33
by Vishvananda Ishaya
Tests for rbac code |
1 |
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
114
by Devin Carlen
Updated licenses |
2 |
|
3 |
# Copyright 2010 United States Government as represented by the
|
|
3.1.9
by Vishvananda Ishaya
Removed trailing whitespace from header |
4 |
# Administrator of the National Aeronautics and Space Administration.
|
114
by Devin Carlen
Updated licenses |
5 |
# All Rights Reserved.
|
6 |
#
|
|
7 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
8 |
# not use this file except in compliance with the License. You may obtain
|
|
9 |
# a copy of the License at
|
|
10 |
#
|
|
11 |
# http://www.apache.org/licenses/LICENSE-2.0
|
|
33
by Vishvananda Ishaya
Tests for rbac code |
12 |
#
|
13 |
# Unless required by applicable law or agreed to in writing, software
|
|
114
by Devin Carlen
Updated licenses |
14 |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
15 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
16 |
# License for the specific language governing permissions and limitations
|
|
17 |
# under the License.
|
|
33
by Vishvananda Ishaya
Tests for rbac code |
18 |
|
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
19 |
import webob |
33
by Vishvananda Ishaya
Tests for rbac code |
20 |
|
316.9.1
by Vishvananda Ishaya
Fix the deprecation warnings for passing no context. |
21 |
from nova import context |
33
by Vishvananda Ishaya
Tests for rbac code |
22 |
from nova import flags |
23 |
from nova import test |
|
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
24 |
from nova.api import ec2 |
145.2.1
by Vishvananda Ishaya
Massive refactor of users.py |
25 |
from nova.auth import manager |
139.2.2
by Jesse Andrews
reorder imports spacing |
26 |
|
33
by Vishvananda Ishaya
Tests for rbac code |
27 |
FLAGS = flags.FLAGS |
375.2.5
by Eric Day
PEP8 cleanup in nova/tests, except for tests. There should be no functional changes here, just style changes to get violations down. |
28 |
|
29 |
||
515.11.6
by Todd Willey
Make test_access use ec2.request instead of .controller and .action. |
30 |
class FakeControllerClass(object): |
33
by Vishvananda Ishaya
Tests for rbac code |
31 |
pass
|
32 |
||
375.2.5
by Eric Day
PEP8 cleanup in nova/tests, except for tests. There should be no functional changes here, just style changes to get violations down. |
33 |
|
515.11.6
by Todd Willey
Make test_access use ec2.request instead of .controller and .action. |
34 |
class FakeApiRequest(object): |
35 |
def __init__(self, action): |
|
36 |
self.controller = FakeControllerClass() |
|
37 |
self.action = action |
|
38 |
||
39 |
||
379.4.10
by Andy Smith
formatting and naming cleanup |
40 |
class AccessTestCase(test.TestCase): |
515.11.6
by Todd Willey
Make test_access use ec2.request instead of .controller and .action. |
41 |
def _env_for(self, ctxt, action): |
42 |
env = {} |
|
1130.196.4
by Vishvananda Ishaya
fix all tests |
43 |
env['nova.context'] = ctxt |
515.11.6
by Todd Willey
Make test_access use ec2.request instead of .controller and .action. |
44 |
env['ec2.request'] = FakeApiRequest(action) |
45 |
return env |
|
46 |
||
33
by Vishvananda Ishaya
Tests for rbac code |
47 |
def setUp(self): |
44
by andy
Refactored Instance to get rid of _s bits, and fixed some bugs in state management. |
48 |
super(AccessTestCase, self).setUp() |
145.2.1
by Vishvananda Ishaya
Massive refactor of users.py |
49 |
um = manager.AuthManager() |
316.9.1
by Vishvananda Ishaya
Fix the deprecation warnings for passing no context. |
50 |
self.context = context.get_admin_context() |
33
by Vishvananda Ishaya
Tests for rbac code |
51 |
# Make test users
|
316.9.1
by Vishvananda Ishaya
Fix the deprecation warnings for passing no context. |
52 |
self.testadmin = um.create_user('testadmin') |
53 |
self.testpmsys = um.create_user('testpmsys') |
|
54 |
self.testnet = um.create_user('testnet') |
|
55 |
self.testsys = um.create_user('testsys') |
|
33
by Vishvananda Ishaya
Tests for rbac code |
56 |
# Assign some rules
|
316.9.1
by Vishvananda Ishaya
Fix the deprecation warnings for passing no context. |
57 |
um.add_role('testadmin', 'cloudadmin') |
58 |
um.add_role('testpmsys', 'sysadmin') |
|
59 |
um.add_role('testnet', 'netadmin') |
|
60 |
um.add_role('testsys', 'sysadmin') |
|
33
by Vishvananda Ishaya
Tests for rbac code |
61 |
|
62 |
# Make a test project
|
|
316.9.1
by Vishvananda Ishaya
Fix the deprecation warnings for passing no context. |
63 |
self.project = um.create_project('testproj', |
64 |
'testpmsys', |
|
65 |
'a test project', |
|
66 |
['testpmsys', 'testnet', 'testsys']) |
|
67 |
self.project.add_role(self.testnet, 'netadmin') |
|
68 |
self.project.add_role(self.testsys, 'sysadmin') |
|
33
by Vishvananda Ishaya
Tests for rbac code |
69 |
#user is set in each test
|
375.2.5
by Eric Day
PEP8 cleanup in nova/tests, except for tests. There should be no functional changes here, just style changes to get violations down. |
70 |
|
289.4.3
by Michael Gundlach
Responding to eday's feedback -- make a clearer inner wsgi app |
71 |
def noopWSGIApp(environ, start_response): |
72 |
start_response('200 OK', []) |
|
73 |
return [''] |
|
375.2.5
by Eric Day
PEP8 cleanup in nova/tests, except for tests. There should be no functional changes here, just style changes to get violations down. |
74 |
|
289.4.3
by Michael Gundlach
Responding to eday's feedback -- make a clearer inner wsgi app |
75 |
self.mw = ec2.Authorizer(noopWSGIApp) |
515.11.6
by Todd Willey
Make test_access use ec2.request instead of .controller and .action. |
76 |
self.mw.action_roles = {'FakeControllerClass': { |
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
77 |
'_allow_all': ['all'], |
78 |
'_allow_none': [], |
|
79 |
'_allow_project_manager': ['projectmanager'], |
|
80 |
'_allow_sys_and_net': ['sysadmin', 'netadmin'], |
|
81 |
'_allow_sysadmin': ['sysadmin']}} |
|
33
by Vishvananda Ishaya
Tests for rbac code |
82 |
|
83 |
def tearDown(self): |
|
145.2.1
by Vishvananda Ishaya
Massive refactor of users.py |
84 |
um = manager.AuthManager() |
33
by Vishvananda Ishaya
Tests for rbac code |
85 |
# Delete the test project
|
86 |
um.delete_project('testproj') |
|
87 |
# Delete the test user
|
|
88 |
um.delete_user('testadmin') |
|
89 |
um.delete_user('testpmsys') |
|
90 |
um.delete_user('testnet') |
|
91 |
um.delete_user('testsys') |
|
92 |
super(AccessTestCase, self).tearDown() |
|
93 |
||
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
94 |
def response_status(self, user, methodName): |
1130.196.7
by Vishvananda Ishaya
fix test_access |
95 |
roles = manager.AuthManager().get_active_roles(user, self.project) |
96 |
ctxt = context.RequestContext(user.id, |
|
97 |
self.project.id, |
|
98 |
is_admin=user.is_admin(), |
|
99 |
roles=roles) |
|
515.11.6
by Todd Willey
Make test_access use ec2.request instead of .controller and .action. |
100 |
environ = self._env_for(ctxt, methodName) |
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
101 |
req = webob.Request.blank('/', environ) |
102 |
resp = req.get_response(self.mw) |
|
103 |
return resp.status_int |
|
104 |
||
105 |
def shouldAllow(self, user, methodName): |
|
106 |
self.assertEqual(200, self.response_status(user, methodName)) |
|
107 |
||
108 |
def shouldDeny(self, user, methodName): |
|
109 |
self.assertEqual(401, self.response_status(user, methodName)) |
|
110 |
||
1130.196.7
by Vishvananda Ishaya
fix test_access |
111 |
def test_allow_all(self): |
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
112 |
users = [self.testadmin, self.testpmsys, self.testnet, self.testsys] |
113 |
for user in users: |
|
114 |
self.shouldAllow(user, '_allow_all') |
|
33
by Vishvananda Ishaya
Tests for rbac code |
115 |
|
1130.196.7
by Vishvananda Ishaya
fix test_access |
116 |
def test_allow_none(self): |
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
117 |
self.shouldAllow(self.testadmin, '_allow_none') |
118 |
users = [self.testpmsys, self.testnet, self.testsys] |
|
119 |
for user in users: |
|
120 |
self.shouldDeny(user, '_allow_none') |
|
33
by Vishvananda Ishaya
Tests for rbac code |
121 |
|
1130.196.7
by Vishvananda Ishaya
fix test_access |
122 |
def test_allow_project_manager(self): |
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
123 |
for user in [self.testadmin, self.testpmsys]: |
124 |
self.shouldAllow(user, '_allow_project_manager') |
|
125 |
for user in [self.testnet, self.testsys]: |
|
126 |
self.shouldDeny(user, '_allow_project_manager') |
|
33
by Vishvananda Ishaya
Tests for rbac code |
127 |
|
1130.196.7
by Vishvananda Ishaya
fix test_access |
128 |
def test_allow_sys_and_net(self): |
289.4.1
by Michael Gundlach
Rewrite rbac tests to use Authorizer middleware |
129 |
for user in [self.testadmin, self.testnet, self.testsys]: |
130 |
self.shouldAllow(user, '_allow_sys_and_net') |
|
131 |
# denied because it doesn't have the per project sysadmin
|
|
132 |
for user in [self.testpmsys]: |
|
133 |
self.shouldDeny(user, '_allow_sys_and_net') |