def test_get_quota(self):
"""
Tests cluster.get_quota() method
Verifies:
* if no user is passed, return default quota values
* if user has quota, return values from Quota
* if user doesn't have quota, return default cluster values
"""
default_quota = {'default': 1, 'ram': 1,
'virtual_cpus': None, 'disk': 3}
user_quota = {'default': 0, 'ram': 4, 'virtual_cpus': 5, 'disk': None}
cluster = Cluster(hostname='foo.fake.hostname')
cluster.__dict__.update(default_quota)
cluster.save()
user = User(username='******')
user.save()
# default quota
self.assertEqual(default_quota, cluster.get_quota())
# user without quota, defaults to default
self.assertEqual(default_quota, cluster.get_quota(user.get_profile()))
# user with custom quota
quota = Quota(cluster=cluster, user=user.get_profile())
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota, cluster.get_quota(user.get_profile()))
quota.delete()
cluster.delete()
user.delete()
def test_get_quota(self):
"""
Tests cluster.get_quota() method
Verifies:
* if no user is passed, return default quota values
* if user has quota, return values from Quota
* if user doesn't have quota, return default cluster values
"""
default_quota = {
'default': 1,
'ram': 1,
'virtual_cpus': None,
'disk': 3
}
user_quota = {'default': 0, 'ram': 4, 'virtual_cpus': 5, 'disk': None}
cluster = Cluster(hostname='foo.fake.hostname')
cluster.__dict__.update(default_quota)
cluster.save()
user = User(username='******')
user.save()
# default quota
self.assertEqual(default_quota, cluster.get_quota())
# user without quota, defaults to default
self.assertEqual(default_quota, cluster.get_quota(user.get_profile()))
# user with custom quota
quota = Quota(cluster=cluster, user=user.get_profile())
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota, cluster.get_quota(user.get_profile()))
quota.delete()
cluster.delete()
user.delete()
def test_view_group_permissions(self):
"""
Test editing Group permissions on a Cluster
"""
args = (self.cluster.slug, self.group.id)
args_post = self.cluster.slug
url = "/cluster/%s/permissions/group/%s"
url_post = "/cluster/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(self.c.login(username=self.unauthorized.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.group.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
self.assertTrue(self.c.login(username=self.cluster_admin.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
self.user.revoke('admin', self.cluster)
# valid GET authorized user (superuser)
self.assertTrue(self.c.login(username=self.superuser.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid group
response = self.c.get(url % (self.cluster.slug, 0))
self.assertEqual(404, response.status_code)
# invalid group (POST)
data = {
'permissions': ['admin'],
'group': -1,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no group (POST)
data = {
'permissions': ['admin'],
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST group has permissions
self.group.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'group': self.group.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/cluster/group_row.html')
self.assertEqual(['admin'], self.group.get_perms(self.cluster))
# add quota to the group
user_quota = {'default': 0, 'ram': 51,
'virtual_cpus': 10, 'disk': 3000}
quota = Quota(cluster=self.cluster, user=self.group.organization)
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota,
self.cluster.get_quota(self.group.organization))
# valid POST group has no permissions left
data = {
'permissions': [],
'group': self.group.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual([], self.group.get_perms(self.cluster))
self.assertEqual('"group_%s"' % self.group.id, response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.group.organization)['default']
)
self.assertFalse(self.group.organization.quotas.all().exists())
# no permissions specified - user with no quota
self.group.grant('create_vm', self.cluster)
self.cluster.set_quota(self.group.organization, None)
data = {
'permissions': [],
'group': self.group.id,
'obj': self.cluster.pk,
}
response = self.c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.group.organization)['default']
)
self.assertFalse(self.group.organization.quotas.all().exists())
def test_view_user_permissions(self):
"""
Tests updating users permissions
Verifies:
* anonymous user returns 403
* lack of permissions returns 403
* nonexistent cluster returns 404
* invalid user returns 404
* invalid group returns 404
* missing user and group returns error as json
* GET returns html for form
* If user/group has permissions no html is returned
* If user/group has no permissions a
json response of -1 is returned
"""
args = (self.cluster.slug, self.user.id)
args_post = self.cluster.slug
url = "/cluster/%s/permissions/user/%s"
url_post = "/cluster/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(self.c.login(username=self.unauthorized.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
self.assertTrue(self.c.login(username=self.cluster_admin.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# valid GET authorized user (superuser)
self.assertTrue(self.c.login(username=self.superuser.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid user
response = self.c.get(url % (self.cluster.slug, -1))
self.assertEqual(404, response.status_code)
# invalid user (POST)
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': -1,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no user (POST)
# XXX double-grant?
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST user has permissions
# XXX triple-grant?!
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html')
self.assertTrue(self.user.has_perm('admin', self.cluster))
self.assertFalse(self.user.has_perm('create_vm', self.cluster))
# add quota to the user
user_quota = {'default': 0, 'ram': 51,
'virtual_cpus': 10, 'disk': 3000}
quota = Quota(cluster=self.cluster, user=self.user.get_profile())
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota,
self.cluster.get_quota(self.user.get_profile()))
# valid POST user has no permissions left
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual([], get_user_perms(self.user, self.cluster))
# XXX this is too hardcoded and can spuriously fail
self.assertEqual('"user_2"', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default']
)
self.assertFalse(self.user.get_profile().quotas.all().exists())
# no permissions specified - user with no quota
# XXX quadra-grant!!!
self.user.grant('create_vm', self.cluster)
self.cluster.set_quota(self.user.get_profile(), None)
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default']
)
self.assertFalse(self.user.get_profile().quotas.all().exists())
def test_view_group_permissions(self):
"""
Test editing Group permissions on a Cluster
"""
args = (self.cluster.slug, self.group.id)
args_post = self.cluster.slug
url = "/cluster/%s/permissions/group/%s"
url_post = "/cluster/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
self.c.login(username=self.unauthorized.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.group.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
self.assertTrue(
self.c.login(username=self.cluster_admin.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
self.user.revoke('admin', self.cluster)
# valid GET authorized user (superuser)
self.assertTrue(
self.c.login(username=self.superuser.username, password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid group
response = self.c.get(url % (self.cluster.slug, 0))
self.assertEqual(404, response.status_code)
# invalid group (POST)
data = {
'permissions': ['admin'],
'group': -1,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no group (POST)
data = {
'permissions': ['admin'],
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST group has permissions
self.group.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'group': self.group.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/cluster/group_row.html')
self.assertEqual(['admin'], self.group.get_perms(self.cluster))
# add quota to the group
user_quota = {
'default': 0,
'ram': 51,
'virtual_cpus': 10,
'disk': 3000
}
quota = Quota(cluster=self.cluster, user=self.group.organization)
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota,
self.cluster.get_quota(self.group.organization))
# valid POST group has no permissions left
data = {
'permissions': [],
'group': self.group.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual([], self.group.get_perms(self.cluster))
self.assertEqual('"group_%s"' % self.group.id, response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.group.organization)['default'])
self.assertFalse(self.group.organization.quotas.all().exists())
# no permissions specified - user with no quota
self.group.grant('create_vm', self.cluster)
self.cluster.set_quota(self.group.organization, None)
data = {
'permissions': [],
'group': self.group.id,
'obj': self.cluster.pk,
}
response = self.c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.group.organization)['default'])
self.assertFalse(self.group.organization.quotas.all().exists())
def test_view_user_permissions(self):
"""
Tests updating users permissions
Verifies:
* anonymous user returns 403
* lack of permissions returns 403
* nonexistent cluster returns 404
* invalid user returns 404
* invalid group returns 404
* missing user and group returns error as json
* GET returns html for form
* If user/group has permissions no html is returned
* If user/group has no permissions a
json response of -1 is returned
"""
args = (self.cluster.slug, self.user.id)
args_post = self.cluster.slug
url = "/cluster/%s/permissions/user/%s"
url_post = "/cluster/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
self.c.login(username=self.unauthorized.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
self.assertTrue(
self.c.login(username=self.cluster_admin.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# valid GET authorized user (superuser)
self.assertTrue(
self.c.login(username=self.superuser.username, password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid user
response = self.c.get(url % (self.cluster.slug, -1))
self.assertEqual(404, response.status_code)
# invalid user (POST)
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': -1,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no user (POST)
# XXX double-grant?
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST user has permissions
# XXX triple-grant?!
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html')
self.assertTrue(self.user.has_perm('admin', self.cluster))
self.assertFalse(self.user.has_perm('create_vm', self.cluster))
# add quota to the user
user_quota = {
'default': 0,
'ram': 51,
'virtual_cpus': 10,
'disk': 3000
}
quota = Quota(cluster=self.cluster, user=self.user.get_profile())
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota,
self.cluster.get_quota(self.user.get_profile()))
# valid POST user has no permissions left
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual([], get_user_perms(self.user, self.cluster))
# XXX this is too hardcoded and can spuriously fail
self.assertEqual('"user_2"', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default'])
self.assertFalse(self.user.get_profile().quotas.all().exists())
# no permissions specified - user with no quota
# XXX quadra-grant!!!
self.user.grant('create_vm', self.cluster)
self.cluster.set_quota(self.user.get_profile(), None)
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default'])
self.assertFalse(self.user.get_profile().quotas.all().exists())
