def setUp(self): """Set up the access view tests.""" super().setUp() request = self.request_context['request'] user = User() user.username = self.user_data['username'] user.account = self.customer_data['account_id'] request.user = user self.access_data = { 'permission': 'app:*:*', 'resourceDefinitions': [{ 'attributeFilter': { 'key': 'key1', 'operation': 'equal', 'value': 'value1' } }] } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.admin_principal = Principal(username="******") self.admin_principal.save() self.group = Group(name='groupA') self.group.save() self.group.principals.add(self.principal) self.group.save()
def setUp(self): """Set up the access view tests.""" super().setUp() request = self.request_context["request"] user = User() user.username = self.user_data["username"] user.account = self.customer_data["account_id"] request.user = user self.access_data = { "permission": "app:*:*", "resourceDefinitions": [{ "attributeFilter": { "key": "key1", "operation": "equal", "value": "value1" } }], } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data["username"]) self.principal.save() self.admin_principal = Principal(username="******") self.admin_principal.save() self.group = Group(name="groupA") self.group.save() self.group.principals.add(self.principal) self.group.save()
def setUp(self): """Set up the group view nonadmin tests.""" super().setUp() self.user_data = self._create_user_data() self.customer = self._create_customer_data() self.request_context = self._create_request_context(self.customer, self.user_data, is_org_admin=False) request = self.request_context['request'] self.headers = request.META self.access_data = { 'permission': 'app:*:*', 'resourceDefinitions': [{ 'attributeFilter': { 'key': 'key1', 'operation': 'equal', 'value': 'value1' } }] } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.admin_principal = Principal(username="******") self.admin_principal.save() self.group = Group(name='groupA') self.group.save() self.group.principals.add(self.principal) self.group.save()
def setUp(self): """Set up the group view nonadmin tests.""" super().setUp() self.user_data = self._create_user_data() self.customer = self._create_customer_data() self.request_context = self._create_request_context(self.customer, self.user_data, is_org_admin=False) request = self.request_context["request"] self.headers = request.META self.access_data = { "permission": "app:*:*", "resourceDefinitions": [{ "attributeFilter": { "key": "key1", "operation": "equal", "value": "value1" } }], } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data["username"]) self.principal.save() self.admin_principal = Principal(username="******") self.admin_principal.save() self.group = Group(name="groupA") self.group.save() self.group.principals.add(self.principal) self.group.save()
def setUp(self): """Set up the group viewset tests.""" super().setUp() request = self.request_context["request"] user = User() user.username = self.user_data["username"] user.account = self.customer_data["account_id"] request.user = user self.dummy_role_id = uuid4() with tenant_context(self.tenant): self.principal = Principal(username=self.user_data["username"]) self.principal.save() self.principalB = Principal(username="******") self.principalB.save() self.principalC = Principal( username="******") self.principalC.save() self.group = Group(name="groupA") self.group.save() self.role = Role.objects.create(name="roleA", description="A role for a group.") self.policy = Policy.objects.create(name="policyA", group=self.group) self.policy.roles.add(self.role) self.policy.save() self.group.policies.add(self.policy) self.group.principals.add(self.principal, self.principalB) self.group.save() self.defGroup = Group(name="groupDef", platform_default=True, system=True) self.defGroup.save() self.defGroup.principals.add(self.principal) self.defGroup.save() self.emptyGroup = Group(name="groupE") self.emptyGroup.save() self.groupB = Group.objects.create(name="groupB") self.groupB.principals.add(self.principal) self.policyB = Policy.objects.create(name="policyB", group=self.groupB) self.roleB = Role.objects.create(name="roleB") self.policyB.roles.add(self.roleB) self.policyB.save() # role that's not assigned to principal self.roleOrphan = Role.objects.create(name="roleOrphan") # group that associates with multipal roles self.groupMultiRole = Group.objects.create(name="groupMultiRole") self.policyMultiRole = Policy.objects.create( name="policyMultiRole") self.policyMultiRole.roles.add(self.role) self.policyMultiRole.roles.add(self.roleB) self.groupMultiRole.policies.add(self.policyMultiRole)
def setUp(self): """Set up the group viewset tests.""" super().setUp() request = self.request_context['request'] user = User() user.username = self.user_data['username'] user.account = self.customer_data['account_id'] request.user = user self.dummy_role_id = uuid4() with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.principalB = Principal(username='******') self.principalB.save() self.principalC = Principal( username='******') self.principalC.save() self.group = Group(name='groupA') self.group.save() self.role = Role.objects.create(name='roleA', description='A role for a group.') self.policy = Policy.objects.create(name='policyA', group=self.group) self.policy.roles.add(self.role) self.policy.save() self.group.policies.add(self.policy) self.group.principals.add(self.principal, self.principalB) self.group.save() self.defGroup = Group(name='groupDef', platform_default=True, system=True) self.defGroup.save() self.defGroup.principals.add(self.principal) self.defGroup.save() self.emptyGroup = Group(name='groupE') self.emptyGroup.save() self.groupB = Group.objects.create(name='groupB') self.groupB.principals.add(self.principal) self.policyB = Policy.objects.create(name='policyB', group=self.groupB) self.roleB = Role.objects.create(name='roleB') self.policyB.roles.add(self.roleB) self.policyB.save() # role that's not assigned to principal self.roleOrphan = Role.objects.create(name='roleOrphan') # group that associates with multipal roles self.groupMultiRole = Group.objects.create(name='groupMultiRole') self.policyMultiRole = Policy.objects.create( name='policyMultiRole') self.policyMultiRole.roles.add(self.role) self.policyMultiRole.roles.add(self.roleB) self.groupMultiRole.policies.add(self.policyMultiRole)
def setUp(self): """Set up the role viewset tests.""" super().setUp() request = self.request_context['request'] user = User(username=self.user_data['username'], tenant=self.tenant) user.save() request.user = user sys_role_config = { 'name': 'system_role', 'system': True } def_role_config = { 'name': 'default_role', 'platform_default': True } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.group = Group(name='groupA') self.group.save() self.group.principals.add(self.principal) self.group.save() self.sysRole = Role(**sys_role_config) self.sysRole.save() self.defRole = Role(**def_role_config) self.defRole.save()
def setUp(self): """Set up the principal viewset tests.""" super().setUp() request = self.request_context['request'] user = User(username=self.user_data['username'], tenant=self.tenant) user.save() request.user = user with tenant_context(self.tenant): self.principal = Principal(username='******') self.principal.save()
def setUp(self): """Set up the principal viewset tests.""" super().setUp() request = self.request_context["request"] user = User() user.username = self.user_data["username"] user.account = self.customer_data["account_id"] request.user = user with tenant_context(self.tenant): self.principal = Principal(username="******") self.principal.save()
def process_request(self, request): # noqa: C901 """Process request for csrf checks. Args: request (object): The request object """ if is_no_auth(request): request.user = User('', '') return try: json_rh_auth = extract_header(request, self.header) username = json_rh_auth['identity']['user']['username'] email = json_rh_auth['identity']['user']['email'] account = json_rh_auth['identity']['account_number'] except (KeyError, JSONDecodeError): logger.warning('Could not obtain identity on request.') return if (username and email and account): # Check for customer creation & user creation query_string = '' if request.META['QUERY_STRING']: query_string = '?{}'.format(request.META['QUERY_STRING']) logger.info(f'API: {request.path}{query_string}' # pylint: disable=W1203 f' -- ACCOUNT: {account} USER: {username}') try: schema_name = create_schema_name(account) tenant = Tenant.objects.filter(schema_name=schema_name).get() except Tenant.DoesNotExist: tenant = IdentityHeaderMiddleware._create_tenant(account) try: user = User.objects.get(username=username) except User.DoesNotExist: user = IdentityHeaderMiddleware._create_user( username, email, tenant, request) request.user = user # Temporarily add principals based on API interaction with tenant_context(tenant): try: Principal.objects.get(username=username) except Principal.DoesNotExist: try: with transaction.atomic(): principal = Principal(username=username, email=email) principal.save() logger.info( 'Created new principal for account_id %s.', account) except IntegrityError: pass
def setUp(self): """Set up the role viewset tests.""" super().setUp() request = self.request_context['request'] user = User(username=self.user_data['username'], tenant=self.tenant) user.save() request.user = user with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.group = Group(name='groupA') self.group.save() self.group.principals.add(self.principal) self.group.save()
def setUp(self): """Set up the policy viewset tests.""" super().setUp() request = self.request_context["request"] user = User() user.username = self.user_data["username"] user.account = self.customer_data["account_id"] request.user = user with tenant_context(self.tenant): self.principal = Principal(username=self.user_data["username"]) self.principal.save() self.group = Group(name="groupA") self.group.save() self.group.principals.add(self.principal) self.group.save()
def setUp(self): """Set up the policy viewset tests.""" super().setUp() request = self.request_context["request"] user = User() user.username = self.user_data["username"] user.account = self.customer_data["account_id"] request.user = user with tenant_context(self.tenant): self.principal = Principal(username=self.user_data["username"]) self.principal.save() self.group = Group(name="groupA") self.group.save() self.group.principals.add(self.principal) self.group.save() Permission.objects.create(permission="app:*:*") with tenant_context(Tenant.objects.get(schema_name="public")): Permission.objects.create(permission="app:*:*")
def setUp(self): """Set up the role viewset tests.""" super().setUp() request = self.request_context['request'] user = User() user.username = self.user_data['username'] user.account = self.customer_data['account_id'] request.user = user sys_role_config = {'name': 'system_role', 'system': True} def_role_config = {'name': 'default_role', 'platform_default': True} self.display_fields = { 'applications', 'description', 'uuid', 'name', 'system', 'created', 'policyCount', 'accessCount', 'modified', 'platform_default' } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.policy = Policy.objects.create(name='policyA') self.group = Group(name='groupA', description='groupA description') self.group.save() self.group.principals.add(self.principal) self.group.policies.add(self.policy) self.group.save() self.sysRole = Role(**sys_role_config) self.sysRole.save() self.defRole = Role(**def_role_config) self.defRole.save() self.defRole.save() self.policy.roles.add(self.defRole, self.sysRole) self.policy.save() self.access = Access.objects.create(permission='app:*:*', role=self.defRole)
def setUp(self): """Set up the group viewset tests.""" super().setUp() request = self.request_context['request'] user = User(username=self.user_data['username'], tenant=self.tenant) user.save() request.user = user self.dummy_role_id = uuid4() with tenant_context(self.tenant): self.principal = Principal(username=self.user_data['username']) self.principal.save() self.group = Group(name='groupA') self.group.save() self.role = Role.objects.create(name='roleA') self.policy = Policy.objects.create(name='policyA', group=self.group) self.policy.roles.add(self.role) self.policy.save() self.group.policies.add(self.policy) self.group.principals.add(self.principal) self.group.save() self.defGroup = Group(name='groupDef', platform_default=True, system=True) self.defGroup.save() self.defGroup.principals.add(self.principal) self.defGroup.save() self.groupB = Group.objects.create(name='groupB') self.groupB.principals.add(self.principal) self.policyB = Policy.objects.create(name='policyB', group=self.groupB) self.roleB = Role.objects.create(name='roleB') self.policyB.roles.add(self.roleB) self.policyB.save()
def setUp(self): """Set up the role viewset tests.""" super().setUp() request = self.request_context["request"] user = User() user.username = self.user_data["username"] user.account = self.customer_data["account_id"] request.user = user sys_role_config = { "name": "system_role", "display_name": "system_display", "system": True } def_role_config = { "name": "default_role", "display_name": "default_display", "platform_default": True } self.display_fields = { "applications", "description", "uuid", "name", "display_name", "system", "created", "policyCount", "accessCount", "modified", "platform_default", } with tenant_context(self.tenant): self.principal = Principal(username=self.user_data["username"]) self.principal.save() self.policy = Policy.objects.create(name="policyA") self.group = Group(name="groupA", description="groupA description") self.group.save() self.group.principals.add(self.principal) self.group.policies.add(self.policy) self.group.save() self.sysRole = Role(**sys_role_config) self.sysRole.save() self.defRole = Role(**def_role_config) self.defRole.save() self.defRole.save() self.policy.roles.add(self.defRole, self.sysRole) self.policy.save() self.permission = Permission.objects.create(permission="app:*:*") self.permission2 = Permission.objects.create(permission="app2:*:*") self.access = Access.objects.create(permission=self.permission, role=self.defRole) self.access2 = Access.objects.create(permission=self.permission2, role=self.defRole) self.access3 = Access.objects.create(permission=self.permission2, role=self.sysRole) Permission.objects.create(permission="cost-management:*:*") # Create permission in public schema with tenant_context(Tenant.objects.get(schema_name="public")): Permission.objects.create(permission="cost-management:*:*") Permission.objects.create(permission="app:*:*") Permission.objects.create(permission="app2:*:*")