8eb9c613b4
Role restrictions could be defined in full or short format restrictions: - condition: "settings:other_plugin == null or settings:other_plugin.metadata.enabled != true" message: "Other plugin must be installed and enabled" - "settings:common.libvirt_type.value != 'kvm'": "KVM only is supported" - "settings:storage.volumes_ceph.value == true" This patch fixes restriction iteration cycle. Change-Id: I6072ea9e92999ae7a94f28f42bb475b30bb7fff1 Closes-Bug: #1586334
138 lines
4.1 KiB
Python
138 lines
4.1 KiB
Python
# Copyright 2014 Mirantis, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from nailgun.api.v1.validators.assignment import NodeAssignmentValidator
|
|
from nailgun import errors
|
|
from nailgun.test.base import BaseUnitTest
|
|
|
|
|
|
class TestNodeAssignmentValidator(BaseUnitTest):
|
|
|
|
validator = NodeAssignmentValidator
|
|
|
|
def setUp(self):
|
|
self.models = {
|
|
'settings': {
|
|
'parent': {
|
|
'child': {
|
|
'value': 1
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
def test_check_roles_requirement_equal(self):
|
|
roles = ['test']
|
|
roles_metadata = {
|
|
'test': {
|
|
'restrictions': [
|
|
{
|
|
'condition': 'settings:parent.child.value != 1',
|
|
'message': 'error'
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
self.validator.check_roles_requirement(
|
|
roles, roles_metadata, self.models)
|
|
|
|
def test_check_roles_requirement_not_equal(self):
|
|
roles = ['test']
|
|
roles_metadata = {
|
|
'test': {
|
|
'restrictions': [
|
|
{
|
|
'condition': "settings:parent.child.value == 'x'",
|
|
'message': 'error'
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
self.validator.check_roles_requirement(
|
|
roles, roles_metadata, self.models)
|
|
|
|
def test_check_roles_requirement_failed(self):
|
|
roles = ['test']
|
|
|
|
# wrong child value
|
|
with self.assertRaises(errors.InvalidData):
|
|
roles_metadata = {
|
|
'test': {
|
|
'restrictions': [
|
|
{
|
|
'condition': 'settings:parent.child.value != 0',
|
|
'message': 'error'
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
self.validator.check_roles_requirement(
|
|
roles, roles_metadata, self.models)
|
|
|
|
def test_check_roles_requirement_in_feature_group(self):
|
|
self.models['version'] = {
|
|
'feature_groups': ['advanced']
|
|
}
|
|
roles = ['test']
|
|
roles_metadata = {
|
|
'test': {
|
|
'restrictions': [
|
|
{
|
|
"not ('advanced' in version:feature_groups)": "error",
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
self.validator.check_roles_requirement(
|
|
roles, roles_metadata, self.models)
|
|
|
|
def test_check_roles_requirement_not_in_feature_group(self):
|
|
self.models['version'] = {
|
|
'feature_groups': []
|
|
}
|
|
roles = ['test']
|
|
|
|
# disabled 'advanced' feature group
|
|
with self.assertRaises(errors.InvalidData):
|
|
roles_metadata = {
|
|
'test': {
|
|
'restrictions': [
|
|
"not ('advanced' in version:feature_groups)",
|
|
]
|
|
}
|
|
}
|
|
|
|
self.validator.check_roles_requirement(
|
|
roles, roles_metadata, self.models)
|
|
|
|
def test_validate_collection_update_schema_requirements(self):
|
|
self.assertRaises(
|
|
errors.InvalidData,
|
|
self.validator.validate_collection_update,
|
|
'[{}]')
|
|
|
|
self.assertRaises(
|
|
errors.InvalidData,
|
|
self.validator.validate_collection_update,
|
|
'[{"id": 1}]')
|
|
|
|
self.assertRaises(
|
|
errors.InvalidData,
|
|
self.validator.validate_collection_update,
|
|
'[{"roles": []}]')
|