Commit b34ed47d authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: draft Remote Node security

parent 2cd6cbc3
<type_roles>
<role id='Auditor'>
<property id='title'>Project Customer</property>
<property id='description'>XXX add local role group</property>
<property id='condition'>python: context.getFollowUp("") != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/customer</multi_property>
<multi_property id='base_category'>follow_up</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Project Production Agent</property>
<property id='description'>XXX add local role group</property>
<property id='condition'>python: context.getFollowUp("") != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/production/agent</multi_property>
<multi_property id='base_category'>follow_up</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Production Manager</property>
<property id='description'>XXX add local role group</property>
<property id='condition'>python: context.getFollowUp("") != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/production/manager</multi_property>
<multi_property id='base_category'>follow_up</multi_property>
</role>
</type_roles>
\ No newline at end of file
......@@ -40,6 +40,27 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
project.validate()
return project
def requestRemoteNode(self, project):
remote_node = self.portal.compute_node_module.newContent(
portal_type='Remote Node',
title='remote-%s' % self.generateNewId(),
follow_up_value=project,
# XXX
capacity_scope='close'
)
self.setServerOpenPublic(remote_node)
remote_node.setCapacityScope('open')
# XXX format
partition = remote_node.newContent(
portal_type='Compute Partition',
reference='slapremote0'
)
partition.markFree()
partition.validate()
remote_node.validate()
return remote_node
def addSoftwareProduct(self, title, project, public_server_software,
public_instance_type):
software_product = self.portal.software_product_module.newContent(
......@@ -726,6 +747,94 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
assert last_message is None, last_message
def test_virtual_master_on_remote_tree_without_accounting_scenario(self):
# create a default project
project = self.addProject()
self.web_site = self.portal.web_site_module.slapos_master_panel
preference = self.portal.portal_preferences.slapos_default_system_preference
preference.edit(
preferred_subscription_assignment_category_list=[
'function/customer',
'role/client',
'destination_project/%s' % project.getRelativeUrl()
]
)
# some preparation
self.logout()
# lets join as slapos administrator, which will own few compute_nodes
owner_reference = 'owner-%s' % self.generateNewId()
self.joinSlapOS(self.web_site, owner_reference)
self.login()
owner_person = self.portal.portal_catalog.getResultValue(
portal_type="ERP5 Login",
reference=owner_reference).getParentValue()
# first slapos administrator assignment can only be created by
# the erp5 manager
self.addProjectProductionManagerAssignment(owner_person, project)
self.tic()
# hooray, now it is time to create compute_nodes
self.login(owner_person.getUserId())
remote_server = self.requestRemoteNode(project)
# and install some software on them
public_server_software = self.generateNewSoftwareReleaseUrl()
remote_server.requestSoftwareRelease(software_release_url=public_server_software,
state='available')
#software_product, release_variation, type_variation = self.addSoftwareProduct(
public_instance_type = 'public type'
software_product, software_release, software_type = self.addSoftwareProduct(
"instance product", project, public_server_software, public_instance_type
)
self.addAllocationSupply("for compute node", remote_server, software_product,
software_release, software_type,
is_slave_on_same_instance_tree_allocable=True)
# join as the another visitor and request software instance on public
# compute_node
self.logout()
public_reference = 'public-%s' % self.generateNewId()
self.joinSlapOS(self.web_site, public_reference)
self.login()
public_person = self.portal.portal_catalog.getResultValue(
portal_type="ERP5 Login",
reference=public_reference).getParentValue()
public_instance_title = 'Public title %s' % self.generateNewId()
self.checkRemoteInstanceAllocation(public_person.getUserId(),
public_reference, public_instance_title,
public_server_software, public_instance_type,
remote_server, project.getReference())
self.tic()
self.login()
# Ensure no unexpected object has been created
# 3 (can reduce to 2) assignment, 1 instance tree, 1 remote node, 1 software installation
# 1 software instance
# 2 credential request
# 1 software product
# 3 allocation supply/line/cell
related_object_list = project.Base_getRelatedObjectList(**{'category.category_strict_membership': 1})
assert len(related_object_list) == 13, [x.getRelativeUrl() for x in related_object_list]
self.stepcheckERP5Consistency()
# after accept, an email is send containing the reset link
last_message = self.portal.MailHost._last_message
assert last_message is None, last_message
def test_open_order_with_service_scenario(self):
# create a default project
......
......@@ -34,6 +34,7 @@
<tuple>
<string>Compute Node</string>
<string>Instance Node</string>
<string>Remote Node</string>
</tuple>
</value>
</item>
......
......@@ -31,6 +31,7 @@
<value>
<tuple>
<string>Compute Node</string>
<string>Remote Node</string>
</tuple>
</value>
</item>
......
......@@ -72,6 +72,7 @@ Project Module
Purchase Invoice Transaction
Regularisation Request
Regularisation Request Module
Remote Node
Restricted Access Token
Sale Invoice Transaction
Sale Packing List
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment