def test_scheduler_call_target_method_with_correct_auth(self, method):
method.side_effect = self.target_check_context_method
default_context = base.get_context(default=True)
auth_context.set_ctx(default_context)
default_project_id = (
default_context.project_id
)
scheduler.schedule_call(
None,
TARGET_METHOD_PATH,
DELAY,
**{'expected_project_id': default_project_id}
)
second_context = base.get_context(default=False)
auth_context.set_ctx(second_context)
second_project_id = (
second_context.project_id
)
scheduler.schedule_call(
None,
TARGET_METHOD_PATH,
DELAY,
**{'expected_project_id': second_project_id}
)
self.assertNotEqual(default_project_id, second_project_id)
for _ in range(2):
self.assertTrue(self.queue.get())
def test_scheduler_call_target_method_with_correct_auth(self, method):
method.side_effect = self.target_check_context_method
default_context = base.get_context(default=True)
auth_context.set_ctx(default_context)
default_project_id = (
default_context.project_id
)
scheduler.schedule_call(
None,
TARGET_METHOD_PATH,
DELAY,
**{'expected_project_id': default_project_id}
)
second_context = base.get_context(default=False)
auth_context.set_ctx(second_context)
second_project_id = (
second_context.project_id
)
scheduler.schedule_call(
None,
TARGET_METHOD_PATH,
DELAY,
**{'expected_project_id': second_project_id}
)
self.assertNotEqual(default_project_id, second_project_id)
for _ in range(2):
self.assertTrue(self.queue.get())
def test_scheduler_call_target_method_with_correct_auth(self, method):
method.side_effect = self.target_check_context_method
default_context = base.get_context(default=True)
auth_context.set_ctx(default_context)
default_project_id = default_context.project_id
job = sched_base.SchedulerJob(
run_after=DELAY,
func_name=TARGET_METHOD_PATH,
func_args={'expected_project_id': default_project_id})
self.scheduler.schedule(job)
second_context = base.get_context(default=False)
auth_context.set_ctx(second_context)
second_project_id = second_context.project_id
job = sched_base.SchedulerJob(
run_after=DELAY,
func_name=TARGET_METHOD_PATH,
func_args={'expected_project_id': second_project_id})
self.scheduler.schedule(job)
self.assertNotEqual(default_project_id, second_project_id)
for _ in range(2):
self.assertTrue(self.queue.get())
def test_scheduler_call_target_method_with_correct_auth(self, method):
default_context = base.get_context(default=True)
auth_context.set_ctx(default_context)
default_project_id = (
default_context._BaseContext__values['project_id'])
method_args1 = {'expected_project_id': default_project_id}
scheduler.schedule_call(None, CHECK_CONTEXT_METHOD_PATH, DELAY,
**method_args1)
second_context = base.get_context(default=False)
auth_context.set_ctx(second_context)
second_project_id = (second_context._BaseContext__values['project_id'])
method_args2 = {'expected_project_id': second_project_id}
scheduler.schedule_call(None, CHECK_CONTEXT_METHOD_PATH, DELAY,
**method_args2)
eventlet.sleep(WAIT)
method.assert_any_call(default_project_id, default_project_id)
method.assert_any_call(second_project_id, second_project_id)
self.assertNotEqual(default_project_id, second_project_id)
def test_event_engine_public_trigger(self, mock_start):
t = copy.deepcopy(EVENT_TRIGGER)
# Create public trigger as an admin
self.ctx = base.get_context(default=False, admin=True)
auth_context.set_ctx(self.ctx)
t['scope'] = 'public'
t['project_id'] = self.ctx.tenant
trigger = db_api.create_event_trigger(t)
# Switch to the user.
self.ctx = base.get_context(default=True)
auth_context.set_ctx(self.ctx)
e_engine = evt_eng.DefaultEventEngine()
self.addCleanup(e_engine.handler_tg.stop)
event = {
'event_type': EVENT_TYPE,
'payload': {},
'publisher': 'fake_publisher',
'timestamp': '',
'context': {
'project_id': '%s' % self.ctx.project_id,
'user_id': 'fake_user'
},
}
# Moreover, assert that trigger.project_id != event.project_id
self.assertNotEqual(
trigger.project_id, event['context']['project_id']
)
with mock.patch.object(e_engine, 'engine_client') as client_mock:
e_engine.event_queue.put(event)
time.sleep(1)
self.assertEqual(1, client_mock.start_workflow.call_count)
args, kwargs = client_mock.start_workflow.call_args
self.assertEqual(
(EVENT_TRIGGER['workflow_id'], '', None, {}),
args
)
self.assertDictEqual(
{
'service': 'fake_publisher',
'project_id': '%s' % self.ctx.project_id,
'user_id': 'fake_user',
'timestamp': ''
},
kwargs['event_params']
)
def test_event_engine_public_trigger(self, mock_start):
t = copy.deepcopy(EVENT_TRIGGER)
# Create public trigger as an admin
self.ctx = base.get_context(default=False, admin=True)
auth_context.set_ctx(self.ctx)
t['scope'] = 'public'
t['project_id'] = self.ctx.tenant
trigger = db_api.create_event_trigger(t)
# Switch to the user.
self.ctx = base.get_context(default=True)
auth_context.set_ctx(self.ctx)
e_engine = evt_eng.DefaultEventEngine()
self.addCleanup(e_engine.handler_tg.stop)
event = {
'event_type': EVENT_TYPE,
'payload': {},
'publisher': 'fake_publisher',
'timestamp': '',
'context': {
'project_id': '%s' % self.ctx.project_id,
'user_id': 'fake_user'
},
}
# Moreover, assert that trigger.project_id != event.project_id
self.assertNotEqual(
trigger.project_id, event['context']['project_id']
)
with mock.patch.object(e_engine, 'engine_client') as client_mock:
e_engine.event_queue.put(event)
time.sleep(1)
self.assertEqual(1, client_mock.start_workflow.call_count)
args, kwargs = client_mock.start_workflow.call_args
self.assertEqual((EVENT_TRIGGER['workflow_id'], '', {}), args)
self.assertDictEqual(
{
'service': 'fake_publisher',
'project_id': '%s' % self.ctx.project_id,
'user_id': 'fake_user',
'timestamp': ''
},
kwargs['event_params']
)
def delete_():
context.set_ctx(unit_base.get_context())
db_api.delete_workflow_execution(self.wf_ex_id)
# Unlocking the "list" operation.
list_lock.release()
def test_get_endpoint_for_project_noauth(self):
# service_catalog is not set by default.
auth_context.set_ctx(base.get_context())
self.addCleanup(auth_context.set_ctx, None)
self.assertRaises(exceptions.UnauthorizedException,
keystone.get_endpoint_for_project, 'keystone')
def test_admin_api_disallowed(self):
auth_ctx = base.get_context(default=True)
self.assertRaises(
exc.NotAllowedException,
acl.enforce,
'example:admin',
auth_ctx,
auth_ctx.to_dict()
)
def test_get_endpoint_for_project_noauth(self, client):
client().tokens.get_token_data.return_value = {'token': None}
# service_catalog is not set by default.
auth_context.set_ctx(base.get_context())
self.addCleanup(auth_context.set_ctx, None)
self.assertRaises(exceptions.UnauthorizedException,
keystone.get_endpoint_for_project, 'keystone')
def test_get_all_projects_admin(self, mock_context, mock_get_wf_defs):
admin_ctx = unit_base.get_context(admin=True)
mock_context.return_value = admin_ctx
resp = self.app.get('/v2/workflows?all_projects=true')
self.assertEqual(200, resp.status_int)
self.assertTrue(mock_get_wf_defs.call_args[1].get('insecure', False))
def test_get_all_projects_admin(self, mock_context, mock_get_wf_defs):
admin_ctx = unit_base.get_context(admin=True)
mock_context.return_value = admin_ctx
resp = self.app.get('/v2/event_triggers?all_projects=true')
self.assertEqual(200, resp.status_int)
self.assertTrue(mock_get_wf_defs.call_args[1].get('insecure', False))
def test_admin_or_owner_api_disallowed(self):
auth_ctx = base.get_context(default=True)
target = {'project_id': 'another'}
self.assertRaises(
exc.NotAllowedException,
acl.enforce,
'example:admin_or_owner',
auth_ctx,
target
)
def test_admin_api_disallowed(self):
auth_ctx = base.get_context(default=True)
self.assertRaises(
exc.NotAllowedException,
acl.enforce,
'example:admin',
auth_ctx,
auth_ctx.to_dict()
)
def test_scheduler_call_target_method_with_correct_auth(self, method):
default_context = base.get_context(default=True)
auth_context.set_ctx(default_context)
default_project_id = (
default_context._BaseContext__values['project_id']
)
method_args1 = {'expected_project_id': default_project_id}
scheduler.schedule_call(
None,
CHECK_CONTEXT_METHOD_PATH,
DELAY,
**method_args1
)
second_context = base.get_context(default=False)
auth_context.set_ctx(second_context)
second_project_id = (
second_context._BaseContext__values['project_id']
)
method_args2 = {'expected_project_id': second_project_id}
scheduler.schedule_call(
None,
CHECK_CONTEXT_METHOD_PATH,
DELAY,
**method_args2
)
eventlet.sleep(WAIT)
method.assert_any_call(
default_project_id,
default_project_id
)
method.assert_any_call(
second_project_id,
second_project_id
)
self.assertNotEqual(default_project_id, second_project_id)
def test_admin_or_owner_api_disallowed(self):
auth_ctx = base.get_context(default=True)
target = {'project_id': 'another'}
self.assertRaises(
exc.NotAllowedException,
acl.enforce,
'example:admin_or_owner',
auth_ctx,
target
)
def test_get_all_filter_project(self, mock_context, mock_get_triggers):
admin_ctx = unit_base.get_context(admin=True)
mock_context.return_value = admin_ctx
resp = self.app.get('/v2/cron_triggers?all_projects=true&'
'project_id=192796e61c174f718d6147b129f3f2ff')
self.assertEqual(200, resp.status_int)
self.assertTrue(mock_get_triggers.call_args[1].get('insecure', False))
self.assertEqual({'eq': '192796e61c174f718d6147b129f3f2ff'},
mock_get_triggers.call_args[1].get('project_id'))
def test_get_endpoint_for_project_noauth(self, client):
client().tokens.get_token_data.return_value = {'token': None}
# service_catalog is not set by default.
auth_context.set_ctx(base.get_context())
self.addCleanup(auth_context.set_ctx, None)
self.assertRaises(
exceptions.UnauthorizedException,
keystone.get_endpoint_for_project,
'keystone'
)
def test_get_all_filter_by_project_id(self, mock_context, mock_get_execs):
admin_ctx = unit_base.get_context(admin=True)
mock_context.return_value = admin_ctx
fake_project_id = uuidutils.generate_uuid()
resp = self.app.get('/v2/executions?project_id=%s' % fake_project_id)
self.assertEqual(200, resp.status_int)
self.assertTrue(mock_get_execs.call_args[1].get('insecure', False))
self.assertTrue(mock_get_execs.call_args[1].get(
'project_id', fake_project_id))
def test_post_public(self, create_trigger):
self.ctx = unit_base.get_context(default=False, admin=True)
self.mock_ctx.return_value = self.ctx
trigger = copy.deepcopy(TRIGGER)
trigger['scope'] = 'public'
trigger.pop('id')
resp = self.app.post_json('/v2/event_triggers', trigger)
self.assertEqual(201, resp.status_int)
self.assertTrue(create_trigger.called)
self.assertEqual('public', create_trigger.call_args[1]["scope"])
def test_post_public(self, create_trigger):
self.ctx = unit_base.get_context(default=False, admin=True)
self.mock_ctx.return_value = self.ctx
trigger = copy.deepcopy(TRIGGER)
trigger['scope'] = 'public'
trigger.pop('id')
resp = self.app.post_json('/v2/event_triggers', trigger)
self.assertEqual(201, resp.status_int)
self.assertTrue(create_trigger.called)
self.assertEqual('public', create_trigger.call_args[1]["scope"])
def test_get_all_filter_by_project_id(self, mock_context, mock_get_execs):
admin_ctx = unit_base.get_context(admin=True)
mock_context.return_value = admin_ctx
fake_project_id = uuidutils.generate_uuid()
resp = self.app.get('/v2/executions?project_id=%s' % fake_project_id)
self.assertEqual(200, resp.status_int)
self.assertTrue(mock_get_execs.call_args[1].get('insecure', False))
self.assertTrue(
mock_get_execs.call_args[1].get('project_id', fake_project_id)
)
def _run_correct_locking(self, wf_ex):
# Set context info for the thread.
auth_context.set_ctx(test_base.get_context())
self._random_sleep()
with db_api.transaction():
# Lock workflow execution and get the most up-to-date object.
wf_ex = db_api.acquire_lock(db_models.WorkflowExecution, wf_ex.id)
# Refresh the object.
db_api.get_workflow_execution(wf_ex.id)
wf_ex.name = str(int(wf_ex.name) + 1)
return wf_ex.name
def test_get_all_filter_project(self, mock_context, mock_get_triggers):
admin_ctx = unit_base.get_context(admin=True)
mock_context.return_value = admin_ctx
resp = self.app.get(
'/v2/cron_triggers?all_projects=true&'
'project_id=192796e61c174f718d6147b129f3f2ff'
)
self.assertEqual(200, resp.status_int)
self.assertTrue(mock_get_triggers.call_args[1].get('insecure', False))
self.assertEqual(
{'eq': '192796e61c174f718d6147b129f3f2ff'},
mock_get_triggers.call_args[1].get('project_id')
)
def _run_correct_locking(self, wf_ex):
# Set context info for the thread.
auth_context.set_ctx(test_base.get_context())
self._random_sleep()
with db_api.transaction():
# Lock workflow execution and get the most up-to-date object.
wf_ex = db_api.acquire_lock(db_models.WorkflowExecution, wf_ex.id)
# Refresh the object.
db_api.get_workflow_execution(wf_ex.id)
wf_ex.name = str(int(wf_ex.name) + 1)
return wf_ex.name
def test_admin_or_owner_api_allowed(self):
auth_ctx = base.get_context(default=True)
self.assertTrue(
acl.enforce('example:admin_or_owner', auth_ctx, auth_ctx.to_dict())
)
def test_admin_or_owner_api_allowed(self):
auth_ctx = base.get_context(default=True)
self.assertTrue(
acl.enforce('example:admin_or_owner', auth_ctx,
auth_ctx.to_dict()))
def _switch_context(is_default, is_admin):
ctx.set_ctx(get_context(is_default, is_admin))
