Merge lp:~nskaggs/juju-ci-tools/remove-controller-permissions into lp:juju-ci-tools
- remove-controller-permissions
- Merge into trunk
Proposed by
Nicholas Skaggs
Status: | Merged |
---|---|
Merged at revision: | 1958 |
Proposed branch: | lp:~nskaggs/juju-ci-tools/remove-controller-permissions |
Merge into: | lp:juju-ci-tools |
Diff against target: |
725 lines (+155/-429) 4 files modified
assess_controller_permissions.py (+0/-217) assess_user_grant_revoke.py (+139/-104) tests/test_assess_controller_permissions.py (+0/-98) tests/test_assess_user_grant_revoke.py (+16/-10) |
To merge this branch: | bzr merge lp:~nskaggs/juju-ci-tools/remove-controller-permissions |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christopher Lee (community) | Approve | ||
Review via email: mp+321109@code.launchpad.net |
Commit message
Description of the change
This removes the unused controller permissions, and incorporates some of the ideas into user grant revoke. I also took the opportunity to clean up the readability and extensibility of the user grant revoke test. More could be done, but this should make future work easier.
To post a comment you must log in.
- 1959. By Nicholas Skaggs
-
update operations, fix test
- 1960. By Nicholas Skaggs
-
fixup readability
- 1961. By Nicholas Skaggs
-
change read commands
- 1962. By Nicholas Skaggs
-
fix disable function
- 1963. By Nicholas Skaggs
-
Updates from review comments
Revision history for this message
Nicholas Skaggs (nskaggs) wrote : | # |
Couldn't help myself Chris, I incorporated all your suggestions and then some. It's much nicer. Thanks.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === removed file 'assess_controller_permissions.py' |
2 | --- assess_controller_permissions.py 2016-09-13 21:33:20 +0000 |
3 | +++ assess_controller_permissions.py 1970-01-01 00:00:00 +0000 |
4 | @@ -1,217 +0,0 @@ |
5 | -#!/usr/bin/env python |
6 | -"""TODO: add rough description of what is assessed in this module.""" |
7 | - |
8 | -from __future__ import print_function |
9 | - |
10 | -import argparse |
11 | -import logging |
12 | -import random |
13 | -import string |
14 | -import subprocess |
15 | -import sys |
16 | - |
17 | -from assess_user_grant_revoke import ( |
18 | - assert_change_password, |
19 | - assert_logout_login, |
20 | - list_users, |
21 | - User, |
22 | - ) |
23 | -from deploy_stack import ( |
24 | - BootstrapManager, |
25 | - ) |
26 | -from utility import ( |
27 | - JujuAssertionError, |
28 | - add_basic_testing_arguments, |
29 | - configure_logging, |
30 | - temp_dir, |
31 | - ) |
32 | - |
33 | - |
34 | -__metaclass__ = type |
35 | - |
36 | - |
37 | -log = logging.getLogger("assess_controller_permissions") |
38 | - |
39 | - |
40 | -def assert_add_model(user_client, permission): |
41 | - """Test user's ability of adding models.""" |
42 | - try: |
43 | - user_client.add_model(user_client.env) |
44 | - except subprocess.CalledProcessError: |
45 | - raise JujuAssertionError( |
46 | - "Controller can't add model with {} permission".format(permission)) |
47 | - |
48 | - |
49 | -def assert_destroy_model(user_client, permission): |
50 | - """Test user's ability of destroying models.""" |
51 | - try: |
52 | - user_client.destroy_model() |
53 | - except subprocess.CalledProcessError: |
54 | - raise JujuAssertionError( |
55 | - "Controller can't destroy model with {} permission".format( |
56 | - permission)) |
57 | - |
58 | - |
59 | -def assert_add_remove_user(user_client, permission): |
60 | - """Test user's ability of adding/removing users.""" |
61 | - for controller_permission in ['login', 'addmodel', 'superuser']: |
62 | - code = ''.join(random.choice( |
63 | - string.ascii_letters + string.digits) for _ in xrange(4)) |
64 | - try: |
65 | - user_client.add_user_perms(permission + code, |
66 | - permissions=controller_permission) |
67 | - except subprocess.CalledProcessError: |
68 | - raise JujuAssertionError( |
69 | - 'Controller could not add ' |
70 | - '{} controller with {} permission'.format( |
71 | - controller_permission, permission)) |
72 | - try: |
73 | - user_client.remove_user(permission + code, |
74 | - permissions=controller_permission) |
75 | - except subprocess.CalledProcessError: |
76 | - raise JujuAssertionError( |
77 | - 'Controller could not remove ' |
78 | - '{} controller with {} permission'.format( |
79 | - controller_permission, permission)) |
80 | - |
81 | - |
82 | -def assert_lists(user_client): |
83 | - """Test user's ability of retrieving lists.""" |
84 | - list_users(user_client) |
85 | - user_client.list_models() |
86 | - user_client.list_clouds() |
87 | - user_client.show_controller() |
88 | - |
89 | - |
90 | -def assert_login_permission(controller_client, user_client, |
91 | - user, fake_home, has_permission): |
92 | - """Test user's ability with login permission.""" |
93 | - if has_permission: |
94 | - try: |
95 | - assert_logout_login(controller_client, user_client, |
96 | - user, fake_home) |
97 | - assert_change_password(user_client, user) |
98 | - assert_lists(user_client) |
99 | - except subprocess.CalledProcessError: |
100 | - raise JujuAssertionError( |
101 | - 'FAIL {} could not login/read with {} permission'.format( |
102 | - user.name, user.permissions)) |
103 | - else: |
104 | - try: |
105 | - assert_logout_login(controller_client, user_client, |
106 | - user, fake_home) |
107 | - assert_change_password(user_client, user) |
108 | - assert_lists(user_client) |
109 | - except subprocess.CalledProcessError: |
110 | - log.info('Correctly rejected {} use of login/read'.format( |
111 | - user.name)) |
112 | - else: |
113 | - raise JujuAssertionError( |
114 | - 'FAIL User login/read without login permission') |
115 | - |
116 | - |
117 | -def assert_addmodel_permission(user_client, user, has_permission): |
118 | - """Test user's ability with addmodel permission.""" |
119 | - if has_permission: |
120 | - try: |
121 | - assert_add_model(user_client, user.permissions) |
122 | - assert_destroy_model(user_client, user.permissions) |
123 | - except subprocess.CalledProcessError: |
124 | - raise JujuAssertionError( |
125 | - 'FAIL {} could not add/remove' |
126 | - ' models with {} permission'.format( |
127 | - user.name, user.permissions)) |
128 | - else: |
129 | - try: |
130 | - assert_add_model(user_client, user.permissions) |
131 | - assert_destroy_model(user_client, user.permissions) |
132 | - except subprocess.CalledProcessError: |
133 | - log.info('Correctly rejected {} use of add/remove model'.format( |
134 | - user.name)) |
135 | - else: |
136 | - raise JujuAssertionError( |
137 | - 'FAIL User added/removed models without addmodel permission') |
138 | - |
139 | - |
140 | -def assert_superuser_permission(user_client, user, has_permission): |
141 | - """Test user's ability with superuser permission.""" |
142 | - if has_permission: |
143 | - try: |
144 | - assert_add_remove_user(user_client, user.permissions) |
145 | - except subprocess.CalledProcessError: |
146 | - raise JujuAssertionError( |
147 | - 'FAIL {} could not add/remove users with {} permission'.format( |
148 | - user.name, user.permissions)) |
149 | - else: |
150 | - try: |
151 | - assert_add_remove_user(user_client, user.permissions) |
152 | - except subprocess.CalledProcessError: |
153 | - log.info('Correctly rejected {} use of add/remove users'.format( |
154 | - user.name)) |
155 | - else: |
156 | - raise JujuAssertionError( |
157 | - 'FAIL User added/removed users without superuser permission') |
158 | - |
159 | - |
160 | -def assert_login_controller(controller_client, user): |
161 | - """Test user with login controller permission.""" |
162 | - with temp_dir() as fake_home: |
163 | - user_client = controller_client.register_user( |
164 | - user, fake_home) |
165 | - assert_login_permission(controller_client, user_client, |
166 | - user, fake_home, True) |
167 | - assert_addmodel_permission(user_client, user, False) |
168 | - assert_superuser_permission(user_client, user, False) |
169 | - |
170 | - |
171 | -def assert_addmodel_controller(controller_client, user): |
172 | - """Test user with addmodel controller permission.""" |
173 | - with temp_dir() as fake_home: |
174 | - user_client = controller_client.register_user( |
175 | - user, fake_home) |
176 | - assert_login_permission(controller_client, user_client, |
177 | - user, fake_home, True) |
178 | - assert_addmodel_permission(user_client, user, True) |
179 | - assert_superuser_permission(user_client, user, False) |
180 | - |
181 | - |
182 | -def assert_superuser_controller(controller_client, user): |
183 | - """Test user with superuser controller permission.""" |
184 | - with temp_dir() as fake_home: |
185 | - user_client = controller_client.register_user( |
186 | - user, fake_home) |
187 | - assert_login_permission(controller_client, user_client, |
188 | - user, fake_home, True) |
189 | - assert_addmodel_permission(user_client, user, True) |
190 | - assert_superuser_permission(user_client, user, True) |
191 | - |
192 | - |
193 | -def assess_controller_permissions(controller_client): |
194 | - """Test controller permissions.""" |
195 | - login_controller = User('login_controller', 'login', []) |
196 | - addmodel_controller = User('addmodel_controller', 'addmodel', []) |
197 | - superuser_controller = User('superuser_controller', 'superuser', []) |
198 | - assert_login_controller(controller_client, login_controller) |
199 | - assert_addmodel_controller(controller_client, addmodel_controller) |
200 | - assert_superuser_controller(controller_client, superuser_controller) |
201 | - |
202 | - |
203 | -def parse_args(argv): |
204 | - """Parse all arguments.""" |
205 | - parser = argparse.ArgumentParser( |
206 | - description="Test controller permissions.") |
207 | - add_basic_testing_arguments(parser) |
208 | - return parser.parse_args(argv) |
209 | - |
210 | - |
211 | -def main(argv=None): |
212 | - args = parse_args(argv) |
213 | - configure_logging(args.verbose) |
214 | - bs_manager = BootstrapManager.from_args(args) |
215 | - with bs_manager.booted_context(args.upload_tools): |
216 | - assess_controller_permissions(bs_manager.client) |
217 | - return 0 |
218 | - |
219 | - |
220 | -if __name__ == '__main__': |
221 | - sys.exit(main()) |
222 | |
223 | === modified file 'assess_user_grant_revoke.py' |
224 | --- assess_user_grant_revoke.py 2017-03-23 21:22:49 +0000 |
225 | +++ assess_user_grant_revoke.py 2017-03-28 14:43:16 +0000 |
226 | @@ -62,6 +62,12 @@ |
227 | SHARE_LIST_CTRL_ADMIN["adminuser"] = {"access": "admin"} |
228 | |
229 | |
230 | +def _generate_random_string(): |
231 | + # We prefix a letter because usernames must begin with letter |
232 | + return 'r'.join(random.choice( |
233 | + string.ascii_letters + string.digits) for _ in range(9)) |
234 | + |
235 | + |
236 | def assert_equal(found, expected): |
237 | found = sorted(found) |
238 | expected = sorted(expected) |
239 | @@ -70,6 +76,26 @@ |
240 | 'Found: {}\nExpected: {}'.format(found, expected)) |
241 | |
242 | |
243 | +def assert_command_fails(check_callable, command_type, permission): |
244 | + try: |
245 | + check_callable() |
246 | + except subprocess.CalledProcessError: |
247 | + pass |
248 | + else: |
249 | + raise JujuAssertionError( |
250 | + 'FAIL User performed {} operation with ' |
251 | + 'permission {}'.format(command_type, permission)) |
252 | + |
253 | + |
254 | +def assert_command_succeeds(check_callable, command_type, permission): |
255 | + try: |
256 | + check_callable() |
257 | + except subprocess.CalledProcessError: |
258 | + raise JujuAssertionError( |
259 | + 'FAIL User unable to perform {} operation with ' |
260 | + 'permission {}'.format(command_type, permission)) |
261 | + |
262 | + |
263 | def list_users(client): |
264 | """Test listing all the users""" |
265 | users_list = json.loads(client.get_juju_output('list-users', '--format', |
266 | @@ -100,80 +126,69 @@ |
267 | return user_status |
268 | |
269 | |
270 | +def assess_read_operations(client, permission, has_permission): |
271 | + read_commands = ( |
272 | + client.show_status, |
273 | + lambda: client.juju('show-model', (), include_e=False), |
274 | + ) |
275 | + |
276 | + for command in read_commands: |
277 | + if has_permission: |
278 | + assert_command_succeeds(command, 'read', permission) |
279 | + else: |
280 | + assert_command_fails(command, 'read', permission) |
281 | + |
282 | + |
283 | +def assess_write_operations(client, permission, has_permission): |
284 | + tags = '"{}={}"'.format(client.env.user_name, permission) |
285 | + write_commands = ( |
286 | + lambda: client.set_env_option('resource-tags', tags), |
287 | + ) |
288 | + |
289 | + for command in write_commands: |
290 | + if has_permission: |
291 | + assert_command_succeeds(command, 'write', permission) |
292 | + else: |
293 | + assert_command_fails(command, 'write', permission) |
294 | + |
295 | + |
296 | +def assess_admin_operations(client, permission, has_permission): |
297 | + # Create a username for the user client to interact with |
298 | + new_read_user = _generate_random_string() |
299 | + new_admin_user = _generate_random_string() |
300 | + admin_commands = ( |
301 | + lambda: client.add_user(new_read_user), |
302 | + lambda: client.grant(new_read_user, permission="read"), |
303 | + lambda: client.remove_user(new_read_user), |
304 | + lambda: client.add_user_perms(new_admin_user, permissions="admin"), |
305 | + lambda: client.remove_user(new_admin_user), |
306 | + ) |
307 | + |
308 | + for command in admin_commands: |
309 | + if has_permission: |
310 | + assert_command_succeeds(command, 'admin', permission) |
311 | + else: |
312 | + assert_command_fails(command, 'admin', permission) |
313 | + |
314 | + |
315 | def assert_read_model(client, permission, has_permission): |
316 | """Test if the user has or doesn't have the read permission""" |
317 | log.info('Checking read model acl {}'.format(client.env.user_name)) |
318 | - if has_permission: |
319 | - try: |
320 | - client.show_status() |
321 | - except subprocess.CalledProcessError: |
322 | - raise JujuAssertionError( |
323 | - 'FAIL User could not check status with {} permission'.format( |
324 | - permission)) |
325 | - else: |
326 | - try: |
327 | - client.show_status() |
328 | - except subprocess.CalledProcessError: |
329 | - pass |
330 | - else: |
331 | - raise JujuAssertionError( |
332 | - 'FAIL {} checked status without {} permission'.format( |
333 | - client.env.user_name, permission)) |
334 | + assess_read_operations(client, permission, has_permission) |
335 | log.info('PASS {} read acl'.format(client.env.user_name)) |
336 | |
337 | |
338 | def assert_write_model(client, permission, has_permission): |
339 | """Test if the user has or doesn't have the write permission""" |
340 | log.info('Checking write model acl {}'.format(client.env.user_name)) |
341 | - if has_permission: |
342 | - try: |
343 | - tags = '"{}={}"'.format(client.env.user_name, permission) |
344 | - client.set_env_option('resource-tags', tags) |
345 | - except subprocess.CalledProcessError: |
346 | - raise JujuAssertionError( |
347 | - 'FAIL {} could not set-model-config with {} permission'.format( |
348 | - client.env.user_name, permission)) |
349 | - else: |
350 | - try: |
351 | - tags = '"{}=no-{}"'.format(client.env.user_name, permission) |
352 | - client.set_env_option('resource-tags', tags) |
353 | - except subprocess.CalledProcessError: |
354 | - pass |
355 | - else: |
356 | - raise JujuAssertionError( |
357 | - 'FAIL User set model-config without {} permission'.format( |
358 | - permission)) |
359 | + assess_write_operations(client, permission, has_permission) |
360 | log.info('PASS {} write model acl'.format(client.env.user_name)) |
361 | |
362 | |
363 | def assert_admin_model(controller_client, client, permission, has_permission): |
364 | """Test if the user has or doesn't have the admin permission""" |
365 | log.info('Checking admin acl with {}'.format(client.env.user_name)) |
366 | - code = ''.join(random.choice( |
367 | - string.ascii_letters + string.digits) for _ in range(4)) |
368 | - new_user = permission + code |
369 | - log.info('Adding user {} for test'.format(new_user)) |
370 | - controller_client.add_user_perms(new_user, permissions="read") |
371 | - if has_permission: |
372 | - try: |
373 | - client.grant(new_user, permission="write") |
374 | - except subprocess.CalledProcessError: |
375 | - raise JujuAssertionError( |
376 | - 'FAIL {} could not grant write acl to user'.format( |
377 | - client.env.user_name, permission)) |
378 | - else: |
379 | - try: |
380 | - client.grant(new_user, permission="write") |
381 | - except subprocess.CalledProcessError: |
382 | - log.info('Correctly rejected {} use of grant'.format( |
383 | - client.env.user_name)) |
384 | - else: |
385 | - raise JujuAssertionError( |
386 | - 'FAIL {} granted access without {} permission'.format( |
387 | - client.env.user_name, permission)) |
388 | - # Remove the user to ensure list-users is sane. |
389 | - log.info('Removing user {} after test'.format(new_user)) |
390 | - controller_client.remove_user(new_user) |
391 | + assess_admin_operations(client, permission, has_permission) |
392 | log.info('PASS {} admin acl'.format(client.env.user_name)) |
393 | |
394 | |
395 | @@ -207,15 +222,10 @@ |
396 | child.sendline(password) |
397 | child.expect('(?i)password') |
398 | child.sendline(password) |
399 | - child.expect(pexpect.EOF) |
400 | + client._end_pexpect_session(child) |
401 | except pexpect.TIMEOUT: |
402 | - raise JujuAssertionError( |
403 | - 'FAIL Changing user password failed: pexpect session timed out') |
404 | - if child.isalive(): |
405 | - raise JujuAssertionError( |
406 | - 'FAIL Changing user password failed: pexpect session still alive') |
407 | - child.close() |
408 | - if child.exitstatus != 0: |
409 | + log.error('Buffer: {}'.format(child.buffer)) |
410 | + log.error('Before: {}'.format(child.before)) |
411 | raise JujuAssertionError( |
412 | 'FAIL Changing user password failed: ' |
413 | 'pexpect process exited with {}'.format(child.exitstatus)) |
414 | @@ -224,6 +234,7 @@ |
415 | |
416 | def assert_disable_enable(controller_client, user): |
417 | """Test disabling and enabling users""" |
418 | + original_user_list = list_users(controller_client) |
419 | log.info('Checking disabled {}'.format(user.name)) |
420 | controller_client.disable_user(user.name) |
421 | log.info('Disabled {}'.format(user.name)) |
422 | @@ -235,18 +246,31 @@ |
423 | log.info('Enabled {}'.format(user.name)) |
424 | user_list = list_users(controller_client) |
425 | log.info('Checking list-users {}'.format(user.name)) |
426 | - assert_equal(user_list, USER_LIST_CTRL_WRITE) |
427 | - |
428 | - |
429 | -def assert_logout_login(controller_client, user_client, |
430 | - user, fake_home, password): |
431 | + assert_equal(user_list, original_user_list) |
432 | + |
433 | + |
434 | +def assert_user_status(client, user, expected_users, expected_shares): |
435 | + """Test listing users and shares against expected values""" |
436 | + log.info('Checking list-users {}'.format(user.name)) |
437 | + user_list = list_users(client) |
438 | + assert_equal(user_list, expected_users) |
439 | + log.info('Checking list-shares {}'.format(user.name)) |
440 | + share_list = list_shares(client) |
441 | + assert_equal(share_list, expected_shares) |
442 | + |
443 | + |
444 | +def assert_logout_login(controller_client, user_client, user, |
445 | + fake_home, password, expected_users): |
446 | """Test users' login and logout""" |
447 | + original_user_list = list_users(controller_client) |
448 | user_client.logout() |
449 | log.info('Checking list-users after logout') |
450 | user_list = list_users(controller_client) |
451 | - assert_equal(user_list, USER_LIST_CTRL_READ) |
452 | + assert_equal(user_list, expected_users) |
453 | log.info('Checking list-users after login') |
454 | user_client.login_user(user.name, password) |
455 | + user_list = list_users(controller_client) |
456 | + assert_equal(user_list, original_user_list) |
457 | |
458 | |
459 | def assert_read_user(controller_client, user): |
460 | @@ -255,19 +279,16 @@ |
461 | with temp_dir() as fake_home: |
462 | user_client = controller_client.register_user( |
463 | user, fake_home) |
464 | - log.info('Checking list-users {}'.format(user.name)) |
465 | - user_list = list_users(controller_client) |
466 | - assert_equal(user_list, USER_LIST_CTRL_READ) |
467 | - log.info('Checking list-shares {}'.format(user.name)) |
468 | - share_list = list_shares(controller_client) |
469 | - assert_equal(share_list, SHARE_LIST_CTRL_READ) |
470 | + user_client.env.user_name = user.name |
471 | + assert_user_status(controller_client, user, |
472 | + USER_LIST_CTRL_READ, SHARE_LIST_CTRL_READ) |
473 | |
474 | - password = ''.join(random.choice( |
475 | - string.ascii_letters + string.digits) for _ in range(10)) |
476 | + password = _generate_random_string() |
477 | assert_change_password(user_client, user, password) |
478 | assert_logout_login(controller_client, user_client, |
479 | - user, fake_home, password) |
480 | + user, fake_home, password, USER_LIST_CTRL_READ) |
481 | assert_user_permissions(user, user_client, controller_client) |
482 | + assert_disable_enable(controller_client, user) |
483 | controller_client.remove_user(user.name) |
484 | log.info('PASS read {}'.format(user.name)) |
485 | |
486 | @@ -279,14 +300,15 @@ |
487 | user_client = controller_client.register_user( |
488 | user, fake_home) |
489 | user_client.env.user_name = user.name |
490 | - log.info('Checking list-users {}'.format(user.name)) |
491 | - user_list = list_users(controller_client) |
492 | - assert_equal(user_list, USER_LIST_CTRL_WRITE) |
493 | - log.info('Checking list-shares {}'.format(user.name)) |
494 | - share_list = list_shares(controller_client) |
495 | - assert_equal(share_list, SHARE_LIST_CTRL_WRITE) |
496 | + assert_user_status(controller_client, user, |
497 | + USER_LIST_CTRL_WRITE, SHARE_LIST_CTRL_WRITE) |
498 | + |
499 | + password = _generate_random_string() |
500 | + assert_change_password(user_client, user, password) |
501 | + assert_logout_login(controller_client, user_client, |
502 | + user, fake_home, password, USER_LIST_CTRL_WRITE) |
503 | + assert_user_permissions(user, user_client, controller_client) |
504 | assert_disable_enable(controller_client, user) |
505 | - assert_user_permissions(user, user_client, controller_client) |
506 | controller_client.remove_user(user.name) |
507 | log.info('PASS write {}'.format(user.name)) |
508 | |
509 | @@ -299,17 +321,33 @@ |
510 | user, fake_home) |
511 | controller_client.grant(user_name=user.name, permission="superuser") |
512 | user_client.env.user_name = user.name |
513 | - log.info('Checking list-users {}'.format(user.name)) |
514 | - user_list = list_users(controller_client) |
515 | - assert_equal(user_list, USER_LIST_CTRL_ADMIN) |
516 | - log.info('Checking list-shares {}'.format(user.name)) |
517 | - share_list = list_shares(controller_client) |
518 | - assert_equal(share_list, SHARE_LIST_CTRL_ADMIN) |
519 | + assert_user_status(controller_client, user, |
520 | + USER_LIST_CTRL_ADMIN, SHARE_LIST_CTRL_ADMIN) |
521 | + |
522 | + password = _generate_random_string() |
523 | + assert_change_password(user_client, user, password) |
524 | + assert_logout_login(controller_client, user_client, |
525 | + user, fake_home, password, USER_LIST_CTRL_ADMIN) |
526 | assert_user_permissions(user, user_client, controller_client) |
527 | + assert_disable_enable(controller_client, user) |
528 | controller_client.remove_user(user.name) |
529 | log.info('PASS admin {}'.format(user.name)) |
530 | |
531 | |
532 | +def assert_controller(controller_client): |
533 | + log.info('Checking list-users admin') |
534 | + user_list = list_users(controller_client) |
535 | + assert_equal(user_list, USER_LIST_CTRL) |
536 | + |
537 | + log.info('Checking list-shares admin') |
538 | + share_list = list_shares(controller_client) |
539 | + assert_equal(share_list, SHARE_LIST_CTRL) |
540 | + |
541 | + log.info('Checking show-user admin') |
542 | + user_status = show_user(controller_client) |
543 | + assert_equal(user_status, USER_LIST_CTRL[0]) |
544 | + |
545 | + |
546 | def assess_user_grant_revoke(controller_client): |
547 | """Test multi-users functionality""" |
548 | log.info('STARTING grant/revoke permissions') |
549 | @@ -321,18 +359,15 @@ |
550 | [True, True, False, True, False, False]) |
551 | admin_user = User('adminuser', 'admin', |
552 | [True, True, True, True, True, True]) |
553 | - log.info('Checking list-users admin') |
554 | - user_list = list_users(controller_client) |
555 | - assert_equal(user_list, USER_LIST_CTRL) |
556 | - log.info('Checking list-shares admin') |
557 | - share_list = list_shares(controller_client) |
558 | - assert_equal(share_list, SHARE_LIST_CTRL) |
559 | - log.info('Checking show-user admin') |
560 | - user_status = show_user(controller_client) |
561 | - assert_equal(user_status, USER_LIST_CTRL[0]) |
562 | + |
563 | + # check controller client |
564 | + assert_controller(controller_client) |
565 | + |
566 | + # check each type of user |
567 | assert_read_user(controller_client, read_user) |
568 | assert_write_user(controller_client, write_user) |
569 | assert_admin_user(controller_client, admin_user) |
570 | + |
571 | log.info('SUCCESS grant/revoke permissions') |
572 | |
573 | |
574 | |
575 | === removed file 'tests/test_assess_controller_permissions.py' |
576 | --- tests/test_assess_controller_permissions.py 2017-03-23 21:22:49 +0000 |
577 | +++ tests/test_assess_controller_permissions.py 1970-01-01 00:00:00 +0000 |
578 | @@ -1,98 +0,0 @@ |
579 | -"""Tests for assess_controller_permissions module.""" |
580 | - |
581 | -import logging |
582 | -from mock import Mock, patch |
583 | -import StringIO |
584 | - |
585 | -from assess_controller_permissions import ( |
586 | - assess_controller_permissions, |
587 | - parse_args, |
588 | - main, |
589 | -) |
590 | -from test_assess_user_grant_revoke import ( |
591 | - make_fake_client, |
592 | -) |
593 | -from tests import ( |
594 | - parse_error, |
595 | - TestCase, |
596 | -) |
597 | - |
598 | - |
599 | -class TestParseArgs(TestCase): |
600 | - |
601 | - def test_common_args(self): |
602 | - args = parse_args(["an-env", "/bin/juju", "/tmp/logs", "an-env-mod"]) |
603 | - self.assertEqual("an-env", args.env) |
604 | - self.assertEqual("/bin/juju", args.juju_bin) |
605 | - self.assertEqual("/tmp/logs", args.logs) |
606 | - self.assertEqual("an-env-mod", args.temp_env_name) |
607 | - self.assertEqual(False, args.debug) |
608 | - |
609 | - def test_help(self): |
610 | - fake_stdout = StringIO.StringIO() |
611 | - with parse_error(self) as fake_stderr: |
612 | - with patch("sys.stdout", fake_stdout): |
613 | - parse_args(["--help"]) |
614 | - self.assertEqual("", fake_stderr.getvalue()) |
615 | - self.assertNotIn("TODO", fake_stdout.getvalue()) |
616 | - |
617 | - |
618 | -class TestMain(TestCase): |
619 | - |
620 | - def test_main(self): |
621 | - argv = ["an-env", "/bin/juju", "/tmp/logs", "an-env-mod", "--verbose"] |
622 | - client = Mock(spec=["is_jes_enabled"]) |
623 | - with patch("assess_controller_permissions.configure_logging", |
624 | - autospec=True) as mock_cl: |
625 | - with patch("assess_controller_permissions." |
626 | - "BootstrapManager.booted_context", |
627 | - autospec=True) as mock_bc: |
628 | - with patch('deploy_stack.client_from_config', |
629 | - return_value=client) as mock_c: |
630 | - with patch("assess_controller_permissions." |
631 | - "assess_controller_permissions", |
632 | - autospec=True) as mock_assess: |
633 | - main(argv) |
634 | - mock_cl.assert_called_once_with(logging.DEBUG) |
635 | - mock_c.assert_called_once_with('an-env', "/bin/juju", debug=False, |
636 | - soft_deadline=None) |
637 | - self.assertEqual(mock_bc.call_count, 1) |
638 | - mock_assess.assert_called_once_with(client) |
639 | - |
640 | - |
641 | -class TestAssess(TestCase): |
642 | - |
643 | - def test_assess_controller_permissions(self): |
644 | - fake_client = make_fake_client() |
645 | - fake_client.bootstrap() |
646 | - assert_lc_calls = [True, True, True] |
647 | - assert_ac_calls = [False, True, True] |
648 | - assert_sc_calls = [False, False, True] |
649 | - lc = patch('assess_controller_permissions.assert_login_permission', |
650 | - autospec=True) |
651 | - ac = patch('assess_controller_permissions.assert_addmodel_permission', |
652 | - autospec=True) |
653 | - sc = patch('assess_controller_permissions.assert_superuser_permission', |
654 | - autospec=True) |
655 | - with lc as lc_mock, ac as ac_mock, sc as sc_mock: |
656 | - with patch("jujupy.ModelClient.expect", |
657 | - autospec=True) as expect_mock: |
658 | - with patch("jujupy.ModelClient._end_pexpect_session", |
659 | - autospec=True): |
660 | - expect_mock.return_value.isalive.return_value = False |
661 | - assess_controller_permissions(fake_client) |
662 | - lc_calls = [ |
663 | - call[0][4] for call in |
664 | - lc_mock.call_args_list] |
665 | - ac_calls = [ |
666 | - call[0][2] for call in |
667 | - ac_mock.call_args_list] |
668 | - sc_calls = [ |
669 | - call[0][2] for call in |
670 | - sc_mock.call_args_list] |
671 | - self.assertEqual(lc_calls, |
672 | - assert_lc_calls) |
673 | - self.assertEqual(ac_calls, |
674 | - assert_ac_calls) |
675 | - self.assertEqual(sc_calls, |
676 | - assert_sc_calls) |
677 | |
678 | === modified file 'tests/test_assess_user_grant_revoke.py' |
679 | --- tests/test_assess_user_grant_revoke.py 2017-03-23 19:23:19 +0000 |
680 | +++ tests/test_assess_user_grant_revoke.py 2017-03-28 14:43:16 +0000 |
681 | @@ -138,14 +138,20 @@ |
682 | def test_assert_read_model(self): |
683 | fake_client = fake_juju_client() |
684 | with patch.object(fake_client, 'show_status', return_value=True): |
685 | - assert_read_model(fake_client, 'read', True) |
686 | - with self.assertRaises(JujuAssertionError): |
687 | - assert_read_model(fake_client, 'read', False) |
688 | + with patch.object(fake_client, 'juju', |
689 | + return_value=True): |
690 | + assert_read_model(fake_client, 'read', True) |
691 | + with self.assertRaises(JujuAssertionError): |
692 | + assert_read_model(fake_client, 'read', False) |
693 | with patch.object(fake_client, 'show_status', return_value=False, |
694 | side_effect=CalledProcessError(None, None, None)): |
695 | - assert_read_model(fake_client, 'read', False) |
696 | - with self.assertRaises(JujuAssertionError): |
697 | - assert_read_model(fake_client, 'read', True) |
698 | + with patch.object(fake_client, 'juju', |
699 | + return_value=False, |
700 | + side_effect=CalledProcessError( |
701 | + None, None, None)): |
702 | + assert_read_model(fake_client, 'read', False) |
703 | + with self.assertRaises(JujuAssertionError): |
704 | + assert_read_model(fake_client, 'read', True) |
705 | |
706 | def test_assert_write_model(self): |
707 | fake_client = fake_juju_client() |
708 | @@ -197,13 +203,13 @@ |
709 | with read as read_mock, write as write_mock, admin as admin_mock: |
710 | with expect as expect_mock: |
711 | with patch("jujupy.ModelClient._end_pexpect_session", |
712 | - autospec=True): |
713 | + autospec=True): |
714 | expect_mock.return_value.isalive.return_value = False |
715 | assess_user_grant_revoke(fake_client) |
716 | |
717 | - self.assertEqual(pass_mock.call_count, 1) |
718 | - self.assertEqual(able_mock.call_count, 1) |
719 | - self.assertEqual(log_mock.call_count, 1) |
720 | + self.assertEqual(pass_mock.call_count, 3) |
721 | + self.assertEqual(able_mock.call_count, 3) |
722 | + self.assertEqual(log_mock.call_count, 3) |
723 | |
724 | self.assertEqual(read_mock.call_count, 6) |
725 | self.assertEqual(write_mock.call_count, 6) |
I have some minor issues with a couple of things but not enough to block landing. It does improve the readability of the test.
Please take a look at my questions/ suggestions.