Commit b34ed47d authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: draft Remote Node security

parent 2cd6cbc3
<type_roles>
<role id='Auditor'>
<property id='title'>Project Customer</property>
<property id='description'>XXX add local role group</property>
<property id='condition'>python: context.getFollowUp("") != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/customer</multi_property>
<multi_property id='base_category'>follow_up</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Project Production Agent</property>
<property id='description'>XXX add local role group</property>
<property id='condition'>python: context.getFollowUp("") != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/production/agent</multi_property>
<multi_property id='base_category'>follow_up</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Production Manager</property>
<property id='description'>XXX add local role group</property>
<property id='condition'>python: context.getFollowUp("") != ""</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='category'>function/production/manager</multi_property>
<multi_property id='base_category'>follow_up</multi_property>
</role>
</type_roles>
\ No newline at end of file
...@@ -40,6 +40,27 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin): ...@@ -40,6 +40,27 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
project.validate() project.validate()
return project return project
def requestRemoteNode(self, project):
remote_node = self.portal.compute_node_module.newContent(
portal_type='Remote Node',
title='remote-%s' % self.generateNewId(),
follow_up_value=project,
# XXX
capacity_scope='close'
)
self.setServerOpenPublic(remote_node)
remote_node.setCapacityScope('open')
# XXX format
partition = remote_node.newContent(
portal_type='Compute Partition',
reference='slapremote0'
)
partition.markFree()
partition.validate()
remote_node.validate()
return remote_node
def addSoftwareProduct(self, title, project, public_server_software, def addSoftwareProduct(self, title, project, public_server_software,
public_instance_type): public_instance_type):
software_product = self.portal.software_product_module.newContent( software_product = self.portal.software_product_module.newContent(
...@@ -726,6 +747,94 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin): ...@@ -726,6 +747,94 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
assert last_message is None, last_message assert last_message is None, last_message
def test_virtual_master_on_remote_tree_without_accounting_scenario(self):
# create a default project
project = self.addProject()
self.web_site = self.portal.web_site_module.slapos_master_panel
preference = self.portal.portal_preferences.slapos_default_system_preference
preference.edit(
preferred_subscription_assignment_category_list=[
'function/customer',
'role/client',
'destination_project/%s' % project.getRelativeUrl()
]
)
# some preparation
self.logout()
# lets join as slapos administrator, which will own few compute_nodes
owner_reference = 'owner-%s' % self.generateNewId()
self.joinSlapOS(self.web_site, owner_reference)
self.login()
owner_person = self.portal.portal_catalog.getResultValue(
portal_type="ERP5 Login",
reference=owner_reference).getParentValue()
# first slapos administrator assignment can only be created by
# the erp5 manager
self.addProjectProductionManagerAssignment(owner_person, project)
self.tic()
# hooray, now it is time to create compute_nodes
self.login(owner_person.getUserId())
remote_server = self.requestRemoteNode(project)
# and install some software on them
public_server_software = self.generateNewSoftwareReleaseUrl()
remote_server.requestSoftwareRelease(software_release_url=public_server_software,
state='available')
#software_product, release_variation, type_variation = self.addSoftwareProduct(
public_instance_type = 'public type'
software_product, software_release, software_type = self.addSoftwareProduct(
"instance product", project, public_server_software, public_instance_type
)
self.addAllocationSupply("for compute node", remote_server, software_product,
software_release, software_type,
is_slave_on_same_instance_tree_allocable=True)
# join as the another visitor and request software instance on public
# compute_node
self.logout()
public_reference = 'public-%s' % self.generateNewId()
self.joinSlapOS(self.web_site, public_reference)
self.login()
public_person = self.portal.portal_catalog.getResultValue(
portal_type="ERP5 Login",
reference=public_reference).getParentValue()
public_instance_title = 'Public title %s' % self.generateNewId()
self.checkRemoteInstanceAllocation(public_person.getUserId(),
public_reference, public_instance_title,
public_server_software, public_instance_type,
remote_server, project.getReference())
self.tic()
self.login()
# Ensure no unexpected object has been created
# 3 (can reduce to 2) assignment, 1 instance tree, 1 remote node, 1 software installation
# 1 software instance
# 2 credential request
# 1 software product
# 3 allocation supply/line/cell
related_object_list = project.Base_getRelatedObjectList(**{'category.category_strict_membership': 1})
assert len(related_object_list) == 13, [x.getRelativeUrl() for x in related_object_list]
self.stepcheckERP5Consistency()
# after accept, an email is send containing the reset link
last_message = self.portal.MailHost._last_message
assert last_message is None, last_message
def test_open_order_with_service_scenario(self): def test_open_order_with_service_scenario(self):
# create a default project # create a default project
......
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
<tuple> <tuple>
<string>Compute Node</string> <string>Compute Node</string>
<string>Instance Node</string> <string>Instance Node</string>
<string>Remote Node</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
<value> <value>
<tuple> <tuple>
<string>Compute Node</string> <string>Compute Node</string>
<string>Remote Node</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -72,6 +72,7 @@ Project Module ...@@ -72,6 +72,7 @@ Project Module
Purchase Invoice Transaction Purchase Invoice Transaction
Regularisation Request Regularisation Request
Regularisation Request Module Regularisation Request Module
Remote Node
Restricted Access Token Restricted Access Token
Sale Invoice Transaction Sale Invoice Transaction
Sale Packing List Sale Packing List
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment