name="role1")
perm = Permission.objects.create(permission="rbac:group:foo:bar")
Access.objects.create(permission=perm, role=role)
perm2 = Permission.objects.create(permission="rbac:group:write")
access = Access.objects.create(permission=perm2, role=role)
ResourceDefinition.objects.create(access=access,
attributeFilter={
"key": "group",
"operation": "equal",
"value": "1"
})
ResourceDefinition.objects.create(access=access,
attributeFilter={
"key": "group",
"operation": "in",
"value": "3,5"
})
ResourceDefinition.objects.create(access=access,
attributeFilter={
"key": "group",
"operation": "equal",
"value": "*"
})
policy = Policy.objects.create(name="policy1", group=group)
policy.roles.add(role)
policy.save()
access = IdentityHeaderMiddleware._get_access_for_user(
"test_user", self.tenant)
expected = {
"group": {
"read": ["*"],
"write": ["*"]
},
"role": {
"read": [],
"write": []
},
"policy": {
"read": [],
"write": []
},
}
self.assertEqual(expected, access)
def test_principal_with_access_with_res_defs(self):
"""Test a user with definded access with any resource definitions."""
principal = Principal.objects.create(username='******')
group = Group.objects.create(name='group1')
group.principals.add(principal)
group.save()
role = Role.objects.create(name='role1')
Access.objects.create(permission='rbac:group:foo:bar', role=role)
access = Access.objects.create(permission='rbac:group:write',
role=role)
ResourceDefinition.objects.create(access=access,
attributeFilter={
'key': 'group',
'operation': 'equal',
'value': '1'
})
ResourceDefinition.objects.create(access=access,
attributeFilter={
'key': 'group',
'operation': 'in',
'value': '3,5'
})
ResourceDefinition.objects.create(access=access,
attributeFilter={
'key': 'group',
'operation': 'equal',
'value': '*'
})
policy = Policy.objects.create(name='policy1', group=group)
policy.roles.add(role)
policy.save()
access = IdentityHeaderMiddleware._get_access_for_user(
'test_user', self.tenant)
expected = {
'group': {
'read': ['*'],
'write': ['*']
},
'role': {
'read': [],
'write': []
},
'policy': {
'read': [],
'write': []
}
}
self.assertEqual(expected, access)
def test_no_principal_found(self):
expected = {
'group': {
'read': [],
'write': []
},
'role': {
'read': [],
'write': []
},
'policy': {
'read': [],
'write': []
}
}
access = IdentityHeaderMiddleware._get_access_for_user()
self.assertEqual(expected, access)
def test_no_principal_found(self):
expected = {
"group": {
"read": [],
"write": []
},
"role": {
"read": [],
"write": []
},
"policy": {
"read": [],
"write": []
},
}
access = IdentityHeaderMiddleware._get_access_for_user()
self.assertEqual(expected, access)
def test_principal_no_access(self):
"""Test access for existing principal with no access definitions."""
Principal.objects.create(username='******')
expected = {
'group': {
'read': [],
'write': []
},
'role': {
'read': [],
'write': []
},
'policy': {
'read': [],
'write': []
}
}
access = IdentityHeaderMiddleware._get_access_for_user()
self.assertEqual(expected, access)
def test_principal_no_access(self):
"""Test access for existing principal with no access definitions."""
Principal.objects.create(username="******")
expected = {
"group": {
"read": [],
"write": []
},
"role": {
"read": [],
"write": []
},
"policy": {
"read": [],
"write": []
},
}
access = IdentityHeaderMiddleware._get_access_for_user()
self.assertEqual(expected, access)
def test_race_condition_user(self):
"""Test case where another request may create the user in a race condition."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, 'user'))
tenant = Tenant.objects.get(schema_name=self.schema_name)
self.assertIsNotNone(tenant)
user = User.objects.get(username=self.user_data['username'])
self.assertIsNotNone(user)
IdentityHeaderMiddleware._create_user(
username=self.user_data['username'], # pylint: disable=W0212
tenant=tenant,
request=mock_request)
def test_process_status(self):
"""Test that the request gets a user."""
mock_request = Mock(path='/api/v1/status/')
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, 'user'))
def test_get_tenant_with_no_user(self):
"""Test that a 401 is returned."""
mock_request = Mock(path='/api/v1/providers/', user=None)
middleware = IdentityHeaderMiddleware()
result = middleware.process_request(mock_request)
self.assertIsInstance(result, HttpResponseUnauthorizedRequest)
