Merge lp:~nskaggs/juju-ci-tools/remove-controller-permissions into lp:juju-ci-tools
- remove-controller-permissions
- Merge into trunk
Proposed by
Nicholas Skaggs
| Status: | Merged |
|---|---|
| Merged at revision: | 1958 |
| Proposed branch: | lp:~nskaggs/juju-ci-tools/remove-controller-permissions |
| Merge into: | lp:juju-ci-tools |
| Diff against target: |
725 lines (+155/-429) 4 files modified
assess_controller_permissions.py (+0/-217) assess_user_grant_revoke.py (+139/-104) tests/test_assess_controller_permissions.py (+0/-98) tests/test_assess_user_grant_revoke.py (+16/-10) |
| To merge this branch: | bzr merge lp:~nskaggs/juju-ci-tools/remove-controller-permissions |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Christopher Lee (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Description of the change
This removes the unused controller permissions, and incorporates some of the ideas into user grant revoke. I also took the opportunity to clean up the readability and extensibility of the user grant revoke test. More could be done, but this should make future work easier.
To post a comment you must log in.
- 1959. By Nicholas Skaggs
-
update operations, fix test
- 1960. By Nicholas Skaggs
-
fixup readability
- 1961. By Nicholas Skaggs
-
change read commands
- 1962. By Nicholas Skaggs
-
fix disable function
- 1963. By Nicholas Skaggs
-
Updates from review comments
Revision history for this message
| Nicholas Skaggs (nskaggs) wrote : | # |
Couldn't help myself Chris, I incorporated all your suggestions and then some. It's much nicer. Thanks.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === removed file 'assess_controller_permissions.py' |
| 2 | --- assess_controller_permissions.py 2016-09-13 21:33:20 +0000 |
| 3 | +++ assess_controller_permissions.py 1970-01-01 00:00:00 +0000 |
| 4 | @@ -1,217 +0,0 @@ |
| 5 | -#!/usr/bin/env python |
| 6 | -"""TODO: add rough description of what is assessed in this module.""" |
| 7 | - |
| 8 | -from __future__ import print_function |
| 9 | - |
| 10 | -import argparse |
| 11 | -import logging |
| 12 | -import random |
| 13 | -import string |
| 14 | -import subprocess |
| 15 | -import sys |
| 16 | - |
| 17 | -from assess_user_grant_revoke import ( |
| 18 | - assert_change_password, |
| 19 | - assert_logout_login, |
| 20 | - list_users, |
| 21 | - User, |
| 22 | - ) |
| 23 | -from deploy_stack import ( |
| 24 | - BootstrapManager, |
| 25 | - ) |
| 26 | -from utility import ( |
| 27 | - JujuAssertionError, |
| 28 | - add_basic_testing_arguments, |
| 29 | - configure_logging, |
| 30 | - temp_dir, |
| 31 | - ) |
| 32 | - |
| 33 | - |
| 34 | -__metaclass__ = type |
| 35 | - |
| 36 | - |
| 37 | -log = logging.getLogger("assess_controller_permissions") |
| 38 | - |
| 39 | - |
| 40 | -def assert_add_model(user_client, permission): |
| 41 | - """Test user's ability of adding models.""" |
| 42 | - try: |
| 43 | - user_client.add_model(user_client.env) |
| 44 | - except subprocess.CalledProcessError: |
| 45 | - raise JujuAssertionError( |
| 46 | - "Controller can't add model with {} permission".format(permission)) |
| 47 | - |
| 48 | - |
| 49 | -def assert_destroy_model(user_client, permission): |
| 50 | - """Test user's ability of destroying models.""" |
| 51 | - try: |
| 52 | - user_client.destroy_model() |
| 53 | - except subprocess.CalledProcessError: |
| 54 | - raise JujuAssertionError( |
| 55 | - "Controller can't destroy model with {} permission".format( |
| 56 | - permission)) |
| 57 | - |
| 58 | - |
| 59 | -def assert_add_remove_user(user_client, permission): |
| 60 | - """Test user's ability of adding/removing users.""" |
| 61 | - for controller_permission in ['login', 'addmodel', 'superuser']: |
| 62 | - code = ''.join(random.choice( |
| 63 | - string.ascii_letters + string.digits) for _ in xrange(4)) |
| 64 | - try: |
| 65 | - user_client.add_user_perms(permission + code, |
| 66 | - permissions=controller_permission) |
| 67 | - except subprocess.CalledProcessError: |
| 68 | - raise JujuAssertionError( |
| 69 | - 'Controller could not add ' |
| 70 | - '{} controller with {} permission'.format( |
| 71 | - controller_permission, permission)) |
| 72 | - try: |
| 73 | - user_client.remove_user(permission + code, |
| 74 | - permissions=controller_permission) |
| 75 | - except subprocess.CalledProcessError: |
| 76 | - raise JujuAssertionError( |
| 77 | - 'Controller could not remove ' |
| 78 | - '{} controller with {} permission'.format( |
| 79 | - controller_permission, permission)) |
| 80 | - |
| 81 | - |
| 82 | -def assert_lists(user_client): |
| 83 | - """Test user's ability of retrieving lists.""" |
| 84 | - list_users(user_client) |
| 85 | - user_client.list_models() |
| 86 | - user_client.list_clouds() |
| 87 | - user_client.show_controller() |
| 88 | - |
| 89 | - |
| 90 | -def assert_login_permission(controller_client, user_client, |
| 91 | - user, fake_home, has_permission): |
| 92 | - """Test user's ability with login permission.""" |
| 93 | - if has_permission: |
| 94 | - try: |
| 95 | - assert_logout_login(controller_client, user_client, |
| 96 | - user, fake_home) |
| 97 | - assert_change_password(user_client, user) |
| 98 | - assert_lists(user_client) |
| 99 | - except subprocess.CalledProcessError: |
| 100 | - raise JujuAssertionError( |
| 101 | - 'FAIL {} could not login/read with {} permission'.format( |
| 102 | - user.name, user.permissions)) |
| 103 | - else: |
| 104 | - try: |
| 105 | - assert_logout_login(controller_client, user_client, |
| 106 | - user, fake_home) |
| 107 | - assert_change_password(user_client, user) |
| 108 | - assert_lists(user_client) |
| 109 | - except subprocess.CalledProcessError: |
| 110 | - log.info('Correctly rejected {} use of login/read'.format( |
| 111 | - user.name)) |
| 112 | - else: |
| 113 | - raise JujuAssertionError( |
| 114 | - 'FAIL User login/read without login permission') |
| 115 | - |
| 116 | - |
| 117 | -def assert_addmodel_permission(user_client, user, has_permission): |
| 118 | - """Test user's ability with addmodel permission.""" |
| 119 | - if has_permission: |
| 120 | - try: |
| 121 | - assert_add_model(user_client, user.permissions) |
| 122 | - assert_destroy_model(user_client, user.permissions) |
| 123 | - except subprocess.CalledProcessError: |
| 124 | - raise JujuAssertionError( |
| 125 | - 'FAIL {} could not add/remove' |
| 126 | - ' models with {} permission'.format( |
| 127 | - user.name, user.permissions)) |
| 128 | - else: |
| 129 | - try: |
| 130 | - assert_add_model(user_client, user.permissions) |
| 131 | - assert_destroy_model(user_client, user.permissions) |
| 132 | - except subprocess.CalledProcessError: |
| 133 | - log.info('Correctly rejected {} use of add/remove model'.format( |
| 134 | - user.name)) |
| 135 | - else: |
| 136 | - raise JujuAssertionError( |
| 137 | - 'FAIL User added/removed models without addmodel permission') |
| 138 | - |
| 139 | - |
| 140 | -def assert_superuser_permission(user_client, user, has_permission): |
| 141 | - """Test user's ability with superuser permission.""" |
| 142 | - if has_permission: |
| 143 | - try: |
| 144 | - assert_add_remove_user(user_client, user.permissions) |
| 145 | - except subprocess.CalledProcessError: |
| 146 | - raise JujuAssertionError( |
| 147 | - 'FAIL {} could not add/remove users with {} permission'.format( |
| 148 | - user.name, user.permissions)) |
| 149 | - else: |
| 150 | - try: |
| 151 | - assert_add_remove_user(user_client, user.permissions) |
| 152 | - except subprocess.CalledProcessError: |
| 153 | - log.info('Correctly rejected {} use of add/remove users'.format( |
| 154 | - user.name)) |
| 155 | - else: |
| 156 | - raise JujuAssertionError( |
| 157 | - 'FAIL User added/removed users without superuser permission') |
| 158 | - |
| 159 | - |
| 160 | -def assert_login_controller(controller_client, user): |
| 161 | - """Test user with login controller permission.""" |
| 162 | - with temp_dir() as fake_home: |
| 163 | - user_client = controller_client.register_user( |
| 164 | - user, fake_home) |
| 165 | - assert_login_permission(controller_client, user_client, |
| 166 | - user, fake_home, True) |
| 167 | - assert_addmodel_permission(user_client, user, False) |
| 168 | - assert_superuser_permission(user_client, user, False) |
| 169 | - |
| 170 | - |
| 171 | -def assert_addmodel_controller(controller_client, user): |
| 172 | - """Test user with addmodel controller permission.""" |
| 173 | - with temp_dir() as fake_home: |
| 174 | - user_client = controller_client.register_user( |
| 175 | - user, fake_home) |
| 176 | - assert_login_permission(controller_client, user_client, |
| 177 | - user, fake_home, True) |
| 178 | - assert_addmodel_permission(user_client, user, True) |
| 179 | - assert_superuser_permission(user_client, user, False) |
| 180 | - |
| 181 | - |
| 182 | -def assert_superuser_controller(controller_client, user): |
| 183 | - """Test user with superuser controller permission.""" |
| 184 | - with temp_dir() as fake_home: |
| 185 | - user_client = controller_client.register_user( |
| 186 | - user, fake_home) |
| 187 | - assert_login_permission(controller_client, user_client, |
| 188 | - user, fake_home, True) |
| 189 | - assert_addmodel_permission(user_client, user, True) |
| 190 | - assert_superuser_permission(user_client, user, True) |
| 191 | - |
| 192 | - |
| 193 | -def assess_controller_permissions(controller_client): |
| 194 | - """Test controller permissions.""" |
| 195 | - login_controller = User('login_controller', 'login', []) |
| 196 | - addmodel_controller = User('addmodel_controller', 'addmodel', []) |
| 197 | - superuser_controller = User('superuser_controller', 'superuser', []) |
| 198 | - assert_login_controller(controller_client, login_controller) |
| 199 | - assert_addmodel_controller(controller_client, addmodel_controller) |
| 200 | - assert_superuser_controller(controller_client, superuser_controller) |
| 201 | - |
| 202 | - |
| 203 | -def parse_args(argv): |
| 204 | - """Parse all arguments.""" |
| 205 | - parser = argparse.ArgumentParser( |
| 206 | - description="Test controller permissions.") |
| 207 | - add_basic_testing_arguments(parser) |
| 208 | - return parser.parse_args(argv) |
| 209 | - |
| 210 | - |
| 211 | -def main(argv=None): |
| 212 | - args = parse_args(argv) |
| 213 | - configure_logging(args.verbose) |
| 214 | - bs_manager = BootstrapManager.from_args(args) |
| 215 | - with bs_manager.booted_context(args.upload_tools): |
| 216 | - assess_controller_permissions(bs_manager.client) |
| 217 | - return 0 |
| 218 | - |
| 219 | - |
| 220 | -if __name__ == '__main__': |
| 221 | - sys.exit(main()) |
| 222 | |
| 223 | === modified file 'assess_user_grant_revoke.py' |
| 224 | --- assess_user_grant_revoke.py 2017-03-23 21:22:49 +0000 |
| 225 | +++ assess_user_grant_revoke.py 2017-03-28 14:43:16 +0000 |
| 226 | @@ -62,6 +62,12 @@ |
| 227 | SHARE_LIST_CTRL_ADMIN["adminuser"] = {"access": "admin"} |
| 228 | |
| 229 | |
| 230 | +def _generate_random_string(): |
| 231 | + # We prefix a letter because usernames must begin with letter |
| 232 | + return 'r'.join(random.choice( |
| 233 | + string.ascii_letters + string.digits) for _ in range(9)) |
| 234 | + |
| 235 | + |
| 236 | def assert_equal(found, expected): |
| 237 | found = sorted(found) |
| 238 | expected = sorted(expected) |
| 239 | @@ -70,6 +76,26 @@ |
| 240 | 'Found: {}\nExpected: {}'.format(found, expected)) |
| 241 | |
| 242 | |
| 243 | +def assert_command_fails(check_callable, command_type, permission): |
| 244 | + try: |
| 245 | + check_callable() |
| 246 | + except subprocess.CalledProcessError: |
| 247 | + pass |
| 248 | + else: |
| 249 | + raise JujuAssertionError( |
| 250 | + 'FAIL User performed {} operation with ' |
| 251 | + 'permission {}'.format(command_type, permission)) |
| 252 | + |
| 253 | + |
| 254 | +def assert_command_succeeds(check_callable, command_type, permission): |
| 255 | + try: |
| 256 | + check_callable() |
| 257 | + except subprocess.CalledProcessError: |
| 258 | + raise JujuAssertionError( |
| 259 | + 'FAIL User unable to perform {} operation with ' |
| 260 | + 'permission {}'.format(command_type, permission)) |
| 261 | + |
| 262 | + |
| 263 | def list_users(client): |
| 264 | """Test listing all the users""" |
| 265 | users_list = json.loads(client.get_juju_output('list-users', '--format', |
| 266 | @@ -100,80 +126,69 @@ |
| 267 | return user_status |
| 268 | |
| 269 | |
| 270 | +def assess_read_operations(client, permission, has_permission): |
| 271 | + read_commands = ( |
| 272 | + client.show_status, |
| 273 | + lambda: client.juju('show-model', (), include_e=False), |
| 274 | + ) |
| 275 | + |
| 276 | + for command in read_commands: |
| 277 | + if has_permission: |
| 278 | + assert_command_succeeds(command, 'read', permission) |
| 279 | + else: |
| 280 | + assert_command_fails(command, 'read', permission) |
| 281 | + |
| 282 | + |
| 283 | +def assess_write_operations(client, permission, has_permission): |
| 284 | + tags = '"{}={}"'.format(client.env.user_name, permission) |
| 285 | + write_commands = ( |
| 286 | + lambda: client.set_env_option('resource-tags', tags), |
| 287 | + ) |
| 288 | + |
| 289 | + for command in write_commands: |
| 290 | + if has_permission: |
| 291 | + assert_command_succeeds(command, 'write', permission) |
| 292 | + else: |
| 293 | + assert_command_fails(command, 'write', permission) |
| 294 | + |
| 295 | + |
| 296 | +def assess_admin_operations(client, permission, has_permission): |
| 297 | + # Create a username for the user client to interact with |
| 298 | + new_read_user = _generate_random_string() |
| 299 | + new_admin_user = _generate_random_string() |
| 300 | + admin_commands = ( |
| 301 | + lambda: client.add_user(new_read_user), |
| 302 | + lambda: client.grant(new_read_user, permission="read"), |
| 303 | + lambda: client.remove_user(new_read_user), |
| 304 | + lambda: client.add_user_perms(new_admin_user, permissions="admin"), |
| 305 | + lambda: client.remove_user(new_admin_user), |
| 306 | + ) |
| 307 | + |
| 308 | + for command in admin_commands: |
| 309 | + if has_permission: |
| 310 | + assert_command_succeeds(command, 'admin', permission) |
| 311 | + else: |
| 312 | + assert_command_fails(command, 'admin', permission) |
| 313 | + |
| 314 | + |
| 315 | def assert_read_model(client, permission, has_permission): |
| 316 | """Test if the user has or doesn't have the read permission""" |
| 317 | log.info('Checking read model acl {}'.format(client.env.user_name)) |
| 318 | - if has_permission: |
| 319 | - try: |
| 320 | - client.show_status() |
| 321 | - except subprocess.CalledProcessError: |
| 322 | - raise JujuAssertionError( |
| 323 | - 'FAIL User could not check status with {} permission'.format( |
| 324 | - permission)) |
| 325 | - else: |
| 326 | - try: |
| 327 | - client.show_status() |
| 328 | - except subprocess.CalledProcessError: |
| 329 | - pass |
| 330 | - else: |
| 331 | - raise JujuAssertionError( |
| 332 | - 'FAIL {} checked status without {} permission'.format( |
| 333 | - client.env.user_name, permission)) |
| 334 | + assess_read_operations(client, permission, has_permission) |
| 335 | log.info('PASS {} read acl'.format(client.env.user_name)) |
| 336 | |
| 337 | |
| 338 | def assert_write_model(client, permission, has_permission): |
| 339 | """Test if the user has or doesn't have the write permission""" |
| 340 | log.info('Checking write model acl {}'.format(client.env.user_name)) |
| 341 | - if has_permission: |
| 342 | - try: |
| 343 | - tags = '"{}={}"'.format(client.env.user_name, permission) |
| 344 | - client.set_env_option('resource-tags', tags) |
| 345 | - except subprocess.CalledProcessError: |
| 346 | - raise JujuAssertionError( |
| 347 | - 'FAIL {} could not set-model-config with {} permission'.format( |
| 348 | - client.env.user_name, permission)) |
| 349 | - else: |
| 350 | - try: |
| 351 | - tags = '"{}=no-{}"'.format(client.env.user_name, permission) |
| 352 | - client.set_env_option('resource-tags', tags) |
| 353 | - except subprocess.CalledProcessError: |
| 354 | - pass |
| 355 | - else: |
| 356 | - raise JujuAssertionError( |
| 357 | - 'FAIL User set model-config without {} permission'.format( |
| 358 | - permission)) |
| 359 | + assess_write_operations(client, permission, has_permission) |
| 360 | log.info('PASS {} write model acl'.format(client.env.user_name)) |
| 361 | |
| 362 | |
| 363 | def assert_admin_model(controller_client, client, permission, has_permission): |
| 364 | """Test if the user has or doesn't have the admin permission""" |
| 365 | log.info('Checking admin acl with {}'.format(client.env.user_name)) |
| 366 | - code = ''.join(random.choice( |
| 367 | - string.ascii_letters + string.digits) for _ in range(4)) |
| 368 | - new_user = permission + code |
| 369 | - log.info('Adding user {} for test'.format(new_user)) |
| 370 | - controller_client.add_user_perms(new_user, permissions="read") |
| 371 | - if has_permission: |
| 372 | - try: |
| 373 | - client.grant(new_user, permission="write") |
| 374 | - except subprocess.CalledProcessError: |
| 375 | - raise JujuAssertionError( |
| 376 | - 'FAIL {} could not grant write acl to user'.format( |
| 377 | - client.env.user_name, permission)) |
| 378 | - else: |
| 379 | - try: |
| 380 | - client.grant(new_user, permission="write") |
| 381 | - except subprocess.CalledProcessError: |
| 382 | - log.info('Correctly rejected {} use of grant'.format( |
| 383 | - client.env.user_name)) |
| 384 | - else: |
| 385 | - raise JujuAssertionError( |
| 386 | - 'FAIL {} granted access without {} permission'.format( |
| 387 | - client.env.user_name, permission)) |
| 388 | - # Remove the user to ensure list-users is sane. |
| 389 | - log.info('Removing user {} after test'.format(new_user)) |
| 390 | - controller_client.remove_user(new_user) |
| 391 | + assess_admin_operations(client, permission, has_permission) |
| 392 | log.info('PASS {} admin acl'.format(client.env.user_name)) |
| 393 | |
| 394 | |
| 395 | @@ -207,15 +222,10 @@ |
| 396 | child.sendline(password) |
| 397 | child.expect('(?i)password') |
| 398 | child.sendline(password) |
| 399 | - child.expect(pexpect.EOF) |
| 400 | + client._end_pexpect_session(child) |
| 401 | except pexpect.TIMEOUT: |
| 402 | - raise JujuAssertionError( |
| 403 | - 'FAIL Changing user password failed: pexpect session timed out') |
| 404 | - if child.isalive(): |
| 405 | - raise JujuAssertionError( |
| 406 | - 'FAIL Changing user password failed: pexpect session still alive') |
| 407 | - child.close() |
| 408 | - if child.exitstatus != 0: |
| 409 | + log.error('Buffer: {}'.format(child.buffer)) |
| 410 | + log.error('Before: {}'.format(child.before)) |
| 411 | raise JujuAssertionError( |
| 412 | 'FAIL Changing user password failed: ' |
| 413 | 'pexpect process exited with {}'.format(child.exitstatus)) |
| 414 | @@ -224,6 +234,7 @@ |
| 415 | |
| 416 | def assert_disable_enable(controller_client, user): |
| 417 | """Test disabling and enabling users""" |
| 418 | + original_user_list = list_users(controller_client) |
| 419 | log.info('Checking disabled {}'.format(user.name)) |
| 420 | controller_client.disable_user(user.name) |
| 421 | log.info('Disabled {}'.format(user.name)) |
| 422 | @@ -235,18 +246,31 @@ |
| 423 | log.info('Enabled {}'.format(user.name)) |
| 424 | user_list = list_users(controller_client) |
| 425 | log.info('Checking list-users {}'.format(user.name)) |
| 426 | - assert_equal(user_list, USER_LIST_CTRL_WRITE) |
| 427 | - |
| 428 | - |
| 429 | -def assert_logout_login(controller_client, user_client, |
| 430 | - user, fake_home, password): |
| 431 | + assert_equal(user_list, original_user_list) |
| 432 | + |
| 433 | + |
| 434 | +def assert_user_status(client, user, expected_users, expected_shares): |
| 435 | + """Test listing users and shares against expected values""" |
| 436 | + log.info('Checking list-users {}'.format(user.name)) |
| 437 | + user_list = list_users(client) |
| 438 | + assert_equal(user_list, expected_users) |
| 439 | + log.info('Checking list-shares {}'.format(user.name)) |
| 440 | + share_list = list_shares(client) |
| 441 | + assert_equal(share_list, expected_shares) |
| 442 | + |
| 443 | + |
| 444 | +def assert_logout_login(controller_client, user_client, user, |
| 445 | + fake_home, password, expected_users): |
| 446 | """Test users' login and logout""" |
| 447 | + original_user_list = list_users(controller_client) |
| 448 | user_client.logout() |
| 449 | log.info('Checking list-users after logout') |
| 450 | user_list = list_users(controller_client) |
| 451 | - assert_equal(user_list, USER_LIST_CTRL_READ) |
| 452 | + assert_equal(user_list, expected_users) |
| 453 | log.info('Checking list-users after login') |
| 454 | user_client.login_user(user.name, password) |
| 455 | + user_list = list_users(controller_client) |
| 456 | + assert_equal(user_list, original_user_list) |
| 457 | |
| 458 | |
| 459 | def assert_read_user(controller_client, user): |
| 460 | @@ -255,19 +279,16 @@ |
| 461 | with temp_dir() as fake_home: |
| 462 | user_client = controller_client.register_user( |
| 463 | user, fake_home) |
| 464 | - log.info('Checking list-users {}'.format(user.name)) |
| 465 | - user_list = list_users(controller_client) |
| 466 | - assert_equal(user_list, USER_LIST_CTRL_READ) |
| 467 | - log.info('Checking list-shares {}'.format(user.name)) |
| 468 | - share_list = list_shares(controller_client) |
| 469 | - assert_equal(share_list, SHARE_LIST_CTRL_READ) |
| 470 | + user_client.env.user_name = user.name |
| 471 | + assert_user_status(controller_client, user, |
| 472 | + USER_LIST_CTRL_READ, SHARE_LIST_CTRL_READ) |
| 473 | |
| 474 | - password = ''.join(random.choice( |
| 475 | - string.ascii_letters + string.digits) for _ in range(10)) |
| 476 | + password = _generate_random_string() |
| 477 | assert_change_password(user_client, user, password) |
| 478 | assert_logout_login(controller_client, user_client, |
| 479 | - user, fake_home, password) |
| 480 | + user, fake_home, password, USER_LIST_CTRL_READ) |
| 481 | assert_user_permissions(user, user_client, controller_client) |
| 482 | + assert_disable_enable(controller_client, user) |
| 483 | controller_client.remove_user(user.name) |
| 484 | log.info('PASS read {}'.format(user.name)) |
| 485 | |
| 486 | @@ -279,14 +300,15 @@ |
| 487 | user_client = controller_client.register_user( |
| 488 | user, fake_home) |
| 489 | user_client.env.user_name = user.name |
| 490 | - log.info('Checking list-users {}'.format(user.name)) |
| 491 | - user_list = list_users(controller_client) |
| 492 | - assert_equal(user_list, USER_LIST_CTRL_WRITE) |
| 493 | - log.info('Checking list-shares {}'.format(user.name)) |
| 494 | - share_list = list_shares(controller_client) |
| 495 | - assert_equal(share_list, SHARE_LIST_CTRL_WRITE) |
| 496 | + assert_user_status(controller_client, user, |
| 497 | + USER_LIST_CTRL_WRITE, SHARE_LIST_CTRL_WRITE) |
| 498 | + |
| 499 | + password = _generate_random_string() |
| 500 | + assert_change_password(user_client, user, password) |
| 501 | + assert_logout_login(controller_client, user_client, |
| 502 | + user, fake_home, password, USER_LIST_CTRL_WRITE) |
| 503 | + assert_user_permissions(user, user_client, controller_client) |
| 504 | assert_disable_enable(controller_client, user) |
| 505 | - assert_user_permissions(user, user_client, controller_client) |
| 506 | controller_client.remove_user(user.name) |
| 507 | log.info('PASS write {}'.format(user.name)) |
| 508 | |
| 509 | @@ -299,17 +321,33 @@ |
| 510 | user, fake_home) |
| 511 | controller_client.grant(user_name=user.name, permission="superuser") |
| 512 | user_client.env.user_name = user.name |
| 513 | - log.info('Checking list-users {}'.format(user.name)) |
| 514 | - user_list = list_users(controller_client) |
| 515 | - assert_equal(user_list, USER_LIST_CTRL_ADMIN) |
| 516 | - log.info('Checking list-shares {}'.format(user.name)) |
| 517 | - share_list = list_shares(controller_client) |
| 518 | - assert_equal(share_list, SHARE_LIST_CTRL_ADMIN) |
| 519 | + assert_user_status(controller_client, user, |
| 520 | + USER_LIST_CTRL_ADMIN, SHARE_LIST_CTRL_ADMIN) |
| 521 | + |
| 522 | + password = _generate_random_string() |
| 523 | + assert_change_password(user_client, user, password) |
| 524 | + assert_logout_login(controller_client, user_client, |
| 525 | + user, fake_home, password, USER_LIST_CTRL_ADMIN) |
| 526 | assert_user_permissions(user, user_client, controller_client) |
| 527 | + assert_disable_enable(controller_client, user) |
| 528 | controller_client.remove_user(user.name) |
| 529 | log.info('PASS admin {}'.format(user.name)) |
| 530 | |
| 531 | |
| 532 | +def assert_controller(controller_client): |
| 533 | + log.info('Checking list-users admin') |
| 534 | + user_list = list_users(controller_client) |
| 535 | + assert_equal(user_list, USER_LIST_CTRL) |
| 536 | + |
| 537 | + log.info('Checking list-shares admin') |
| 538 | + share_list = list_shares(controller_client) |
| 539 | + assert_equal(share_list, SHARE_LIST_CTRL) |
| 540 | + |
| 541 | + log.info('Checking show-user admin') |
| 542 | + user_status = show_user(controller_client) |
| 543 | + assert_equal(user_status, USER_LIST_CTRL[0]) |
| 544 | + |
| 545 | + |
| 546 | def assess_user_grant_revoke(controller_client): |
| 547 | """Test multi-users functionality""" |
| 548 | log.info('STARTING grant/revoke permissions') |
| 549 | @@ -321,18 +359,15 @@ |
| 550 | [True, True, False, True, False, False]) |
| 551 | admin_user = User('adminuser', 'admin', |
| 552 | [True, True, True, True, True, True]) |
| 553 | - log.info('Checking list-users admin') |
| 554 | - user_list = list_users(controller_client) |
| 555 | - assert_equal(user_list, USER_LIST_CTRL) |
| 556 | - log.info('Checking list-shares admin') |
| 557 | - share_list = list_shares(controller_client) |
| 558 | - assert_equal(share_list, SHARE_LIST_CTRL) |
| 559 | - log.info('Checking show-user admin') |
| 560 | - user_status = show_user(controller_client) |
| 561 | - assert_equal(user_status, USER_LIST_CTRL[0]) |
| 562 | + |
| 563 | + # check controller client |
| 564 | + assert_controller(controller_client) |
| 565 | + |
| 566 | + # check each type of user |
| 567 | assert_read_user(controller_client, read_user) |
| 568 | assert_write_user(controller_client, write_user) |
| 569 | assert_admin_user(controller_client, admin_user) |
| 570 | + |
| 571 | log.info('SUCCESS grant/revoke permissions') |
| 572 | |
| 573 | |
| 574 | |
| 575 | === removed file 'tests/test_assess_controller_permissions.py' |
| 576 | --- tests/test_assess_controller_permissions.py 2017-03-23 21:22:49 +0000 |
| 577 | +++ tests/test_assess_controller_permissions.py 1970-01-01 00:00:00 +0000 |
| 578 | @@ -1,98 +0,0 @@ |
| 579 | -"""Tests for assess_controller_permissions module.""" |
| 580 | - |
| 581 | -import logging |
| 582 | -from mock import Mock, patch |
| 583 | -import StringIO |
| 584 | - |
| 585 | -from assess_controller_permissions import ( |
| 586 | - assess_controller_permissions, |
| 587 | - parse_args, |
| 588 | - main, |
| 589 | -) |
| 590 | -from test_assess_user_grant_revoke import ( |
| 591 | - make_fake_client, |
| 592 | -) |
| 593 | -from tests import ( |
| 594 | - parse_error, |
| 595 | - TestCase, |
| 596 | -) |
| 597 | - |
| 598 | - |
| 599 | -class TestParseArgs(TestCase): |
| 600 | - |
| 601 | - def test_common_args(self): |
| 602 | - args = parse_args(["an-env", "/bin/juju", "/tmp/logs", "an-env-mod"]) |
| 603 | - self.assertEqual("an-env", args.env) |
| 604 | - self.assertEqual("/bin/juju", args.juju_bin) |
| 605 | - self.assertEqual("/tmp/logs", args.logs) |
| 606 | - self.assertEqual("an-env-mod", args.temp_env_name) |
| 607 | - self.assertEqual(False, args.debug) |
| 608 | - |
| 609 | - def test_help(self): |
| 610 | - fake_stdout = StringIO.StringIO() |
| 611 | - with parse_error(self) as fake_stderr: |
| 612 | - with patch("sys.stdout", fake_stdout): |
| 613 | - parse_args(["--help"]) |
| 614 | - self.assertEqual("", fake_stderr.getvalue()) |
| 615 | - self.assertNotIn("TODO", fake_stdout.getvalue()) |
| 616 | - |
| 617 | - |
| 618 | -class TestMain(TestCase): |
| 619 | - |
| 620 | - def test_main(self): |
| 621 | - argv = ["an-env", "/bin/juju", "/tmp/logs", "an-env-mod", "--verbose"] |
| 622 | - client = Mock(spec=["is_jes_enabled"]) |
| 623 | - with patch("assess_controller_permissions.configure_logging", |
| 624 | - autospec=True) as mock_cl: |
| 625 | - with patch("assess_controller_permissions." |
| 626 | - "BootstrapManager.booted_context", |
| 627 | - autospec=True) as mock_bc: |
| 628 | - with patch('deploy_stack.client_from_config', |
| 629 | - return_value=client) as mock_c: |
| 630 | - with patch("assess_controller_permissions." |
| 631 | - "assess_controller_permissions", |
| 632 | - autospec=True) as mock_assess: |
| 633 | - main(argv) |
| 634 | - mock_cl.assert_called_once_with(logging.DEBUG) |
| 635 | - mock_c.assert_called_once_with('an-env', "/bin/juju", debug=False, |
| 636 | - soft_deadline=None) |
| 637 | - self.assertEqual(mock_bc.call_count, 1) |
| 638 | - mock_assess.assert_called_once_with(client) |
| 639 | - |
| 640 | - |
| 641 | -class TestAssess(TestCase): |
| 642 | - |
| 643 | - def test_assess_controller_permissions(self): |
| 644 | - fake_client = make_fake_client() |
| 645 | - fake_client.bootstrap() |
| 646 | - assert_lc_calls = [True, True, True] |
| 647 | - assert_ac_calls = [False, True, True] |
| 648 | - assert_sc_calls = [False, False, True] |
| 649 | - lc = patch('assess_controller_permissions.assert_login_permission', |
| 650 | - autospec=True) |
| 651 | - ac = patch('assess_controller_permissions.assert_addmodel_permission', |
| 652 | - autospec=True) |
| 653 | - sc = patch('assess_controller_permissions.assert_superuser_permission', |
| 654 | - autospec=True) |
| 655 | - with lc as lc_mock, ac as ac_mock, sc as sc_mock: |
| 656 | - with patch("jujupy.ModelClient.expect", |
| 657 | - autospec=True) as expect_mock: |
| 658 | - with patch("jujupy.ModelClient._end_pexpect_session", |
| 659 | - autospec=True): |
| 660 | - expect_mock.return_value.isalive.return_value = False |
| 661 | - assess_controller_permissions(fake_client) |
| 662 | - lc_calls = [ |
| 663 | - call[0][4] for call in |
| 664 | - lc_mock.call_args_list] |
| 665 | - ac_calls = [ |
| 666 | - call[0][2] for call in |
| 667 | - ac_mock.call_args_list] |
| 668 | - sc_calls = [ |
| 669 | - call[0][2] for call in |
| 670 | - sc_mock.call_args_list] |
| 671 | - self.assertEqual(lc_calls, |
| 672 | - assert_lc_calls) |
| 673 | - self.assertEqual(ac_calls, |
| 674 | - assert_ac_calls) |
| 675 | - self.assertEqual(sc_calls, |
| 676 | - assert_sc_calls) |
| 677 | |
| 678 | === modified file 'tests/test_assess_user_grant_revoke.py' |
| 679 | --- tests/test_assess_user_grant_revoke.py 2017-03-23 19:23:19 +0000 |
| 680 | +++ tests/test_assess_user_grant_revoke.py 2017-03-28 14:43:16 +0000 |
| 681 | @@ -138,14 +138,20 @@ |
| 682 | def test_assert_read_model(self): |
| 683 | fake_client = fake_juju_client() |
| 684 | with patch.object(fake_client, 'show_status', return_value=True): |
| 685 | - assert_read_model(fake_client, 'read', True) |
| 686 | - with self.assertRaises(JujuAssertionError): |
| 687 | - assert_read_model(fake_client, 'read', False) |
| 688 | + with patch.object(fake_client, 'juju', |
| 689 | + return_value=True): |
| 690 | + assert_read_model(fake_client, 'read', True) |
| 691 | + with self.assertRaises(JujuAssertionError): |
| 692 | + assert_read_model(fake_client, 'read', False) |
| 693 | with patch.object(fake_client, 'show_status', return_value=False, |
| 694 | side_effect=CalledProcessError(None, None, None)): |
| 695 | - assert_read_model(fake_client, 'read', False) |
| 696 | - with self.assertRaises(JujuAssertionError): |
| 697 | - assert_read_model(fake_client, 'read', True) |
| 698 | + with patch.object(fake_client, 'juju', |
| 699 | + return_value=False, |
| 700 | + side_effect=CalledProcessError( |
| 701 | + None, None, None)): |
| 702 | + assert_read_model(fake_client, 'read', False) |
| 703 | + with self.assertRaises(JujuAssertionError): |
| 704 | + assert_read_model(fake_client, 'read', True) |
| 705 | |
| 706 | def test_assert_write_model(self): |
| 707 | fake_client = fake_juju_client() |
| 708 | @@ -197,13 +203,13 @@ |
| 709 | with read as read_mock, write as write_mock, admin as admin_mock: |
| 710 | with expect as expect_mock: |
| 711 | with patch("jujupy.ModelClient._end_pexpect_session", |
| 712 | - autospec=True): |
| 713 | + autospec=True): |
| 714 | expect_mock.return_value.isalive.return_value = False |
| 715 | assess_user_grant_revoke(fake_client) |
| 716 | |
| 717 | - self.assertEqual(pass_mock.call_count, 1) |
| 718 | - self.assertEqual(able_mock.call_count, 1) |
| 719 | - self.assertEqual(log_mock.call_count, 1) |
| 720 | + self.assertEqual(pass_mock.call_count, 3) |
| 721 | + self.assertEqual(able_mock.call_count, 3) |
| 722 | + self.assertEqual(log_mock.call_count, 3) |
| 723 | |
| 724 | self.assertEqual(read_mock.call_count, 6) |
| 725 | self.assertEqual(write_mock.call_count, 6) |
I have some minor issues with a couple of things but not enough to block landing. It does improve the readability of the test.
Please take a look at my questions/