2 # -*- coding: utf-8 -*-
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 __author__
= "Pedro de la Cruz Ramos, pedro.delacruzramos@altran.com"
18 __date__
= "$2019-10-019"
21 from unittest
import TestCase
22 from unittest
.mock
import Mock
23 from uuid
import uuid4
24 from http
import HTTPStatus
26 from random
import randint
27 from osm_common
import dbbase
, fsbase
, msgbase
28 from osm_nbi
import authconn
, validation
29 from osm_nbi
.admin_topics
import ProjectTopicAuth
, RoleTopicAuth
, UserTopicAuth
, CommonVimWimSdn
30 from osm_nbi
.engine
import EngineException
31 from osm_nbi
.authconn
import AuthconnNotFoundException
34 test_pid
= str(uuid4())
35 test_name
= "test-user"
39 """Normalize string for checking"""
40 return ' '.join(str.strip().split()).lower()
43 class Test_ProjectTopicAuth(TestCase
):
47 cls
.test_name
= "test-project-topic"
50 self
.db
= Mock(dbbase
.DbBase())
51 self
.fs
= Mock(fsbase
.FsBase())
52 self
.msg
= Mock(msgbase
.MsgBase())
53 self
.auth
= Mock(authconn
.Authconn(None, None, None))
54 self
.topic
= ProjectTopicAuth(self
.db
, self
.fs
, self
.msg
, self
.auth
)
55 self
.fake_session
= {"username": self
.test_name
, "project_id": (test_pid
,), "method": None,
56 "admin": True, "force": False, "public": False, "allow_show_user_project_role": True}
57 self
.topic
.check_quota
= Mock(return_value
=None) # skip quota
59 def test_new_project(self
):
60 with self
.subTest(i
=1):
63 self
.auth
.get_project_list
.return_value
= []
64 self
.auth
.create_project
.return_value
= pid1
65 pid2
, oid
= self
.topic
.new(rollback
, self
.fake_session
, {"name": self
.test_name
, "quotas": {}})
66 self
.assertEqual(len(rollback
), 1, "Wrong rollback length")
67 self
.assertEqual(pid2
, pid1
, "Wrong project identifier")
68 content
= self
.auth
.create_project
.call_args
[0][0]
69 self
.assertEqual(content
["name"], self
.test_name
, "Wrong project name")
70 self
.assertEqual(content
["quotas"], {}, "Wrong quotas")
71 self
.assertIsNotNone(content
["_admin"]["created"], "Wrong creation time")
72 self
.assertEqual(content
["_admin"]["modified"], content
["_admin"]["created"], "Wrong modification time")
73 with self
.subTest(i
=2):
75 with self
.assertRaises(EngineException
, msg
="Accepted wrong quotas") as e
:
76 self
.topic
.new(rollback
, self
.fake_session
, {"name": "other-project-name", "quotas": {"baditems": 10}})
77 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
78 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
79 self
.assertIn("format error at 'quotas' 'additional properties are not allowed ('{}' was unexpected)'"
80 .format("baditems"), norm(str(e
.exception
)), "Wrong exception text")
82 def test_edit_project(self
):
85 proj
= {"_id": pid
, "name": self
.test_name
, "_admin": {"created": now
, "modified": now
}}
86 with self
.subTest(i
=1):
87 self
.auth
.get_project_list
.side_effect
= [[proj
], []]
88 new_name
= "new-project-name"
89 quotas
= {"vnfds": randint(0, 100), "nsds": randint(0, 100)}
90 self
.topic
.edit(self
.fake_session
, pid
, {"name": new_name
, "quotas": quotas
})
91 _id
, content
= self
.auth
.update_project
.call_args
[0]
92 self
.assertEqual(_id
, pid
, "Wrong project identifier")
93 self
.assertEqual(content
["_id"], pid
, "Wrong project identifier")
94 self
.assertEqual(content
["_admin"]["created"], now
, "Wrong creation time")
95 self
.assertGreater(content
["_admin"]["modified"], now
, "Wrong modification time")
96 self
.assertEqual(content
["name"], new_name
, "Wrong project name")
97 self
.assertEqual(content
["quotas"], quotas
, "Wrong quotas")
98 with self
.subTest(i
=2):
99 new_name
= "other-project-name"
100 quotas
= {"baditems": randint(0, 100)}
101 self
.auth
.get_project_list
.side_effect
= [[proj
], []]
102 with self
.assertRaises(EngineException
, msg
="Accepted wrong quotas") as e
:
103 self
.topic
.edit(self
.fake_session
, pid
, {"name": new_name
, "quotas": quotas
})
104 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
105 self
.assertIn("format error at 'quotas' 'additional properties are not allowed ('{}' was unexpected)'"
106 .format("baditems"), norm(str(e
.exception
)), "Wrong exception text")
108 def test_conflict_on_new(self
):
109 with self
.subTest(i
=1):
112 with self
.assertRaises(EngineException
, msg
="Accepted uuid as project name") as e
:
113 self
.topic
.new(rollback
, self
.fake_session
, {"name": pid
})
114 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
115 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
116 self
.assertIn("project name '{}' cannot have an uuid format".format(pid
),
117 norm(str(e
.exception
)), "Wrong exception text")
118 with self
.subTest(i
=2):
120 self
.auth
.get_project_list
.return_value
= [{"_id": test_pid
, "name": self
.test_name
}]
121 with self
.assertRaises(EngineException
, msg
="Accepted existing project name") as e
:
122 self
.topic
.new(rollback
, self
.fake_session
, {"name": self
.test_name
})
123 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
124 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
125 self
.assertIn("project '{}' exists".format(self
.test_name
),
126 norm(str(e
.exception
)), "Wrong exception text")
128 def test_conflict_on_edit(self
):
129 with self
.subTest(i
=1):
130 self
.auth
.get_project_list
.return_value
= [{"_id": test_pid
, "name": self
.test_name
}]
131 new_name
= str(uuid4())
132 with self
.assertRaises(EngineException
, msg
="Accepted uuid as project name") as e
:
133 self
.topic
.edit(self
.fake_session
, test_pid
, {"name": new_name
})
134 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
135 self
.assertIn("project name '{}' cannot have an uuid format".format(new_name
),
136 norm(str(e
.exception
)), "Wrong exception text")
137 with self
.subTest(i
=2):
139 self
.auth
.get_project_list
.return_value
= [{"_id": pid
, "name": "admin"}]
140 with self
.assertRaises(EngineException
, msg
="Accepted renaming of project 'admin'") as e
:
141 self
.topic
.edit(self
.fake_session
, pid
, {"name": "new-name"})
142 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
143 self
.assertIn("you cannot rename project 'admin'",
144 norm(str(e
.exception
)), "Wrong exception text")
145 with self
.subTest(i
=3):
146 new_name
= "new-project-name"
147 self
.auth
.get_project_list
.side_effect
= [[{"_id": test_pid
, "name": self
.test_name
}],
148 [{"_id": str(uuid4()), "name": new_name
}]]
149 with self
.assertRaises(EngineException
, msg
="Accepted existing project name") as e
:
150 self
.topic
.edit(self
.fake_session
, pid
, {"name": new_name
})
151 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
152 self
.assertIn("project '{}' is already used".format(new_name
),
153 norm(str(e
.exception
)), "Wrong exception text")
155 def test_delete_project(self
):
156 with self
.subTest(i
=1):
158 self
.auth
.get_project
.return_value
= {"_id": pid
, "name": "other-project-name"}
159 self
.auth
.delete_project
.return_value
= {"deleted": 1}
160 self
.auth
.get_user_list
.return_value
= []
161 self
.db
.get_list
.return_value
= []
162 rc
= self
.topic
.delete(self
.fake_session
, pid
)
163 self
.assertEqual(rc
, {"deleted": 1}, "Wrong project deletion return info")
164 self
.assertEqual(self
.auth
.get_project
.call_args
[0][0], pid
, "Wrong project identifier")
165 self
.assertEqual(self
.auth
.delete_project
.call_args
[0][0], pid
, "Wrong project identifier")
167 def test_conflict_on_del(self
):
168 with self
.subTest(i
=1):
169 self
.auth
.get_project
.return_value
= {"_id": test_pid
, "name": self
.test_name
}
170 with self
.assertRaises(EngineException
, msg
="Accepted deletion of own project") as e
:
171 self
.topic
.delete(self
.fake_session
, self
.test_name
)
172 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
173 self
.assertIn("you cannot delete your own project", norm(str(e
.exception
)), "Wrong exception text")
174 with self
.subTest(i
=2):
175 self
.auth
.get_project
.return_value
= {"_id": str(uuid4()), "name": "admin"}
176 with self
.assertRaises(EngineException
, msg
="Accepted deletion of project 'admin'") as e
:
177 self
.topic
.delete(self
.fake_session
, "admin")
178 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
179 self
.assertIn("you cannot delete project 'admin'", norm(str(e
.exception
)), "Wrong exception text")
180 with self
.subTest(i
=3):
182 name
= "other-project-name"
183 self
.auth
.get_project
.return_value
= {"_id": pid
, "name": name
}
184 self
.auth
.get_user_list
.return_value
= [{"_id": str(uuid4()), "username": self
.test_name
,
185 "project_role_mappings": [{"project": pid
, "role": str(uuid4())}]}]
186 with self
.assertRaises(EngineException
, msg
="Accepted deletion of used project") as e
:
187 self
.topic
.delete(self
.fake_session
, pid
)
188 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
189 self
.assertIn("project '{}' ({}) is being used by user '{}'".format(name
, pid
, self
.test_name
),
190 norm(str(e
.exception
)), "Wrong exception text")
191 with self
.subTest(i
=4):
192 self
.auth
.get_user_list
.return_value
= []
193 self
.db
.get_list
.return_value
= [{"_id": str(uuid4()), "id": self
.test_name
,
194 "_admin": {"projects_read": [pid
], "projects_write": []}}]
195 with self
.assertRaises(EngineException
, msg
="Accepted deletion of used project") as e
:
196 self
.topic
.delete(self
.fake_session
, pid
)
197 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
198 self
.assertIn("project '{}' ({}) is being used by {} '{}'"
199 .format(name
, pid
, "vnf descriptor", self
.test_name
),
200 norm(str(e
.exception
)), "Wrong exception text")
203 class Test_RoleTopicAuth(TestCase
):
207 cls
.test_name
= "test-role-topic"
208 cls
.test_operations
= ["tokens:get"]
211 self
.db
= Mock(dbbase
.DbBase())
212 self
.fs
= Mock(fsbase
.FsBase())
213 self
.msg
= Mock(msgbase
.MsgBase())
214 self
.auth
= Mock(authconn
.Authconn(None, None, None))
215 self
.auth
.role_permissions
= self
.test_operations
216 self
.topic
= RoleTopicAuth(self
.db
, self
.fs
, self
.msg
, self
.auth
)
217 self
.fake_session
= {"username": test_name
, "project_id": (test_pid
,), "method": None,
218 "admin": True, "force": False, "public": False, "allow_show_user_project_role": True}
219 self
.topic
.check_quota
= Mock(return_value
=None) # skip quota
221 def test_new_role(self
):
222 with self
.subTest(i
=1):
225 perms_in
= {"tokens": True}
226 perms_out
= {"default": False, "admin": False, "tokens": True}
227 self
.auth
.get_role_list
.return_value
= []
228 self
.auth
.create_role
.return_value
= rid1
229 rid2
, oid
= self
.topic
.new(rollback
, self
.fake_session
, {"name": self
.test_name
, "permissions": perms_in
})
230 self
.assertEqual(len(rollback
), 1, "Wrong rollback length")
231 self
.assertEqual(rid2
, rid1
, "Wrong project identifier")
232 content
= self
.auth
.create_role
.call_args
[0][0]
233 self
.assertEqual(content
["name"], self
.test_name
, "Wrong role name")
234 self
.assertEqual(content
["permissions"], perms_out
, "Wrong permissions")
235 self
.assertIsNotNone(content
["_admin"]["created"], "Wrong creation time")
236 self
.assertEqual(content
["_admin"]["modified"], content
["_admin"]["created"], "Wrong modification time")
237 with self
.subTest(i
=2):
239 with self
.assertRaises(EngineException
, msg
="Accepted wrong permissions") as e
:
240 self
.topic
.new(rollback
, self
.fake_session
,
241 {"name": "other-role-name", "permissions": {"projects": True}})
242 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
243 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
244 self
.assertIn("invalid permission '{}'".format("projects"),
245 norm(str(e
.exception
)), "Wrong exception text")
247 def test_edit_role(self
):
250 role
= {"_id": rid
, "name": self
.test_name
, "permissions": {"tokens": True},
251 "_admin": {"created": now
, "modified": now
}}
252 with self
.subTest(i
=1):
253 self
.auth
.get_role_list
.side_effect
= [[role
], []]
254 self
.auth
.get_role
.return_value
= role
255 new_name
= "new-role-name"
256 perms_in
= {"tokens": False, "tokens:get": True}
257 perms_out
= {"default": False, "admin": False, "tokens": False, "tokens:get": True}
258 self
.topic
.edit(self
.fake_session
, rid
, {"name": new_name
, "permissions": perms_in
})
259 content
= self
.auth
.update_role
.call_args
[0][0]
260 self
.assertEqual(content
["_id"], rid
, "Wrong role identifier")
261 self
.assertEqual(content
["_admin"]["created"], now
, "Wrong creation time")
262 self
.assertGreater(content
["_admin"]["modified"], now
, "Wrong modification time")
263 self
.assertEqual(content
["name"], new_name
, "Wrong role name")
264 self
.assertEqual(content
["permissions"], perms_out
, "Wrong permissions")
265 with self
.subTest(i
=2):
266 new_name
= "other-role-name"
267 perms_in
= {"tokens": False, "tokens:post": True}
268 self
.auth
.get_role_list
.side_effect
= [[role
], []]
269 with self
.assertRaises(EngineException
, msg
="Accepted wrong permissions") as e
:
270 self
.topic
.edit(self
.fake_session
, rid
, {"name": new_name
, "permissions": perms_in
})
271 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
272 self
.assertIn("invalid permission '{}'".format("tokens:post"),
273 norm(str(e
.exception
)), "Wrong exception text")
275 def test_delete_role(self
):
276 with self
.subTest(i
=1):
278 role
= {"_id": rid
, "name": "other-role-name"}
279 self
.auth
.get_role_list
.return_value
= [role
]
280 self
.auth
.get_role
.return_value
= role
281 self
.auth
.delete_role
.return_value
= {"deleted": 1}
282 self
.auth
.get_user_list
.return_value
= []
283 rc
= self
.topic
.delete(self
.fake_session
, rid
)
284 self
.assertEqual(rc
, {"deleted": 1}, "Wrong role deletion return info")
285 self
.assertEqual(self
.auth
.get_role_list
.call_args
[0][0]["_id"], rid
, "Wrong role identifier")
286 self
.assertEqual(self
.auth
.get_role
.call_args
[0][0], rid
, "Wrong role identifier")
287 self
.assertEqual(self
.auth
.delete_role
.call_args
[0][0], rid
, "Wrong role identifier")
289 def test_conflict_on_new(self
):
290 with self
.subTest(i
=1):
293 with self
.assertRaises(EngineException
, msg
="Accepted uuid as role name") as e
:
294 self
.topic
.new(rollback
, self
.fake_session
, {"name": rid
})
295 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
296 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
297 self
.assertIn("role name '{}' cannot have an uuid format".format(rid
),
298 norm(str(e
.exception
)), "Wrong exception text")
299 with self
.subTest(i
=2):
301 self
.auth
.get_role_list
.return_value
= [{"_id": str(uuid4()), "name": self
.test_name
}]
302 with self
.assertRaises(EngineException
, msg
="Accepted existing role name") as e
:
303 self
.topic
.new(rollback
, self
.fake_session
, {"name": self
.test_name
})
304 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
305 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
306 self
.assertIn("role name '{}' exists".format(self
.test_name
),
307 norm(str(e
.exception
)), "Wrong exception text")
309 def test_conflict_on_edit(self
):
311 with self
.subTest(i
=1):
312 self
.auth
.get_role_list
.return_value
= [{"_id": rid
, "name": self
.test_name
, "permissions": {}}]
313 new_name
= str(uuid4())
314 with self
.assertRaises(EngineException
, msg
="Accepted uuid as role name") as e
:
315 self
.topic
.edit(self
.fake_session
, rid
, {"name": new_name
})
316 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
317 self
.assertIn("role name '{}' cannot have an uuid format".format(new_name
),
318 norm(str(e
.exception
)), "Wrong exception text")
319 for i
, role_name
in enumerate(["system_admin", "project_admin"], start
=2):
320 with self
.subTest(i
=i
):
322 self
.auth
.get_role
.return_value
= {"_id": rid
, "name": role_name
, "permissions": {}}
323 with self
.assertRaises(EngineException
, msg
="Accepted renaming of role '{}'".format(role_name
)) as e
:
324 self
.topic
.edit(self
.fake_session
, rid
, {"name": "new-name"})
325 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.FORBIDDEN
, "Wrong HTTP status code")
326 self
.assertIn("you cannot rename role '{}'".format(role_name
),
327 norm(str(e
.exception
)), "Wrong exception text")
328 with self
.subTest(i
=i
+1):
329 new_name
= "new-role-name"
330 self
.auth
.get_role_list
.side_effect
= [[{"_id": rid
, "name": self
.test_name
, "permissions": {}}],
331 [{"_id": str(uuid4()), "name": new_name
, "permissions": {}}]]
332 self
.auth
.get_role
.return_value
= {"_id": rid
, "name": self
.test_name
, "permissions": {}}
333 with self
.assertRaises(EngineException
, msg
="Accepted existing role name") as e
:
334 self
.topic
.edit(self
.fake_session
, rid
, {"name": new_name
})
335 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
336 self
.assertIn("role name '{}' exists".format(new_name
),
337 norm(str(e
.exception
)), "Wrong exception text")
339 def test_conflict_on_del(self
):
340 for i
, role_name
in enumerate(["system_admin", "project_admin"], start
=1):
341 with self
.subTest(i
=i
):
343 role
= {"_id": rid
, "name": role_name
}
344 self
.auth
.get_role_list
.return_value
= [role
]
345 self
.auth
.get_role
.return_value
= role
346 with self
.assertRaises(EngineException
, msg
="Accepted deletion of role '{}'".format(role_name
)) as e
:
347 self
.topic
.delete(self
.fake_session
, rid
)
348 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.FORBIDDEN
, "Wrong HTTP status code")
349 self
.assertIn("you cannot delete role '{}'".format(role_name
),
350 norm(str(e
.exception
)), "Wrong exception text")
351 with self
.subTest(i
=i
+1):
353 name
= "other-role-name"
354 role
= {"_id": rid
, "name": name
}
355 self
.auth
.get_role_list
.return_value
= [role
]
356 self
.auth
.get_role
.return_value
= role
357 self
.auth
.get_user_list
.return_value
= [{"_id": str(uuid4()), "username": self
.test_name
,
358 "project_role_mappings": [{"project": str(uuid4()), "role": rid
}]}]
359 with self
.assertRaises(EngineException
, msg
="Accepted deletion of used role") as e
:
360 self
.topic
.delete(self
.fake_session
, rid
)
361 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
362 self
.assertIn("role '{}' ({}) is being used by user '{}'".format(name
, rid
, self
.test_name
),
363 norm(str(e
.exception
)), "Wrong exception text")
366 class Test_UserTopicAuth(TestCase
):
370 cls
.test_name
= "test-user-topic"
373 self
.db
= Mock(dbbase
.DbBase())
374 self
.fs
= Mock(fsbase
.FsBase())
375 self
.msg
= Mock(msgbase
.MsgBase())
376 self
.auth
= Mock(authconn
.Authconn(None, None, None))
377 self
.topic
= UserTopicAuth(self
.db
, self
.fs
, self
.msg
, self
.auth
)
378 self
.fake_session
= {"username": test_name
, "project_id": (test_pid
,), "method": None,
379 "admin": True, "force": False, "public": False, "allow_show_user_project_role": True}
380 self
.topic
.check_quota
= Mock(return_value
=None) # skip quota
382 def test_new_user(self
):
385 self
.auth
.get_user_list
.return_value
= []
386 self
.auth
.get_project
.return_value
= {"_id": pid
, "name": "some_project"}
387 self
.auth
.create_user
.return_value
= {"_id": uid1
, "username": self
.test_name
}
388 with self
.subTest(i
=1):
391 self
.auth
.get_role
.return_value
= {"_id": rid
, "name": "some_role"}
392 prms_in
= [{"project": "some_project", "role": "some_role"}]
393 prms_out
= [{"project": pid
, "role": rid
}]
394 uid2
, oid
= self
.topic
.new(rollback
, self
.fake_session
, {"username": self
.test_name
,
395 "password": self
.test_name
,
396 "project_role_mappings": prms_in
398 self
.assertEqual(len(rollback
), 1, "Wrong rollback length")
399 self
.assertEqual(uid2
, uid1
, "Wrong project identifier")
400 content
= self
.auth
.create_user
.call_args
[0][0]
401 self
.assertEqual(content
["username"], self
.test_name
, "Wrong project name")
402 self
.assertEqual(content
["password"], self
.test_name
, "Wrong password")
403 self
.assertEqual(content
["project_role_mappings"], prms_out
, "Wrong project-role mappings")
404 self
.assertIsNotNone(content
["_admin"]["created"], "Wrong creation time")
405 self
.assertEqual(content
["_admin"]["modified"], content
["_admin"]["created"], "Wrong modification time")
406 with self
.subTest(i
=2):
408 def_rid
= str(uuid4())
409 def_role
= {"_id": def_rid
, "name": "project_admin"}
410 self
.auth
.get_role
.return_value
= def_role
411 self
.auth
.get_role_list
.return_value
= [def_role
]
412 prms_out
= [{"project": pid
, "role": def_rid
}]
413 uid2
, oid
= self
.topic
.new(rollback
, self
.fake_session
, {"username": self
.test_name
,
414 "password": self
.test_name
,
415 "projects": ["some_project"]
417 self
.assertEqual(len(rollback
), 1, "Wrong rollback length")
418 self
.assertEqual(uid2
, uid1
, "Wrong project identifier")
419 content
= self
.auth
.create_user
.call_args
[0][0]
420 self
.assertEqual(content
["username"], self
.test_name
, "Wrong project name")
421 self
.assertEqual(content
["password"], self
.test_name
, "Wrong password")
422 self
.assertEqual(content
["project_role_mappings"], prms_out
, "Wrong project-role mappings")
423 self
.assertIsNotNone(content
["_admin"]["created"], "Wrong creation time")
424 self
.assertEqual(content
["_admin"]["modified"], content
["_admin"]["created"], "Wrong modification time")
425 with self
.subTest(i
=3):
427 with self
.assertRaises(EngineException
, msg
="Accepted wrong project-role mappings") as e
:
428 self
.topic
.new(rollback
, self
.fake_session
, {"username": "other-project-name",
429 "password": "other-password",
430 "project_role_mappings": [{}]
432 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
433 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
434 self
.assertIn("format error at '{}' '{}'"
435 .format("project_role_mappings:{}", "'{}' is a required property").format(0, "project"),
436 norm(str(e
.exception
)), "Wrong exception text")
437 with self
.subTest(i
=4):
439 with self
.assertRaises(EngineException
, msg
="Accepted wrong projects") as e
:
440 self
.topic
.new(rollback
, self
.fake_session
, {"username": "other-project-name",
441 "password": "other-password",
444 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
445 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
446 self
.assertIn("format error at '{}' '{}'" .format("projects", "{} is too short").format([]),
447 norm(str(e
.exception
)), "Wrong exception text")
449 def test_edit_user(self
):
454 prms
= [{"project": pid1
, "project_name": "project-1", "role": rid1
, "role_name": "role-1"}]
455 user
= {"_id": uid
, "username": self
.test_name
, "project_role_mappings": prms
,
456 "_admin": {"created": now
, "modified": now
}}
457 with self
.subTest(i
=1):
458 self
.auth
.get_user_list
.side_effect
= [[user
], []]
459 self
.auth
.get_user
.return_value
= user
462 self
.auth
.get_project
.side_effect
= [{"_id": pid2
, "name": "project-2"},
463 {"_id": pid1
, "name": "project-1"}]
464 self
.auth
.get_role
.side_effect
= [{"_id": rid2
, "name": "role-2"},
465 {"_id": rid1
, "name": "role-1"}]
466 new_name
= "new-user-name"
467 new_pasw
= "new-password"
468 add_prms
= [{"project": pid2
, "role": rid2
}]
469 rem_prms
= [{"project": pid1
, "role": rid1
}]
470 self
.topic
.edit(self
.fake_session
, uid
, {"username": new_name
, "password": new_pasw
,
471 "add_project_role_mappings": add_prms
,
472 "remove_project_role_mappings": rem_prms
474 content
= self
.auth
.update_user
.call_args
[0][0]
475 self
.assertEqual(content
["_id"], uid
, "Wrong user identifier")
476 self
.assertEqual(content
["username"], new_name
, "Wrong user name")
477 self
.assertEqual(content
["password"], new_pasw
, "Wrong user password")
478 self
.assertEqual(content
["add_project_role_mappings"], add_prms
, "Wrong project-role mappings to add")
479 self
.assertEqual(content
["remove_project_role_mappings"], prms
, "Wrong project-role mappings to remove")
480 with self
.subTest(i
=2):
481 new_name
= "other-user-name"
483 self
.auth
.get_role_list
.side_effect
= [[user
], []]
484 with self
.assertRaises(EngineException
, msg
="Accepted wrong project-role mappings") as e
:
485 self
.topic
.edit(self
.fake_session
, uid
, {"username": new_name
, "project_role_mappings": new_prms
})
486 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
487 self
.assertIn("format error at '{}' '{}'"
488 .format("project_role_mappings:{}", "'{}' is a required property").format(0, "project"),
489 norm(str(e
.exception
)), "Wrong exception text")
491 def test_delete_user(self
):
492 with self
.subTest(i
=1):
494 self
.fake_session
["username"] = self
.test_name
495 user
= user
= {"_id": uid
, "username": "other-user-name", "project_role_mappings": []}
496 self
.auth
.get_user
.return_value
= user
497 self
.auth
.delete_user
.return_value
= {"deleted": 1}
498 rc
= self
.topic
.delete(self
.fake_session
, uid
)
499 self
.assertEqual(rc
, {"deleted": 1}, "Wrong user deletion return info")
500 self
.assertEqual(self
.auth
.get_user
.call_args
[0][0], uid
, "Wrong user identifier")
501 self
.assertEqual(self
.auth
.delete_user
.call_args
[0][0], uid
, "Wrong user identifier")
503 def test_conflict_on_new(self
):
504 with self
.subTest(i
=1):
507 with self
.assertRaises(EngineException
, msg
="Accepted uuid as username") as e
:
508 self
.topic
.new(rollback
, self
.fake_session
, {"username": uid
, "password": self
.test_name
,
509 "projects": [test_pid
]})
510 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
511 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
512 self
.assertIn("username '{}' cannot have a uuid format".format(uid
),
513 norm(str(e
.exception
)), "Wrong exception text")
514 with self
.subTest(i
=2):
516 self
.auth
.get_user_list
.return_value
= [{"_id": str(uuid4()), "username": self
.test_name
}]
517 with self
.assertRaises(EngineException
, msg
="Accepted existing username") as e
:
518 self
.topic
.new(rollback
, self
.fake_session
, {"username": self
.test_name
, "password": self
.test_name
,
519 "projects": [test_pid
]})
520 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
521 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
522 self
.assertIn("username '{}' is already used".format(self
.test_name
),
523 norm(str(e
.exception
)), "Wrong exception text")
524 with self
.subTest(i
=3):
526 self
.auth
.get_user_list
.return_value
= []
527 self
.auth
.get_role_list
.side_effect
= [[], []]
528 with self
.assertRaises(AuthconnNotFoundException
, msg
="Accepted user without default role") as e
:
529 self
.topic
.new(rollback
, self
.fake_session
, {"username": self
.test_name
, "password": self
.test_name
,
530 "projects": [str(uuid4())]})
531 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
532 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.NOT_FOUND
, "Wrong HTTP status code")
533 self
.assertIn("can't find default role for user '{}'".format(self
.test_name
),
534 norm(str(e
.exception
)), "Wrong exception text")
536 def test_conflict_on_edit(self
):
538 with self
.subTest(i
=1):
539 self
.auth
.get_user_list
.return_value
= [{"_id": uid
, "username": self
.test_name
}]
540 new_name
= str(uuid4())
541 with self
.assertRaises(EngineException
, msg
="Accepted uuid as username") as e
:
542 self
.topic
.edit(self
.fake_session
, uid
, {"username": new_name
})
543 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
544 self
.assertIn("username '{}' cannot have an uuid format".format(new_name
),
545 norm(str(e
.exception
)), "Wrong exception text")
546 with self
.subTest(i
=2):
547 self
.auth
.get_user_list
.return_value
= [{"_id": uid
, "username": self
.test_name
}]
548 self
.auth
.get_role_list
.side_effect
= [[], []]
549 with self
.assertRaises(AuthconnNotFoundException
, msg
="Accepted user without default role") as e
:
550 self
.topic
.edit(self
.fake_session
, uid
, {"projects": [str(uuid4())]})
551 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.NOT_FOUND
, "Wrong HTTP status code")
552 self
.assertIn("can't find a default role for user '{}'".format(self
.test_name
),
553 norm(str(e
.exception
)), "Wrong exception text")
554 with self
.subTest(i
=3):
555 admin_uid
= str(uuid4())
556 self
.auth
.get_user_list
.return_value
= [{"_id": admin_uid
, "username": "admin"}]
557 with self
.assertRaises(EngineException
, msg
="Accepted removing system_admin role from admin user") as e
:
558 self
.topic
.edit(self
.fake_session
, admin_uid
,
559 {"remove_project_role_mappings": [{"project": "admin", "role": "system_admin"}]})
560 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.FORBIDDEN
, "Wrong HTTP status code")
561 self
.assertIn("you cannot remove system_admin role from admin user",
562 norm(str(e
.exception
)), "Wrong exception text")
563 with self
.subTest(i
=4):
564 new_name
= "new-user-name"
565 self
.auth
.get_user_list
.side_effect
= [[{"_id": uid
, "name": self
.test_name
}],
566 [{"_id": str(uuid4()), "name": new_name
}]]
567 with self
.assertRaises(EngineException
, msg
="Accepted existing username") as e
:
568 self
.topic
.edit(self
.fake_session
, uid
, {"username": new_name
})
569 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
570 self
.assertIn("username '{}' is already used".format(new_name
),
571 norm(str(e
.exception
)), "Wrong exception text")
573 def test_conflict_on_del(self
):
574 with self
.subTest(i
=1):
576 self
.fake_session
["username"] = self
.test_name
577 user
= user
= {"_id": uid
, "username": self
.test_name
, "project_role_mappings": []}
578 self
.auth
.get_user
.return_value
= user
579 with self
.assertRaises(EngineException
, msg
="Accepted deletion of own user") as e
:
580 self
.topic
.delete(self
.fake_session
, uid
)
581 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
582 self
.assertIn("you cannot delete your own login user", norm(str(e
.exception
)), "Wrong exception text")
585 class Test_CommonVimWimSdn(TestCase
):
589 cls
.test_name
= "test-cim-topic" # CIM = Common Infrastructure Manager
592 self
.db
= Mock(dbbase
.DbBase())
593 self
.fs
= Mock(fsbase
.FsBase())
594 self
.msg
= Mock(msgbase
.MsgBase())
595 self
.auth
= Mock(authconn
.Authconn(None, None, None))
596 self
.topic
= CommonVimWimSdn(self
.db
, self
.fs
, self
.msg
, self
.auth
)
597 # Use WIM schemas for testing because they are the simplest
598 self
.topic
._send
_msg
= Mock()
599 self
.topic
.topic
= "wims"
600 self
.topic
.schema_new
= validation
.wim_account_new_schema
601 self
.topic
.schema_edit
= validation
.wim_account_edit_schema
602 self
.fake_session
= {"username": test_name
, "project_id": (test_pid
,), "method": None,
603 "admin": True, "force": False, "public": False, "allow_show_user_project_role": True}
604 self
.topic
.check_quota
= Mock(return_value
=None) # skip quota
606 def test_new_cvws(self
):
607 test_url
= "http://0.0.0.0:0"
608 with self
.subTest(i
=1):
611 self
.db
.get_one
.return_value
= None
612 self
.db
.create
.side_effect
= lambda self
, content
: content
["_id"]
613 cid
, oid
= self
.topic
.new(rollback
, self
.fake_session
,
614 {"name": self
.test_name
, "wim_url": test_url
, "wim_type": test_type
})
615 self
.assertEqual(len(rollback
), 1, "Wrong rollback length")
616 args
= self
.db
.create
.call_args
[0]
618 self
.assertEqual(args
[0], self
.topic
.topic
, "Wrong topic")
619 self
.assertEqual(content
["_id"], cid
, "Wrong CIM identifier")
620 self
.assertEqual(content
["name"], self
.test_name
, "Wrong CIM name")
621 self
.assertEqual(content
["wim_url"], test_url
, "Wrong URL")
622 self
.assertEqual(content
["wim_type"], test_type
, "Wrong CIM type")
623 self
.assertEqual(content
["schema_version"], "1.11", "Wrong schema version")
624 self
.assertEqual(content
["op_id"], oid
, "Wrong operation identifier")
625 self
.assertIsNotNone(content
["_admin"]["created"], "Wrong creation time")
626 self
.assertEqual(content
["_admin"]["modified"], content
["_admin"]["created"], "Wrong modification time")
627 self
.assertEqual(content
["_admin"]["operationalState"], "PROCESSING", "Wrong operational state")
628 self
.assertEqual(content
["_admin"]["projects_read"], [test_pid
], "Wrong read-only projects")
629 self
.assertEqual(content
["_admin"]["projects_write"], [test_pid
], "Wrong read/write projects")
630 self
.assertIsNone(content
["_admin"]["current_operation"], "Wrong current operation")
631 self
.assertEqual(len(content
["_admin"]["operations"]), 1, "Wrong number of operations")
632 operation
= content
["_admin"]["operations"][0]
633 self
.assertEqual(operation
["lcmOperationType"], "create", "Wrong operation type")
634 self
.assertEqual(operation
["operationState"], "PROCESSING", "Wrong operation state")
635 self
.assertGreater(operation
["startTime"], content
["_admin"]["created"], "Wrong operation start time")
636 self
.assertGreater(operation
["statusEnteredTime"], content
["_admin"]["created"],
637 "Wrong operation status enter time")
638 self
.assertEqual(operation
["detailed-status"], "", "Wrong operation detailed status info")
639 self
.assertIsNone(operation
["operationParams"], "Wrong operation parameters")
640 # This test is disabled. From Feature 8030 we admit all WIM/SDN types
641 # with self.subTest(i=2):
643 # test_type = "bad_type"
644 # with self.assertRaises(EngineException, msg="Accepted wrong CIM type") as e:
645 # self.topic.new(rollback, self.fake_session,
646 # {"name": self.test_name, "wim_url": test_url, "wim_type": test_type})
647 # self.assertEqual(len(rollback), 0, "Wrong rollback length")
648 # self.assertEqual(e.exception.http_code, HTTPStatus.UNPROCESSABLE_ENTITY, "Wrong HTTP status code")
649 # self.assertIn("format error at '{}' '{}".format("wim_type", "'{}' is not one of {}").format(test_type,""),
650 # norm(str(e.exception)), "Wrong exception text")
652 def test_conflict_on_new(self
):
653 with self
.subTest(i
=1):
655 test_url
= "http://0.0.0.0:0"
657 self
.db
.get_one
.return_value
= {"_id": str(uuid4()), "name": self
.test_name
}
658 with self
.assertRaises(EngineException
, msg
="Accepted existing CIM name") as e
:
659 self
.topic
.new(rollback
, self
.fake_session
,
660 {"name": self
.test_name
, "wim_url": test_url
, "wim_type": test_type
})
661 self
.assertEqual(len(rollback
), 0, "Wrong rollback length")
662 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
663 self
.assertIn("name '{}' already exists for {}".format(self
.test_name
, self
.topic
.topic
),
664 norm(str(e
.exception
)), "Wrong exception text")
666 def test_edit_cvws(self
):
669 test_url
= "http://0.0.0.0:0"
671 cvws
= {"_id": cid
, "name": self
.test_name
, "wim_url": test_url
, "wim_type": test_type
,
672 "_admin": {"created": now
, "modified": now
, "operations": [{"lcmOperationType": "create"}]}}
673 with self
.subTest(i
=1):
674 new_name
= "new-cim-name"
675 new_url
= "https://1.1.1.1:1"
677 self
.db
.get_one
.side_effect
= [cvws
, None]
678 self
.db
.replace
.return_value
= {"updated": 1}
679 # self.db.encrypt.side_effect = [b64str(), b64str()]
680 self
.topic
.edit(self
.fake_session
, cid
, {"name": new_name
, "wim_url": new_url
, "wim_type": new_type
})
681 args
= self
.db
.replace
.call_args
[0]
683 self
.assertEqual(args
[0], self
.topic
.topic
, "Wrong topic")
684 self
.assertEqual(args
[1], cid
, "Wrong CIM identifier")
685 self
.assertEqual(content
["_id"], cid
, "Wrong CIM identifier")
686 self
.assertEqual(content
["name"], new_name
, "Wrong CIM name")
687 self
.assertEqual(content
["wim_type"], new_type
, "Wrong CIM type")
688 self
.assertEqual(content
["wim_url"], new_url
, "Wrong URL")
689 self
.assertEqual(content
["_admin"]["created"], now
, "Wrong creation time")
690 self
.assertGreater(content
["_admin"]["modified"], content
["_admin"]["created"], "Wrong modification time")
691 self
.assertEqual(len(content
["_admin"]["operations"]), 2, "Wrong number of operations")
692 operation
= content
["_admin"]["operations"][1]
693 self
.assertEqual(operation
["lcmOperationType"], "edit", "Wrong operation type")
694 self
.assertEqual(operation
["operationState"], "PROCESSING", "Wrong operation state")
695 self
.assertGreater(operation
["startTime"], content
["_admin"]["modified"], "Wrong operation start time")
696 self
.assertGreater(operation
["statusEnteredTime"], content
["_admin"]["modified"],
697 "Wrong operation status enter time")
698 self
.assertEqual(operation
["detailed-status"], "", "Wrong operation detailed status info")
699 self
.assertIsNone(operation
["operationParams"], "Wrong operation parameters")
700 with self
.subTest(i
=2):
701 with self
.assertRaises(EngineException
, msg
="Accepted wrong property") as e
:
702 self
.topic
.edit(self
.fake_session
, str(uuid4()), {"name": "new-name", "extra_prop": "anything"})
703 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.UNPROCESSABLE_ENTITY
, "Wrong HTTP status code")
704 self
.assertIn("format error '{}'".format("additional properties are not allowed ('{}' was unexpected)").
705 format("extra_prop"),
706 norm(str(e
.exception
)), "Wrong exception text")
708 def test_conflict_on_edit(self
):
709 with self
.subTest(i
=1):
711 new_name
= "new-cim-name"
712 self
.db
.get_one
.side_effect
= [{"_id": cid
, "name": self
.test_name
},
713 {"_id": str(uuid4()), "name": new_name
}]
714 with self
.assertRaises(EngineException
, msg
="Accepted existing CIM name") as e
:
715 self
.topic
.edit(self
.fake_session
, cid
, {"name": new_name
})
716 self
.assertEqual(e
.exception
.http_code
, HTTPStatus
.CONFLICT
, "Wrong HTTP status code")
717 self
.assertIn("name '{}' already exists for {}".format(new_name
, self
.topic
.topic
),
718 norm(str(e
.exception
)), "Wrong exception text")
720 def test_delete_cvws(self
):
722 ro_pid
= str(uuid4())
723 rw_pid
= str(uuid4())
724 cvws
= {"_id": cid
, "name": self
.test_name
}
725 self
.db
.get_list
.return_value
= []
726 with self
.subTest(i
=1):
727 cvws
["_admin"] = {"projects_read": [test_pid
, ro_pid
, rw_pid
], "projects_write": [test_pid
, rw_pid
]}
728 self
.db
.get_one
.return_value
= cvws
729 oid
= self
.topic
.delete(self
.fake_session
, cid
)
730 self
.assertIsNone(oid
, "Wrong operation identifier")
731 self
.assertEqual(self
.db
.get_one
.call_args
[0][0], self
.topic
.topic
, "Wrong topic")
732 self
.assertEqual(self
.db
.get_one
.call_args
[0][1]["_id"], cid
, "Wrong CIM identifier")
733 self
.assertEqual(self
.db
.set_one
.call_args
[0][0], self
.topic
.topic
, "Wrong topic")
734 self
.assertEqual(self
.db
.set_one
.call_args
[0][1]["_id"], cid
, "Wrong CIM identifier")
735 self
.assertEqual(self
.db
.set_one
.call_args
[1]["update_dict"], None,
736 "Wrong read-only projects update")
737 self
.assertEqual(self
.db
.set_one
.call_args
[1]["pull_list"],
738 {"_admin.projects_read": (test_pid
,), "_admin.projects_write": (test_pid
,)},
739 "Wrong read/write projects update")
740 self
.topic
._send
_msg
.assert_not_called()
741 with self
.subTest(i
=2):
743 cvws
["_admin"] = {"projects_read": [test_pid
], "projects_write": [test_pid
], "operations": []}
744 self
.db
.get_one
.return_value
= cvws
745 oid
= self
.topic
.delete(self
.fake_session
, cid
)
746 self
.assertEqual(oid
, cid
+":0", "Wrong operation identifier")
747 self
.assertEqual(self
.db
.get_one
.call_args
[0][0], self
.topic
.topic
, "Wrong topic")
748 self
.assertEqual(self
.db
.get_one
.call_args
[0][1]["_id"], cid
, "Wrong CIM identifier")
749 self
.assertEqual(self
.db
.set_one
.call_args
[0][0], self
.topic
.topic
, "Wrong topic")
750 self
.assertEqual(self
.db
.set_one
.call_args
[0][1]["_id"], cid
, "Wrong user identifier")
751 self
.assertEqual(self
.db
.set_one
.call_args
[1]["update_dict"], {"_admin.to_delete": True},
752 "Wrong _admin.to_delete update")
753 operation
= self
.db
.set_one
.call_args
[1]["push"]["_admin.operations"]
754 self
.assertEqual(operation
["lcmOperationType"], "delete", "Wrong operation type")
755 self
.assertEqual(operation
["operationState"], "PROCESSING", "Wrong operation state")
756 self
.assertEqual(operation
["detailed-status"], "", "Wrong operation detailed status")
757 self
.assertIsNone(operation
["operationParams"], "Wrong operation parameters")
758 self
.assertGreater(operation
["startTime"], now
, "Wrong operation start time")
759 self
.assertGreater(operation
["statusEnteredTime"], now
, "Wrong operation status enter time")
760 self
.topic
._send
_msg
.assert_called_once_with("delete", {"_id": cid
, "op_id": cid
+ ":0"}, not_send_msg
=None)
761 with self
.subTest(i
=3):
762 cvws
["_admin"] = {"projects_read": [], "projects_write": [], "operations": []}
763 self
.db
.get_one
.return_value
= cvws
764 self
.topic
._send
_msg
.reset_mock()
765 self
.db
.get_one
.reset_mock()
766 self
.db
.del_one
.reset_mock()
767 self
.fake_session
["force"] = True # to force deletion
768 self
.fake_session
["admin"] = True # to force deletion
769 self
.fake_session
["project_id"] = [] # to force deletion
770 oid
= self
.topic
.delete(self
.fake_session
, cid
)
771 self
.assertIsNone(oid
, "Wrong operation identifier")
772 self
.assertEqual(self
.db
.get_one
.call_args
[0][0], self
.topic
.topic
, "Wrong topic")
773 self
.assertEqual(self
.db
.get_one
.call_args
[0][1]["_id"], cid
, "Wrong CIM identifier")
774 self
.assertEqual(self
.db
.del_one
.call_args
[0][0], self
.topic
.topic
, "Wrong topic")
775 self
.assertEqual(self
.db
.del_one
.call_args
[0][1]["_id"], cid
, "Wrong CIM identifier")
776 self
.topic
._send
_msg
.assert_called_once_with("deleted", {"_id": cid
, "op_id": None}, not_send_msg
=None)
779 if __name__
== '__main__':