From: tierno Date: Wed, 12 Sep 2018 14:40:35 +0000 (+0200) Subject: Allow user and project edition X-Git-Tag: v5.0.0~43 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=cd54a4add397e6f0921a77e97444d32c7a748975;p=osm%2FNBI.git Allow user and project edition Added more tests Change-Id: I04291f7e7e9f979035b7f91d74c5343ee98fb3de Signed-off-by: tierno --- diff --git a/osm_nbi/engine.py b/osm_nbi/engine.py index 12849a8..29bd4f1 100644 --- a/osm_nbi/engine.py +++ b/osm_nbi/engine.py @@ -12,7 +12,7 @@ import logging from random import choice as random_choice from uuid import uuid4 from hashlib import sha256, md5 -from osm_common.dbbase import DbException +from osm_common.dbbase import DbException, deep_update from osm_common.fsbase import FsException from osm_common.msgbase import MsgException from http import HTTPStatus @@ -30,29 +30,6 @@ class EngineException(Exception): Exception.__init__(self, message) -def _deep_update(dict_to_change, dict_reference): - """ - Modifies one dictionary with the information of the other following https://tools.ietf.org/html/rfc7396 - :param dict_to_change: Ends modified - :param dict_reference: reference - :return: none - """ - for k in dict_reference: - if dict_reference[k] is None: # None->Anything - if k in dict_to_change: - del dict_to_change[k] - elif not isinstance(dict_reference[k], dict): # NotDict->Anything - dict_to_change[k] = dict_reference[k] - elif k not in dict_to_change: # Dict->Empty - dict_to_change[k] = deepcopy(dict_reference[k]) - _deep_update(dict_to_change[k], dict_reference[k]) - elif isinstance(dict_to_change[k], dict): # Dict->Dict - _deep_update(dict_to_change[k], dict_reference[k]) - else: # Dict->NotDict - dict_to_change[k] = deepcopy(dict_reference[k]) - _deep_update(dict_to_change[k], dict_reference[k]) - - def get_iterable(input): """ Returns an iterable, in case input is None it just returns an empty tuple @@ -254,6 +231,18 @@ class Engine(object): clean_indata = clean_indata['userDefinedData'] return clean_indata + def _check_project_dependencies(self, project_id): + """ + Check if a project can be deleted + :param session: + :param _id: + :return: + """ + # TODO Is it needed to check descriptors _admin.project_read/project_write?? + _filter = {"projects": project_id} + if self.db.get_list("users", _filter): + raise EngineException("There are users that uses this project", http_code=HTTPStatus.CONFLICT) + def _check_dependencies_on_descriptor(self, session, item, descriptor_id, _id): """ Check that the descriptor to be deleded is not a dependency of others @@ -298,22 +287,35 @@ class Engine(object): raise EngineException("Descriptor error at nsdId='{}' references a non exist nsd".format(nsd_id), http_code=HTTPStatus.CONFLICT) + def _check_edition(self, session, item, indata, id, force=False): + if item == "users": + if indata.get("projects"): + if not session["admin"]: + raise EngineException("Needed admin privileges to edit user projects", HTTPStatus.UNAUTHORIZED) + if indata.get("password"): + # regenerate salt and encrypt password + salt = uuid4().hex + indata["_admin"] = {"salt": salt} + indata["password"] = sha256(indata["password"].encode('utf-8') + salt.encode('utf-8')).hexdigest() + def _validate_new_data(self, session, item, indata, id=None, force=False): if item == "users": - if not indata.get("username"): - raise EngineException("missing 'username'", HTTPStatus.UNPROCESSABLE_ENTITY) - if not indata.get("password"): - raise EngineException("missing 'password'", HTTPStatus.UNPROCESSABLE_ENTITY) - if not indata.get("projects"): - raise EngineException("missing 'projects'", HTTPStatus.UNPROCESSABLE_ENTITY) # check username not exists - if self.db.get_one(item, {"username": indata.get("username")}, fail_on_empty=False, fail_on_more=False): + if not id and self.db.get_one(item, {"username": indata.get("username")}, fail_on_empty=False, + fail_on_more=False): raise EngineException("username '{}' exists".format(indata["username"]), HTTPStatus.CONFLICT) + # check projects + if not force: + for p in indata["projects"]: + if p == "admin": + continue + if not self.db.get_one("projects", {"_id": p}, fail_on_empty=False, fail_on_more=False): + raise EngineException("project '{}' does not exists".format(p), HTTPStatus.CONFLICT) elif item == "projects": if not indata.get("name"): raise EngineException("missing 'name'") # check name not exists - if self.db.get_one(item, {"name": indata.get("name")}, fail_on_empty=False, fail_on_more=False): + if not id and self.db.get_one(item, {"name": indata.get("name")}, fail_on_empty=False, fail_on_more=False): raise EngineException("name '{}' exists".format(indata["name"]), HTTPStatus.CONFLICT) elif item in ("vnfds", "nsds"): filter = {"id": indata["id"]} @@ -821,6 +823,9 @@ class Engine(object): :return: _id: identity of the inserted data. """ + if not session["admin"] and item in ("users", "projects"): + raise EngineException("Needed admin privileges to perform this operation", HTTPStatus.UNAUTHORIZED) + try: item_envelop = item if item in ("nsds", "vnfds"): @@ -829,7 +834,7 @@ class Engine(object): # Override descriptor with query string kwargs self._update_descriptor(content, kwargs) - if not indata and item not in ("nsds", "vnfds"): + if not content and item not in ("nsds", "vnfds"): raise EngineException("Empty payload") validate_input(content, item, new=True) @@ -838,7 +843,7 @@ class Engine(object): # in this case the input descriptor is not the data to be stored return self.new_nsr(rollback, session, ns_request=content) - self._validate_new_data(session, item_envelop, content, force) + self._validate_new_data(session, item_envelop, content, force=force) if item in ("nsds", "vnfds"): content = {"_admin": {"userDefinedData": content}} self._format_new_data(session, item, content) @@ -921,7 +926,7 @@ class Engine(object): # raise EngineException("Cannot get ns_instance '{}': {}".format(e), HTTPStatus.NOT_FOUND) def _add_read_filter(self, session, item, filter): - if session["project_id"] == "admin": # allows all + if session["admin"]: # allows all return filter if item == "users": filter["username"] = session["username"] @@ -929,7 +934,7 @@ class Engine(object): filter["_admin.projects_read.cont"] = ["ANY", session["project_id"]] def _add_delete_filter(self, session, item, filter): - if session["project_id"] != "admin" and item in ("users", "projects"): + if not session["admin"] and item in ("users", "projects"): raise EngineException("Only admin users can perform this task", http_code=HTTPStatus.FORBIDDEN) if item == "users": if filter.get("_id") == session["username"] or filter.get("username") == session["username"]: @@ -937,7 +942,7 @@ class Engine(object): elif item == "project": if filter.get("_id") == session["project_id"]: raise EngineException("You cannot delete your own project", http_code=HTTPStatus.CONFLICT) - elif item in ("vnfds", "nsds") and session["project_id"] != "admin": + elif item in ("vnfds", "nsds") and not session["admin"]: filter["_admin.projects_write.cont"] = ["ANY", session["project_id"]] def get_file(self, session, item, _id, path=None, accept_header=None): @@ -1054,6 +1059,9 @@ class Engine(object): descriptor_id = descriptor.get("id") if descriptor_id: self._check_dependencies_on_descriptor(session, item, descriptor_id, _id) + elif item == "projects": + if not force: + self._check_project_dependencies(_id) if item == "nsrs": nsr = self.db.get_one(item, filter) @@ -1167,8 +1175,9 @@ class Engine(object): except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) - _deep_update(content, indata) - self._validate_new_data(session, item, content, id, force) + self._check_edition(session, item, indata, id, force) + deep_update(content, indata) + self._validate_new_data(session, item, content, id=id, force=force) # self._format_new_data(session, item, content) self.db.replace(item, id, content) if item in ("vim_accounts", "sdns"): @@ -1191,6 +1200,8 @@ class Engine(object): :param force: If True avoid some dependence checks :return: dictionary, raise exception if not found. """ + if not session["admin"] and item == "projects": + raise EngineException("Needed admin privileges to perform this operation", HTTPStatus.UNAUTHORIZED) content = self.get_item(session, item, _id) return self._edit_item(session, item, _id, content, indata, kwargs, force) diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index 3cc12b9..f8c564d 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -76,7 +76,7 @@ URL: /osm GET POST /tokens O O / O O /users O O - / O O + / O O O O /projects O O / O O /vims_accounts (also vims for compatibility) O O @@ -152,7 +152,7 @@ class Server(object): "": {"METHODS": ("GET", "DELETE")} }, "users": {"METHODS": ("GET", "POST"), - "": {"METHODS": ("GET", "POST", "DELETE")} + "": {"METHODS": ("GET", "POST", "DELETE", "PATCH", "PUT")} }, "projects": {"METHODS": ("GET", "POST"), "": {"METHODS": ("GET", "DELETE")} @@ -511,7 +511,7 @@ class Server(object): return f elif len(args) == 2 and args[0] == "db-clear": - return self.engine.del_item_list({"project_id": "admin"}, args[1], {}) + return self.engine.del_item_list({"project_id": "admin", "admin": True}, args[1], kwargs) elif args and args[0] == "prune": return self.engine.prune() elif args and args[0] == "login": @@ -730,6 +730,7 @@ class Server(object): cherrypy.response.status = HTTPStatus.ACCEPTED.value elif method in ("PUT", "PATCH"): + outdata = None if not indata and not kwargs: raise NbiException("Nothing to update. Provide payload and/or query string", HTTPStatus.BAD_REQUEST) @@ -738,10 +739,9 @@ class Server(object): cherrypy.request.headers) if not completed: cherrypy.response.headers["Transaction-Id"] = id - cherrypy.response.status = HTTPStatus.NO_CONTENT.value - outdata = None else: - outdata = {"id": self.engine.edit_item(session, engine_item, _id, indata, kwargs, force=force)} + self.engine.edit_item(session, engine_item, _id, indata, kwargs, force=force) + cherrypy.response.status = HTTPStatus.NO_CONTENT.value else: raise NbiException("Method {} not allowed".format(method), HTTPStatus.METHOD_NOT_ALLOWED) return self._format_out(outdata, session, _format) diff --git a/osm_nbi/tests/clear-all.sh b/osm_nbi/tests/clear-all.sh new file mode 100755 index 0000000..5a9a9c6 --- /dev/null +++ b/osm_nbi/tests/clear-all.sh @@ -0,0 +1,86 @@ +#! /bin/bash +# author: Alfonso Tierno +# Script that uses the test NBI URL to clean database. See usage + + +function usage(){ + echo -e "usage: $0 [OPTIONS]" + echo -e "TEST NBI API is used to clean database content, except user admin. Useful for testing." + echo -e "NOTE: database is cleaned but not the content of other modules as RO or VCA that must be cleaned manually." + echo -e " OPTIONS" + echo -e " -h --help: show this help" + echo -e " -f --force: Do not ask for confirmation" + echo -e " --clean-RO: clean RO content. RO client (openmano) must be installed and configured" + echo -e " --clean-VCA: clean VCA content. juju must be installed and configured" + echo -e " ENV variable 'OSMNBI_URL' is used for the URL of the NBI server. If missing, it uses" \ + "'https://\$OSM_HOSTNAME:9999/osm'. If 'OSM_HOSTNAME' is missing, localhost is used" +} + + +function ask_user(){ + # ask to the user and parse a response among 'y', 'yes', 'n' or 'no'. Case insensitive. + # Params: $1 text to ask; $2 Action by default, can be 'y' for yes, 'n' for no, other or empty for not allowed. + # Return: true(0) if user type 'yes'; false (1) if user type 'no' + read -e -p "$1" USER_CONFIRMATION + while true ; do + [ -z "$USER_CONFIRMATION" ] && [ "$2" == 'y' ] && return 0 + [ -z "$USER_CONFIRMATION" ] && [ "$2" == 'n' ] && return 1 + [ "${USER_CONFIRMATION,,}" == "yes" ] || [ "${USER_CONFIRMATION,,}" == "y" ] && return 0 + [ "${USER_CONFIRMATION,,}" == "no" ] || [ "${USER_CONFIRMATION,,}" == "n" ] && return 1 + read -e -p "Please type 'yes' or 'no': " USER_CONFIRMATION + done +} + + +while [ -n "$1" ] +do + option="$1" + shift + ( [ "$option" == -h ] || [ "$option" == --help ] ) && usage && exit + ( [ "$option" == -f ] || [ "$option" == --force ] ) && OSMNBI_CLEAN_FORCE=yes && continue + [ "$option" == --clean-RO ] && OSMNBI_CLEAN_RO=yes && continue + [ "$option" == --clean-VCA ] && OSMNBI_CLEAN_VCA=yes && continue + echo "Unknown option '$option'. Type $0 --help" 2>&1 && exit 1 +done + + +[ -n "$OSMNBI_CLEAN_FORCE" ] || ask_user "Clean database content (y/N)?" n || exit +[ -z "$OSM_HOSTNAME" ] && OSM_HOSTNAME=localhost +[ -z "$OSMNBI_URL" ] && OSMNBI_URL="https://${OSM_HOSTNAME}:9999/osm" + +if [ -n "$OSMNBI_CLEAN_RO" ] +then + export OPENMANO_TENANT=osm + for dc in `openmano datacenter-list | awk '{print $1}'` + do + export OPENMANO_DATACENTER=$dc + for i in instance-scenario scenario vnf + do + for f in `openmano $i-list | awk '{print $1}'` + do + [[ -n "$f" ]] && [[ "$f" != No ]] && openmano ${i}-delete -f ${f} + done + done + done +fi + +for item in vim_accounts vims sdns nsrs vnfrs nslcmops nsds vnfds projects +do + curl --insecure ${OSMNBI_URL}/test/db-clear/${item} + echo " ${item}" +done +# delete all users except admin +curl --insecure ${OSMNBI_URL}/test/db-clear/users?username.ne=admin + +if [ -n "$OSMNBI_CLEAN_RO" ] +then + for dc in `openmano datacenter-list | awk '{print $1}'` ; do openmano datacenter-detach $dc ; done + for dc in `openmano datacenter-list --all | awk '{print $1}'` ; do openmano datacenter-delete -f $dc ; done + for dc in `openmano sdn-controller-list | awk '{print $1}'` ; do openmano sdn-controller-delete -f $dc ; done +fi + +if [ -n "$OSMNBI_CLEAN_VCA" ] +then + juju destroy-model -y default + juju add-model default +fi diff --git a/osm_nbi/tests/test.py b/osm_nbi/tests/test.py index 54aa0a3..4e21b3f 100755 --- a/osm_nbi/tests/test.py +++ b/osm_nbi/tests/test.py @@ -120,6 +120,10 @@ class TestRest: def set_header(self, header): self.s.headers.update(header) + def unset_header(self, key): + if key in self.s.headers: + del self.s.headers[key] + def test(self, name, description, method, url, headers, payload, expected_codes, expected_headers, expected_payload): """ @@ -249,11 +253,18 @@ class TestRest: # self.project = project r = self.test("TOKEN", "Obtain token", "POST", "/admin/v1/tokens", headers_json, {"username": self.user, "password": self.password, "project_id": self.project}, - (200, 201), {"Content-Type": "application/json"}, "json") + (200, 201), r_header_json, "json") response = r.json() self.token = response["id"] self.set_header({"Authorization": "Bearer {}".format(self.token)}) + def remove_authorization(self): + if self.token: + self.test("TOKEN_DEL", "Delete token", "DELETE", "/admin/v1/tokens/{}".format(self.token), headers_json, + None, (200, 201, 204), None, None) + self.token = None + self.unset_header("Authorization") + def get_create_vim(self, test_osm): if self.vim_id: return self.vim_id @@ -300,7 +311,8 @@ class TestNonAuthorized: description = "test invalid URLs. methods and no authorization" @staticmethod - def run(engine, test_osm, manual_check): + def run(engine, test_osm, manual_check, test_params=None): + engine.remove_authorization() test_not_authorized_list = ( ("NA1", "Invalid token", "GET", "/admin/v1/users", headers_json, None, 401, r_header_json, "json"), ("NA2", "Invalid URL", "POST", "/admin/v1/nonexist", headers_yaml, None, 405, r_header_yaml, "yaml"), @@ -310,6 +322,102 @@ class TestNonAuthorized: engine.test(*t) +class TestUsersProjects: + description = "test project and user creation" + + @staticmethod + def run(engine, test_osm, manual_check, test_params=None): + engine.get_autorization() + engine.test("PU1", "Create project non admin", "POST", "/admin/v1/projects", headers_json, {"name": "P1"}, + (201, 204), {"Location": "/admin/v1/projects/", "Content-Type": "application/json"}, "json") + engine.test("PU2", "Create project admin", "POST", "/admin/v1/projects", headers_json, + {"name": "Padmin", "admin": True}, (201, 204), + {"Location": "/admin/v1/projects/", "Content-Type": "application/json"}, "json") + engine.test("PU3", "Create project bad format", "POST", "/admin/v1/projects", headers_json, {"name": 1}, 422, + r_header_json, "json") + engine.test("PU4", "Create user with bad project", "POST", "/admin/v1/users", headers_json, + {"username": "U1", "projects": ["P1", "P2", "Padmin"], "password": "pw1"}, 409, + r_header_json, "json") + engine.test("PU5", "Create user with bad project and force", "POST", "/admin/v1/users?FORCE=True", headers_json, + {"username": "U1", "projects": ["P1", "P2", "Padmin"], "password": "pw1"}, 201, + {"Location": "/admin/v1/users/", "Content-Type": "application/json"}, "json") + engine.test("PU6", "Create user 2", "POST", "/admin/v1/users", headers_json, + {"username": "U2", "projects": ["P1"], "password": "pw2"}, 201, + {"Location": "/admin/v1/users/", "Content-Type": "application/json"}, "json") + + engine.test("PU7", "Edit user U1, delete P2 project", "PATCH", "/admin/v1/users/U1", headers_json, + {"projects": {"$'P2'": None}}, 204, None, None) + res = engine.test("PU1", "Check user U1, contains the right projects", "GET", "/admin/v1/users/U1", + headers_json, None, 200, None, json) + u1 = res.json() + # print(u1) + expected_projects = ["P1", "Padmin"] + if u1["projects"] != expected_projects: + raise TestException("User content projects '{}' different than expected '{}'. Edition has not done" + " properly".format(u1["projects"], expected_projects)) + + engine.test("PU8", "Edit user U1, set Padmin as default project", "PUT", "/admin/v1/users/U1", headers_json, + {"projects": {"$'Padmin'": None, "$+[0]": "Padmin"}}, 204, None, None) + res = engine.test("PU1", "Check user U1, contains the right projects", "GET", "/admin/v1/users/U1", + headers_json, None, 200, None, json) + u1 = res.json() + # print(u1) + expected_projects = ["Padmin", "P1"] + if u1["projects"] != expected_projects: + raise TestException("User content projects '{}' different than expected '{}'. Edition has not done" + " properly".format(u1["projects"], expected_projects)) + + engine.test("PU9", "Edit user U1, change password", "PATCH", "/admin/v1/users/U1", headers_json, + {"password": "pw1_new"}, 204, None, None) + + engine.test("PU10", "Change to project P1 non existing", "POST", "/admin/v1/tokens/", headers_json, + {"project_id": "P1"}, 401, r_header_json, "json") + + res = engine.test("PU1", "Change to user U1 project P1", "POST", "/admin/v1/tokens", headers_json, + {"username": "U1", "password": "pw1_new", "project_id": "P1"}, (200, 201), + r_header_json, "json") + response = res.json() + engine.set_header({"Authorization": "Bearer {}".format(response["id"])}) + + engine.test("PU11", "Edit user projects non admin", "PUT", "/admin/v1/users/U1", headers_json, + {"projects": {"$'P1'": None}}, 401, r_header_json, "json") + engine.test("PU12", "Add new project non admin", "POST", "/admin/v1/projects", headers_json, + {"name": "P2"}, 401, r_header_json, "json") + engine.test("PU13", "Add new user non admin", "POST", "/admin/v1/users", headers_json, + {"username": "U3", "projects": ["P1"], "password": "pw3"}, 401, + r_header_json, "json") + + res = engine.test("PU14", "Change to user U1 project Padmin", "POST", "/admin/v1/tokens", headers_json, + {"project_id": "Padmin"}, (200, 201), r_header_json, "json") + response = res.json() + engine.set_header({"Authorization": "Bearer {}".format(response["id"])}) + + engine.test("PU15", "Add new project admin", "POST", "/admin/v1/projects", headers_json, {"name": "P2"}, + (201, 204), {"Location": "/admin/v1/projects/", "Content-Type": "application/json"}, "json") + engine.test("PU16", "Add new user U3 admin", "POST", "/admin/v1/users", + headers_json, {"username": "U3", "projects": ["P2"], "password": "pw3"}, (201, 204), + {"Location": "/admin/v1/users/", "Content-Type": "application/json"}, "json") + engine.test("PU17", "Edit user projects admin", "PUT", "/admin/v1/users/U3", headers_json, + {"projects": ["P2"]}, 204, None, None) + + engine.test("PU18", "Delete project P2 conflict", "DELETE", "/admin/v1/projects/P2", headers_json, None, 409, + r_header_json, "json") + engine.test("PU19", "Delete project P2 forcing", "DELETE", "/admin/v1/projects/P2?FORCE=True", headers_json, + None, 204, None, None) + + engine.test("PU20", "Delete user U1. Conflict deleting own user", "DELETE", "/admin/v1/users/U1", headers_json, + None, 409, r_header_json, "json") + engine.test("PU21", "Delete user U2", "DELETE", "/admin/v1/users/U2", headers_json, None, 204, None, None) + engine.test("PU22", "Delete user U3", "DELETE", "/admin/v1/users/U3", headers_json, None, 204, None, None) + # change to admin + engine.remove_authorization() # To force get authorization + engine.get_autorization() + engine.test("PU23", "Delete user U1", "DELETE", "/admin/v1/users/U1", headers_json, None, 204, None, None) + engine.test("PU24", "Delete project P1", "DELETE", "/admin/v1/projects/P1", headers_json, None, 204, None, None) + engine.test("PU25", "Delete project Padmin", "DELETE", "/admin/v1/projects/Padmin", headers_json, None, 204, + None, None) + + class TestFakeVim: description = "Creates/edit/delete fake VIMs and SDN controllers" @@ -348,7 +456,7 @@ class TestFakeVim: ]} ] - def run(self, engine, test_osm, manual_check): + def run(self, engine, test_osm, manual_check, test_params=None): vim_bad = self.vim.copy() vim_bad.pop("name") @@ -393,33 +501,66 @@ class TestVIMSDN(TestFakeVim): def __init__(self): TestFakeVim.__init__(self) - def run(self, engine, test_osm, manual_check): + def run(self, engine, test_osm, manual_check, test_params=None): engine.get_autorization() # Added SDN - engine.test("SDN1", "Create SDN", "POST", "/admin/v1/sdns", headers_json, self.sdn, (201, 204), + engine.test("VIMSDN1", "Create SDN", "POST", "/admin/v1/sdns", headers_json, self.sdn, (201, 204), {"Location": "/admin/v1/sdns/", "Content-Type": "application/json"}, "json") - sleep(5) + # sleep(5) # Edit SDN - engine.test("SDN1", "Edit SDN", "PATCH", "/admin/v1/sdns/", headers_json, {"name": "new_sdn_name"}, - (200, 201, 204), r_header_json, "json") - sleep(5) + engine.test("VIMSDN2", "Edit SDN", "PATCH", "/admin/v1/sdns/", headers_json, {"name": "new_sdn_name"}, + 204, None, None) + # sleep(5) # VIM with SDN - self.vim["config"]["sdn-controller"] = engine.test_ids["SDN1"] + self.vim["config"]["sdn-controller"] = engine.test_ids["VIMSDN1"] self.vim["config"]["sdn-port-mapping"] = self.port_mapping - engine.test("VIM2", "Create VIM", "POST", "/admin/v1/vim_accounts", headers_json, self.vim, (200, 204, 201), + engine.test("VIMSDN3", "Create VIM", "POST", "/admin/v1/vim_accounts", headers_json, self.vim, (200, 204, 201), {"Location": "/admin/v1/vim_accounts/", "Content-Type": "application/json"}, "json"), self.port_mapping[0]["compute_node"] = "compute node XX" - engine.test("VIMSDN2", "Edit VIM change port-mapping", "PUT", "/admin/v1/vim_accounts/", headers_json, - {"config": {"sdn-port-mapping": self.port_mapping}}, - (200, 201, 204), {"Content-Type": "application/json"}, "json") - engine.test("VIMSDN3", "Edit VIM remove port-mapping", "PUT", "/admin/v1/vim_accounts/", headers_json, - {"config": {"sdn-port-mapping": None}}, - (200, 201, 204), {"Content-Type": "application/json"}, "json") - engine.test("VIMSDN4", "Delete VIM remove port-mapping", "DELETE", "/admin/v1/vim_accounts/", - headers_json, None, (202, 201, 204), None, 0) - engine.test("VIMSDN5", "Delete SDN", "DELETE", "/admin/v1/sdns/", headers_json, None, - (202, 201, 204), None, 0) + engine.test("VIMSDN4", "Edit VIM change port-mapping", "PUT", "/admin/v1/vim_accounts/", headers_json, + {"config": {"sdn-port-mapping": self.port_mapping}}, 204, None, None) + engine.test("VIMSDN5", "Edit VIM remove port-mapping", "PUT", "/admin/v1/vim_accounts/", headers_json, + {"config": {"sdn-port-mapping": None}}, 204, None, None) + + if not test_osm: + # delete with FORCE + engine.test("VIMSDN6", "Delete VIM remove port-mapping", "DELETE", + "/admin/v1/vim_accounts/?FORCE=True", headers_json, None, 202, None, 0) + engine.test("VIMSDN7", "Delete SDNC", "DELETE", "/admin/v1/sdns/?FORCE=True", headers_json, None, + 202, None, 0) + + engine.test("VIMSDN8", "Check VIM is deleted", "GET", "/admin/v1/vim_accounts/", headers_yaml, + None, 404, r_header_yaml, "yaml") + engine.test("VIMSDN9", "Check SDN is deleted", "GET", "/admin/v1/sdns/", headers_yaml, None, + 404, r_header_yaml, "yaml") + else: + # delete and wait until is really deleted + engine.test("VIMSDN6", "Delete VIM remove port-mapping", "DELETE", "/admin/v1/vim_accounts/", + headers_json, None, (202, 201, 204), None, 0) + engine.test("VIMSDN7", "Delete SDN", "DELETE", "/admin/v1/sdns/", headers_json, None, + (202, 201, 204), None, 0) + wait = timeout + while wait >= 0: + r = engine.test("VIMSDN8", "Check VIM is deleted", "GET", "/admin/v1/vim_accounts/", + headers_yaml, None, None, r_header_yaml, "yaml") + if r.status_code == 404: + break + elif r.status_code == 200: + wait -= 5 + sleep(5) + else: + raise TestException("Vim created at 'VIMSDN3' is not delete after {} seconds".format(timeout)) + while wait >= 0: + r = engine.test("VIMSDN9", "Check SDNC is deleted", "GET", "/admin/v1/sdns/", + headers_yaml, None, None, r_header_yaml, "yaml") + if r.status_code == 404: + break + elif r.status_code == 200: + wait -= 5 + sleep(5) + else: + raise TestException("SDNC created at 'VIMSDN1' is not delete after {} seconds".format(timeout)) class TestDeploy: @@ -776,10 +917,7 @@ class TestDeployHackfest4(TestDeploy): default-value: '/home/ubuntu/touched' """ engine.test("DEPLOY{}".format(self.step), "Edit VNFD ", "PATCH", - "/vnfpkgm/v1/vnf_packages/<{}>".format(self.vnfds_test[0]), - headers_yaml, payload, 200, - r_header_yaml, yaml) - self.vnfds_test.append("DEPLOY" + str(self.step)) + "/vnfpkgm/v1/vnf_packages/<{}>".format(self.vnfds_test[0]), headers_yaml, payload, 204, None, None) self.step += 1 def run(self, engine, test_osm, manual_check, test_params=None): @@ -906,6 +1044,7 @@ if __name__ == "__main__": test_classes = { "NonAuthorized": TestNonAuthorized, "FakeVIM": TestFakeVim, + "TestUsersProjects": TestUsersProjects, "VIM-SDN": TestVIMSDN, "Deploy-Custom": TestDeploy, "Deploy-Hackfest-Cirros": TestDeployHackfestCirros, diff --git a/osm_nbi/validation.py b/osm_nbi/validation.py index a84b0bd..4ffd0b7 100644 --- a/osm_nbi/validation.py +++ b/osm_nbi/validation.py @@ -12,8 +12,8 @@ Validator of input data using JSON schemas for those items that not contains an # Basis schemas patern_name = "^[ -~]+$" +nameshort_schema = {"type": "string", "minLength": 1, "maxLength": 60, "pattern": "^[^,;()\.\$'\"]+$"} passwd_schema = {"type": "string", "minLength": 1, "maxLength": 60} -nameshort_schema = {"type": "string", "minLength": 1, "maxLength": 60, "pattern": "^[^,;()'\"]+$"} name_schema = {"type": "string", "minLength": 1, "maxLength": 255, "pattern": "^[^,;()'\"]+$"} string_schema = {"type": "string", "minLength": 1, "maxLength": 255} xml_text_schema = {"type": "string", "minLength": 1, "maxLength": 1000, "pattern": "^[^']+$"} @@ -48,6 +48,15 @@ schema_version_2 = {"type": "integer", "minimum": 2, "maximum": 2} log_level_schema = {"type": "string", "enum": ["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"]} checksum_schema = {"type": "string", "pattern": "^[0-9a-fA-F]{32}$"} size_schema = {"type": "integer", "minimum": 1, "maximum": 100} +array_edition_schema = { + "type": "object", + "patternProperties": { + "^\$": "Any" + }, + "additionalProperties": False, + "minProperties": 1, +} + ns_instantiate_vdu = { "title": "ns action instantiate input schema for vdu", @@ -300,7 +309,7 @@ vim_account_edit_schema = { "vim_tenant": name_schema, "vim_tenant_name": name_schema, "vim_username": nameshort_schema, - "vim_password": nameshort_schema, + "vim_password": passwd_schema, "config": {"type": "object"} }, "additionalProperties": False @@ -324,7 +333,7 @@ vim_account_new_schema = { # "vim_tenant": name_schema, "vim_tenant_name": name_schema, "vim_user": nameshort_schema, - "vim_password": nameshort_schema, + "vim_password": passwd_schema, "config": {"type": "object"} }, "required": ["name", "vim_url", "vim_type", "vim_user", "vim_password", "vim_tenant_name"], @@ -385,7 +394,7 @@ sdn_port_mapping_schema = { } sdn_external_port_schema = { "$schema": "http://json-schema.org/draft-04/schema#", - "title": "External port ingformation", + "title": "External port information", "type": "object", "properties": { "port": {"type": "string", "minLength": 1, "maxLength": 60}, @@ -395,8 +404,67 @@ sdn_external_port_schema = { "required": ["port"] } +# USERS +user_project_schema = { + "type": "array", + "minItems": 1, + "items": nameshort_schema, +} +user_new_schema = { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "New user schema", + "type": "object", + "properties": { + "username": nameshort_schema, + "password": passwd_schema, + "projects": user_project_schema, + }, + "required": ["username", "password", "projects"], + "additionalProperties": False +} +user_edit_schema = { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "User edit schema for administrators", + "type": "object", + "properties": { + "password": passwd_schema, + "projects": { + "oneOff": [ + user_project_schema, + array_edition_schema + ] + }, + } +} + +# PROJECTS +project_new_schema = { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "New project schema for administrators", + "type": "object", + "properties": { + "name": nameshort_schema, + "admin": bool_schema, + }, + "required": ["name"], + "additionalProperties": False +} +project_edit_schema = { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Project edit schema for administrators", + "type": "object", + "properties": { + "admin": bool_schema, + }, + "additionalProperties": False, + "minProperties": 1 +} + +# GLOBAL SCHEMAS nbi_new_input_schemas = { + "users": user_new_schema, + "projects": project_new_schema, "vim_accounts": vim_account_new_schema, "sdns": sdn_new_schema, "ns_instantiate": ns_instantiate, @@ -405,6 +473,8 @@ nbi_new_input_schemas = { } nbi_edit_input_schemas = { + "users": user_edit_schema, + "projects": project_edit_schema, "vim_accounts": vim_account_edit_schema, "sdns": sdn_edit_schema } @@ -416,7 +486,7 @@ class ValidationError(Exception): def validate_input(indata, item, new=True): """ - Validates input data agains json schema + Validates input data against json schema :param indata: user input data. Should be a dictionary :param item: can be users, projects, vims, sdns, ns_xxxxx :param new: True if the validation is for creating or False if it is for editing