Add monitoring_policy.json

monasca-ui misses policies file to control the permissions over actions executed from within Horizon plugin. Extra: * enabled running tests with configured policies * removed unbounded policy sample file Change-Id: I273f06332fa11a81ea8de2c13059dce9d160e90d
2017-06-09 10:19:27 +02:00 · 2017-06-09 10:19:27 +02:00 · a7e8a14c2d
commit a7e8a14c2d
parent 4e5a3b8218
7 changed files with 60 additions and 60 deletions
--- a/README.md
+++ b/README.md
@ -53,8 +53,11 @@ For more details go to http://docs.openstack.org/developer/horizon/quickstart.ht
 * Link monasca into Horizon:

 ```
-cp ../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py openstack_dashboard/enabled/.
-ln -s ../monasca-ui/monitoring monitoring
+ln -sf $(pwd)/../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py \
+    $(pwd)/openstack_dashboard/enabled/_50_admin_add_monitoring_panel.py
+ln -sf $(pwd)/../monasca-ui/monitoring/conf/monitoring_policy.json \
+    $(pwd)/openstack_dashboard/conf/monitoring_policy.json
+ln -sfF $(pwd)/../monasca-ui/monitoring $(pwd)/monitoring
 ./run_tests #load monasca-client into virtualenv
 ```

--- a/monasca_policy.json.sample
+++ b/monasca_policy.json.sample
@ -1,7 +0,0 @@
-{
-    "context_is_admin":  "role:admin",
-    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
-    "default": "rule:admin_required",
-
-    "monitoring:monitoring": "rule:admin_required",
-}
--- a/monitoring/conf/monitoring_policy.json
+++ b/monitoring/conf/monitoring_policy.json
@ -0,0 +1,12 @@
+{
+    "owner" : "user_id:%(user_id)s",
+    "admin_required": "role:admin or is_admin:1",
+    "admin_or_owner": "rule:admin_required or rule:owner",
+
+    "monasca_user_role": "role:monasca-user",
+
+    "default": "@",
+
+    "monitoring:monitoring": "rule:admin_or_owner",
+    "monitoring:kibana_access": "rule:monasca_user_role"
+}
--- a/monitoring/config/local_settings.py
+++ b/monitoring/config/local_settings.py
@ -67,9 +67,15 @@ DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
 GRAFANA_URL = getattr(settings, 'GRAFANA_URL', None)

 ENABLE_KIBANA_BUTTON = getattr(settings, 'ENABLE_KIBANA_BUTTON', False)
-KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', 'admin_required')
-KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', 'identity')
+KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE',
+                             'monitoring:kibana_access')
+KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE',
+                              'monitoring')
 KIBANA_HOST = getattr(settings, 'KIBANA_HOST', 'http://192.168.10.4:5601/')

 OPENSTACK_SSL_NO_VERIFY = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
 OPENSTACK_SSL_CACERT = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
+
+POLICY_FILES = getattr(settings, 'POLICY_FILES', {})
+POLICY_FILES.update({'monitoring': 'monitoring_policy.json',}) # noqa
+setattr(settings, 'POLICY_FILES', POLICY_FILES)
--- a/monitoring/test/helpers.py
+++ b/monitoring/test/helpers.py
@ -16,9 +16,10 @@ import unittest
 import warnings

 from django.core.handlers import wsgi
+import mock
+from openstack_dashboard.test import helpers

 from monitoring.test.test_data import utils as test_data_utils
-from openstack_dashboard.test import helpers as openstack_dashboard_helpers


 # Makes output of failing mox tests much easier to read.
@ -30,53 +31,30 @@ warnings.filterwarnings('ignore', 'With-statements now directly support '
                        r'^tuskar_ui[.].*[._]tests$')


-def create_stubs(stubs_to_create={}):
-    return openstack_dashboard_helpers.create_stubs(stubs_to_create)
+def create_stubs(stubs_to_create=None):
+    if stubs_to_create is None:
+        stubs_to_create = {}
+    return helpers.create_stubs(stubs_to_create)
+
+
+class MonitoringTestsMixin(object):
+    def _setup_test_data(self):
+        super(MonitoringTestsMixin, self)._setup_test_data()
+        test_data_utils.load_test_data(self)
+        self.policy_patcher = mock.patch(
+            'openstack_auth.policy.check', lambda action, request: True)
+        self.policy_check = self.policy_patcher.start()


@unittest.skipIf(os.environ.get('SKIP_UNITTESTS', False),
                 "The SKIP_UNITTESTS env variable is set.")
-class TestCase(openstack_dashboard_helpers.TestCase):
-    """Specialized base test case class for Horizon which gives access to
-    numerous additional features:
-
-      * A full suite of test data through various attached objects and
-        managers (e.g. ``self.servers``, ``self.user``, etc.). See the
-        docs for :class:`~horizon.tests.test_data.utils.TestData` for more
-        information.
-      * The ``mox`` mocking framework via ``self.mox``.
-      * A set of request context data via ``self.context``.
-      * A ``RequestFactory`` class which supports Django's ``contrib.messages``
-        framework via ``self.factory``.
-      * A ready-to-go request object via ``self.request``.
-      * The ability to override specific time data controls for easier testing.
-      * Several handy additional assertion methods.
-    """
-    def setUp(self):
-        super(TestCase, self).setUp()
-
-        # load tuskar-specific test data
-        test_data_utils.load_test_data(self)
+class TestCase(MonitoringTestsMixin, helpers.TestCase):
+    pass


-class BaseAdminViewTests(openstack_dashboard_helpers.BaseAdminViewTests):
-    """A ``TestCase`` subclass which sets an active user with the "admin" role
-    for testing admin-only views and functionality.
-    """
-    def setUp(self):
-        super(BaseAdminViewTests, self).setUp()
-
-        # load tuskar-specific test data
-        test_data_utils.load_test_data(self)
+class BaseAdminViewTests(MonitoringTestsMixin, helpers.BaseAdminViewTests):
+    pass


-class APITestCase(openstack_dashboard_helpers.APITestCase):
-    """The ``APITestCase`` class is for use with tests which deal with the
-    underlying clients rather than stubbing out the
-    openstack_dashboard.api.* methods.
-    """
-    def setUp(self):
-        super(APITestCase, self).setUp()
-
-        # load tuskar-specfic test data
-        test_data_utils.load_test_data(self)
+class APITestCase(MonitoringTestsMixin, helpers.APITestCase):
+    pass
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -19,4 +19,3 @@ selenium>=2.50.1 # Apache-2.0
 # Docs Requirements
 sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
-http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon
--- a/tox.ini
+++ b/tox.ini
@ -1,6 +1,6 @@
 [tox]
 envlist = py27,pep8
-minversion = 2.0
+minversion = 2.6
 skipsdist = True

 [testenv]
@ -15,14 +15,23 @@ passenv =  http_proxy
           HTTPS_PROXY
           no_proxy
           NO_PROXY
-deps = -r{toxinidir}/test-requirements.txt
+deps =
    -r{toxinidir}/requirements.txt
+    -r{toxinidir}/test-requirements.txt
+    http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon
 install_command = {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
-whitelist_externals = find
+whitelist_externals =
+    /bin/bash
+    find
 commands =
    find . -type f -name "*.pyc" -delete
    /bin/bash run_tests.sh -N {posargs}

+[testenv:py27]
+setenv =
+   {[testenv]setenv}
+   DJANGO_SETTINGS_MODULE=monitoring.test.settings
+
 [testenv:pep8]
 commands = /bin/bash run_tests.sh -N --pep8