1523.2.2
by Leo Zhang
Added new files |
1 |
#!/usr/bin/env python
|
2 |
"""TODO: add rough description of what is assessed in this module."""
|
|
3 |
||
4 |
from __future__ import print_function |
|
5 |
||
6 |
import argparse |
|
7 |
import logging |
|
8 |
import random |
|
9 |
import string |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
10 |
import subprocess |
1523.2.2
by Leo Zhang
Added new files |
11 |
import sys |
12 |
||
13 |
from assess_user_grant_revoke import ( |
|
14 |
assert_change_password, |
|
15 |
assert_logout_login, |
|
1556.2.1
by Leo Zhang
More acl permissions tests |
16 |
list_users, |
1523.2.2
by Leo Zhang
Added new files |
17 |
User, |
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
18 |
)
|
1523.2.2
by Leo Zhang
Added new files |
19 |
from deploy_stack import ( |
20 |
BootstrapManager, |
|
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
21 |
)
|
1523.2.2
by Leo Zhang
Added new files |
22 |
from utility import ( |
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
23 |
JujuAssertionError, |
1523.2.2
by Leo Zhang
Added new files |
24 |
add_basic_testing_arguments, |
25 |
configure_logging, |
|
26 |
temp_dir, |
|
1591.1.1
by Andrew Beach
Cleaned up duplicate declarations of JujuAssertionError. |
27 |
)
|
1523.2.2
by Leo Zhang
Added new files |
28 |
|
29 |
||
30 |
__metaclass__ = type |
|
31 |
||
32 |
||
33 |
log = logging.getLogger("assess_controller_permissions") |
|
34 |
||
35 |
||
36 |
def assert_add_model(user_client, permission): |
|
1556.2.2
by Leo Zhang
changes after review |
37 |
"""Test user's ability of adding models."""
|
1523.2.2
by Leo Zhang
Added new files |
38 |
try: |
39 |
user_client.add_model(user_client.env) |
|
40 |
except subprocess.CalledProcessError: |
|
41 |
raise JujuAssertionError( |
|
42 |
"Controller can't add model with {} permission".format(permission)) |
|
43 |
||
44 |
||
45 |
def assert_destroy_model(user_client, permission): |
|
1556.2.2
by Leo Zhang
changes after review |
46 |
"""Test user's ability of destroying models."""
|
1523.2.2
by Leo Zhang
Added new files |
47 |
try: |
48 |
user_client.destroy_model() |
|
49 |
except subprocess.CalledProcessError: |
|
50 |
raise JujuAssertionError( |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
51 |
"Controller can't destroy model with {} permission".format( |
52 |
permission)) |
|
1523.2.2
by Leo Zhang
Added new files |
53 |
|
54 |
||
55 |
def assert_add_remove_user(user_client, permission): |
|
1556.2.2
by Leo Zhang
changes after review |
56 |
"""Test user's ability of adding/removing users."""
|
1523.2.2
by Leo Zhang
Added new files |
57 |
for controller_permission in ['login', 'addmodel', 'superuser']: |
58 |
code = ''.join(random.choice( |
|
59 |
string.ascii_letters + string.digits) for _ in xrange(4)) |
|
60 |
try: |
|
1562.2.3
by Aaron Bentley
Extract add_user, rename existing to add_user_perms. |
61 |
user_client.add_user_perms(permission + code, |
62 |
permissions=controller_permission) |
|
1523.2.2
by Leo Zhang
Added new files |
63 |
except subprocess.CalledProcessError: |
64 |
raise JujuAssertionError( |
|
1556.2.2
by Leo Zhang
changes after review |
65 |
'Controller could not add '
|
66 |
'{} controller with {} permission'.format( |
|
1523.2.2
by Leo Zhang
Added new files |
67 |
controller_permission, permission)) |
68 |
try: |
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
69 |
user_client.remove_user(permission + code, |
70 |
permissions=controller_permission) |
|
1523.2.2
by Leo Zhang
Added new files |
71 |
except subprocess.CalledProcessError: |
72 |
raise JujuAssertionError( |
|
1556.2.2
by Leo Zhang
changes after review |
73 |
'Controller could not remove '
|
74 |
'{} controller with {} permission'.format( |
|
1523.2.2
by Leo Zhang
Added new files |
75 |
controller_permission, permission)) |
76 |
||
1551.1.1
by Leo Zhang
fixed some acl tests problems |
77 |
|
1556.2.1
by Leo Zhang
More acl permissions tests |
78 |
def assert_lists(user_client): |
1556.2.2
by Leo Zhang
changes after review |
79 |
"""Test user's ability of retrieving lists."""
|
1556.2.1
by Leo Zhang
More acl permissions tests |
80 |
list_users(user_client) |
1556.2.2
by Leo Zhang
changes after review |
81 |
user_client.list_models() |
82 |
user_client.list_clouds() |
|
83 |
user_client.show_controller() |
|
1556.2.1
by Leo Zhang
More acl permissions tests |
84 |
|
85 |
||
86 |
def assert_login_permission(controller_client, user_client, |
|
87 |
user, fake_home, has_permission): |
|
1556.2.2
by Leo Zhang
changes after review |
88 |
"""Test user's ability with login permission."""
|
1556.2.1
by Leo Zhang
More acl permissions tests |
89 |
if has_permission: |
90 |
try: |
|
91 |
assert_logout_login(controller_client, user_client, |
|
92 |
user, fake_home) |
|
93 |
assert_change_password(user_client, user) |
|
94 |
assert_lists(user_client) |
|
95 |
except subprocess.CalledProcessError: |
|
96 |
raise JujuAssertionError( |
|
97 |
'FAIL {} could not login/read with {} permission'.format( |
|
98 |
user.name, user.permissions)) |
|
99 |
else: |
|
100 |
try: |
|
101 |
assert_logout_login(controller_client, user_client, |
|
102 |
user, fake_home) |
|
103 |
assert_change_password(user_client, user) |
|
104 |
assert_lists(user_client) |
|
105 |
except subprocess.CalledProcessError: |
|
106 |
log.info('Correctly rejected {} use of login/read'.format( |
|
107 |
user.name)) |
|
108 |
else: |
|
109 |
raise JujuAssertionError( |
|
110 |
'FAIL User login/read without login permission') |
|
111 |
||
112 |
||
113 |
def assert_addmodel_permission(user_client, user, has_permission): |
|
1556.2.2
by Leo Zhang
changes after review |
114 |
"""Test user's ability with addmodel permission."""
|
1556.2.1
by Leo Zhang
More acl permissions tests |
115 |
if has_permission: |
116 |
try: |
|
117 |
assert_add_model(user_client, user.permissions) |
|
118 |
assert_destroy_model(user_client, user.permissions) |
|
119 |
except subprocess.CalledProcessError: |
|
120 |
raise JujuAssertionError( |
|
121 |
'FAIL {} could not add/remove' |
|
122 |
' models with {} permission'.format( |
|
123 |
user.name, user.permissions)) |
|
124 |
else: |
|
125 |
try: |
|
126 |
assert_add_model(user_client, user.permissions) |
|
127 |
assert_destroy_model(user_client, user.permissions) |
|
128 |
except subprocess.CalledProcessError: |
|
129 |
log.info('Correctly rejected {} use of add/remove model'.format( |
|
130 |
user.name)) |
|
131 |
else: |
|
132 |
raise JujuAssertionError( |
|
133 |
'FAIL User added/removed models without addmodel permission') |
|
134 |
||
135 |
||
136 |
def assert_superuser_permission(user_client, user, has_permission): |
|
1556.2.2
by Leo Zhang
changes after review |
137 |
"""Test user's ability with superuser permission."""
|
1556.2.1
by Leo Zhang
More acl permissions tests |
138 |
if has_permission: |
139 |
try: |
|
140 |
assert_add_remove_user(user_client, user.permissions) |
|
141 |
except subprocess.CalledProcessError: |
|
142 |
raise JujuAssertionError( |
|
143 |
'FAIL {} could not add/remove users with {} permission'.format( |
|
144 |
user.name, user.permissions)) |
|
145 |
else: |
|
146 |
try: |
|
147 |
assert_add_remove_user(user_client, user.permissions) |
|
148 |
except subprocess.CalledProcessError: |
|
149 |
log.info('Correctly rejected {} use of add/remove users'.format( |
|
150 |
user.name)) |
|
151 |
else: |
|
152 |
raise JujuAssertionError( |
|
153 |
'FAIL User added/removed users without superuser permission') |
|
154 |
||
155 |
||
1523.2.2
by Leo Zhang
Added new files |
156 |
def assert_login_controller(controller_client, user): |
1556.2.2
by Leo Zhang
changes after review |
157 |
"""Test user with login controller permission."""
|
1523.2.2
by Leo Zhang
Added new files |
158 |
with temp_dir() as fake_home: |
159 |
user_client = controller_client.register_user( |
|
160 |
user, fake_home) |
|
1556.2.1
by Leo Zhang
More acl permissions tests |
161 |
assert_login_permission(controller_client, user_client, |
162 |
user, fake_home, True) |
|
163 |
assert_addmodel_permission(user_client, user, False) |
|
164 |
assert_superuser_permission(user_client, user, False) |
|
1523.2.2
by Leo Zhang
Added new files |
165 |
|
166 |
||
167 |
def assert_addmodel_controller(controller_client, user): |
|
1556.2.2
by Leo Zhang
changes after review |
168 |
"""Test user with addmodel controller permission."""
|
1523.2.2
by Leo Zhang
Added new files |
169 |
with temp_dir() as fake_home: |
170 |
user_client = controller_client.register_user( |
|
171 |
user, fake_home) |
|
1556.2.1
by Leo Zhang
More acl permissions tests |
172 |
assert_login_permission(controller_client, user_client, |
173 |
user, fake_home, True) |
|
174 |
assert_addmodel_permission(user_client, user, True) |
|
175 |
assert_superuser_permission(user_client, user, False) |
|
1523.2.2
by Leo Zhang
Added new files |
176 |
|
177 |
||
178 |
def assert_superuser_controller(controller_client, user): |
|
1556.2.2
by Leo Zhang
changes after review |
179 |
"""Test user with superuser controller permission."""
|
1523.2.2
by Leo Zhang
Added new files |
180 |
with temp_dir() as fake_home: |
181 |
user_client = controller_client.register_user( |
|
182 |
user, fake_home) |
|
1556.2.1
by Leo Zhang
More acl permissions tests |
183 |
assert_login_permission(controller_client, user_client, |
184 |
user, fake_home, True) |
|
185 |
assert_addmodel_permission(user_client, user, True) |
|
186 |
assert_superuser_permission(user_client, user, True) |
|
1523.2.2
by Leo Zhang
Added new files |
187 |
|
188 |
||
189 |
def assess_controller_permissions(controller_client): |
|
1556.2.2
by Leo Zhang
changes after review |
190 |
"""Test controller permissions."""
|
1523.2.2
by Leo Zhang
Added new files |
191 |
login_controller = User('login_controller', 'login', []) |
192 |
addmodel_controller = User('addmodel_controller', 'addmodel', []) |
|
193 |
superuser_controller = User('superuser_controller', 'superuser', []) |
|
194 |
assert_login_controller(controller_client, login_controller) |
|
195 |
assert_addmodel_controller(controller_client, addmodel_controller) |
|
196 |
assert_superuser_controller(controller_client, superuser_controller) |
|
197 |
||
198 |
||
199 |
def parse_args(argv): |
|
200 |
"""Parse all arguments."""
|
|
1551.1.1
by Leo Zhang
fixed some acl tests problems |
201 |
parser = argparse.ArgumentParser( |
202 |
description="Test controller permissions.") |
|
1523.2.2
by Leo Zhang
Added new files |
203 |
add_basic_testing_arguments(parser) |
204 |
return parser.parse_args(argv) |
|
205 |
||
206 |
||
207 |
def main(argv=None): |
|
208 |
args = parse_args(argv) |
|
209 |
configure_logging(args.verbose) |
|
210 |
bs_manager = BootstrapManager.from_args(args) |
|
211 |
with bs_manager.booted_context(args.upload_tools): |
|
212 |
assess_controller_permissions(bs_manager.client) |
|
213 |
return 0 |
|
214 |
||
215 |
||
216 |
if __name__ == '__main__': |
|
217 |
sys.exit(main()) |