def test_race_condition_customer(self):
"""Test case where another request may create the customer in a race condition."""
customer = self._create_customer_data()
account_id = customer["account_id"]
orig_cust = IdentityHeaderMiddleware._create_customer(account_id) # pylint: disable=W0212
dup_cust = IdentityHeaderMiddleware._create_customer(account_id) # pylint: disable=W0212
self.assertEqual(orig_cust, dup_cust)
def _create_context(self):
"""Create request context object."""
user = None
customer = None
encoded_auth_header = self._identity_header.get("x-rh-identity")
if encoded_auth_header:
identity = json.loads(b64decode(encoded_auth_header))
account = identity.get("identity", {}).get("account_number")
username = identity.get("identity", {}).get("user",
{}).get("username")
email = identity.get("identity", {}).get("user", {}).get("email")
identity_type = identity.get("identity", {}).get("type", "User")
auth_type = identity.get("identity", {}).get("auth_type")
if identity_type == "System" and auth_type == "uhc-auth":
username = identity.get("identity",
{}).get("system", {}).get("cluster_id")
email = ""
try:
customer = Customer.objects.filter(account_id=account).get()
except Customer.DoesNotExist:
customer = IdentityHeaderMiddleware.create_customer(account)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = IdentityHeaderMiddleware.create_user(
username, email, customer, None)
context = {"user": user, "customer": customer}
return context, customer, user
def test_process_request_user_access_no_permissions(self, get_access_mock):
"""Test PermissionDenied is not raised for user-access calls"""
mock_access = {}
username = "******"
get_access_mock.return_value = mock_access
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(customer,
user_data,
create_customer=True,
create_tenant=True,
is_admin=False)
mock_request = request_context["request"]
mock_request.path = "/api/v1/user-access/"
mock_request.META["QUERY_STRING"] = ""
mock_user = Mock(username=username, admin=False, access=None)
mock_request = Mock(path="/api/v1/user-access/", user=mock_user)
IdentityHeaderMiddleware.create_user(
username=username,
email=self.user_data["email"],
customer=Customer.objects.get(
account_id=customer.get("account_id")),
request=mock_request,
)
middleware = KokuTenantMiddleware()
with patch.object(BaseTenantMiddleware,
"process_request") as mock_process_request:
_ = middleware.process_request(mock_request)
mock_process_request.assert_called()
def test_process_developer_identity(self):
"""Test that process_request() passes-through a custom identity."""
fake = Faker()
identity = {
"identity": {
"account_number": str(fake.pyint()),
"type": "User",
"user": {
"username": fake.word(),
"email": fake.email(),
"is_org_admin": False,
"access": {
"aws.account": {
"read": ["1234567890AB", "234567890AB1"]
},
"azure.subscription_guid": {
"read": ["*"]
},
},
},
},
"entitlements": {
"cost_management": {
"is_entitled": True
}
},
}
mock_request = Mock(path="/api/v1/reports/azure/costs/",
META={"QUERY_STRING": ""})
user = Mock(
access={
"aws.account": {
"read": ["1234567890AB", "234567890AB1"]
},
"azure.subscription_guid": {
"read": ["*"]
},
},
username=fake.word(),
email=fake.email(),
admin=False,
customer=Mock(account_id=fake.pyint()),
req_id="DEVELOPMENT",
)
mock_request.user = user
mock_request.META[RH_IDENTITY_HEADER] = base64.b64encode(
json.dumps(identity).encode("utf-8"))
logging.disable(logging.NOTSET)
with self.assertLogs(logger="koku.middleware", level=logging.WARNING):
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
def test_process_not_status(self):
"""Test that the customer, tenant and user are created."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, "user"))
customer = Customer.objects.get(account_id=self.customer.account_id)
self.assertIsNotNone(customer)
user = User.objects.get(username=self.user_data["username"])
self.assertIsNotNone(user)
tenant = Tenant.objects.get(schema_name=self.schema_name)
self.assertIsNotNone(tenant)
def test_process_not_entitled(self):
"""Test that the a request cannot be made if not entitled."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(
customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=False
)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
mock_request.META["QUERY_STRING"] = ""
middleware = IdentityHeaderMiddleware()
with self.assertRaises(PermissionDenied):
middleware.process_request(mock_request)
def test_process_malformed_header(self):
"""Test that malformed header in request results in 403."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(
customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=False
)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
mock_request.META["HTTP_X_RH_IDENTITY"] = "not a header"
middleware = IdentityHeaderMiddleware()
with self.assertRaises(PermissionDenied):
middleware.process_request(mock_request)
def test_rbac_500_response_return_424(self, mocked_get):
"""Test 500 RBAC response causes 424 Reponse."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(
customer, user_data, create_customer=True, create_tenant=True, is_admin=False, is_cost_management=True
)
mock_request = request_context["request"]
mock_request.path = "/api/v1/tags/aws/"
mock_request.META["QUERY_STRING"] = ""
middleware = IdentityHeaderMiddleware()
response = middleware.process_request(mock_request)
self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY)
mocked_get.assert_called()
def test_rbac_connection_error_return_424(self, mocked_get):
"""Test RbacConnectionError causes 424 Reponse."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(
customer, user_data, create_customer=True, create_tenant=True, is_admin=False, is_openshift=True
)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
mock_request.META["QUERY_STRING"] = ""
middleware = IdentityHeaderMiddleware()
response = middleware.process_request(mock_request)
self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY)
mocked_get.assert_called()
def test_process_no_customer(self):
"""Test that the customer, tenant and user are not created."""
customer = self._create_customer_data()
account_id = "12345"
del customer["account_id"]
request_context = self._create_request_context(customer, self.user_data, create_customer=False)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, "user"))
with self.assertRaises(Customer.DoesNotExist):
customer = Customer.objects.get(account_id=account_id)
with self.assertRaises(User.DoesNotExist):
User.objects.get(username=self.user_data["username"])
def test_process_not_entitled(self):
"""Test that the a request cannot be made if not entitled."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(customer,
user_data,
create_customer=True,
create_tenant=True,
is_admin=True,
is_hybrid_cloud=False)
mock_request = request_context['request']
mock_request.path = '/api/v1/providers/'
mock_request.META['QUERY_STRING'] = ''
middleware = IdentityHeaderMiddleware()
with self.assertRaises(PermissionDenied):
middleware.process_request(mock_request)
def test_process_operational_error_return_424(self):
"""Test OperationalError causes 424 Reponse."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(
customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=True
)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
mock_request.META["QUERY_STRING"] = ""
with patch("koku.middleware.Customer.objects") as mock_customer:
mock_customer.filter.side_effect = OperationalError
middleware = IdentityHeaderMiddleware()
response = middleware.process_request(mock_request)
self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY)
def test_source_list_other_header(self):
"""Test the LIST endpoint with other auth header not matching test data."""
user_data = self._create_user_data()
other_account = "10002"
customer = self._create_customer_data(account=other_account)
IdentityHeaderMiddleware.create_customer(other_account)
request_context = self._create_request_context(customer, user_data, create_customer=True, is_admin=True)
with requests_mock.mock() as m:
m.get("http://www.sourcesclient.com/api/v1/sources/", status_code=200)
url = reverse("sources-list")
response = self.client.get(url, content_type="application/json", **request_context["request"].META)
body = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(body.get("meta").get("count"), 0)
def test_process_non_beta_url_path(self):
"""Test that user non-beta flag is False for beta url path."""
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(customer,
user_data,
create_customer=True,
create_tenant=True,
is_admin=True,
is_cost_management=True)
mock_request = request_context["request"]
mock_request.path = "/api/v1/tags/aws/"
mock_request.META["QUERY_STRING"] = ""
mock_request.META["HTTP_REFERER"] = "http://cost.com/report"
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertFalse(mock_request.user.beta)
def test_process_not_status_caching(self):
"""Test that the customer, tenant and user are created and cached"""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
self.assertEquals(MD.USER_CACHE.currsize, 0)
self.assertEquals(MD.USER_CACHE.maxsize, 5) # Confirm that the size of the mocked user cache has been updated
self.assertEquals(IdentityHeaderMiddleware.customer_cache.currsize, 0)
middleware.process_request(mock_request) # Adds 1 to the customer and user cache
self.assertTrue(hasattr(mock_request, "user"))
self.assertEquals(IdentityHeaderMiddleware.customer_cache.currsize, 1)
self.assertEquals(MD.USER_CACHE.currsize, 1)
customer = Customer.objects.get(account_id=self.customer.account_id)
self.assertIsNotNone(customer)
user = User.objects.get(username=self.user_data["username"])
self.assertEqual(MD.USER_CACHE.currsize, 1)
self.assertIsNotNone(user)
time.sleep(4) # Wait for the ttl
self.assertEquals(IdentityHeaderMiddleware.customer_cache.currsize, 0)
self.assertEquals(MD.USER_CACHE.currsize, 0)
def test_process_non_admin(self, get_access_mock):
"""Test case for process_request as a non-admin user."""
mock_access = {
"aws.account": {"read": ["999999999999"]},
"openshift.cluster": {"read": ["999999999999"]},
"openshift.node": {"read": ["999999999999"]},
"openshift.project": {"read": ["999999999999"]},
"provider": {"read": ["999999999999"], "write": []},
"rate": {"read": ["999999999999"], "write": []},
}
get_access_mock.return_value = mock_access
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(
customer, user_data, create_customer=True, create_tenant=True, is_admin=False
)
mock_request = request_context["request"]
mock_request.path = "/api/v1/providers/"
mock_request.META["QUERY_STRING"] = ""
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
user_uuid = mock_request.user.uuid
cache = caches["rbac"]
self.assertEqual(cache.get(user_uuid), mock_access)
middleware.process_request(mock_request)
cache = caches["rbac"]
self.assertEqual(cache.get(user_uuid), mock_access)
def test_source_get_other_header(self):
"""Test the GET endpoint other header not matching test data."""
user_data = self._create_user_data()
other_account = "10002"
customer = self._create_customer_data(account=other_account)
IdentityHeaderMiddleware.create_customer(other_account)
request_context = self._create_request_context(customer,
user_data,
create_customer=True,
is_admin=True)
with requests_mock.mock() as m:
m.get(
f"http://www.sourcesclient.com/api/v1/sources/{self.test_source_id}/",
status_code=200,
headers={"Content-Type": "application/json"},
)
url = reverse("sources-detail", kwargs={"pk": self.test_source_id})
response = self.client.get(url,
content_type="application/json",
**request_context["request"].META)
self.assertEqual(response.status_code, 404)
def test_race_condition_user(self):
"""Test case where another request may create the user in a race condition."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, "user"))
customer = Customer.objects.get(account_id=self.customer.account_id)
self.assertIsNotNone(customer)
user = User.objects.get(username=self.user_data["username"])
self.assertIsNotNone(user)
IdentityHeaderMiddleware.create_user(
username=self.user_data["username"], email=self.user_data["email"], customer=customer, request=mock_request
)
def test_race_condition_user(self):
"""Test case where another request may create the user in a race condition."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, 'user'))
customer = Customer.objects.get(account_id=self.customer['account_id'])
self.assertIsNotNone(customer)
user = User.objects.get(username=self.user_data['username'])
self.assertIsNotNone(user)
IdentityHeaderMiddleware._create_user(
username=self.user_data['username'], # pylint: disable=W0212
email=self.user_data['email'],
customer=customer,
request=mock_request)
def test_process_non_admin(self, get_access_mock):
"""Test case for process_request as a non-admin user."""
mock_access = {
'aws.account': {
'read': ['999999999999']
},
'openshift.cluster': {
'read': ['999999999999']
},
'openshift.node': {
'read': ['999999999999']
},
'openshift.project': {
'read': ['999999999999']
},
'provider': {
'read': ['999999999999'],
'write': []
},
'rate': {
'read': ['999999999999'],
'write': []
}
}
get_access_mock.return_value = mock_access
user_data = self._create_user_data()
customer = self._create_customer_data()
request_context = self._create_request_context(customer,
user_data,
create_customer=True,
create_tenant=True,
is_admin=False)
mock_request = request_context['request']
mock_request.path = '/api/v1/providers/'
mock_request.META['QUERY_STRING'] = ''
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
user_uuid = mock_request.user.uuid
from django.core.cache import caches
cache = caches['rbac']
self.assertEqual(cache.get(user_uuid), mock_access)
middleware.process_request(mock_request)
cache = caches['rbac']
self.assertEqual(cache.get(user_uuid), mock_access)
def test_race_condition_user_caching(self):
"""Test case for caching where another request may create the user in a race condition."""
mock_request = self.request
middleware = IdentityHeaderMiddleware()
self.assertEquals(MD.USER_CACHE.maxsize, 5) # Confirm that the size of the user cache has changed
self.assertEquals(MD.USER_CACHE.currsize, 0) # Confirm that the user cache is empty
middleware.process_request(mock_request)
self.assertEquals(MD.USER_CACHE.currsize, 1)
self.assertTrue(hasattr(mock_request, "user"))
customer = Customer.objects.get(account_id=self.customer.account_id)
self.assertIsNotNone(customer)
user = User.objects.get(username=self.user_data["username"])
self.assertEquals(MD.USER_CACHE.currsize, 1)
self.assertIsNotNone(user)
IdentityHeaderMiddleware.create_user(
username=self.user_data["username"], # pylint: disable=W0212
email=self.user_data["email"],
customer=customer,
request=mock_request,
)
self.assertEquals(MD.USER_CACHE.currsize, 1)
def test_process_status(self):
"""Test that the request gets a user."""
mock_request = Mock(path="/api/v1/status/")
middleware = IdentityHeaderMiddleware()
middleware.process_request(mock_request)
self.assertTrue(hasattr(mock_request, "user"))
def setUpClass(cls):
"""Set up the test class."""
super().setUpClass()
account = "12345"
IdentityHeaderMiddleware.create_customer(account)
def setUpClass(cls):
"""Set up the test class."""
super().setUpClass()
post_save.disconnect(storage_callback, sender=Sources)
account = "12345"
IdentityHeaderMiddleware.create_customer(account)
