def test_process_non_admin(self, get_access_mock): """Test case for process_request as a non-admin user.""" mock_access = { "aws.account": {"read": ["999999999999"]}, "openshift.cluster": {"read": ["999999999999"]}, "openshift.node": {"read": ["999999999999"]}, "openshift.project": {"read": ["999999999999"]}, "provider": {"read": ["999999999999"], "write": []}, "rate": {"read": ["999999999999"], "write": []}, } get_access_mock.return_value = mock_access user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=False ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) user_uuid = mock_request.user.uuid cache = caches["rbac"] self.assertEqual(cache.get(user_uuid), mock_access) middleware.process_request(mock_request) cache = caches["rbac"] self.assertEqual(cache.get(user_uuid), mock_access)
def test_process_not_status_caching(self): """Test that the customer, tenant and user are created and cached""" mock_request = self.request middleware = IdentityHeaderMiddleware() self.assertEqual(MD.USER_CACHE.currsize, 0) self.assertEqual( MD.USER_CACHE.maxsize, 5 ) # Confirm that the size of the mocked user cache has been updated self.assertEqual(IdentityHeaderMiddleware.customer_cache.currsize, 0) middleware.process_request( mock_request) # Adds 1 to the customer and user cache self.assertTrue(hasattr(mock_request, "user")) self.assertEqual(IdentityHeaderMiddleware.customer_cache.currsize, 1) self.assertEqual(MD.USER_CACHE.currsize, 1) middleware.process_request( mock_request ) # make the same request again and do not see any cache changes self.assertEqual(IdentityHeaderMiddleware.customer_cache.currsize, 1) self.assertEqual(MD.USER_CACHE.currsize, 1) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertIsNotNone(user) time.sleep(4) # Wait for the ttl self.assertEqual(IdentityHeaderMiddleware.customer_cache.currsize, 0) self.assertEqual(MD.USER_CACHE.currsize, 0)
def test_process_developer_identity(self): """Test that process_request() passes-through a custom identity.""" fake = Faker() identity = { "identity": { "account_number": str(fake.pyint()), "type": "User", "user": { "username": fake.word(), "email": fake.email(), "is_org_admin": False, "access": { "aws.account": { "read": ["1234567890AB", "234567890AB1"] }, "azure.subscription_guid": { "read": ["*"] }, }, }, }, "entitlements": { "cost_management": { "is_entitled": True } }, } mock_request = Mock(path="/api/v1/reports/azure/costs/", META={"QUERY_STRING": ""}) user = Mock( access={ "aws.account": { "read": ["1234567890AB", "234567890AB1"] }, "azure.subscription_guid": { "read": ["*"] }, }, username=fake.word(), email=fake.email(), admin=False, customer=Mock(account_id=fake.pyint()), req_id="DEVELOPMENT", ) mock_request.user = user mock_request.META[RH_IDENTITY_HEADER] = base64.b64encode( json.dumps(identity).encode("utf-8")) logging.disable(logging.NOTSET) with self.assertLogs(logger="koku.middleware", level=logging.WARNING): middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request)
def test_process_not_status(self): """Test that the customer, tenant and user are created.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertIsNotNone(user) tenant = Tenant.objects.get(schema_name=self.schema_name) self.assertIsNotNone(tenant)
def test_race_condition_user(self): """Test case where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertIsNotNone(user) IdentityHeaderMiddleware.create_user( username=self.user_data["username"], email=self.user_data["email"], customer=customer, request=mock_request )
def test_process_malformed_header(self): """Test that malformed header in request results in 403.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=False ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["HTTP_X_RH_IDENTITY"] = "not a header" middleware = IdentityHeaderMiddleware() with self.assertRaises(PermissionDenied): middleware.process_request(mock_request)
def test_process_not_entitled(self): """Test that the a request cannot be made if not entitled.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=False ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() with self.assertRaises(PermissionDenied): middleware.process_request(mock_request)
def test_race_condition_user(self): """Test case where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, 'user')) customer = Customer.objects.get(account_id=self.customer['account_id']) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data['username']) self.assertIsNotNone(user) IdentityHeaderMiddleware._create_user( username=self.user_data['username'], # pylint: disable=W0212 email=self.user_data['email'], customer=customer, request=mock_request)
def test_process_non_admin(self, get_access_mock): """Test case for process_request as a non-admin user.""" mock_access = { 'aws.account': { 'read': ['999999999999'] }, 'openshift.cluster': { 'read': ['999999999999'] }, 'openshift.node': { 'read': ['999999999999'] }, 'openshift.project': { 'read': ['999999999999'] }, 'provider': { 'read': ['999999999999'], 'write': [] }, 'rate': { 'read': ['999999999999'], 'write': [] } } get_access_mock.return_value = mock_access user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=False) mock_request = request_context['request'] mock_request.path = '/api/v1/providers/' mock_request.META['QUERY_STRING'] = '' middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) user_uuid = mock_request.user.uuid from django.core.cache import caches cache = caches['rbac'] self.assertEqual(cache.get(user_uuid), mock_access) middleware.process_request(mock_request) cache = caches['rbac'] self.assertEqual(cache.get(user_uuid), mock_access)
def test_process_no_customer(self): """Test that the customer, tenant and user are not created.""" customer = self._create_customer_data() account_id = "12345" del customer["account_id"] request_context = self._create_request_context(customer, self.user_data, create_customer=False) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) with self.assertRaises(Customer.DoesNotExist): customer = Customer.objects.get(account_id=account_id) with self.assertRaises(User.DoesNotExist): User.objects.get(username=self.user_data["username"])
def test_process_not_entitled(self): """Test that the a request cannot be made if not entitled.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_hybrid_cloud=False) mock_request = request_context['request'] mock_request.path = '/api/v1/providers/' mock_request.META['QUERY_STRING'] = '' middleware = IdentityHeaderMiddleware() with self.assertRaises(PermissionDenied): middleware.process_request(mock_request)
def test_process_non_beta_url_path(self): """Test that user non-beta flag is False for beta url path.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context(customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_cost_management=True) mock_request = request_context["request"] mock_request.path = "/api/v1/tags/aws/" mock_request.META["QUERY_STRING"] = "" mock_request.META["HTTP_REFERER"] = "http://cost.com/report" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertFalse(mock_request.user.beta)
def test_race_condition_user_caching(self): """Test case for caching where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() self.assertEquals(MD.USER_CACHE.maxsize, 5) # Confirm that the size of the user cache has changed self.assertEquals(MD.USER_CACHE.currsize, 0) # Confirm that the user cache is empty middleware.process_request(mock_request) self.assertEquals(MD.USER_CACHE.currsize, 1) self.assertTrue(hasattr(mock_request, "user")) customer = Customer.objects.get(account_id=self.customer.account_id) self.assertIsNotNone(customer) user = User.objects.get(username=self.user_data["username"]) self.assertEquals(MD.USER_CACHE.currsize, 1) self.assertIsNotNone(user) IdentityHeaderMiddleware.create_user( username=self.user_data["username"], # pylint: disable=W0212 email=self.user_data["email"], customer=customer, request=mock_request, ) self.assertEquals(MD.USER_CACHE.currsize, 1)
def test_rbac_connection_error_return_424(self, mocked_get): """Test RbacConnectionError causes 424 Reponse.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=False, is_openshift=True ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() response = middleware.process_request(mock_request) self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY) mocked_get.assert_called()
def test_rbac_500_response_return_424(self, mocked_get): """Test 500 RBAC response causes 424 Reponse.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=False, is_cost_management=True ) mock_request = request_context["request"] mock_request.path = "/api/v1/tags/aws/" mock_request.META["QUERY_STRING"] = "" middleware = IdentityHeaderMiddleware() response = middleware.process_request(mock_request) self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY) mocked_get.assert_called()
def test_process_operational_error_return_424(self): """Test OperationalError causes 424 Reponse.""" user_data = self._create_user_data() customer = self._create_customer_data() request_context = self._create_request_context( customer, user_data, create_customer=True, create_tenant=True, is_admin=True, is_openshift=True ) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" mock_request.META["QUERY_STRING"] = "" with patch("koku.middleware.Customer.objects") as mock_customer: mock_customer.filter.side_effect = OperationalError middleware = IdentityHeaderMiddleware() response = middleware.process_request(mock_request) self.assertEqual(response.status_code, status.HTTP_424_FAILED_DEPENDENCY)
def test_process_status(self): """Test that the request gets a user.""" mock_request = Mock(path="/api/v1/status/") middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user"))