def setUp(self):
"""Set up the access view tests."""
super().setUp()
request = self.request_context['request']
user = User()
user.username = self.user_data['username']
user.account = self.customer_data['account_id']
request.user = user
self.access_data = {
'permission':
'app:*:*',
'resourceDefinitions': [{
'attributeFilter': {
'key': 'key1',
'operation': 'equal',
'value': 'value1'
}
}]
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.admin_principal = Principal(username="******")
self.admin_principal.save()
self.group = Group(name='groupA')
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
def setUp(self):
"""Set up the access view tests."""
super().setUp()
request = self.request_context["request"]
user = User()
user.username = self.user_data["username"]
user.account = self.customer_data["account_id"]
request.user = user
self.access_data = {
"permission":
"app:*:*",
"resourceDefinitions": [{
"attributeFilter": {
"key": "key1",
"operation": "equal",
"value": "value1"
}
}],
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data["username"])
self.principal.save()
self.admin_principal = Principal(username="******")
self.admin_principal.save()
self.group = Group(name="groupA")
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
def setUp(self):
"""Set up the group view nonadmin tests."""
super().setUp()
self.user_data = self._create_user_data()
self.customer = self._create_customer_data()
self.request_context = self._create_request_context(self.customer,
self.user_data,
is_org_admin=False)
request = self.request_context['request']
self.headers = request.META
self.access_data = {
'permission':
'app:*:*',
'resourceDefinitions': [{
'attributeFilter': {
'key': 'key1',
'operation': 'equal',
'value': 'value1'
}
}]
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.admin_principal = Principal(username="******")
self.admin_principal.save()
self.group = Group(name='groupA')
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
def setUp(self):
"""Set up the group view nonadmin tests."""
super().setUp()
self.user_data = self._create_user_data()
self.customer = self._create_customer_data()
self.request_context = self._create_request_context(self.customer,
self.user_data,
is_org_admin=False)
request = self.request_context["request"]
self.headers = request.META
self.access_data = {
"permission":
"app:*:*",
"resourceDefinitions": [{
"attributeFilter": {
"key": "key1",
"operation": "equal",
"value": "value1"
}
}],
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data["username"])
self.principal.save()
self.admin_principal = Principal(username="******")
self.admin_principal.save()
self.group = Group(name="groupA")
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
def setUp(self):
"""Set up the group viewset tests."""
super().setUp()
request = self.request_context["request"]
user = User()
user.username = self.user_data["username"]
user.account = self.customer_data["account_id"]
request.user = user
self.dummy_role_id = uuid4()
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data["username"])
self.principal.save()
self.principalB = Principal(username="******")
self.principalB.save()
self.principalC = Principal(
username="******")
self.principalC.save()
self.group = Group(name="groupA")
self.group.save()
self.role = Role.objects.create(name="roleA",
description="A role for a group.")
self.policy = Policy.objects.create(name="policyA",
group=self.group)
self.policy.roles.add(self.role)
self.policy.save()
self.group.policies.add(self.policy)
self.group.principals.add(self.principal, self.principalB)
self.group.save()
self.defGroup = Group(name="groupDef",
platform_default=True,
system=True)
self.defGroup.save()
self.defGroup.principals.add(self.principal)
self.defGroup.save()
self.emptyGroup = Group(name="groupE")
self.emptyGroup.save()
self.groupB = Group.objects.create(name="groupB")
self.groupB.principals.add(self.principal)
self.policyB = Policy.objects.create(name="policyB",
group=self.groupB)
self.roleB = Role.objects.create(name="roleB")
self.policyB.roles.add(self.roleB)
self.policyB.save()
# role that's not assigned to principal
self.roleOrphan = Role.objects.create(name="roleOrphan")
# group that associates with multipal roles
self.groupMultiRole = Group.objects.create(name="groupMultiRole")
self.policyMultiRole = Policy.objects.create(
name="policyMultiRole")
self.policyMultiRole.roles.add(self.role)
self.policyMultiRole.roles.add(self.roleB)
self.groupMultiRole.policies.add(self.policyMultiRole)
def setUp(self):
"""Set up the group viewset tests."""
super().setUp()
request = self.request_context['request']
user = User()
user.username = self.user_data['username']
user.account = self.customer_data['account_id']
request.user = user
self.dummy_role_id = uuid4()
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.principalB = Principal(username='******')
self.principalB.save()
self.principalC = Principal(
username='******')
self.principalC.save()
self.group = Group(name='groupA')
self.group.save()
self.role = Role.objects.create(name='roleA',
description='A role for a group.')
self.policy = Policy.objects.create(name='policyA',
group=self.group)
self.policy.roles.add(self.role)
self.policy.save()
self.group.policies.add(self.policy)
self.group.principals.add(self.principal, self.principalB)
self.group.save()
self.defGroup = Group(name='groupDef',
platform_default=True,
system=True)
self.defGroup.save()
self.defGroup.principals.add(self.principal)
self.defGroup.save()
self.emptyGroup = Group(name='groupE')
self.emptyGroup.save()
self.groupB = Group.objects.create(name='groupB')
self.groupB.principals.add(self.principal)
self.policyB = Policy.objects.create(name='policyB',
group=self.groupB)
self.roleB = Role.objects.create(name='roleB')
self.policyB.roles.add(self.roleB)
self.policyB.save()
# role that's not assigned to principal
self.roleOrphan = Role.objects.create(name='roleOrphan')
# group that associates with multipal roles
self.groupMultiRole = Group.objects.create(name='groupMultiRole')
self.policyMultiRole = Policy.objects.create(
name='policyMultiRole')
self.policyMultiRole.roles.add(self.role)
self.policyMultiRole.roles.add(self.roleB)
self.groupMultiRole.policies.add(self.policyMultiRole)
def setUp(self):
"""Set up the role viewset tests."""
super().setUp()
request = self.request_context['request']
user = User(username=self.user_data['username'],
tenant=self.tenant)
user.save()
request.user = user
sys_role_config = {
'name': 'system_role',
'system': True
}
def_role_config = {
'name': 'default_role',
'platform_default': True
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.group = Group(name='groupA')
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
self.sysRole = Role(**sys_role_config)
self.sysRole.save()
self.defRole = Role(**def_role_config)
self.defRole.save()
def setUp(self):
"""Set up the principal viewset tests."""
super().setUp()
request = self.request_context['request']
user = User(username=self.user_data['username'], tenant=self.tenant)
user.save()
request.user = user
with tenant_context(self.tenant):
self.principal = Principal(username='******')
self.principal.save()
def setUp(self):
"""Set up the principal viewset tests."""
super().setUp()
request = self.request_context["request"]
user = User()
user.username = self.user_data["username"]
user.account = self.customer_data["account_id"]
request.user = user
with tenant_context(self.tenant):
self.principal = Principal(username="******")
self.principal.save()
def process_request(self, request): # noqa: C901
"""Process request for csrf checks.
Args:
request (object): The request object
"""
if is_no_auth(request):
request.user = User('', '')
return
try:
json_rh_auth = extract_header(request, self.header)
username = json_rh_auth['identity']['user']['username']
email = json_rh_auth['identity']['user']['email']
account = json_rh_auth['identity']['account_number']
except (KeyError, JSONDecodeError):
logger.warning('Could not obtain identity on request.')
return
if (username and email and account):
# Check for customer creation & user creation
query_string = ''
if request.META['QUERY_STRING']:
query_string = '?{}'.format(request.META['QUERY_STRING'])
logger.info(f'API: {request.path}{query_string}' # pylint: disable=W1203
f' -- ACCOUNT: {account} USER: {username}')
try:
schema_name = create_schema_name(account)
tenant = Tenant.objects.filter(schema_name=schema_name).get()
except Tenant.DoesNotExist:
tenant = IdentityHeaderMiddleware._create_tenant(account)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = IdentityHeaderMiddleware._create_user(
username, email, tenant, request)
request.user = user
# Temporarily add principals based on API interaction
with tenant_context(tenant):
try:
Principal.objects.get(username=username)
except Principal.DoesNotExist:
try:
with transaction.atomic():
principal = Principal(username=username,
email=email)
principal.save()
logger.info(
'Created new principal for account_id %s.',
account)
except IntegrityError:
pass
def setUp(self):
"""Set up the role viewset tests."""
super().setUp()
request = self.request_context['request']
user = User(username=self.user_data['username'], tenant=self.tenant)
user.save()
request.user = user
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.group = Group(name='groupA')
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
def setUp(self):
"""Set up the policy viewset tests."""
super().setUp()
request = self.request_context["request"]
user = User()
user.username = self.user_data["username"]
user.account = self.customer_data["account_id"]
request.user = user
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data["username"])
self.principal.save()
self.group = Group(name="groupA")
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
def setUp(self):
"""Set up the policy viewset tests."""
super().setUp()
request = self.request_context["request"]
user = User()
user.username = self.user_data["username"]
user.account = self.customer_data["account_id"]
request.user = user
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data["username"])
self.principal.save()
self.group = Group(name="groupA")
self.group.save()
self.group.principals.add(self.principal)
self.group.save()
Permission.objects.create(permission="app:*:*")
with tenant_context(Tenant.objects.get(schema_name="public")):
Permission.objects.create(permission="app:*:*")
def setUp(self):
"""Set up the role viewset tests."""
super().setUp()
request = self.request_context['request']
user = User()
user.username = self.user_data['username']
user.account = self.customer_data['account_id']
request.user = user
sys_role_config = {'name': 'system_role', 'system': True}
def_role_config = {'name': 'default_role', 'platform_default': True}
self.display_fields = {
'applications', 'description', 'uuid', 'name', 'system', 'created',
'policyCount', 'accessCount', 'modified', 'platform_default'
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.policy = Policy.objects.create(name='policyA')
self.group = Group(name='groupA', description='groupA description')
self.group.save()
self.group.principals.add(self.principal)
self.group.policies.add(self.policy)
self.group.save()
self.sysRole = Role(**sys_role_config)
self.sysRole.save()
self.defRole = Role(**def_role_config)
self.defRole.save()
self.defRole.save()
self.policy.roles.add(self.defRole, self.sysRole)
self.policy.save()
self.access = Access.objects.create(permission='app:*:*',
role=self.defRole)
def setUp(self):
"""Set up the group viewset tests."""
super().setUp()
request = self.request_context['request']
user = User(username=self.user_data['username'], tenant=self.tenant)
user.save()
request.user = user
self.dummy_role_id = uuid4()
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data['username'])
self.principal.save()
self.group = Group(name='groupA')
self.group.save()
self.role = Role.objects.create(name='roleA')
self.policy = Policy.objects.create(name='policyA',
group=self.group)
self.policy.roles.add(self.role)
self.policy.save()
self.group.policies.add(self.policy)
self.group.principals.add(self.principal)
self.group.save()
self.defGroup = Group(name='groupDef',
platform_default=True,
system=True)
self.defGroup.save()
self.defGroup.principals.add(self.principal)
self.defGroup.save()
self.groupB = Group.objects.create(name='groupB')
self.groupB.principals.add(self.principal)
self.policyB = Policy.objects.create(name='policyB',
group=self.groupB)
self.roleB = Role.objects.create(name='roleB')
self.policyB.roles.add(self.roleB)
self.policyB.save()
def setUp(self):
"""Set up the role viewset tests."""
super().setUp()
request = self.request_context["request"]
user = User()
user.username = self.user_data["username"]
user.account = self.customer_data["account_id"]
request.user = user
sys_role_config = {
"name": "system_role",
"display_name": "system_display",
"system": True
}
def_role_config = {
"name": "default_role",
"display_name": "default_display",
"platform_default": True
}
self.display_fields = {
"applications",
"description",
"uuid",
"name",
"display_name",
"system",
"created",
"policyCount",
"accessCount",
"modified",
"platform_default",
}
with tenant_context(self.tenant):
self.principal = Principal(username=self.user_data["username"])
self.principal.save()
self.policy = Policy.objects.create(name="policyA")
self.group = Group(name="groupA", description="groupA description")
self.group.save()
self.group.principals.add(self.principal)
self.group.policies.add(self.policy)
self.group.save()
self.sysRole = Role(**sys_role_config)
self.sysRole.save()
self.defRole = Role(**def_role_config)
self.defRole.save()
self.defRole.save()
self.policy.roles.add(self.defRole, self.sysRole)
self.policy.save()
self.permission = Permission.objects.create(permission="app:*:*")
self.permission2 = Permission.objects.create(permission="app2:*:*")
self.access = Access.objects.create(permission=self.permission,
role=self.defRole)
self.access2 = Access.objects.create(permission=self.permission2,
role=self.defRole)
self.access3 = Access.objects.create(permission=self.permission2,
role=self.sysRole)
Permission.objects.create(permission="cost-management:*:*")
# Create permission in public schema
with tenant_context(Tenant.objects.get(schema_name="public")):
Permission.objects.create(permission="cost-management:*:*")
Permission.objects.create(permission="app:*:*")
Permission.objects.create(permission="app2:*:*")