def test_get_tenant_user_not_found(self): """Test that a 401 is returned.""" mock_user = Mock(username='******', system=False) mock_request = Mock(path='/api/v1/providers/', user=mock_user) middleware = IdentityHeaderMiddleware() result = middleware.process_request(mock_request) self.assertIsInstance(result, HttpResponseUnauthorizedRequest)
def test_get_tenant_with_user(self): """Test that the customer tenant is returned.""" mock_request = self.request middleware = IdentityHeaderMiddleware() result = middleware.get_tenant(Tenant, "localhost", mock_request) self.assertEqual(result.schema_name, create_schema_name(mock_request.user.account))
def test_race_condition_customer(self): """Test case where another request may create the tenant in a race condition.""" customer = self._create_customer_data() account_id = customer['account_id'] orig_cust = IdentityHeaderMiddleware._create_tenant(account_id) # pylint: disable=W0212 dup_cust = IdentityHeaderMiddleware._create_tenant(account_id) # pylint: disable=W0212 self.assertEqual(orig_cust, dup_cust)
def test_process_response(self): """Test that the process response functions correctly.""" mock_request = Mock(path='/api/v1/status/') mock_response = Mock(status_code=200) middleware = IdentityHeaderMiddleware() response = middleware.process_response(mock_request, mock_response) self.assertEqual(response, mock_response)
def test_race_condition_customer(self): """Test case where another request may create the tenant in a race condition.""" mock_request = self.request mock_request.user = User() mock_request.user.username = self.user_data['username'] mock_request.user.account = self.customer_data['account_id'] orig_cust = IdentityHeaderMiddleware().get_tenant(None, None, mock_request) dup_cust = IdentityHeaderMiddleware().get_tenant(None, None, mock_request) self.assertEqual(orig_cust, dup_cust)
def test_process_not_status(self): """Test that the customer, tenant and user are created.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, 'user')) self.assertEqual(mock_request.user.username, self.user_data['username']) tenant = Tenant.objects.get(schema_name=self.schema_name) self.assertIsNotNone(tenant)
def test_get_tenant_with_no_user(self): """Test that a 401 is returned.""" request_context = self._create_request_context(self.customer, None, create_customer=False) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" middleware = IdentityHeaderMiddleware() result = middleware.process_request(mock_request) self.assertIsInstance(result, HttpResponseUnauthorizedRequest)
def test_process_no_customer(self): """Test that the customer, tenant and user are not created.""" customer = self._create_customer_data() account_id = customer["account_id"] del customer["account_id"] request_context = self._create_request_context(customer, self.user_data, create_customer=False) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, "user")) with self.assertRaises(Tenant.DoesNotExist): Tenant.objects.get(schema_name=self.schema_name)
def test_principal_with_access_with_wildcard_access(self): """Test a user with definded access with wildcard access.""" principal = Principal.objects.create(username='******') group = Group.objects.create(name='group1') group.principals.add(principal) group.save() role = Role.objects.create(name='role1') access = Access.objects.create(permission='rbac:*:*', role=role) policy = Policy.objects.create(name='policy1', group=group) policy.roles.add(role) policy.save() access = IdentityHeaderMiddleware._get_access_for_user( 'test_user', self.tenant) expected = { 'group': { 'read': ['*'], 'write': ['*'] }, 'role': { 'read': ['*'], 'write': ['*'] }, 'policy': { 'read': ['*'], 'write': ['*'] } } self.assertEqual(expected, access)
def test_principal_with_access_with_wildcard_access(self): """Test a user with defined access with wildcard access.""" principal = Principal.objects.create(username="******") group = Group.objects.create(name="group1") group.principals.add(principal) group.save() role = Role.objects.create(name="role1") perm = Permission.objects.create(permission="rbac:*:*") access = Access.objects.create(permission=perm, role=role) policy = Policy.objects.create(name="policy1", group=group) policy.roles.add(role) policy.save() access = IdentityHeaderMiddleware._get_access_for_user( "test_user", self.tenant) expected = { "group": { "read": ["*"], "write": ["*"] }, "role": { "read": ["*"], "write": ["*"] }, "policy": { "read": ["*"], "write": ["*"] }, } self.assertEqual(expected, access)
def test_process_cross_account_request(self): """Test that the process request functions correctly for cross account request.""" middleware = IdentityHeaderMiddleware() # User without redhat email will fail. request_context = self._create_request_context(self.customer, self.user_data, create_customer=False, cross_account=True, is_internal=True) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" response = middleware.process_request(mock_request) self.assertIsInstance(response, HttpResponseUnauthorizedRequest) # User with is_internal equal to False will fail. self.user_data["email"] = "*****@*****.**" request_context = self._create_request_context(self.customer, self.user_data, create_customer=False, cross_account=True) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" response = middleware.process_request(mock_request) self.assertIsInstance(response, HttpResponseUnauthorizedRequest) # Success pass if user is internal and with redhat email self.user_data["email"] = "*****@*****.**" request_context = self._create_request_context(self.customer, self.user_data, create_customer=False, cross_account=True, is_internal=True) mock_request = request_context["request"] mock_request.path = "/api/v1/providers/" response = middleware.process_request(mock_request) self.assertEqual(response, None)
def test_principal_with_access_with_res_defs(self): """Test a user with defined access with any resource definitions.""" principal = Principal.objects.create(username="******") group = Group.objects.create(name="group1") group.principals.add(principal) group.save() role = Role.objects.create(name="role1") perm = Permission.objects.create(permission="rbac:group:foo:bar") Access.objects.create(permission=perm, role=role) perm2 = Permission.objects.create(permission="rbac:group:write") access = Access.objects.create(permission=perm2, role=role) ResourceDefinition.objects.create(access=access, attributeFilter={ "key": "group", "operation": "equal", "value": "1" }) ResourceDefinition.objects.create(access=access, attributeFilter={ "key": "group", "operation": "in", "value": "3,5" }) ResourceDefinition.objects.create(access=access, attributeFilter={ "key": "group", "operation": "equal", "value": "*" }) policy = Policy.objects.create(name="policy1", group=group) policy.roles.add(role) policy.save() access = IdentityHeaderMiddleware._get_access_for_user( "test_user", self.tenant) expected = { "group": { "read": ["*"], "write": ["*"] }, "role": { "read": [], "write": [] }, "policy": { "read": [], "write": [] }, } self.assertEqual(expected, access)
def test_principal_with_access_with_res_defs(self): """Test a user with definded access with any resource definitions.""" principal = Principal.objects.create(username='******') group = Group.objects.create(name='group1') group.principals.add(principal) group.save() role = Role.objects.create(name='role1') Access.objects.create(permission='rbac:group:foo:bar', role=role) access = Access.objects.create(permission='rbac:group:write', role=role) ResourceDefinition.objects.create(access=access, attributeFilter={ 'key': 'group', 'operation': 'equal', 'value': '1' }) ResourceDefinition.objects.create(access=access, attributeFilter={ 'key': 'group', 'operation': 'in', 'value': '3,5' }) ResourceDefinition.objects.create(access=access, attributeFilter={ 'key': 'group', 'operation': 'equal', 'value': '*' }) policy = Policy.objects.create(name='policy1', group=group) policy.roles.add(role) policy.save() access = IdentityHeaderMiddleware._get_access_for_user( 'test_user', self.tenant) expected = { 'group': { 'read': ['*'], 'write': ['*'] }, 'role': { 'read': [], 'write': [] }, 'policy': { 'read': [], 'write': [] } } self.assertEqual(expected, access)
def test_no_principal_found(self): expected = { 'group': { 'read': [], 'write': [] }, 'role': { 'read': [], 'write': [] }, 'policy': { 'read': [], 'write': [] } } access = IdentityHeaderMiddleware._get_access_for_user() self.assertEqual(expected, access)
def test_no_principal_found(self): expected = { "group": { "read": [], "write": [] }, "role": { "read": [], "write": [] }, "policy": { "read": [], "write": [] }, } access = IdentityHeaderMiddleware._get_access_for_user() self.assertEqual(expected, access)
def test_principal_no_access(self): """Test access for existing principal with no access definitions.""" Principal.objects.create(username='******') expected = { 'group': { 'read': [], 'write': [] }, 'role': { 'read': [], 'write': [] }, 'policy': { 'read': [], 'write': [] } } access = IdentityHeaderMiddleware._get_access_for_user() self.assertEqual(expected, access)
def test_principal_no_access(self): """Test access for existing principal with no access definitions.""" Principal.objects.create(username="******") expected = { "group": { "read": [], "write": [] }, "role": { "read": [], "write": [] }, "policy": { "read": [], "write": [] }, } access = IdentityHeaderMiddleware._get_access_for_user() self.assertEqual(expected, access)
def test_race_condition_user(self): """Test case where another request may create the user in a race condition.""" mock_request = self.request middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, 'user')) tenant = Tenant.objects.get(schema_name=self.schema_name) self.assertIsNotNone(tenant) user = User.objects.get(username=self.user_data['username']) self.assertIsNotNone(user) IdentityHeaderMiddleware._create_user( username=self.user_data['username'], # pylint: disable=W0212 tenant=tenant, request=mock_request)
def test_process_status(self): """Test that the request gets a user.""" mock_request = Mock(path='/api/v1/status/') middleware = IdentityHeaderMiddleware() middleware.process_request(mock_request) self.assertTrue(hasattr(mock_request, 'user'))
def test_get_tenant_with_no_user(self): """Test that a 401 is returned.""" mock_request = Mock(path='/api/v1/providers/', user=None) middleware = IdentityHeaderMiddleware() result = middleware.process_request(mock_request) self.assertIsInstance(result, HttpResponseUnauthorizedRequest)