class ListTenantsTests(TenantTestCase):
def setUp(self) -> None:
self.factory = TenantRequestFactory(self.tenant)
self.view = views.ListTenants.as_view()
self.url = '/api/v2/internal/tenants/'
self.user = CustUser.objects.create_user(username='******')
# get_tenant_domain_model().objects.create(
# domain='test.domain.url', tenant=self.tenant, is_primary=True
# )
with schema_context(get_public_schema_name()):
self.tenant1 = Tenant(name='TEST1', schema_name='test1')
self.tenant1.auto_create_schema = False
self.tenant2 = Tenant(name='TEST2', schema_name='test2')
self.tenant2.auto_create_schema = False
self.tenant3 = Tenant(
name='all',
schema_name=get_public_schema_name(),
)
self.tenant3.auto_create_schema = False
self.tenant1.save()
self.tenant2.save()
self.tenant3.save()
get_tenant_domain_model().objects.create(domain='test1.domain.url',
tenant=self.tenant1,
is_primary=True)
get_tenant_domain_model().objects.create(domain='test2.domain.url',
tenant=self.tenant2,
is_primary=True)
get_tenant_domain_model().objects.create(domain='domain.url',
tenant=self.tenant3,
is_primary=True)
self.supertenant_superuser = CustUser.objects.create_user(
username='******', is_superuser=True)
self.supertenant_user = CustUser.objects.create_user(
username='******')
def test_get_tenants_no_auth(self):
request = self.factory.get(self.url)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@patch('Poem.api.internal_views.tenants.get_tenant_resources')
def test_get_all_tenants(self, mock_resources):
mock_resources.side_effect = mock_tenant_resources
request = self.factory.get(self.url)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(mock_resources.call_count, 4)
self.assertEqual(response.data, [{
'name':
self.tenant.name,
'schema_name':
self.tenant.schema_name,
'domain_url':
'tenant.test.com',
'created_on':
datetime.date.strftime(self.tenant.created_on, '%Y-%m-%d'),
'nr_metrics':
24,
'nr_probes':
15
}, {
'name':
'SuperPOEM Tenant',
'schema_name':
get_public_schema_name(),
'domain_url':
'domain.url',
'created_on':
datetime.date.strftime(self.tenant3.created_on, '%Y-%m-%d'),
'nr_metrics':
354,
'nr_probes':
111
}, {
'name':
'TEST1',
'domain_url':
'test1.domain.url',
'schema_name':
'test1',
'created_on':
datetime.date.strftime(self.tenant1.created_on, '%Y-%m-%d'),
'nr_metrics':
30,
'nr_probes':
10
}, {
'name':
'TEST2',
'domain_url':
'test2.domain.url',
'schema_name':
'test2',
'created_on':
datetime.date.strftime(self.tenant2.created_on, '%Y-%m-%d'),
'nr_metrics':
50,
'nr_probes':
30
}])
@patch('Poem.api.internal_views.tenants.get_tenant_resources')
def test_get_tenant_by_name(self, mock_resources):
mock_resources.return_value = {'metrics': 24, 'probes': 15}
request = self.factory.get(self.url + 'TEST1')
force_authenticate(request, user=self.user)
response = self.view(request, 'TEST1')
self.assertEqual(
response.data, {
'name':
'TEST1',
'domain_url':
'test1.domain.url',
'schema_name':
'test1',
'created_on':
datetime.date.strftime(self.tenant1.created_on, '%Y-%m-%d'),
'nr_metrics':
24,
'nr_probes':
15
})
mock_resources.assert_called_once_with('test1')
@patch('Poem.api.internal_views.tenants.get_tenant_resources')
def test_get_public_schema_tenant_by_name(self, mock_resources):
mock_resources.return_value = {'metric_templates': 354, 'probes': 112}
request = self.factory.get(self.url + 'SuperPOEM_Tenant')
force_authenticate(request, user=self.user)
response = self.view(request, 'SuperPOEM_Tenant')
self.assertEqual(
response.data, {
'name':
'SuperPOEM Tenant',
'domain_url':
'domain.url',
'schema_name':
get_public_schema_name(),
'created_on':
datetime.date.strftime(self.tenant1.created_on, '%Y-%m-%d'),
'nr_metrics':
354,
'nr_probes':
112
})
mock_resources.assert_called_once_with(get_public_schema_name())
@patch('Poem.api.internal_views.tenants.get_tenant_resources')
def test_get_tenant_by_nonexisting_name(self, mock_resources):
request = self.factory.get(self.url + 'nonexisting')
force_authenticate(request, user=self.user)
response = self.view(request, 'nonexisting')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'], 'Tenant not found.')
self.assertFalse(mock_resources.called)
def test_delete_tenant(self):
self.assertEqual(Tenant.objects.all().count(), 4)
request = self.factory.delete(self.url + 'TEST1')
request.tenant = self.tenant3
connection.set_schema_to_public()
force_authenticate(request, user=self.supertenant_superuser)
response = self.view(request, 'TEST1')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Tenant.objects.all().count(), 3)
self.assertRaises(Tenant.DoesNotExist,
Tenant.objects.get,
name='TEST1')
def test_delete_tenant_when_not_public_schema(self):
self.assertEqual(Tenant.objects.all().count(), 4)
request = self.factory.delete(self.url + 'TEST1')
request.tenant = self.tenant
force_authenticate(request, user=self.user)
response = self.view(request, 'TEST1')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(response.data['detail'],
'Cannot delete tenant outside public schema.')
self.assertEqual(Tenant.objects.all().count(), 4)
def test_delete_tenant_when_not_superuser(self):
self.assertEqual(Tenant.objects.all().count(), 4)
request = self.factory.delete(self.url + 'TEST1')
request.tenant = self.tenant3
force_authenticate(request, user=self.supertenant_user)
response = self.view(request, 'TEST1')
self.assertEqual(Tenant.objects.all().count(), 4)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete tenants.')
def test_delete_tenant_without_name(self):
self.assertEqual(Tenant.objects.all().count(), 4)
request = self.factory.delete(self.url)
request.tenant = self.tenant3
force_authenticate(request, user=self.supertenant_superuser)
response = self.view(request)
self.assertEqual(Tenant.objects.all().count(), 4)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'Tenant name should be specified.')
def test_delete_nonexisting_tenant(self):
self.assertEqual(Tenant.objects.all().count(), 4)
request = self.factory.delete(self.url + 'nonexisting')
request.tenant = self.tenant3
force_authenticate(request, user=self.supertenant_superuser)
response = self.view(request, 'nonexisting')
self.assertEqual(Tenant.objects.all().count(), 4)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'], 'Tenant not found.')
class ListReportsAPIViewTests(TenantTestCase):
def setUp(self):
self.factory = TenantRequestFactory(self.tenant)
self.view = views.ListReports.as_view()
self.url = '/api/v2/internal/reports/'
self.user = CustUser.objects.create_user(username='******')
self.limited_user = CustUser.objects.create_user(username='******')
self.superuser = CustUser.objects.create_user(username='******',
is_superuser=True)
self.report1 = poem_models.Reports.objects.create(
name='Critical',
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
groupname='TENANT',
description='Critical report')
self.report2 = poem_models.Reports.objects.create(
name='ops-monitor',
apiid='bue2xius-ubt0-62ap-9nbn-ieta0kao8loa',
)
group1 = poem_models.GroupOfReports.objects.create(name='TENANT')
group2 = poem_models.GroupOfReports.objects.create(name='ARGO')
self.group = poem_models.GroupOfReports.objects.create(name='TEST')
group1.reports.add(self.report1)
userprofile = poem_models.UserProfile.objects.create(user=self.user)
userprofile.groupsofreports.add(group1)
userprofile.groupsofreports.add(group2)
poem_models.UserProfile.objects.create(user=self.limited_user)
poem_models.UserProfile.objects.create(user=self.superuser)
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_all_reports_superuser(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.data, [
OrderedDict([('name', 'Critical'),
('description', 'Critical report'),
('apiid', 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i'),
('groupname', 'TENANT')]),
OrderedDict([('name', 'ops-monitor'), ('description', ''),
('apiid', 'bue2xius-ubt0-62ap-9nbn-ieta0kao8loa'),
('groupname', '')])
])
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_all_reports_regular_user(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.data, [
OrderedDict([('name', 'Critical'),
('description', 'Critical report'),
('apiid', 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i'),
('groupname', 'TENANT')]),
OrderedDict([('name', 'ops-monitor'), ('description', ''),
('apiid', 'bue2xius-ubt0-62ap-9nbn-ieta0kao8loa'),
('groupname', '')])
])
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_all_reports_limited_user(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.data, [
OrderedDict([('name', 'Critical'),
('description', 'Critical report'),
('apiid', 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i'),
('groupname', 'TENANT')]),
OrderedDict([('name', 'ops-monitor'), ('description', ''),
('apiid', 'bue2xius-ubt0-62ap-9nbn-ieta0kao8loa'),
('groupname', '')])
])
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_report_by_name_superuser(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url + 'Critical')
force_authenticate(request, user=self.superuser)
response = self.view(request, 'Critical')
self.assertEqual(
response.data,
OrderedDict([('name', 'Critical'),
('description', 'Critical report'),
('apiid', 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i'),
('groupname', 'TENANT')]))
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_report_by_name_regular_user(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url + 'Critical')
force_authenticate(request, user=self.user)
response = self.view(request, 'Critical')
self.assertEqual(
response.data,
OrderedDict([('name', 'Critical'),
('description', 'Critical report'),
('apiid', 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i'),
('groupname', 'TENANT')]))
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_report_by_name_limited_user(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url + 'Critical')
force_authenticate(request, user=self.limited_user)
response = self.view(request, 'Critical')
self.assertEqual(
response.data,
OrderedDict([('name', 'Critical'),
('description', 'Critical report'),
('apiid', 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i'),
('groupname', 'TENANT')]))
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_report_if_wrong_name_superuser(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url + 'nonexisting')
force_authenticate(request, user=self.superuser)
response = self.view(request, 'nonexisting')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_report_if_wrong_name_regular_user(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url + 'nonexisting')
force_authenticate(request, user=self.user)
response = self.view(request, 'nonexisting')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
@patch('Poem.api.internal_views.reports.sync_webapi')
def test_get_report_if_wrong_name_limited_user(self, func):
func.side_effect = mocked_func
request = self.factory.get(self.url + 'nonexisting')
force_authenticate(request, user=self.limited_user)
response = self.view(request, 'nonexisting')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_post_report_superuser(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'ARGO',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(poem_models.Reports.objects.all().count(), 3)
report = poem_models.Reports.objects.get(name='sla')
self.assertEqual(report.name, 'sla')
self.assertEqual(report.apiid, 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u')
self.assertEqual(report.description, 'Some description.')
self.assertEqual(report.groupname, 'ARGO')
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u').exists())
def test_post_report_regular_user(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'ARGO',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(poem_models.Reports.objects.all().count(), 3)
report = poem_models.Reports.objects.get(name='sla')
self.assertEqual(report.name, 'sla')
self.assertEqual(report.apiid, 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u')
self.assertEqual(report.description, 'Some description.')
self.assertEqual(report.groupname, 'ARGO')
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u').exists())
def test_post_report_regular_user_wrong_group(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'TEST',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission to assign reports to the given group.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
group = poem_models.GroupOfReports.objects.get(name='TEST')
self.assertEqual(group.reports.all().count(), 0)
def test_post_report_limited_user(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'ARGO',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to add reports.')
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 0)
def test_post_report_nonexisting_group_superuser(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'nonexisting',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'],
'Group of reports not found.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
def test_post_report_nonexisting_group_regular_user(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'nonexisting',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'],
'Group of reports not found.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
def test_post_report_nonexisting_group_limited_user(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'nonexisting',
'description': 'Some description.'
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to add reports.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
def test_post_report_without_description_superuser(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'ARGO',
'description': ''
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(poem_models.Reports.objects.all().count(), 3)
report = poem_models.Reports.objects.get(name='sla')
self.assertEqual(report.apiid, 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u')
self.assertEqual(report.description, '')
self.assertEqual(report.groupname, 'ARGO')
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u').exists())
def test_post_report_without_description_regular_user(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'ARGO',
'description': ''
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(poem_models.Reports.objects.all().count(), 3)
report = poem_models.Reports.objects.get(name='sla')
self.assertEqual(report.apiid, 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u')
self.assertEqual(report.description, '')
self.assertEqual(report.groupname, 'ARGO')
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u').exists())
def test_post_report_without_description_regular_user_wrong_group(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'TEST',
'description': ''
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission to assign reports to the given group.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 0)
def test_post_report_without_description_limited_user(self):
data = {
'apiid': 'yoohoo6t-1fwt-nf98-uem6-uc1zie9ahk8u',
'name': 'sla',
'groupname': 'ARGO',
'description': ''
}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to add reports.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
name='sla')
group = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group.reports.all().count(), 0)
def test_post_report_invalid_data_superuser(self):
data = {'name': 'sla'}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'apiid: This field is required.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_post_report_invalid_data_regular_user(self):
data = {'name': 'sla'}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'apiid: This field is required.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_post_report_invalid_data_limited_user(self):
data = {'name': 'sla'}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to add reports.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_put_report_superuser(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'ARGO',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'CriticalTest')
self.assertEqual(report.groupname, 'ARGO')
self.assertEqual(report.description, 'Testing critical report.')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 0)
self.assertEqual(group2.reports.all().count(), 1)
self.assertTrue(
group2.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_regular_user(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'ARGO',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'CriticalTest')
self.assertEqual(report.groupname, 'ARGO')
self.assertEqual(report.description, 'Testing critical report.')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 0)
self.assertEqual(group2.reports.all().count(), 1)
self.assertTrue(
group2.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_regular_user_wrong_group(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'TEST',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission to assign reports to the given group.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 1)
self.assertEqual(group2.reports.all().count(), 0)
self.assertTrue(
group1.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_regular_user_wrong_initial_group(self):
report3 = poem_models.Reports.objects.create(
name='ops-monitor-critical',
apiid='juashu3i-533c-z9zi-lm6s-lei0ahlocei5',
groupname='TEST')
self.group.reports.add(report3)
data = {
'name': 'CriticalTest',
'apiid': 'juashu3i-533c-z9zi-lm6s-lei0ahlocei5',
'groupname': 'ARGO',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission to change reports in this group.')
report = poem_models.Reports.objects.get(
apiid='juashu3i-533c-z9zi-lm6s-lei0ahlocei5')
self.assertEqual(report.name, 'ops-monitor-critical')
self.assertEqual(report.groupname, 'TEST')
self.assertEqual(report.description, '')
group1 = poem_models.GroupOfReports.objects.get(name='TEST')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 1)
self.assertEqual(group2.reports.all().count(), 0)
self.assertTrue(
group1.reports.filter(
apiid='juashu3i-533c-z9zi-lm6s-lei0ahlocei5').exists())
def test_put_report_limited_user(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'ARGO',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change reports.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 1)
self.assertEqual(group2.reports.all().count(), 0)
self.assertTrue(
group1.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_nonexisting_group_superuser(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'nonexisting',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'],
'Given group of reports does not exist.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group = poem_models.GroupOfReports.objects.get(name='TENANT')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_nonexisting_group_regular_user(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'nonexisting',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'],
'Given group of reports does not exist.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group = poem_models.GroupOfReports.objects.get(name='TENANT')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_nonexisting_group_limited_user(self):
data = {
'name': 'CriticalTest',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'nonexisting',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change reports.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group = poem_models.GroupOfReports.objects.get(name='TENANT')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_without_description_superuser(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'ARGO',
'description': ''
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'ARGO')
self.assertEqual(report.description, '')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 0)
self.assertEqual(group2.reports.all().count(), 1)
self.assertTrue(
group2.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_without_description_regular_user(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'ARGO',
'description': ''
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'ARGO')
self.assertEqual(report.description, '')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 0)
self.assertEqual(group2.reports.all().count(), 1)
self.assertTrue(
group2.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_without_description_regular_user_wrong_group(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'TEST',
'description': ''
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission to assign reports to the given group.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='TEST')
self.assertEqual(group1.reports.all().count(), 1)
self.assertEqual(group2.reports.all().count(), 0)
self.assertTrue(
group1.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_without_description_limited_user(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'groupname': 'ARGO',
'description': ''
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change reports.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group1 = poem_models.GroupOfReports.objects.get(name='TENANT')
group2 = poem_models.GroupOfReports.objects.get(name='ARGO')
self.assertEqual(group1.reports.all().count(), 1)
self.assertEqual(group2.reports.all().count(), 0)
self.assertTrue(
group1.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_without_apiid_superuser(self):
data = {
'name': 'Critical',
'apiid': '',
'groupname': 'ARGO',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'], 'Apiid field undefined!')
def test_put_report_without_apiid_regular_user(self):
data = {
'name': 'Critical',
'apiid': '',
'groupname': 'ARGO',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'], 'Apiid field undefined!')
def test_put_report_without_apiid_regular_user_wrong_group(self):
data = {
'name': 'Critical',
'apiid': '',
'groupname': 'TEST',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'], 'Apiid field undefined!')
def test_put_report_without_apiid_limited_user(self):
data = {
'name': 'Critical',
'apiid': '',
'groupname': 'TEST',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change reports.')
def test_put_report_with_missing_key_in_request_data_superuser(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'Missing data key: groupname')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group = poem_models.GroupOfReports.objects.get(name='TENANT')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_with_missing_key_in_request_data_regular_user(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'Missing data key: groupname')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group = poem_models.GroupOfReports.objects.get(name='TENANT')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_put_report_with_missing_key_in_request_data_limited_user(self):
data = {
'name': 'Critical',
'apiid': 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i',
'description': 'Testing critical report.'
}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change reports.')
report = poem_models.Reports.objects.get(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(report.name, 'Critical')
self.assertEqual(report.groupname, 'TENANT')
self.assertEqual(report.description, 'Critical report')
group = poem_models.GroupOfReports.objects.get(name='TENANT')
self.assertEqual(group.reports.all().count(), 1)
self.assertTrue(
group.reports.filter(
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i').exists())
def test_delete_report_superuser(self):
request = self.factory.delete(self.url +
'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
force_authenticate(request, user=self.superuser)
response = self.view(request, 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(poem_models.Reports.objects.all().count(), 1)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
def test_delete_report_regular_user(self):
request = self.factory.delete(self.url +
'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
force_authenticate(request, user=self.user)
response = self.view(request, 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(poem_models.Reports.objects.all().count(), 1)
self.assertRaises(poem_models.Reports.DoesNotExist,
poem_models.Reports.objects.get,
apiid='yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
def test_delete_report_regular_user_wrong_group(self):
request = self.factory.delete(self.url +
'bue2xius-ubt0-62ap-9nbn-ieta0kao8loa')
force_authenticate(request, user=self.user)
response = self.view(request, 'bue2xius-ubt0-62ap-9nbn-ieta0kao8loa')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission to delete reports assigned to this '
'group.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_limited_user(self):
request = self.factory.delete(self.url +
'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
force_authenticate(request, user=self.limited_user)
response = self.view(request, 'yee9chel-5o4u-l4j4-410b-eipi3ohrah5i')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete reports.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_with_wrong_apiid_superuser(self):
request = self.factory.delete(self.url + 'wrong_id')
force_authenticate(request, user=self.superuser)
response = self.view(request, 'wrong_id')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'], 'Report not found')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_with_wrong_apiid_regular_user(self):
request = self.factory.delete(self.url + 'wrong_id')
force_authenticate(request, user=self.user)
response = self.view(request, 'wrong_id')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'], 'Report not found')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_with_wrong_apiid_limited_user(self):
request = self.factory.delete(self.url + 'wrong_id')
force_authenticate(request, user=self.limited_user)
response = self.view(request, 'wrong_id')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete reports.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_without_specifying_apiid_superuser(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.superuser)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'], 'Report not specified!')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_without_specifying_apiid_regular_user(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'], 'Report not specified!')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
def test_delete_report_without_specifying_apiid_limited_user(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.limited_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete reports.')
self.assertEqual(poem_models.Reports.objects.all().count(), 2)
class ListAPIKeysAPIViewTests(TenantTestCase):
def setUp(self):
self.factory = TenantRequestFactory(self.tenant)
self.view = views.ListAPIKeys.as_view()
self.url = '/api/v2/internal/apikeys/'
self.user = CustUser.objects.create_user(username='******',
is_superuser=True)
self.regular_user = CustUser.objects.create_user(username='******')
self.poor_user = CustUser.objects.create_user(username='******')
group1 = poem_models.GroupOfAggregations.objects.create(name='TEST')
group2 = poem_models.GroupOfMetrics.objects.create(name='TEST')
userprofile = poem_models.UserProfile.objects.create(
user=self.regular_user)
userprofile.groupsofaggregations.add(group1)
userprofile.groupsofmetrics.add(group2)
poem_models.UserProfile.objects.create(user=self.user)
poem_models.UserProfile.objects.create(user=self.poor_user)
key1, k1 = MyAPIKey.objects.create_key(name='EGI')
self.id1 = key1.id
self.token1 = key1.token
self.created1 = datetime.datetime.strftime(key1.created,
'%Y-%m-%d %H:%M:%S')
key2, k2 = MyAPIKey.objects.create_key(name='EUDAT')
self.id2 = key2.id
self.token2 = key2.token
self.created2 = datetime.datetime.strftime(key2.created,
'%Y-%m-%d %H:%M:%S')
key3, k3 = MyAPIKey.objects.create_key(name='DELETABLE')
self.id3 = key3.id
self.token3 = key3.token
self.created3 = datetime.datetime.strftime(key3.created,
'%Y-%m-%d %H:%M:%S')
key4, k4 = MyAPIKey.objects.create_key(name='WEB-API')
self.id4 = key4.id
self.token4 = key4.token
self.created4 = datetime.datetime.strftime(key4.created,
'%Y-%m-%d %H:%M:%S')
key5, k5 = MyAPIKey.objects.create_key(name='WEB-API-RO')
self.id5 = key5.id
self.token5 = key5.token
self.created5 = datetime.datetime.strftime(key5.created,
'%Y-%m-%d %H:%M:%S')
def test_permission_denied_in_case_no_authorization(self):
request = self.factory.get(self.url)
request.tenant = self.tenant
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_get_list_of_apikeys(self):
request = self.factory.get(self.url)
request.tenant = self.tenant
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.data, [{
'id': self.id3,
'name': 'DELETABLE',
'created': self.created3,
'revoked': False
}, {
'id': self.id1,
'name': 'EGI',
'created': self.created1,
'revoked': False
}, {
'id': self.id2,
'name': 'EUDAT',
'created': self.created2,
'revoked': False
}, {
'id': self.id4,
'name': 'WEB-API',
'created': self.created4,
'revoked': False
}, {
'id': self.id5,
'name': 'WEB-API-RO',
'created': self.created5,
'revoked': False
}])
def test_get_list_of_apikeys_regular_user_with_some_permissions(self):
request = self.factory.get(self.url)
request.tenant = self.tenant
force_authenticate(request, user=self.regular_user)
response = self.view(request)
self.assertEqual(response.data, [{
'id': self.id4,
'name': 'WEB-API',
'created': self.created4,
'revoked': False
}, {
'id': self.id5,
'name': 'WEB-API-RO',
'created': self.created5,
'revoked': False
}])
def test_get_list_of_apikeys_regular_user_with_no_permissions(self):
request = self.factory.get(self.url)
request.tenant = self.tenant
force_authenticate(request, user=self.poor_user)
response = self.view(request)
self.assertEqual(response.data, [{
'id': self.id4,
'name': 'WEB-API',
'created': self.created4,
'revoked': False
}, {
'id': self.id5,
'name': 'WEB-API-RO',
'created': self.created5,
'revoked': False
}])
def test_get_apikey_for_given_name(self):
request = self.factory.get(self.url + 'EGI')
request.tenant = self.tenant
force_authenticate(request, user=self.user)
response = self.view(request, 'EGI')
self.assertEqual(
response.data, {
'id': self.id1,
'name': 'EGI',
'token': self.token1,
'created': self.created1,
'revoked': False
})
def test_get_apikey_for_given_name_regular_user(self):
request = self.factory.get(self.url + 'EGI')
request.tenant = self.tenant
force_authenticate(request, user=self.regular_user)
response = self.view(request, 'EGI')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission for fetching this API key.')
def test_get_apikey_for_given_name_regular_user_without_permissions(self):
request = self.factory.get(self.url + 'EGI')
request.tenant = self.tenant
force_authenticate(request, user=self.poor_user)
response = self.view(request, 'EGI')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission for fetching this API key.')
def test_get_apikey_for_webapi_name_regular_user(self):
request = self.factory.get(self.url + 'WEB-API')
request.tenant = self.tenant
force_authenticate(request, user=self.regular_user)
response = self.view(request, 'WEB-API')
self.assertEqual(
response.data, {
'id': self.id4,
'name': 'WEB-API',
'token': self.token4,
'created': self.created4,
'revoked': False
})
def test_get_apikey_for_webapi_name_regular_user_without_permissions(self):
request = self.factory.get(self.url + 'WEB-API')
request.tenant = self.tenant
force_authenticate(request, user=self.poor_user)
response = self.view(request, 'WEB-API')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.data['detail'],
'You do not have permission for fetching this API key.')
def test_get_apikey_for_webapi_ro_name_regular_user_without_perms(self):
request = self.factory.get(self.url + 'WEB-API-RO')
request.tenant = self.tenant
force_authenticate(request, user=self.poor_user)
response = self.view(request, 'WEB-API-RO')
self.assertEqual(
response.data, {
'id': self.id5,
'name': 'WEB-API-RO',
'token': self.token5,
'created': self.created5,
'revoked': False
})
def test_put_apikey(self):
data = {'id': self.id1, 'name': 'EGI2', 'revoked': False}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
changed_entry = MyAPIKey.objects.get(id=self.id1)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual('EGI2', changed_entry.name)
def test_put_apikey_regular_user(self):
data = {'id': self.id1, 'name': 'EGI2', 'revoked': False}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.regular_user)
response = self.view(request)
changed_entry = MyAPIKey.objects.get(id=self.id1)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change API keys.')
self.assertEqual(changed_entry.name, 'EGI')
self.assertFalse(changed_entry.revoked)
def test_put_apikey_without_changing_name(self):
data = {'id': self.id1, 'name': 'EGI', 'revoked': True}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
key = MyAPIKey.objects.get(id=self.id1)
self.assertEqual(key.name, 'EGI')
self.assertTrue(key.revoked)
def test_put_apikey_without_changing_name_regular_user(self):
data = {'id': self.id1, 'name': 'EGI', 'revoked': True}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.regular_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change API keys.')
key = MyAPIKey.objects.get(id=self.id1)
self.assertEqual(key.name, 'EGI')
self.assertFalse(key.revoked)
def test_put_apikey_with_name_that_already_exists(self):
data = {'id': self.id1, 'name': 'EUDAT', 'revoked': False}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'API key with this name already exists')
def test_put_apikey_with_name_that_already_exists_regular_user(self):
data = {'id': self.id1, 'name': 'EUDAT', 'revoked': False}
content, content_type = encode_data(data)
request = self.factory.put(self.url,
content,
content_type=content_type)
force_authenticate(request, user=self.regular_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to change API keys.')
def test_post_apikey(self):
data = {'name': 'test', 'revoked': False}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(len(MyAPIKey.objects.all()), 6)
def test_post_apikey_regular_user(self):
data = {'name': 'test', 'revoked': False}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.regular_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to add API keys.')
self.assertEqual(len(MyAPIKey.objects.all()), 5)
def test_post_apikey_name_already_exists(self):
data = {'name': 'EUDAT', 'revoked': False}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'API key with this name already exists')
self.assertEqual(len(MyAPIKey.objects.all()), 5)
def test_post_apikey_name_already_exists_regular_user(self):
data = {'name': 'EUDAT', 'revoked': False}
request = self.factory.post(self.url, data, format='json')
force_authenticate(request, user=self.regular_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to add API keys.')
self.assertEqual(len(MyAPIKey.objects.all()), 5)
def test_delete_apikey(self):
request = self.factory.delete(self.url + 'DELETABLE')
force_authenticate(request, user=self.user)
response = self.view(request, 'DELETABLE')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
keys = MyAPIKey.objects.all().values_list('name', flat=True)
self.assertEqual(len(keys), 4)
self.assertFalse('DELETABLE' in keys)
def test_delete_apikey_regular_user(self):
request = self.factory.delete(self.url + 'DELETABLE')
force_authenticate(request, user=self.regular_user)
response = self.view(request, 'DELETABLE')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete API keys.')
keys = MyAPIKey.objects.all().values_list('name', flat=True)
self.assertEqual(len(keys), 5)
self.assertTrue('DELETABLE' in keys)
def test_delete_nonexisting_apikey(self):
request = self.factory.delete(self.url + 'nonexisting')
force_authenticate(request, user=self.user)
response = self.view(request, 'nonexisting')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(response.data['detail'], 'API key not found')
keys = MyAPIKey.objects.all().values_list('name', flat=True)
self.assertEqual(len(keys), 5)
def test_delete_nonexisting_apikey_regular_user(self):
request = self.factory.delete(self.url + 'nonexisting')
force_authenticate(request, user=self.regular_user)
response = self.view(request, 'nonexisting')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete API keys.')
keys = MyAPIKey.objects.all().values_list('name', flat=True)
self.assertEqual(len(keys), 5)
def test_delete_no_apikey_name(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['detail'],
'API key name must be defined')
def test_delete_no_apikey_name_regular_user(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.regular_user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.data['detail'],
'You do not have permission to delete API keys.')