Add monitoring_policy.json

monasca-ui misses policies file to control the permissions
over actions executed from within Horizon plugin.

Extra:
* enabled running tests with configured policies
* removed unbounded policy sample file

Change-Id: I273f06332fa11a81ea8de2c13059dce9d160e90d

README.md

@@ -53,8 +53,11 @@ For more details go to http://docs.openstack.org/developer/horizon/quickstart.ht
 * Link monasca into Horizon:
 
 ```
-cp ../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py openstack_dashboard/enabled/.
-ln -s ../monasca-ui/monitoring monitoring
+ln -sf $(pwd)/../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py \
+    $(pwd)/openstack_dashboard/enabled/_50_admin_add_monitoring_panel.py
+ln -sf $(pwd)/../monasca-ui/monitoring/conf/monitoring_policy.json \
+    $(pwd)/openstack_dashboard/conf/monitoring_policy.json
+ln -sfF $(pwd)/../monasca-ui/monitoring $(pwd)/monitoring
 ./run_tests #load monasca-client into virtualenv
 ```
 
@@ -86,7 +89,7 @@ you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
     http://www.apache.org/licenses/LICENSE-2.0
-    
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or

monasca_policy.json.sample

@@ -1,7 +0,0 @@
-{
-    "context_is_admin":  "role:admin",
-    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
-    "default": "rule:admin_required",
-
-    "monitoring:monitoring": "rule:admin_required",
-}

monitoring/conf/monitoring_policy.json

@@ -0,0 +1,12 @@
+{
+    "owner" : "user_id:%(user_id)s",
+    "admin_required": "role:admin or is_admin:1",
+    "admin_or_owner": "rule:admin_required or rule:owner",
+
+    "monasca_user_role": "role:monasca-user",
+
+    "default": "@",
+
+    "monitoring:monitoring": "rule:admin_or_owner",
+    "monitoring:kibana_access": "rule:monasca_user_role"
+}

monitoring/config/local_settings.py

@@ -67,9 +67,15 @@ DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
 GRAFANA_URL = getattr(settings, 'GRAFANA_URL', None)
 
 ENABLE_KIBANA_BUTTON = getattr(settings, 'ENABLE_KIBANA_BUTTON', False)
-KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', 'admin_required')
-KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', 'identity')
+KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE',
+                             'monitoring:kibana_access')
+KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE',
+                              'monitoring')
 KIBANA_HOST = getattr(settings, 'KIBANA_HOST', 'http://192.168.10.4:5601/')
 
 OPENSTACK_SSL_NO_VERIFY = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
 OPENSTACK_SSL_CACERT = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
+
+POLICY_FILES = getattr(settings, 'POLICY_FILES', {})
+POLICY_FILES.update({'monitoring': 'monitoring_policy.json',}) # noqa
+setattr(settings, 'POLICY_FILES', POLICY_FILES)

monitoring/test/helpers.py

@@ -16,9 +16,10 @@ import unittest
 import warnings
 
 from django.core.handlers import wsgi
+import mock
+from openstack_dashboard.test import helpers
 
 from monitoring.test.test_data import utils as test_data_utils
-from openstack_dashboard.test import helpers as openstack_dashboard_helpers
 
 
 # Makes output of failing mox tests much easier to read.
@@ -30,53 +31,30 @@ warnings.filterwarnings('ignore', 'With-statements now directly support '
                         r'^tuskar_ui[.].*[._]tests$')
 
 
-def create_stubs(stubs_to_create={}):
-    return openstack_dashboard_helpers.create_stubs(stubs_to_create)
+def create_stubs(stubs_to_create=None):
+    if stubs_to_create is None:
+        stubs_to_create = {}
+    return helpers.create_stubs(stubs_to_create)
+
+
+class MonitoringTestsMixin(object):
+    def _setup_test_data(self):
+        super(MonitoringTestsMixin, self)._setup_test_data()
+        test_data_utils.load_test_data(self)
+        self.policy_patcher = mock.patch(
+            'openstack_auth.policy.check', lambda action, request: True)
+        self.policy_check = self.policy_patcher.start()
 
 
 @unittest.skipIf(os.environ.get('SKIP_UNITTESTS', False),
                  "The SKIP_UNITTESTS env variable is set.")
-class TestCase(openstack_dashboard_helpers.TestCase):
-    """Specialized base test case class for Horizon which gives access to
-    numerous additional features:
-
-      * A full suite of test data through various attached objects and
-        managers (e.g. ``self.servers``, ``self.user``, etc.). See the
-        docs for :class:`~horizon.tests.test_data.utils.TestData` for more
-        information.
-      * The ``mox`` mocking framework via ``self.mox``.
-      * A set of request context data via ``self.context``.
-      * A ``RequestFactory`` class which supports Django's ``contrib.messages``
-        framework via ``self.factory``.
-      * A ready-to-go request object via ``self.request``.
-      * The ability to override specific time data controls for easier testing.
-      * Several handy additional assertion methods.
-    """
-    def setUp(self):
-        super(TestCase, self).setUp()
-
-        # load tuskar-specific test data
-        test_data_utils.load_test_data(self)
+class TestCase(MonitoringTestsMixin, helpers.TestCase):
+    pass
 
 
-class BaseAdminViewTests(openstack_dashboard_helpers.BaseAdminViewTests):
-    """A ``TestCase`` subclass which sets an active user with the "admin" role
-    for testing admin-only views and functionality.
-    """
-    def setUp(self):
-        super(BaseAdminViewTests, self).setUp()
-
-        # load tuskar-specific test data
-        test_data_utils.load_test_data(self)
+class BaseAdminViewTests(MonitoringTestsMixin, helpers.BaseAdminViewTests):
+    pass
 
 
-class APITestCase(openstack_dashboard_helpers.APITestCase):
-    """The ``APITestCase`` class is for use with tests which deal with the
-    underlying clients rather than stubbing out the
-    openstack_dashboard.api.* methods.
-    """
-    def setUp(self):
-        super(APITestCase, self).setUp()
-
-        # load tuskar-specfic test data
-        test_data_utils.load_test_data(self)
+class APITestCase(MonitoringTestsMixin, helpers.APITestCase):
+    pass

test-requirements.txt

@@ -19,4 +19,3 @@ selenium>=2.50.1 # Apache-2.0
 # Docs Requirements
 sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
-http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon

tox.ini

@@ -1,6 +1,6 @@
 [tox]
 envlist = py27,pep8
-minversion = 2.0
+minversion = 2.6
 skipsdist = True
 
 [testenv]
@@ -15,14 +15,23 @@ passenv =  http_proxy
            HTTPS_PROXY
            no_proxy
            NO_PROXY
-deps = -r{toxinidir}/test-requirements.txt
-       -r{toxinidir}/requirements.txt
+deps =
+    -r{toxinidir}/requirements.txt
+    -r{toxinidir}/test-requirements.txt
+    http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon
 install_command = {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
-whitelist_externals = find
+whitelist_externals =
+    /bin/bash
+    find
 commands =
     find . -type f -name "*.pyc" -delete
     /bin/bash run_tests.sh -N {posargs}
 
+[testenv:py27]
+setenv =
+   {[testenv]setenv}
+   DJANGO_SETTINGS_MODULE=monitoring.test.settings
+
 [testenv:pep8]
 commands = /bin/bash run_tests.sh -N --pep8