From 5d1b27e5201fb1627fcbc6026fc3357d982f667f Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 12 Jun 2015 14:43:24 -0400 Subject: [PATCH] Adding some job template listing unit tests and permissions to actually make those work --- awx/main/tests/jobs/base.py | 57 +++++++++++++++++++ awx/main/tests/jobs/jobs_monolithic.py | 78 +++++++++++++++++++------- 2 files changed, 115 insertions(+), 20 deletions(-) diff --git a/awx/main/tests/jobs/base.py b/awx/main/tests/jobs/base.py index cc4a169a8a..dcb056abb7 100644 --- a/awx/main/tests/jobs/base.py +++ b/awx/main/tests/jobs/base.py @@ -355,6 +355,29 @@ class BaseJobTestMixin(BaseTestMixin): created_by = self.user_sue, ) + self.ops_east_permission = Permission.objects.create( + inventory = self.inv_ops_east, + project = self.proj_prod, + team = self.team_ops_east, + permission_type = PERM_JOBTEMPLATE_CREATE, + created_by = self.user_sue + ) + + self.ops_east_permission_prod_east = Permission.objects.create( + inventory = self.inv_ops_east, + project = self.proj_prod_east, + team = self.team_ops_east, + permission_type = PERM_JOBTEMPLATE_CREATE, + created_by = self.user_sue + ) + + self.ops_east_permission_inv_admin = Permission.objects.create( + inventory = self.inv_ops_east, + team = self.team_ops_east, + permission_type = PERM_INVENTORY_ADMIN, + created_by = self.user_sue + ) + self.ops_testers_permission = Permission.objects.create( inventory = self.inv_ops_west, project = self.proj_prod, @@ -363,6 +386,13 @@ class BaseJobTestMixin(BaseTestMixin): created_by = self.user_sue ) + self.ops_testers_permission_inv_read = Permission.objects.create( + inventory = self.inv_ops_west, + team = self.team_ops_testers, + permission_type = PERM_INVENTORY_READ, + created_by = self.user_sue + ) + self.doug_check_permission = Permission.objects.create( inventory = self.inv_eng, project = self.proj_dev, @@ -371,6 +401,13 @@ class BaseJobTestMixin(BaseTestMixin): created_by = self.user_sue ) + self.doug_inv_read_permission = Permission.objects.create( + inventory = self.inv_eng, + user = self.user_doug, + permission_type = PERM_INVENTORY_READ, + created_by = self.user_sue + ) + self.juan_deploy_permission = Permission.objects.create( inventory = self.inv_eng, project = self.proj_dev, @@ -488,6 +525,16 @@ class BaseJobTestMixin(BaseTestMixin): host_config_key=uuid.uuid4().hex, created_by=self.user_sue, ) + self.jt_ops_east_run_prod_east = JobTemplate.objects.create( + name='ops-east-prod-run-on-prod-east', + job_type='run', + inventory= self.inv_ops_east, + project=self.proj_prod_east, + playbook=self.proj_prod_east.playbooks[0], + credential=self.cred_ops_east, + host_config_key=uuid.uuid4().hex, + created_by=self.user_sue, + ) # self.job_ops_east_run = self.jt_ops_east_run.create_job( # created_by=self.user_sue, # ) @@ -501,6 +548,16 @@ class BaseJobTestMixin(BaseTestMixin): host_config_key=uuid.uuid4().hex, created_by=self.user_sue, ) + self.jt_ops_west_check_test_team = JobTemplate.objects.create( + name='ops-west-prod-check-testers', + job_type='check', + inventory= self.inv_ops_west, + project=self.proj_prod, + playbook=self.proj_prod.playbooks[0], + credential=self.cred_ops_test, + host_config_key=uuid.uuid4().hex, + created_by=self.user_sue, + ) # self.job_ops_west_check = self.jt_ops_west_check.create_job( # created_by=self.user_sue, # ) diff --git a/awx/main/tests/jobs/jobs_monolithic.py b/awx/main/tests/jobs/jobs_monolithic.py index f6b96270c8..1596de1c5b 100644 --- a/awx/main/tests/jobs/jobs_monolithic.py +++ b/awx/main/tests/jobs/jobs_monolithic.py @@ -211,29 +211,67 @@ class JobTemplateTest(BaseJobTestMixin, django.test.TestCase): # Alex's credentials (admin of all orgs) == 200, full list self.check_get_list(url, self.user_alex, qs, fields) - # Bob's credentials (admin of eng, user of ops) == 200, all from - # engineering and operations. - qs.filter( - Q(project__organizations__admins__in=[self.user_bob]) | - Q(project__teams__users__in=[self.user_bob]), - ) - #self.check_get_list(url, self.user_bob, bob_qs, fields) + # # Bob is an admin for Eng he can see all Engineering templates + # this is: 2 Engineering templates and 1 Support Template + # Note: He is able to see the scan job from the support organization possibly incorrect + # due to being an org admin for that project and no credential assigned to that template + with self.current_user(self.user_bob): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 3) + + # Chuck has permission to see all Eng Job Templates as Lead Engineer + # Note: Since chuck is an org admin he can also see the support scan template + with self.current_user(self.user_chuck): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 3) - # Chuck's credentials (admin of eng) == 200, all from engineering. - qs.filter( - Q(project__organizations__admins__in=[self.user_chuck]) | - Q(project__teams__users__in=[self.user_chuck]), - ) - #self.check_get_list(url, self.user_chuck, chuck_qs, fields) + # Doug is in engineering but can only run scan jobs so he can only see the one Job Template + with self.current_user(self.user_doug): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 1) - # Doug's credentials (user of eng) == 200, none?. - qs.filter( - Q(project__organizations__admins__in=[self.user_doug]) | - Q(project__teams__users__in=[self.user_doug]), - ) - #self.check_get_list(url, self.user_doug, doug_qs, fields) + # Juan can't see any job templates in Engineering because he lacks the inventory read permission + with self.current_user(self.user_juan): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 0) - # FIXME: Check with other credentials. + # We give Juan inventory permission and he can see both Job Templates because he already has deploy permission + # Now he can see both job templates + juan_inv_permission = Permission.objects.create( + inventory = self.inv_eng, + user = self.user_juan, + permission_type = PERM_INVENTORY_READ, + created_by = self.user_sue + ) + with self.current_user(self.user_juan): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 2) + + # Randall is on the ops testers team that has permission to run a single check playbook on ops west + with self.current_user(self.user_randall): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 1) + + # Holly is on the ops east team and can see all of that team's job templates + with self.current_user(self.user_holly): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 3) + + # Chuck is temporarily assigned to ops east team to help them running some playbooks + # even though he's in a different group and org entirely he'll now see their job templates + self.team_ops_east.users.add(self.user_chuck) + with self.current_user(self.user_chuck): + resp = self.get(url, expect=200) + print [x['name'] for x in resp['results']] + self.assertEquals(resp['count'], 6) + def test_credentials_list(self): url = reverse('api:credential_list')