def test_race_condition_customer(self): """Test case where another request may create the customer in a race condition.""" customer = self._create_customer_data() account_id = customer["account_id"] orig_cust = IdentityHeaderMiddleware._create_customer(account_id) # pylint: disable=W0212 dup_cust = IdentityHeaderMiddleware._create_customer(account_id) # pylint: disable=W0212 self.assertEqual(orig_cust, dup_cust)
def _create_context(self): """Create request context object.""" user = None customer = None encoded_auth_header = self._identity_header.get("x-rh-identity") if encoded_auth_header: identity = json.loads(b64decode(encoded_auth_header)) account = identity.get("identity", {}).get("account_number") username = identity.get("identity", {}).get("user", {}).get("username") email = identity.get("identity", {}).get("user", {}).get("email") identity_type = identity.get("identity", {}).get("type", "User") auth_type = identity.get("identity", {}).get("auth_type") if identity_type == "System" and auth_type == "uhc-auth": username = identity.get("identity", {}).get("system", {}).get("cluster_id") email = "" try: customer = Customer.objects.filter(account_id=account).get() except Customer.DoesNotExist: customer = IdentityHeaderMiddleware.create_customer(account) try: user = User.objects.get(username=username) except User.DoesNotExist: user = IdentityHeaderMiddleware.create_user( username, email, customer, None) context = {"user": user, "customer": customer} return context, customer, user
def test_process_request_user_access_no_permissions(self, get_access_mock): """Test PermissionDenied is not raised for user-access calls""" mock_access = {} username = "******" get_access_mock.return_value = mock_access user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=False) mock_request = request_context["request"] mock_request.path = "/api/v1/user-access/" mock_request.META["QUERY_STRING"] = "" mock_user = Mock(username=username, admin=False, access=None) mock_request = Mock(path="/api/v1/user-access/", user=mock_user) IdentityHeaderMiddleware.create_user( username=username, email=self.user_data["email"], customer=Customer.objects.get( account_id=customer.get("account_id")), request=mock_request, ) middleware = KokuTenantMiddleware() with patch.object(BaseTenantMiddleware, "process_request") as mock_process_request: _ = middleware.process_request(mock_request) mock_process_request.assert_called()
def test_process_developer_identity(self): """Test that process_request() passes-through a custom identity.""" fake = Faker() identity = { "identity": { "account_number": str(fake.pyint()), "type": "User", "user": { "username": fake.word(), "email": fake.email(), "is_org_admin": False, "access": { "aws.account": { "read": ["1234567890AB", "234567890AB1"] }, "azure.subscription_guid": { "read": ["*"] }, }, }, }, "entitlements": { "cost_management": { "is_entitled": True } }, } mock_request = Mock(path="/api/v1/reports/azure/costs/", META={"QUERY_STRING": ""}) user = Mock( access={ "aws.account": { "read": ["1234567890AB", "234567890AB1"] }, "azure.subscription_guid": { "read": ["*"] }, }, username=fake.word(), email=fake.email(), admin=False, customer=Mock(account_id=fake.pyint()), req_id="DEVELOPMENT", ) mock_request.user = user mock_request.META[RH_IDENTITY_HEADER] = base64.b64encode( json.dumps(identity).encode("utf-8")) logging.disable(logging.NOTSET) with self.assertLogs(logger="koku.middleware", level=logging.WARNING): middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request)
def test_process_not_status(self): """Test that the customer, tenant and user are created.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertIsNotNone(user) tenant = Tenant.objects.get(schema_name=self.schema_name) self.assertIsNotNone(tenant)
def test_process_not_entitled(self): """Test that the a request cannot be made if not entitled.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=False ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() with self.assertRaises(PermissionDenied): middleware.process_request(mock_request)
def test_process_malformed_header(self): """Test that malformed header in request results in 403.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=False ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["HTTP_X_RH_IDENTITY"] = "not a header" middleware = IdentityHeaderMiddleware() with self.assertRaises(PermissionDenied): middleware.process_request(mock_request)
def test_rbac_500_response_return_424(self, mocked_get): """Test 500 RBAC response causes 424 Reponse.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=False, is_cost_management=True ) mock_request = request_context["request"] mock_request.path = "/api/v1/tags/aws/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() response = middleware.process_request(mock_request) self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY) mocked_get.assert_called()
def test_rbac_connection_error_return_424(self, mocked_get): """Test RbacConnectionError causes 424 Reponse.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=False, is_openshift=True ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() response = middleware.process_request(mock_request) self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY) mocked_get.assert_called()
def test_process_no_customer(self): """Test that the customer, tenant and user are not created.""" customer = self._create_customer_data() account_id = "12345" del customer["account_id"] request_context = self._create_request_context(customer, self.user_data, create_customer=False) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) with self.assertRaises(Customer.DoesNotExist): customer = Customer.objects.get(account_id=account_id) with self.assertRaises(User.DoesNotExist): User.objects.get(username=self.user_data["username"])
def test_process_not_entitled(self): """Test that the a request cannot be made if not entitled.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_hybrid_cloud=False) mock_request = request_context['request'] mock_request.path = '/api/v1/providers/' mock_request.META['QUERY_STRING'] = '' middleware = IdentityHeaderMiddleware() with self.assertRaises(PermissionDenied): middleware.process_request(mock_request)
def test_process_operational_error_return_424(self): """Test OperationalError causes 424 Reponse.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=True ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" with patch("koku.middleware.Customer.objects") as mock_customer: mock_customer.filter.side_effect = OperationalError middleware = IdentityHeaderMiddleware() response = middleware.process_request(mock_request) self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY)
def test_source_list_other_header(self): """Test the LIST endpoint with other auth header not matching test data.""" user_data = self._create_user_data() other_account = "10002" customer = self._create_customer_data(account=other_account) IdentityHeaderMiddleware.create_customer(other_account) request_context = self._create_request_context(customer, user_data, create_customer=True, is_admin=True) with requests_mock.mock() as m: m.get("http://www.sourcesclient.com/api/v1/sources/", status_code=200) url = reverse("sources-list") response = self.client.get(url, content_type="application/json", **request_context["request"].META) body = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(body.get("meta").get("count"), 0)
def test_process_non_beta_url_path(self): """Test that user non-beta flag is False for beta url path.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_cost_management=True) mock_request = request_context["request"] mock_request.path = "/api/v1/tags/aws/" mock_request.META["QUERY_STRING"] = "" mock_request.META["HTTP_REFERER"] = "http://cost.com/report" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertFalse(mock_request.user.beta)
def test_process_not_status_caching(self): """Test that the customer, tenant and user are created and cached""" mock_request = self.request middleware = IdentityHeaderMiddleware() self.assertEquals(MD.USER_CACHE.currsize, 0) self.assertEquals(MD.USER_CACHE.maxsize, 5) # Confirm that the size of the mocked user cache has been updated self.assertEquals(IdentityHeaderMiddleware.customer_cache.currsize, 0) middleware.process_request(mock_request) # Adds 1 to the customer and user cache self.assertTrue(hasattr(mock_request, "user")) self.assertEquals(IdentityHeaderMiddleware.customer_cache.currsize, 1) self.assertEquals(MD.USER_CACHE.currsize, 1) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertEqual(MD.USER_CACHE.currsize, 1) self.assertIsNotNone(user) time.sleep(4) # Wait for the ttl self.assertEquals(IdentityHeaderMiddleware.customer_cache.currsize, 0) self.assertEquals(MD.USER_CACHE.currsize, 0)
def test_process_non_admin(self, get_access_mock): """Test case for process_request as a non-admin user.""" mock_access = { "aws.account": {"read": ["999999999999"]}, "openshift.cluster": {"read": ["999999999999"]}, "openshift.node": {"read": ["999999999999"]}, "openshift.project": {"read": ["999999999999"]}, "provider": {"read": ["999999999999"], "write": []}, "rate": {"read": ["999999999999"], "write": []}, } get_access_mock.return_value = mock_access user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=False ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) user_uuid = mock_request.user.uuid cache = caches["rbac"] self.assertEqual(cache.get(user_uuid), mock_access) middleware.process_request(mock_request) cache = caches["rbac"] self.assertEqual(cache.get(user_uuid), mock_access)
def test_source_get_other_header(self): """Test the GET endpoint other header not matching test data.""" user_data = self._create_user_data() other_account = "10002" customer = self._create_customer_data(account=other_account) IdentityHeaderMiddleware.create_customer(other_account) request_context = self._create_request_context(customer, user_data, create_customer=True, is_admin=True) with requests_mock.mock() as m: m.get( f"http://www.sourcesclient.com/api/v1/sources/{self.test_source_id}/", status_code=200, headers={"Content-Type": "application/json"}, ) url = reverse("sources-detail", kwargs={"pk": self.test_source_id}) response = self.client.get(url, content_type="application/json", **request_context["request"].META) self.assertEqual(response.status_code, 404)
def test_race_condition_user(self): """Test case where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertIsNotNone(user) IdentityHeaderMiddleware.create_user( username=self.user_data["username"], email=self.user_data["email"], customer=customer, request=mock_request )
def test_race_condition_user(self): """Test case where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, 'user')) customer = Customer.objects.get(account_id=self.customer['account_id']) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data['username']) self.assertIsNotNone(user) IdentityHeaderMiddleware._create_user( username=self.user_data['username'], # pylint: disable=W0212 email=self.user_data['email'], customer=customer, request=mock_request)
def test_process_non_admin(self, get_access_mock): """Test case for process_request as a non-admin user.""" mock_access = { 'aws.account': { 'read': ['999999999999'] }, 'openshift.cluster': { 'read': ['999999999999'] }, 'openshift.node': { 'read': ['999999999999'] }, 'openshift.project': { 'read': ['999999999999'] }, 'provider': { 'read': ['999999999999'], 'write': [] }, 'rate': { 'read': ['999999999999'], 'write': [] } } get_access_mock.return_value = mock_access user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=False) mock_request = request_context['request'] mock_request.path = '/api/v1/providers/' mock_request.META['QUERY_STRING'] = '' middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) user_uuid = mock_request.user.uuid from django.core.cache import caches cache = caches['rbac'] self.assertEqual(cache.get(user_uuid), mock_access) middleware.process_request(mock_request) cache = caches['rbac'] self.assertEqual(cache.get(user_uuid), mock_access)
def test_race_condition_user_caching(self): """Test case for caching where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() self.assertEquals(MD.USER_CACHE.maxsize, 5) # Confirm that the size of the user cache has changed self.assertEquals(MD.USER_CACHE.currsize, 0) # Confirm that the user cache is empty middleware.process_request(mock_request) self.assertEquals(MD.USER_CACHE.currsize, 1) self.assertTrue(hasattr(mock_request, "user")) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertEquals(MD.USER_CACHE.currsize, 1) self.assertIsNotNone(user) IdentityHeaderMiddleware.create_user( username=self.user_data["username"], # pylint: disable=W0212 email=self.user_data["email"], customer=customer, request=mock_request, ) self.assertEquals(MD.USER_CACHE.currsize, 1)
def test_process_status(self): """Test that the request gets a user.""" mock_request = Mock(path="/api/v1/status/") middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user"))
def setUpClass(cls): """Set up the test class.""" super().setUpClass() account = "12345" IdentityHeaderMiddleware.create_customer(account)
def setUpClass(cls): """Set up the test class.""" super().setUpClass() post_save.disconnect(storage_callback, sender=Sources) account = "12345" IdentityHeaderMiddleware.create_customer(account)