Add monitoring_policy.json

monasca-ui misses policies file to control the permissions
over actions executed from within Horizon plugin.

Extra:
* enabled running tests with configured policies
* removed unbounded policy sample file

Change-Id: I273f06332fa11a81ea8de2c13059dce9d160e90d
This commit is contained in:
Tomasz Trębski 2017-06-09 10:19:27 +02:00
parent 4e5a3b8218
commit a7e8a14c2d
7 changed files with 60 additions and 60 deletions

View File

@ -53,8 +53,11 @@ For more details go to http://docs.openstack.org/developer/horizon/quickstart.ht
* Link monasca into Horizon:
```
cp ../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py openstack_dashboard/enabled/.
ln -s ../monasca-ui/monitoring monitoring
ln -sf $(pwd)/../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py \
$(pwd)/openstack_dashboard/enabled/_50_admin_add_monitoring_panel.py
ln -sf $(pwd)/../monasca-ui/monitoring/conf/monitoring_policy.json \
$(pwd)/openstack_dashboard/conf/monitoring_policy.json
ln -sfF $(pwd)/../monasca-ui/monitoring $(pwd)/monitoring
./run_tests #load monasca-client into virtualenv
```

View File

@ -1,7 +0,0 @@
{
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_required",
"monitoring:monitoring": "rule:admin_required",
}

View File

@ -0,0 +1,12 @@
{
"owner" : "user_id:%(user_id)s",
"admin_required": "role:admin or is_admin:1",
"admin_or_owner": "rule:admin_required or rule:owner",
"monasca_user_role": "role:monasca-user",
"default": "@",
"monitoring:monitoring": "rule:admin_or_owner",
"monitoring:kibana_access": "rule:monasca_user_role"
}

View File

@ -67,9 +67,15 @@ DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
GRAFANA_URL = getattr(settings, 'GRAFANA_URL', None)
ENABLE_KIBANA_BUTTON = getattr(settings, 'ENABLE_KIBANA_BUTTON', False)
KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', 'admin_required')
KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', 'identity')
KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE',
'monitoring:kibana_access')
KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE',
'monitoring')
KIBANA_HOST = getattr(settings, 'KIBANA_HOST', 'http://192.168.10.4:5601/')
OPENSTACK_SSL_NO_VERIFY = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
OPENSTACK_SSL_CACERT = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
POLICY_FILES = getattr(settings, 'POLICY_FILES', {})
POLICY_FILES.update({'monitoring': 'monitoring_policy.json',}) # noqa
setattr(settings, 'POLICY_FILES', POLICY_FILES)

View File

@ -16,9 +16,10 @@ import unittest
import warnings
from django.core.handlers import wsgi
import mock
from openstack_dashboard.test import helpers
from monitoring.test.test_data import utils as test_data_utils
from openstack_dashboard.test import helpers as openstack_dashboard_helpers
# Makes output of failing mox tests much easier to read.
@ -30,53 +31,30 @@ warnings.filterwarnings('ignore', 'With-statements now directly support '
r'^tuskar_ui[.].*[._]tests$')
def create_stubs(stubs_to_create={}):
return openstack_dashboard_helpers.create_stubs(stubs_to_create)
def create_stubs(stubs_to_create=None):
if stubs_to_create is None:
stubs_to_create = {}
return helpers.create_stubs(stubs_to_create)
class MonitoringTestsMixin(object):
def _setup_test_data(self):
super(MonitoringTestsMixin, self)._setup_test_data()
test_data_utils.load_test_data(self)
self.policy_patcher = mock.patch(
'openstack_auth.policy.check', lambda action, request: True)
self.policy_check = self.policy_patcher.start()
@unittest.skipIf(os.environ.get('SKIP_UNITTESTS', False),
"The SKIP_UNITTESTS env variable is set.")
class TestCase(openstack_dashboard_helpers.TestCase):
"""Specialized base test case class for Horizon which gives access to
numerous additional features:
* A full suite of test data through various attached objects and
managers (e.g. ``self.servers``, ``self.user``, etc.). See the
docs for :class:`~horizon.tests.test_data.utils.TestData` for more
information.
* The ``mox`` mocking framework via ``self.mox``.
* A set of request context data via ``self.context``.
* A ``RequestFactory`` class which supports Django's ``contrib.messages``
framework via ``self.factory``.
* A ready-to-go request object via ``self.request``.
* The ability to override specific time data controls for easier testing.
* Several handy additional assertion methods.
"""
def setUp(self):
super(TestCase, self).setUp()
# load tuskar-specific test data
test_data_utils.load_test_data(self)
class TestCase(MonitoringTestsMixin, helpers.TestCase):
pass
class BaseAdminViewTests(openstack_dashboard_helpers.BaseAdminViewTests):
"""A ``TestCase`` subclass which sets an active user with the "admin" role
for testing admin-only views and functionality.
"""
def setUp(self):
super(BaseAdminViewTests, self).setUp()
# load tuskar-specific test data
test_data_utils.load_test_data(self)
class BaseAdminViewTests(MonitoringTestsMixin, helpers.BaseAdminViewTests):
pass
class APITestCase(openstack_dashboard_helpers.APITestCase):
"""The ``APITestCase`` class is for use with tests which deal with the
underlying clients rather than stubbing out the
openstack_dashboard.api.* methods.
"""
def setUp(self):
super(APITestCase, self).setUp()
# load tuskar-specfic test data
test_data_utils.load_test_data(self)
class APITestCase(MonitoringTestsMixin, helpers.APITestCase):
pass

View File

@ -19,4 +19,3 @@ selenium>=2.50.1 # Apache-2.0
# Docs Requirements
sphinx!=1.6.1,>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon

15
tox.ini
View File

@ -1,6 +1,6 @@
[tox]
envlist = py27,pep8
minversion = 2.0
minversion = 2.6
skipsdist = True
[testenv]
@ -15,14 +15,23 @@ passenv = http_proxy
HTTPS_PROXY
no_proxy
NO_PROXY
deps = -r{toxinidir}/test-requirements.txt
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon
install_command = {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
whitelist_externals = find
whitelist_externals =
/bin/bash
find
commands =
find . -type f -name "*.pyc" -delete
/bin/bash run_tests.sh -N {posargs}
[testenv:py27]
setenv =
{[testenv]setenv}
DJANGO_SETTINGS_MODULE=monitoring.test.settings
[testenv:pep8]
commands = /bin/bash run_tests.sh -N --pep8