def test_can_not_manage(self, cluster_permission_obj, project_id, cluster_id): """测试场景:无集群管理权限(同时无项目查看权限)""" username = roles.ANONYMOUS_USER perm_ctx = ClusterPermCtx(username=username, project_id=project_id, cluster_id=cluster_id) with pytest.raises(PermissionDeniedError) as exec: manage_cluster(perm_ctx) assert exec.value.data['apply_url'] == generate_apply_url( username, [ ActionResourcesRequest( ClusterAction.MANAGE, resource_type=ClusterPermission.resource_type, resources=[cluster_id], parent_chain=[ IAMResource(ResourceType.Project, project_id) ], ), ActionResourcesRequest( ClusterAction.VIEW, resource_type=ClusterPermission.resource_type, resources=[cluster_id], parent_chain=[ IAMResource(ResourceType.Project, project_id) ], ), ActionResourcesRequest( ProjectAction.VIEW, resource_type=ProjectPermission.resource_type, resources=[project_id]), ], )
def test_can_view_but_no_project(self, cluster_permission_obj, project_id, cluster_id): """测试场景:有集群查看权限""" perm_ctx = ClusterPermCtx(username=roles.CLUSTER_NO_PROJECT_USER, project_id=project_id, cluster_id=cluster_id) assert cluster_permission_obj.can_view(perm_ctx)
def test_can_manage_but_no_view(self, cluster_permission_obj, project_id, cluster_id): """测试场景:有集群管理权限(但是无集群查看权限)""" username = roles.CLUSTER_MANAGE_NOT_VIEW_USER perm_ctx = ClusterPermCtx(username=username, project_id=project_id, cluster_id=cluster_id) with pytest.raises(PermissionDeniedError) as exec: cluster_permission_obj.can_manage(perm_ctx) assert exec.value.data['perms']['apply_url'] == generate_apply_url( username, [ ActionResourcesRequest( ClusterAction.VIEW, resource_type=ResourceType.Cluster, resources=[cluster_id], parent_chain=[ IAMResource(ResourceType.Project, project_id) ], ), ActionResourcesRequest(ProjectAction.VIEW, resource_type=ResourceType.Project, resources=[project_id]), ], )
def check_cluster_perm(user, project_id, cluster_id, raise_exception=True, request=None): perm_ctx = ClusterPermCtx(username=user.username, project_id=project_id, cluster_id=cluster_id) ClusterPermission().can_view(perm_ctx)
def _test_can_not_view(self, username, cluster_permission_obj, project_id, cluster_id, expected_action_list): perm_ctx = ClusterPermCtx(username=username, project_id=project_id, cluster_id=cluster_id) with pytest.raises(PermissionDeniedError) as exec: cluster_permission_obj.can_view(perm_ctx) assert exec.value.data['apply_url'] == generate_apply_url( username, expected_action_list)
def list(self, request, project_id, cluster_id): # 需要集群的查看权限 # TODO: 后面支持权限中心V3后,使用新的权限校验 perm_ctx = ClusterPermCtx(username=request.user.username, project_id=project_id, cluster_id=cluster_id) ClusterPermission().can_view(perm_ctx) # 获取master详情 masters = node.BcsClusterMaster( ctx_cluster=request.ctx_cluster, biz_id=request.project.cc_app_id ).list_masters() return Response(masters)
def test_can_manage_but_no_project(self, cluster_permission_obj, project_id, cluster_id): """测试场景:有集群管理权限(但是无项目权限)""" username = roles.CLUSTER_NO_PROJECT_USER perm_ctx = ClusterPermCtx(username=username, project_id=project_id, cluster_id=cluster_id) with pytest.raises(PermissionDeniedError) as exec: cluster_permission_obj.can_manage(perm_ctx) assert exec.value.data['perms']['apply_url'] == generate_apply_url( username, [ ActionResourcesRequest(ProjectAction.VIEW, resource_type=ResourceType.Project, resources=[project_id]) ], )
def test_can_not_create(self, cluster_permission_obj, project_id, cluster_id): """测试场景:无集群创建权限(同时无项目查看权限)""" perm_ctx = ClusterPermCtx(username=roles.ANONYMOUS_USER, project_id=project_id) with pytest.raises(PermissionDeniedError) as exec: cluster_permission_obj.can_create(perm_ctx) assert exec.value.data['perms']['apply_url'] == generate_apply_url( roles.ANONYMOUS_USER, [ ActionResourcesRequest( ClusterAction.CREATE, resource_type=ResourceType.Project, resources=[project_id], ), ActionResourcesRequest(ProjectAction.VIEW, resource_type=ResourceType.Project, resources=[project_id]), ], )
def test_can_view(self, cluster_permission_obj, project_id, cluster_id): """测试场景:有集群查看权限(同时有项目查看权限)""" perm_ctx = ClusterPermCtx(username=roles.ADMIN_USER, project_id=project_id, cluster_id=cluster_id) assert cluster_permission_obj.can_view(perm_ctx)
def test_can_manage(self, cluster_permission_obj, project_id, cluster_id): """测试场景:有集群管理权限(同时有项目查看权限)""" perm_ctx = ClusterPermCtx(username=roles.ADMIN_USER, project_id=project_id, cluster_id=cluster_id) manage_cluster(perm_ctx)
def can_view_cluster(self, request, project_id, cluster_id): perm_ctx = ClusterPermCtx(username=request.user.username, project_id=project_id, cluster_id=cluster_id) ClusterPermission().can_view(perm_ctx)
def detail(self, request, project_id, cluster_id, name): """节点详情""" # 需要集群的查看权限 perm_ctx = ClusterPermCtx(username=request.user.username, project_id=project_id, cluster_id=cluster_id) ClusterPermission().can_view(perm_ctx) return Response(node.NodeDetailQuerier(name, request.ctx_cluster).detail())