mirror of
https://github.com/GNS3/gns3-server
synced 2024-12-24 15:58:08 +00:00
Merge pull request #2280 from GNS3/resource-pools
Resource pools support
This commit is contained in:
commit
e1c5c05492
@ -32,6 +32,7 @@ from . import users
|
||||
from . import groups
|
||||
from . import roles
|
||||
from . import acl
|
||||
from . import pools
|
||||
from . import privileges
|
||||
|
||||
from .dependencies.authentication import get_current_active_user
|
||||
@ -131,6 +132,12 @@ router.include_router(
|
||||
tags=["Appliances"]
|
||||
)
|
||||
|
||||
router.include_router(
|
||||
pools.router,
|
||||
prefix="/pools",
|
||||
tags=["Resource pools"]
|
||||
)
|
||||
|
||||
router.include_router(
|
||||
gns3vm.router,
|
||||
dependencies=[Depends(get_current_active_user)],
|
||||
|
@ -38,6 +38,7 @@ from gns3server.db.repositories.users import UsersRepository
|
||||
from gns3server.db.repositories.rbac import RbacRepository
|
||||
from gns3server.db.repositories.images import ImagesRepository
|
||||
from gns3server.db.repositories.templates import TemplatesRepository
|
||||
from gns3server.db.repositories.pools import ResourcePoolsRepository
|
||||
from .dependencies.database import get_repository
|
||||
from .dependencies.rbac import has_privilege
|
||||
|
||||
@ -57,7 +58,8 @@ async def endpoints(
|
||||
users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
|
||||
images_repo: ImagesRepository = Depends(get_repository(ImagesRepository)),
|
||||
templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository))
|
||||
templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository)),
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository))
|
||||
) -> List[dict]:
|
||||
"""
|
||||
List all endpoints to be used in ACL entries.
|
||||
@ -128,6 +130,11 @@ async def endpoints(
|
||||
for template in templates:
|
||||
add_to_endpoints(f"/templates/{template.template_id}", f'Template "{template.name}"', "template")
|
||||
|
||||
# resource pools
|
||||
add_to_endpoints("/pools", "All resource pools", "pool")
|
||||
pools = await pools_repo.get_resource_pools()
|
||||
for pool in pools:
|
||||
add_to_endpoints(f"/pools/{pool.resource_pool_id}", f'Resource pool "{pool.name}"', "pool")
|
||||
return endpoints
|
||||
|
||||
|
||||
|
228
gns3server/api/routes/controller/pools.py
Normal file
228
gns3server/api/routes/controller/pools.py
Normal file
@ -0,0 +1,228 @@
|
||||
#!/usr/bin/env python
|
||||
#
|
||||
# Copyright (C) 2023 GNS3 Technologies Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"""
|
||||
API routes for resource pools.
|
||||
"""
|
||||
|
||||
from fastapi import APIRouter, Depends, status
|
||||
from uuid import UUID
|
||||
from typing import List
|
||||
|
||||
from gns3server import schemas
|
||||
from gns3server.controller.controller_error import (
|
||||
ControllerError,
|
||||
ControllerBadRequestError,
|
||||
ControllerNotFoundError
|
||||
)
|
||||
|
||||
from gns3server.controller import Controller
|
||||
from gns3server.db.repositories.rbac import RbacRepository
|
||||
from gns3server.db.repositories.pools import ResourcePoolsRepository
|
||||
|
||||
from .dependencies.rbac import has_privilege
|
||||
from .dependencies.database import get_repository
|
||||
|
||||
import logging
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
|
||||
@router.get(
|
||||
"",
|
||||
response_model=List[schemas.ResourcePool],
|
||||
dependencies=[Depends(has_privilege("Pool.Audit"))]
|
||||
)
|
||||
async def get_resource_pools(
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository))
|
||||
) -> List[schemas.ResourcePool]:
|
||||
"""
|
||||
Get all resource pools.
|
||||
|
||||
Required privilege: Pool.Audit
|
||||
"""
|
||||
|
||||
return await pools_repo.get_resource_pools()
|
||||
|
||||
|
||||
@router.post(
|
||||
"",
|
||||
response_model=schemas.ResourcePool,
|
||||
status_code=status.HTTP_201_CREATED,
|
||||
dependencies=[Depends(has_privilege("Pool.Allocate"))]
|
||||
)
|
||||
async def create_resource_pool(
|
||||
resource_pool_create: schemas.ResourcePoolCreate,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository))
|
||||
) -> schemas.ResourcePool:
|
||||
"""
|
||||
Create a new resource pool
|
||||
|
||||
Required privilege: Pool.Allocate
|
||||
"""
|
||||
|
||||
if await pools_repo.get_resource_pool_by_name(resource_pool_create.name):
|
||||
raise ControllerBadRequestError(f"Resource pool '{resource_pool_create.name}' already exists")
|
||||
|
||||
return await pools_repo.create_resource_pool(resource_pool_create)
|
||||
|
||||
|
||||
@router.get(
|
||||
"/{resource_pool_id}",
|
||||
response_model=schemas.ResourcePool,
|
||||
dependencies=[Depends(has_privilege("Pool.Audit"))]
|
||||
)
|
||||
async def get_resource_pool(
|
||||
resource_pool_id: UUID,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository))
|
||||
) -> schemas.ResourcePool:
|
||||
"""
|
||||
Get a resource pool.
|
||||
|
||||
Required privilege: Pool.Audit
|
||||
"""
|
||||
|
||||
resource_pool = await pools_repo.get_resource_pool(resource_pool_id)
|
||||
if not resource_pool:
|
||||
raise ControllerNotFoundError(f"Resource pool '{resource_pool_id}' not found")
|
||||
return resource_pool
|
||||
|
||||
|
||||
@router.put(
|
||||
"/{resource_pool_id}",
|
||||
response_model=schemas.ResourcePool,
|
||||
dependencies=[Depends(has_privilege("Pool.Modify"))]
|
||||
)
|
||||
async def update_resource_pool(
|
||||
resource_pool_id: UUID,
|
||||
resource_pool_update: schemas.ResourcePoolUpdate,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository))
|
||||
) -> schemas.ResourcePool:
|
||||
"""
|
||||
Update a resource pool.
|
||||
|
||||
Required privilege: Pool.Modify
|
||||
"""
|
||||
|
||||
resource_pool = await pools_repo.get_resource_pool(resource_pool_id)
|
||||
if not resource_pool:
|
||||
raise ControllerNotFoundError(f"Resource pool '{resource_pool_id}' not found")
|
||||
|
||||
return await pools_repo.update_resource_pool(resource_pool_id, resource_pool_update)
|
||||
|
||||
|
||||
@router.delete(
|
||||
"/{resource_pool_id}",
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
dependencies=[Depends(has_privilege("Pool.Allocate"))]
|
||||
)
|
||||
async def delete_resource_pool(
|
||||
resource_pool_id: UUID,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository)),
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
|
||||
) -> None:
|
||||
"""
|
||||
Delete a resource pool.
|
||||
|
||||
Required privilege: Pool.Allocate
|
||||
"""
|
||||
|
||||
resource_pool = await pools_repo.get_resource_pool(resource_pool_id)
|
||||
if not resource_pool:
|
||||
raise ControllerNotFoundError(f"Resource pool '{resource_pool_id}' not found")
|
||||
|
||||
success = await pools_repo.delete_resource_pool(resource_pool_id)
|
||||
if not success:
|
||||
raise ControllerError(f"Resource pool '{resource_pool_id}' could not be deleted")
|
||||
await rbac_repo.delete_all_ace_starting_with_path(f"/pools/{resource_pool_id}")
|
||||
|
||||
|
||||
@router.get(
|
||||
"/{resource_pool_id}/resources",
|
||||
response_model=List[schemas.Resource],
|
||||
dependencies=[Depends(has_privilege("Pool.Audit"))]
|
||||
)
|
||||
async def get_pool_resources(
|
||||
resource_pool_id: UUID,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository)),
|
||||
) -> List[schemas.Resource]:
|
||||
"""
|
||||
Get all resource in a pool.
|
||||
|
||||
Required privilege: Pool.Audit
|
||||
"""
|
||||
|
||||
return await pools_repo.get_pool_resources(resource_pool_id)
|
||||
|
||||
|
||||
@router.put(
|
||||
"/{resource_pool_id}/resources/{resource_id}",
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
dependencies=[Depends(has_privilege("Pool.Modify"))]
|
||||
)
|
||||
async def add_resource_to_pool(
|
||||
resource_pool_id: UUID,
|
||||
resource_id: UUID,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository)),
|
||||
) -> None:
|
||||
"""
|
||||
Add resource to a resource pool.
|
||||
|
||||
Required privilege: Pool.Modify
|
||||
"""
|
||||
|
||||
resource_pool = await pools_repo.get_resource_pool(resource_pool_id)
|
||||
if not resource_pool:
|
||||
raise ControllerNotFoundError(f"Resource pool '{resource_pool_id}' not found")
|
||||
|
||||
resources = await pools_repo.get_pool_resources(resource_pool_id)
|
||||
for resource in resources:
|
||||
if resource.resource_id == resource_id:
|
||||
raise ControllerBadRequestError(f"Resource '{resource_id}' is already in '{resource_pool.name}'")
|
||||
|
||||
# we only support projects in resource pools for now
|
||||
project = Controller.instance().get_project(str(resource_id))
|
||||
resource_create = schemas.ResourceCreate(resource_id=resource_id, resource_type="project", name=project.name)
|
||||
resource = await pools_repo.create_resource(resource_create)
|
||||
await pools_repo.add_resource_to_pool(resource_pool_id, resource)
|
||||
|
||||
|
||||
@router.delete(
|
||||
"/{resource_pool_id}/resources/{resource_id}",
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
dependencies=[Depends(has_privilege("Pool.Modify"))]
|
||||
)
|
||||
async def remove_resource_from_pool(
|
||||
resource_pool_id: UUID,
|
||||
resource_id: UUID,
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository)),
|
||||
) -> None:
|
||||
"""
|
||||
Remove resource from a resource pool.
|
||||
|
||||
Required privilege: Pool.Modify
|
||||
"""
|
||||
|
||||
resource = await pools_repo.get_resource(resource_id)
|
||||
if not resource:
|
||||
raise ControllerNotFoundError(f"Resource '{resource_id}' not found")
|
||||
|
||||
resource_pool = await pools_repo.remove_resource_from_pool(resource_pool_id, resource)
|
||||
if not resource_pool:
|
||||
raise ControllerNotFoundError(f"Resource pool '{resource_pool_id}' not found")
|
@ -47,9 +47,11 @@ from gns3server.utils.asyncio import aiozipstream
|
||||
from gns3server.utils.path import is_safe_path
|
||||
from gns3server.db.repositories.templates import TemplatesRepository
|
||||
from gns3server.db.repositories.rbac import RbacRepository
|
||||
from gns3server.db.repositories.pools import ResourcePoolsRepository
|
||||
from gns3server.services.templates import TemplatesService
|
||||
|
||||
from .dependencies.rbac import has_privilege, has_privilege_on_websocket
|
||||
from .dependencies.authentication import get_current_active_user
|
||||
from .dependencies.database import get_repository
|
||||
|
||||
responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find project"}}
|
||||
@ -69,10 +71,13 @@ def dep_project(project_id: UUID) -> Project:
|
||||
@router.get(
|
||||
"",
|
||||
response_model=List[schemas.Project],
|
||||
response_model_exclude_unset=True,
|
||||
dependencies=[Depends(has_privilege("Project.Audit"))]
|
||||
response_model_exclude_unset=True
|
||||
)
|
||||
async def get_projects() -> List[schemas.Project]:
|
||||
async def get_projects(
|
||||
current_user: schemas.User = Depends(get_current_active_user),
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
|
||||
pools_repo: ResourcePoolsRepository = Depends(get_repository(ResourcePoolsRepository))
|
||||
) -> List[schemas.Project]:
|
||||
"""
|
||||
Return all projects.
|
||||
|
||||
@ -80,7 +85,22 @@ async def get_projects() -> List[schemas.Project]:
|
||||
"""
|
||||
|
||||
controller = Controller.instance()
|
||||
return [p.asdict() for p in controller.projects.values()]
|
||||
projects = []
|
||||
|
||||
if current_user.is_superadmin:
|
||||
# super admin sees all projects
|
||||
return [p.asdict() for p in controller.projects.values()]
|
||||
elif await rbac_repo.check_user_has_privilege(current_user.user_id, "/projects", "Project.Audit"):
|
||||
# user with Project.Audit privilege on '/projects' sees all projects except those in resource pools
|
||||
project_ids_in_pools = [str(r.resource_id) for r in await pools_repo.get_resources() if r.resource_type == "project"]
|
||||
projects.extend([p.asdict() for p in controller.projects.values() if p.id not in project_ids_in_pools])
|
||||
|
||||
# user with Project.Audit privilege on resource pools sees the projects in these pools
|
||||
user_pool_resources = await rbac_repo.get_user_pool_resources(current_user.user_id, "Project.Audit")
|
||||
project_ids_in_pools = [str(r.resource_id) for r in user_pool_resources if r.resource_type == "project"]
|
||||
projects.extend([p.asdict() for p in controller.projects.values() if p.id in project_ids_in_pools])
|
||||
|
||||
return projects
|
||||
|
||||
|
||||
@router.post(
|
||||
|
@ -22,7 +22,7 @@ from .roles import Role
|
||||
from .privileges import Privilege
|
||||
from .computes import Compute
|
||||
from .images import Image
|
||||
from .resource_pools import Resource, ResourcePool
|
||||
from .pools import Resource, ResourcePool
|
||||
from .templates import (
|
||||
Template,
|
||||
CloudTemplate,
|
||||
|
@ -95,6 +95,18 @@ def create_default_roles(target, connection, **kw):
|
||||
"description": "Update an ACE",
|
||||
"name": "ACE.Modify"
|
||||
},
|
||||
{
|
||||
"description": "Create or delete a resource pool",
|
||||
"name": "Pool.Allocate"
|
||||
},
|
||||
{
|
||||
"description": "View a resource pool",
|
||||
"name": "Pool.Audit"
|
||||
},
|
||||
{
|
||||
"description": "Update a resource pool",
|
||||
"name": "Pool.Modify"
|
||||
},
|
||||
{
|
||||
"description": "Create or delete a template",
|
||||
"name": "Template.Allocate"
|
||||
|
206
gns3server/db/repositories/pools.py
Normal file
206
gns3server/db/repositories/pools.py
Normal file
@ -0,0 +1,206 @@
|
||||
#!/usr/bin/env python
|
||||
#
|
||||
# Copyright (C) 2023 GNS3 Technologies Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from uuid import UUID
|
||||
from typing import Optional, List, Union
|
||||
from sqlalchemy import select, update, delete
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from sqlalchemy.orm import selectinload
|
||||
|
||||
from .base import BaseRepository
|
||||
|
||||
import gns3server.db.models as models
|
||||
from gns3server import schemas
|
||||
|
||||
import logging
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class ResourcePoolsRepository(BaseRepository):
|
||||
|
||||
def __init__(self, db_session: AsyncSession) -> None:
|
||||
|
||||
super().__init__(db_session)
|
||||
|
||||
async def get_resource(self, resource_id: UUID) -> Optional[models.Resource]:
|
||||
"""
|
||||
Get a resource by its ID.
|
||||
"""
|
||||
|
||||
query = select(models.Resource).where(models.Resource.resource_id == resource_id)
|
||||
result = await self._db_session.execute(query)
|
||||
return result.scalars().first()
|
||||
|
||||
async def get_resources(self) -> List[models.Resource]:
|
||||
"""
|
||||
Get all resources.
|
||||
"""
|
||||
|
||||
query = select(models.Resource)
|
||||
result = await self._db_session.execute(query)
|
||||
return result.scalars().all()
|
||||
|
||||
async def create_resource(self, resource: schemas.ResourceCreate) -> models.Resource:
|
||||
"""
|
||||
Create a new resource.
|
||||
"""
|
||||
|
||||
db_resource = models.Resource(
|
||||
resource_id=resource.resource_id,
|
||||
resource_type=resource.resource_type,
|
||||
name=resource.name
|
||||
)
|
||||
self._db_session.add(db_resource)
|
||||
await self._db_session.commit()
|
||||
await self._db_session.refresh(db_resource)
|
||||
return db_resource
|
||||
|
||||
async def delete_resource(self, resource_id: UUID) -> bool:
|
||||
"""
|
||||
Delete a resource.
|
||||
"""
|
||||
|
||||
query = delete(models.Resource).where(models.Resource.resource_id == resource_id)
|
||||
result = await self._db_session.execute(query)
|
||||
await self._db_session.commit()
|
||||
return result.rowcount > 0
|
||||
|
||||
async def get_resource_pool(self, resource_pool_id: UUID) -> Optional[models.ResourcePool]:
|
||||
"""
|
||||
Get a resource pool by its ID.
|
||||
"""
|
||||
|
||||
query = select(models.ResourcePool).where(models.ResourcePool.resource_pool_id == resource_pool_id)
|
||||
result = await self._db_session.execute(query)
|
||||
return result.scalars().first()
|
||||
|
||||
async def get_resource_pool_by_name(self, name: str) -> Optional[models.ResourcePool]:
|
||||
"""
|
||||
Get a resource pool by its name.
|
||||
"""
|
||||
|
||||
query = select(models.ResourcePool).where(models.ResourcePool.name == name)
|
||||
result = await self._db_session.execute(query)
|
||||
return result.scalars().first()
|
||||
|
||||
async def get_resource_pools(self) -> List[models.ResourcePool]:
|
||||
"""
|
||||
Get all resource pools.
|
||||
"""
|
||||
|
||||
query = select(models.ResourcePool)
|
||||
result = await self._db_session.execute(query)
|
||||
return result.scalars().all()
|
||||
|
||||
async def create_resource_pool(self, resource_pool: schemas.ResourcePoolCreate) -> models.ResourcePool:
|
||||
"""
|
||||
Create a new resource pool.
|
||||
"""
|
||||
|
||||
db_resource_pool = models.ResourcePool(name=resource_pool.name)
|
||||
self._db_session.add(db_resource_pool)
|
||||
await self._db_session.commit()
|
||||
await self._db_session.refresh(db_resource_pool)
|
||||
return db_resource_pool
|
||||
|
||||
async def update_resource_pool(
|
||||
self,
|
||||
resource_pool_id: UUID,
|
||||
resource_pool_update: schemas.ResourcePoolUpdate
|
||||
) -> Optional[models.ResourcePool]:
|
||||
"""
|
||||
Update a resource pool.
|
||||
"""
|
||||
|
||||
update_values = resource_pool_update.model_dump(exclude_unset=True)
|
||||
query = update(models.ResourcePool).\
|
||||
where(models.ResourcePool.resource_pool_id == resource_pool_id).\
|
||||
values(update_values)
|
||||
|
||||
await self._db_session.execute(query)
|
||||
await self._db_session.commit()
|
||||
resource_pool_db = await self.get_resource_pool(resource_pool_id)
|
||||
if resource_pool_db:
|
||||
await self._db_session.refresh(resource_pool_db) # force refresh of updated_at value
|
||||
return resource_pool_db
|
||||
|
||||
async def delete_resource_pool(self, resource_pool_id: UUID) -> bool:
|
||||
"""
|
||||
Delete a resource pool.
|
||||
"""
|
||||
|
||||
query = delete(models.ResourcePool).where(models.ResourcePool.resource_pool_id == resource_pool_id)
|
||||
result = await self._db_session.execute(query)
|
||||
await self._db_session.commit()
|
||||
return result.rowcount > 0
|
||||
|
||||
async def add_resource_to_pool(
|
||||
self,
|
||||
resource_pool_id: UUID,
|
||||
resource: models.Resource
|
||||
) -> Union[None, models.ResourcePool]:
|
||||
"""
|
||||
Add a resource to a resource pool.
|
||||
"""
|
||||
|
||||
query = select(models.ResourcePool).\
|
||||
options(selectinload(models.ResourcePool.resources)).\
|
||||
where(models.ResourcePool.resource_pool_id == resource_pool_id)
|
||||
result = await self._db_session.execute(query)
|
||||
resource_pool_db = result.scalars().first()
|
||||
if not resource_pool_db:
|
||||
return None
|
||||
|
||||
resource_pool_db.resources.append(resource)
|
||||
await self._db_session.commit()
|
||||
await self._db_session.refresh(resource_pool_db)
|
||||
return resource_pool_db
|
||||
|
||||
async def remove_resource_from_pool(
|
||||
self,
|
||||
resource_pool_id: UUID,
|
||||
resource: models.Resource
|
||||
) -> Union[None, models.ResourcePool]:
|
||||
"""
|
||||
Remove a resource from a resource pool.
|
||||
"""
|
||||
|
||||
query = select(models.ResourcePool).\
|
||||
options(selectinload(models.ResourcePool.resources)).\
|
||||
where(models.ResourcePool.resource_pool_id == resource_pool_id)
|
||||
result = await self._db_session.execute(query)
|
||||
resource_pool_db = result.scalars().first()
|
||||
if not resource_pool_db:
|
||||
return None
|
||||
|
||||
resource_pool_db.resources.remove(resource)
|
||||
await self._db_session.commit()
|
||||
await self._db_session.refresh(resource_pool_db)
|
||||
return resource_pool_db
|
||||
|
||||
async def get_pool_resources(self, resource_pool_id: UUID) -> List[models.Resource]:
|
||||
"""
|
||||
Get all resources from a resource pool.
|
||||
"""
|
||||
|
||||
query = select(models.Resource).\
|
||||
join(models.Resource.resource_pools).\
|
||||
filter(models.ResourcePool.resource_pool_id == resource_pool_id)
|
||||
|
||||
result = await self._db_session.execute(query)
|
||||
return result.scalars().all()
|
@ -18,7 +18,7 @@
|
||||
from uuid import UUID
|
||||
from urllib.parse import urlparse
|
||||
from typing import Optional, List, Union
|
||||
from sqlalchemy import select, update, delete, null
|
||||
from sqlalchemy import select, update, delete
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from sqlalchemy.orm import selectinload
|
||||
|
||||
@ -309,6 +309,75 @@ class RbacRepository(BaseRepository):
|
||||
return True # only allow if the path is the original path or the ACE is set to propagate
|
||||
return False
|
||||
|
||||
async def _get_resources_in_pools(self, aces, path: str = None) -> List[models.Resource]:
|
||||
"""
|
||||
Get all resources in pools.
|
||||
"""
|
||||
|
||||
pool_resources = []
|
||||
for ace_path, ace_propagate, ace_allowed, ace_privilege in aces:
|
||||
if ace_path.startswith("/pool"):
|
||||
resource_pool_id = ace_path.split("/")[2]
|
||||
query = select(models.Resource). \
|
||||
join(models.Resource.resource_pools). \
|
||||
filter(models.ResourcePool.resource_pool_id == resource_pool_id)
|
||||
|
||||
result = await self._db_session.execute(query)
|
||||
resources = result.scalars().all()
|
||||
|
||||
for resource in resources:
|
||||
# we only support projects in resource pools for now
|
||||
if resource.resource_type == "project":
|
||||
if path:
|
||||
if path.startswith(f"/projects/{resource.resource_id}"):
|
||||
pool_resources.append(resource)
|
||||
else:
|
||||
pool_resources.append(resource)
|
||||
return pool_resources
|
||||
|
||||
async def _get_user_aces(self, user_id: UUID, privilege_name: str):
|
||||
"""
|
||||
Retrieve all user ACEs matching the user_id and privilege name.
|
||||
"""
|
||||
|
||||
query = select(models.ACE.path, models.ACE.propagate, models.ACE.allowed, models.Privilege.name).\
|
||||
join(models.Privilege.roles).\
|
||||
join(models.Role.acl_entries).\
|
||||
join(models.ACE.user). \
|
||||
filter(models.User.user_id == user_id).\
|
||||
filter(models.Privilege.name == privilege_name).\
|
||||
order_by(models.ACE.path.desc())
|
||||
|
||||
result = await self._db_session.execute(query)
|
||||
return result.all()
|
||||
|
||||
async def _get_group_aces(self, user_id: UUID, privilege_name: str):
|
||||
"""
|
||||
Retrieve all group ACEs matching the user_id and privilege name.
|
||||
"""
|
||||
|
||||
query = select(models.ACE.path, models.ACE.propagate, models.ACE.allowed, models.Privilege.name). \
|
||||
join(models.Privilege.roles). \
|
||||
join(models.Role.acl_entries). \
|
||||
join(models.ACE.group). \
|
||||
join(models.UserGroup.users).\
|
||||
filter(models.User.user_id == user_id). \
|
||||
filter(models.Privilege.name == privilege_name)
|
||||
|
||||
result = await self._db_session.execute(query)
|
||||
return result.all()
|
||||
|
||||
async def get_user_pool_resources(self, user_id: UUID, privilege_name: str) -> List[models.Resource]:
|
||||
"""
|
||||
Get all resources in pools belonging to a user and groups
|
||||
"""
|
||||
|
||||
user_aces = await self._get_user_aces(user_id, privilege_name)
|
||||
pool_resources = await self._get_resources_in_pools(user_aces)
|
||||
group_aces = await self._get_group_aces(user_id, privilege_name)
|
||||
pool_resources.extend(await self._get_resources_in_pools(group_aces))
|
||||
return list(set(pool_resources))
|
||||
|
||||
async def check_user_has_privilege(self, user_id: UUID, path: str, privilege_name: str) -> bool:
|
||||
"""
|
||||
Resource paths form a file system like tree and privileges can be inherited by paths down that tree
|
||||
@ -321,38 +390,34 @@ class RbacRepository(BaseRepository):
|
||||
* Privileges on deeper levels replace those inherited from an upper level.
|
||||
"""
|
||||
|
||||
# retrieve all user ACEs matching the user_id and privilege name
|
||||
query = select(models.ACE.path, models.ACE.propagate, models.ACE.allowed, models.Privilege.name).\
|
||||
join(models.Privilege.roles).\
|
||||
join(models.Role.acl_entries).\
|
||||
join(models.ACE.user). \
|
||||
filter(models.User.user_id == user_id).\
|
||||
filter(models.Privilege.name == privilege_name).\
|
||||
order_by(models.ACE.path.desc())
|
||||
|
||||
query = select(models.Resource)
|
||||
result = await self._db_session.execute(query)
|
||||
aces = result.all()
|
||||
resources = result.scalars().all()
|
||||
projects_in_pools = [f"/projects/{r.resource_id}" for r in resources if r.resource_type == "project"]
|
||||
path_is_in_pool = False
|
||||
for project_in_pool in projects_in_pools:
|
||||
if path.startswith(project_in_pool):
|
||||
path_is_in_pool = True
|
||||
break
|
||||
|
||||
aces = await self._get_user_aces(user_id, privilege_name)
|
||||
try:
|
||||
if self._check_path_with_aces(path, aces):
|
||||
# the user has an ACE matching the path and privilege,there is no need to check group ACEs
|
||||
if path_is_in_pool:
|
||||
if await self._get_resources_in_pools(aces, path):
|
||||
return True
|
||||
elif self._check_path_with_aces(path, aces):
|
||||
# the user has an ACE matching the path and privilege, there is no need to check group ACEs
|
||||
return True
|
||||
except PermissionError:
|
||||
return False
|
||||
|
||||
# retrieve all group ACEs matching the user_id and privilege name
|
||||
query = select(models.ACE.path, models.ACE.propagate, models.ACE.allowed, models.Privilege.name). \
|
||||
join(models.Privilege.roles). \
|
||||
join(models.Role.acl_entries). \
|
||||
join(models.ACE.group). \
|
||||
join(models.UserGroup.users).\
|
||||
filter(models.User.user_id == user_id). \
|
||||
filter(models.Privilege.name == privilege_name)
|
||||
|
||||
result = await self._db_session.execute(query)
|
||||
aces = result.all()
|
||||
|
||||
aces = await self._get_group_aces(user_id, privilege_name)
|
||||
try:
|
||||
return self._check_path_with_aces(path, aces)
|
||||
if path_is_in_pool:
|
||||
if await self._get_resources_in_pools(aces, path):
|
||||
return True
|
||||
elif self._check_path_with_aces(path, aces):
|
||||
return True
|
||||
except PermissionError:
|
||||
return False
|
||||
return False
|
||||
|
@ -31,6 +31,7 @@ from .controller.nodes import NodeCreate, NodeUpdate, NodeDuplicate, NodeCapture
|
||||
from .controller.projects import ProjectCreate, ProjectUpdate, ProjectDuplicate, Project, ProjectFile, ProjectCompression
|
||||
from .controller.users import UserCreate, UserUpdate, LoggedInUserUpdate, User, Credentials, UserGroupCreate, UserGroupUpdate, UserGroup
|
||||
from .controller.rbac import RoleCreate, RoleUpdate, Role, Privilege, ACECreate, ACEUpdate, ACE
|
||||
from .controller.pools import Resource, ResourceCreate, ResourcePoolCreate, ResourcePoolUpdate, ResourcePool
|
||||
from .controller.tokens import Token
|
||||
from .controller.snapshots import SnapshotCreate, Snapshot
|
||||
from .controller.iou_license import IOULicense
|
||||
|
81
gns3server/schemas/controller/pools.py
Normal file
81
gns3server/schemas/controller/pools.py
Normal file
@ -0,0 +1,81 @@
|
||||
#
|
||||
# Copyright (C) 2020 GNS3 Technologies Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from typing import Optional
|
||||
from pydantic import ConfigDict, BaseModel, Field
|
||||
from uuid import UUID
|
||||
from enum import Enum
|
||||
|
||||
from .base import DateTimeModelMixin
|
||||
|
||||
|
||||
class ResourceType(str, Enum):
|
||||
|
||||
project = "project"
|
||||
|
||||
|
||||
class ResourceBase(BaseModel):
|
||||
"""
|
||||
Common resource properties.
|
||||
"""
|
||||
|
||||
resource_id: UUID
|
||||
resource_type: ResourceType = Field(..., description="Type of the resource")
|
||||
name: Optional[str] = None
|
||||
model_config = ConfigDict(use_enum_values=True)
|
||||
|
||||
|
||||
class ResourceCreate(ResourceBase):
|
||||
"""
|
||||
Properties to create a resource.
|
||||
"""
|
||||
|
||||
pass
|
||||
|
||||
|
||||
class Resource(DateTimeModelMixin, ResourceBase):
|
||||
|
||||
model_config = ConfigDict(from_attributes=True)
|
||||
|
||||
|
||||
class ResourcePoolBase(BaseModel):
|
||||
"""
|
||||
Common resource pool properties.
|
||||
"""
|
||||
|
||||
name: str
|
||||
|
||||
|
||||
class ResourcePoolCreate(ResourcePoolBase):
|
||||
"""
|
||||
Properties to create a resource pool.
|
||||
"""
|
||||
|
||||
pass
|
||||
|
||||
|
||||
class ResourcePoolUpdate(ResourcePoolBase):
|
||||
"""
|
||||
Properties to update a resource pool.
|
||||
"""
|
||||
|
||||
pass
|
||||
|
||||
|
||||
class ResourcePool(DateTimeModelMixin, ResourcePoolBase):
|
||||
|
||||
resource_pool_id: UUID
|
||||
model_config = ConfigDict(from_attributes=True)
|
183
tests/api/routes/controller/test_pools.py
Normal file
183
tests/api/routes/controller/test_pools.py
Normal file
@ -0,0 +1,183 @@
|
||||
#!/usr/bin/env python
|
||||
#
|
||||
# Copyright (C) 2023 GNS3 Technologies Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import uuid
|
||||
import pytest
|
||||
import pytest_asyncio
|
||||
|
||||
from fastapi import FastAPI, status
|
||||
from httpx import AsyncClient
|
||||
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from gns3server.db.repositories.pools import ResourcePoolsRepository
|
||||
from gns3server.controller import Controller
|
||||
from gns3server.controller.project import Project
|
||||
from gns3server.schemas.controller.pools import ResourceCreate, ResourcePoolCreate
|
||||
|
||||
pytestmark = pytest.mark.asyncio
|
||||
|
||||
|
||||
class TestPoolRoutes:
|
||||
|
||||
async def test_resource_pool(self, app: FastAPI, client: AsyncClient) -> None:
|
||||
|
||||
new_group = {"name": "pool1"}
|
||||
response = await client.post(app.url_path_for("create_resource_pool"), json=new_group)
|
||||
assert response.status_code == status.HTTP_201_CREATED
|
||||
|
||||
async def test_get_resource_pool(self, app: FastAPI, client: AsyncClient, db_session: AsyncSession) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
pool_in_db = await pools_repo.get_resource_pool_by_name("pool1")
|
||||
response = await client.get(app.url_path_for("get_resource_pool", resource_pool_id=pool_in_db.resource_pool_id))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
assert response.json()["resource_pool_id"] == str(pool_in_db.resource_pool_id)
|
||||
|
||||
async def test_list_resource_pools(self, app: FastAPI, client: AsyncClient) -> None:
|
||||
|
||||
response = await client.get(app.url_path_for("get_resource_pools"))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
assert len(response.json()) == 1
|
||||
|
||||
async def test_update_resource_pool(self, app: FastAPI, client: AsyncClient, db_session: AsyncSession) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
pool_in_db = await pools_repo.get_resource_pool_by_name("pool1")
|
||||
|
||||
update_pool = {"name": "pool42"}
|
||||
response = await client.put(
|
||||
app.url_path_for("update_resource_pool", resource_pool_id=pool_in_db.resource_pool_id),
|
||||
json=update_pool
|
||||
)
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
updated_pool_in_db = await pools_repo.get_resource_pool(pool_in_db.resource_pool_id)
|
||||
assert updated_pool_in_db.name == "pool42"
|
||||
|
||||
async def test_resource_group(
|
||||
self,
|
||||
app: FastAPI,
|
||||
client: AsyncClient,
|
||||
db_session: AsyncSession
|
||||
) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
pool_in_db = await pools_repo.get_resource_pool_by_name("pool42")
|
||||
response = await client.delete(app.url_path_for("delete_resource_pool", resource_pool_id=pool_in_db.resource_pool_id))
|
||||
assert response.status_code == status.HTTP_204_NO_CONTENT
|
||||
|
||||
|
||||
class TestResourcesPoolRoutes:
|
||||
|
||||
@pytest_asyncio.fixture
|
||||
async def project(self, app: FastAPI, client: AsyncClient, controller: Controller) -> Project:
|
||||
project_id = str(uuid.uuid4())
|
||||
params = {"name": "test", "project_id": project_id}
|
||||
await client.post(app.url_path_for("create_project"), json=params)
|
||||
return controller.get_project(project_id)
|
||||
|
||||
async def test_add_resource_to_pool(
|
||||
self,
|
||||
app: FastAPI,
|
||||
client: AsyncClient,
|
||||
db_session: AsyncSession,
|
||||
project: Project
|
||||
) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
new_resource_pool = ResourcePoolCreate(
|
||||
name="pool1",
|
||||
)
|
||||
pool_in_db = await pools_repo.create_resource_pool(new_resource_pool)
|
||||
response = await client.put(
|
||||
app.url_path_for(
|
||||
"add_resource_to_pool",
|
||||
resource_pool_id=pool_in_db.resource_pool_id,
|
||||
resource_id=str(project.id)
|
||||
)
|
||||
)
|
||||
assert response.status_code == status.HTTP_204_NO_CONTENT
|
||||
resources = await pools_repo.get_pool_resources(pool_in_db.resource_pool_id)
|
||||
assert len(resources) == 1
|
||||
assert str(resources[0].resource_id) == project.id
|
||||
|
||||
async def test_add_to_resource_already_in_resource_pool(
|
||||
self,
|
||||
app: FastAPI,
|
||||
client: AsyncClient,
|
||||
db_session: AsyncSession,
|
||||
project: Project
|
||||
) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
pool_in_db = await pools_repo.get_resource_pool_by_name("pool1")
|
||||
resource_create = ResourceCreate(resource_id=project.id, resource_type="project")
|
||||
resource = await pools_repo.create_resource(resource_create)
|
||||
await pools_repo.add_resource_to_pool(pool_in_db.resource_pool_id, resource)
|
||||
|
||||
response = await client.put(
|
||||
app.url_path_for(
|
||||
"add_resource_to_pool",
|
||||
resource_pool_id=pool_in_db.resource_pool_id,
|
||||
resource_id=str(resource.resource_id)
|
||||
)
|
||||
)
|
||||
assert response.status_code == status.HTTP_400_BAD_REQUEST
|
||||
|
||||
async def test_get_pool_resources(
|
||||
self,
|
||||
app: FastAPI,
|
||||
client: AsyncClient,
|
||||
db_session: AsyncSession
|
||||
) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
pool_in_db = await pools_repo.get_resource_pool_by_name("pool1")
|
||||
response = await client.get(
|
||||
app.url_path_for(
|
||||
"get_pool_resources",
|
||||
resource_pool_id=pool_in_db.resource_pool_id)
|
||||
)
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
assert len(response.json()) == 2
|
||||
|
||||
async def test_remove_resource_from_pool(
|
||||
self,
|
||||
app: FastAPI,
|
||||
client: AsyncClient,
|
||||
db_session: AsyncSession,
|
||||
project: Project
|
||||
) -> None:
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
pool_in_db = await pools_repo.get_resource_pool_by_name("pool1")
|
||||
resource_create = ResourceCreate(resource_id=project.id, resource_type="project")
|
||||
resource = await pools_repo.create_resource(resource_create)
|
||||
await pools_repo.add_resource_to_pool(pool_in_db.resource_pool_id, resource)
|
||||
|
||||
resources = await pools_repo.get_pool_resources(pool_in_db.resource_pool_id)
|
||||
assert len(resources) == 3
|
||||
|
||||
response = await client.delete(
|
||||
app.url_path_for(
|
||||
"remove_resource_from_pool",
|
||||
resource_pool_id=pool_in_db.resource_pool_id,
|
||||
resource_id=str(project.id)
|
||||
),
|
||||
)
|
||||
assert response.status_code == status.HTTP_204_NO_CONTENT
|
||||
resources = await pools_repo.get_pool_resources(pool_in_db.resource_pool_id)
|
||||
assert len(resources) == 2
|
@ -17,14 +17,18 @@
|
||||
|
||||
import pytest
|
||||
import pytest_asyncio
|
||||
import uuid
|
||||
|
||||
from fastapi import FastAPI, status
|
||||
from httpx import AsyncClient
|
||||
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from gns3server.controller import Controller
|
||||
from gns3server.db.repositories.rbac import RbacRepository
|
||||
from gns3server.db.repositories.users import UsersRepository
|
||||
from gns3server.db.repositories.pools import ResourcePoolsRepository
|
||||
from gns3server.schemas.controller.rbac import ACECreate
|
||||
from gns3server.schemas.controller.pools import ResourceCreate, ResourcePoolCreate
|
||||
from gns3server.db.models import User
|
||||
|
||||
pytestmark = pytest.mark.asyncio
|
||||
@ -128,6 +132,113 @@ class TestPrivileges:
|
||||
authorized = await RbacRepository(db_session).check_user_has_privilege(test_user.user_id, path, privilege)
|
||||
assert authorized is True
|
||||
|
||||
|
||||
class TestResourcePools:
|
||||
|
||||
async def test_resource_pool(self, test_user: User, db_session: AsyncSession):
|
||||
|
||||
project_id = uuid.uuid4()
|
||||
project_name = "project42"
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
new_resource_pool = ResourcePoolCreate(name="pool1")
|
||||
pool_in_db = await pools_repo.create_resource_pool(new_resource_pool)
|
||||
|
||||
resource_create = ResourceCreate(resource_id=project_id, resource_type="project", name=project_name)
|
||||
resource = await pools_repo.create_resource(resource_create)
|
||||
await pools_repo.add_resource_to_pool(pool_in_db.resource_pool_id, resource)
|
||||
|
||||
group_id = (await UsersRepository(db_session).get_user_group_by_name("Users")).user_group_id
|
||||
role_id = (await RbacRepository(db_session).get_role_by_name("User")).role_id
|
||||
ace = ACECreate(
|
||||
path=f"/pools/{pool_in_db.resource_pool_id}",
|
||||
ace_type="group",
|
||||
propagate=False,
|
||||
group_id=str(group_id),
|
||||
role_id=str(role_id)
|
||||
)
|
||||
await RbacRepository(db_session).create_ace(ace)
|
||||
|
||||
privilege = "Project.Audit"
|
||||
path = f"/projects/{project_id}"
|
||||
authorized = await RbacRepository(db_session).check_user_has_privilege(test_user.user_id, path, privilege)
|
||||
assert authorized is True
|
||||
|
||||
async def test_list_projects_in_resource_pool(
|
||||
self,
|
||||
app: FastAPI,
|
||||
controller: Controller,
|
||||
authorized_client: AsyncClient,
|
||||
db_session: AsyncSession
|
||||
) -> None:
|
||||
|
||||
uuid1 = str(uuid.uuid4())
|
||||
uuid2 = str(uuid.uuid4())
|
||||
uuid3 = str(uuid.uuid4())
|
||||
await controller.add_project(project_id=uuid1, name="Project1")
|
||||
await controller.add_project(project_id=uuid2, name="Project2")
|
||||
await controller.add_project(project_id=uuid3, name="Project3")
|
||||
|
||||
# user has no access to projects (no ACE on /projects or resource pools)
|
||||
response = await authorized_client.get(app.url_path_for("get_projects"))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
assert len(response.json()) == 0
|
||||
|
||||
pools_repo = ResourcePoolsRepository(db_session)
|
||||
new_resource_pool = ResourcePoolCreate(name="pool2")
|
||||
pool_in_db = await pools_repo.create_resource_pool(new_resource_pool)
|
||||
|
||||
resource_create = ResourceCreate(resource_id=uuid2, resource_type="project", name="Project2")
|
||||
resource = await pools_repo.create_resource(resource_create)
|
||||
await pools_repo.add_resource_to_pool(pool_in_db.resource_pool_id, resource)
|
||||
|
||||
group_id = (await UsersRepository(db_session).get_user_group_by_name("Users")).user_group_id
|
||||
role_id = (await RbacRepository(db_session).get_role_by_name("User")).role_id
|
||||
ace = ACECreate(
|
||||
path=f"/pools/{pool_in_db.resource_pool_id}",
|
||||
ace_type="group",
|
||||
propagate=False,
|
||||
group_id=str(group_id),
|
||||
role_id=str(role_id)
|
||||
)
|
||||
await RbacRepository(db_session).create_ace(ace)
|
||||
|
||||
response = await authorized_client.get(app.url_path_for("get_project", project_id=uuid2))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
assert response.json()["name"] == "Project2"
|
||||
|
||||
# user should only see one project because it is in the resource pool he has access to
|
||||
response = await authorized_client.get(app.url_path_for("get_projects"))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
projects = response.json()
|
||||
assert len(projects) == 1
|
||||
assert projects[0]["project_id"] == uuid2
|
||||
|
||||
ace = ACECreate(
|
||||
path=f"/projects",
|
||||
ace_type="group",
|
||||
propagate=True,
|
||||
group_id=str(group_id),
|
||||
role_id=str(role_id)
|
||||
)
|
||||
await RbacRepository(db_session).create_ace(ace)
|
||||
|
||||
# now user should see all projects because he has access to /projects and the resource pool
|
||||
response = await authorized_client.get(app.url_path_for("get_projects"))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
projects = response.json()
|
||||
assert len(projects) == 3
|
||||
|
||||
await RbacRepository(db_session).delete_all_ace_starting_with_path(f"/pools/{pool_in_db.resource_pool_id}")
|
||||
response = await authorized_client.get(app.url_path_for("get_project", project_id=uuid2))
|
||||
assert response.status_code == status.HTTP_403_FORBIDDEN
|
||||
|
||||
# now user should only see the projects that are not in a resource pool
|
||||
response = await authorized_client.get(app.url_path_for("get_projects"))
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
assert len(response.json()) == 2
|
||||
|
||||
|
||||
# class TestProjectsWithRbac:
|
||||
#
|
||||
# async def test_admin_create_project(self, app: FastAPI, client: AsyncClient):
|
||||
|
Loading…
Reference in New Issue
Block a user