External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 23:07:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5434 from AlanCoding/activity_hygiene

Browse Source 
avoid multi-field implicit role activity stream entries
This commit is contained in:
Alan Rominger
2017-03-24 12:26:32 -04:00
committed by GitHub
parent a5d23e7c80 49faf212ef
commit d2795c4784
4 changed files with 213 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
awx/main/tests/functional/models/test_activity_stream.py
View File

@@ -1,13 +1,82 @@
import pytest
# AWX models
from awx.main.models.organization import Organization
from awx.main.models import ActivityStream
from awx.main.models import ActivityStream, Organization, JobTemplate
@pytest.mark.django_db
def test_activity_stream_create_entries():
Organization.objects.create(name='test-organization2')
assert ActivityStream.objects.filter(organization__isnull=False).count() == 1
class TestImplicitRolesOmitted:
'''
Test that there is exactly 1 "create" entry in the activity stream for
common items in the system.
These tests will fail if `rbac_activity_stream` creates
false-positive entries.
'''
@pytest.mark.django_db
def test_activity_stream_create_organization(self):
Organization.objects.create(name='test-organization2')
qs = ActivityStream.objects.filter(organization__isnull=False)
assert qs.count() == 1
assert qs[0].operation == 'create'
@pytest.mark.django_db
def test_activity_stream_delete_organization(self):
org = Organization.objects.create(name='gYSlNSOFEW')
org.delete()
qs = ActivityStream.objects.filter(changes__icontains='gYSlNSOFEW')
assert qs.count() == 2
assert qs[1].operation == 'delete'
@pytest.mark.django_db
def test_activity_stream_create_JT(self, project, inventory, credential):
JobTemplate.objects.create(
name='test-jt',
project=project,
inventory=inventory,
credential=credential
)
qs = ActivityStream.objects.filter(job_template__isnull=False)
assert qs.count() == 1
assert qs[0].operation == 'create'
@pytest.mark.django_db
def test_activity_stream_create_inventory(self, organization):
organization.inventories.create(name='test-inv')
qs = ActivityStream.objects.filter(inventory__isnull=False)
assert qs.count() == 1
assert qs[0].operation == 'create'
@pytest.mark.django_db
def test_activity_stream_create_credential(self, organization):
organization.inventories.create(name='test-inv')
qs = ActivityStream.objects.filter(inventory__isnull=False)
assert qs.count() == 1
assert qs[0].operation == 'create'
class TestRolesAssociationEntries:
'''
Test that non-implicit role associations have a corresponding
activity stream entry.
These tests will fail if `rbac_activity_stream` skipping logic
finds a false-negative.
'''
@pytest.mark.django_db
def test_non_implicit_associations_are_recorded(self, project):
org2 = Organization.objects.create(name='test-organization2')
project.admin_role.parents.add(org2.admin_role)
assert ActivityStream.objects.filter(
role=org2.admin_role,
organization=org2,
project=project
).count() == 1
@pytest.mark.django_db
def test_model_associations_are_recorded(self, organization):
proj1 = organization.projects.create(name='proj1')
proj2 = organization.projects.create(name='proj2')
proj2.use_role.parents.add(proj1.admin_role)
assert ActivityStream.objects.filter(role=proj1.admin_role, project=proj2).count() == 1

103
awx/main/tests/unit/models/test_rbac_unit.py Normal file
View File

@@ -0,0 +1,103 @@
import pytest
import mock
from django.contrib.contenttypes.models import ContentType
from awx.main.models.rbac import (
Role,
ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
ROLE_SINGLETON_SYSTEM_AUDITOR
)
from awx.main.models import Organization, JobTemplate, Project
from awx.main.fields import (
ImplicitRoleField,
is_implicit_parent
)
def apply_fake_roles(obj):
'''
Creates an un-saved role for all the implicit role fields on an object
'''
for fd in obj._meta.fields:
if not isinstance(fd, ImplicitRoleField):
continue
r = Role(role_field=fd.name)
setattr(obj, fd.name, r)
with mock.patch('django.contrib.contenttypes.fields.GenericForeignKey.get_content_type') as mck_ct:
mck_ct.return_value = ContentType(model=obj._meta.model_name)
r.content_object = obj
@pytest.fixture
def system_administrator():
return Role(
role_field=ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
singleton_name=ROLE_SINGLETON_SYSTEM_ADMINISTRATOR
)
@pytest.fixture
def system_auditor():
return Role(
role_field=ROLE_SINGLETON_SYSTEM_AUDITOR,
singleton_name=ROLE_SINGLETON_SYSTEM_AUDITOR
)
@pytest.fixture
def organization():
o = Organization(name='unit-test-org')
apply_fake_roles(o)
return o
@pytest.fixture
def project(organization):
p = Project(name='unit-test-proj', organization=organization)
apply_fake_roles(p)
return p
@pytest.fixture
def job_template(project):
jt = JobTemplate(name='unit-test-jt', project=project)
apply_fake_roles(jt)
return jt
class TestIsImplicitParent:
'''
Tests to confirm that `is_implicit_parent` gives the right answers
'''
def test_sys_admin_implicit_parent(self, organization, system_administrator):
assert is_implicit_parent(
parent_role=system_administrator,
child_role=organization.admin_role
)
def test_admin_is_parent_of_member_role(self, organization):
assert is_implicit_parent(
parent_role=organization.admin_role,
child_role=organization.member_role
)
def test_member_is_not_parent_of_admin_role(self, organization):
assert not is_implicit_parent(
parent_role=organization.member_role,
child_role=organization.admin_role
)
def test_second_level_implicit_parent_role(self, job_template, organization):
assert is_implicit_parent(
parent_role=organization.admin_role,
child_role=job_template.admin_role
)
def test_second_level_is_not_an_implicit_parent_role(self, job_template, organization):
assert not is_implicit_parent(
parent_role=organization.member_role,
child_role=job_template.admin_role
)