From a7e8a14c2d046ee2829f501aea889b6ffb47360c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Tr=C4=99bski?= <tomasz.trebski@ts.fujitsu.com>
Date: Fri, 9 Jun 2017 10:19:27 +0200
Subject: [PATCH] Add monitoring_policy.json

monasca-ui misses policies file to control the permissions
over actions executed from within Horizon plugin.

Extra:
* enabled running tests with configured policies
* removed unbounded policy sample file

Change-Id: I273f06332fa11a81ea8de2c13059dce9d160e90d
---
 README.md                              |  9 ++--
 monasca_policy.json.sample             |  7 ---
 monitoring/conf/monitoring_policy.json | 12 +++++
 monitoring/config/local_settings.py    | 10 +++-
 monitoring/test/helpers.py             | 64 +++++++++-----------------
 test-requirements.txt                  |  1 -
 tox.ini                                | 17 +++++--
 7 files changed, 60 insertions(+), 60 deletions(-)
 delete mode 100644 monasca_policy.json.sample
 create mode 100644 monitoring/conf/monitoring_policy.json

diff --git a/README.md b/README.md
index 9994c07b..ea2075ec 100644
--- a/README.md
+++ b/README.md
@@ -53,8 +53,11 @@ For more details go to http://docs.openstack.org/developer/horizon/quickstart.ht
 * Link monasca into Horizon:
 
 ```
-cp ../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py openstack_dashboard/enabled/.
-ln -s ../monasca-ui/monitoring monitoring
+ln -sf $(pwd)/../monasca-ui/monitoring/enabled/_50_admin_add_monitoring_panel.py \
+    $(pwd)/openstack_dashboard/enabled/_50_admin_add_monitoring_panel.py
+ln -sf $(pwd)/../monasca-ui/monitoring/conf/monitoring_policy.json \
+    $(pwd)/openstack_dashboard/conf/monitoring_policy.json
+ln -sfF $(pwd)/../monasca-ui/monitoring $(pwd)/monitoring
 ./run_tests #load monasca-client into virtualenv
 ```
 
@@ -86,7 +89,7 @@ you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
     http://www.apache.org/licenses/LICENSE-2.0
-    
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
diff --git a/monasca_policy.json.sample b/monasca_policy.json.sample
deleted file mode 100644
index 97793d4e..00000000
--- a/monasca_policy.json.sample
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "context_is_admin":  "role:admin",
-    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
-    "default": "rule:admin_required",
-
-    "monitoring:monitoring": "rule:admin_required",
-}
diff --git a/monitoring/conf/monitoring_policy.json b/monitoring/conf/monitoring_policy.json
new file mode 100644
index 00000000..693bc5b7
--- /dev/null
+++ b/monitoring/conf/monitoring_policy.json
@@ -0,0 +1,12 @@
+{
+    "owner" : "user_id:%(user_id)s",
+    "admin_required": "role:admin or is_admin:1",
+    "admin_or_owner": "rule:admin_required or rule:owner",
+
+    "monasca_user_role": "role:monasca-user",
+
+    "default": "@",
+
+    "monitoring:monitoring": "rule:admin_or_owner",
+    "monitoring:kibana_access": "rule:monasca_user_role"
+}
diff --git a/monitoring/config/local_settings.py b/monitoring/config/local_settings.py
index 45a10de6..d0a9ca76 100644
--- a/monitoring/config/local_settings.py
+++ b/monitoring/config/local_settings.py
@@ -67,9 +67,15 @@ DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
 GRAFANA_URL = getattr(settings, 'GRAFANA_URL', None)
 
 ENABLE_KIBANA_BUTTON = getattr(settings, 'ENABLE_KIBANA_BUTTON', False)
-KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', 'admin_required')
-KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', 'identity')
+KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE',
+                             'monitoring:kibana_access')
+KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE',
+                              'monitoring')
 KIBANA_HOST = getattr(settings, 'KIBANA_HOST', 'http://192.168.10.4:5601/')
 
 OPENSTACK_SSL_NO_VERIFY = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
 OPENSTACK_SSL_CACERT = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
+
+POLICY_FILES = getattr(settings, 'POLICY_FILES', {})
+POLICY_FILES.update({'monitoring': 'monitoring_policy.json',}) # noqa
+setattr(settings, 'POLICY_FILES', POLICY_FILES)
diff --git a/monitoring/test/helpers.py b/monitoring/test/helpers.py
index f9615103..afd89984 100644
--- a/monitoring/test/helpers.py
+++ b/monitoring/test/helpers.py
@@ -16,9 +16,10 @@ import unittest
 import warnings
 
 from django.core.handlers import wsgi
+import mock
+from openstack_dashboard.test import helpers
 
 from monitoring.test.test_data import utils as test_data_utils
-from openstack_dashboard.test import helpers as openstack_dashboard_helpers
 
 
 # Makes output of failing mox tests much easier to read.
@@ -30,53 +31,30 @@ warnings.filterwarnings('ignore', 'With-statements now directly support '
                         r'^tuskar_ui[.].*[._]tests$')
 
 
-def create_stubs(stubs_to_create={}):
-    return openstack_dashboard_helpers.create_stubs(stubs_to_create)
+def create_stubs(stubs_to_create=None):
+    if stubs_to_create is None:
+        stubs_to_create = {}
+    return helpers.create_stubs(stubs_to_create)
+
+
+class MonitoringTestsMixin(object):
+    def _setup_test_data(self):
+        super(MonitoringTestsMixin, self)._setup_test_data()
+        test_data_utils.load_test_data(self)
+        self.policy_patcher = mock.patch(
+            'openstack_auth.policy.check', lambda action, request: True)
+        self.policy_check = self.policy_patcher.start()
 
 
 @unittest.skipIf(os.environ.get('SKIP_UNITTESTS', False),
                  "The SKIP_UNITTESTS env variable is set.")
-class TestCase(openstack_dashboard_helpers.TestCase):
-    """Specialized base test case class for Horizon which gives access to
-    numerous additional features:
-
-      * A full suite of test data through various attached objects and
-        managers (e.g. ``self.servers``, ``self.user``, etc.). See the
-        docs for :class:`~horizon.tests.test_data.utils.TestData` for more
-        information.
-      * The ``mox`` mocking framework via ``self.mox``.
-      * A set of request context data via ``self.context``.
-      * A ``RequestFactory`` class which supports Django's ``contrib.messages``
-        framework via ``self.factory``.
-      * A ready-to-go request object via ``self.request``.
-      * The ability to override specific time data controls for easier testing.
-      * Several handy additional assertion methods.
-    """
-    def setUp(self):
-        super(TestCase, self).setUp()
-
-        # load tuskar-specific test data
-        test_data_utils.load_test_data(self)
+class TestCase(MonitoringTestsMixin, helpers.TestCase):
+    pass
 
 
-class BaseAdminViewTests(openstack_dashboard_helpers.BaseAdminViewTests):
-    """A ``TestCase`` subclass which sets an active user with the "admin" role
-    for testing admin-only views and functionality.
-    """
-    def setUp(self):
-        super(BaseAdminViewTests, self).setUp()
-
-        # load tuskar-specific test data
-        test_data_utils.load_test_data(self)
+class BaseAdminViewTests(MonitoringTestsMixin, helpers.BaseAdminViewTests):
+    pass
 
 
-class APITestCase(openstack_dashboard_helpers.APITestCase):
-    """The ``APITestCase`` class is for use with tests which deal with the
-    underlying clients rather than stubbing out the
-    openstack_dashboard.api.* methods.
-    """
-    def setUp(self):
-        super(APITestCase, self).setUp()
-
-        # load tuskar-specfic test data
-        test_data_utils.load_test_data(self)
+class APITestCase(MonitoringTestsMixin, helpers.APITestCase):
+    pass
diff --git a/test-requirements.txt b/test-requirements.txt
index 96c61c72..d0081c71 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -19,4 +19,3 @@ selenium>=2.50.1 # Apache-2.0
 # Docs Requirements
 sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
-http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon
diff --git a/tox.ini b/tox.ini
index e3de8284..e9964fe8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 envlist = py27,pep8
-minversion = 2.0
+minversion = 2.6
 skipsdist = True
 
 [testenv]
@@ -15,14 +15,23 @@ passenv =  http_proxy
            HTTPS_PROXY
            no_proxy
            NO_PROXY
-deps = -r{toxinidir}/test-requirements.txt
-       -r{toxinidir}/requirements.txt
+deps =
+    -r{toxinidir}/requirements.txt
+    -r{toxinidir}/test-requirements.txt
+    http://tarballs.openstack.org/horizon/horizon-master.tar.gz#egg=horizon
 install_command = {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
-whitelist_externals = find
+whitelist_externals =
+    /bin/bash
+    find
 commands =
     find . -type f -name "*.pyc" -delete
     /bin/bash run_tests.sh -N {posargs}
 
+[testenv:py27]
+setenv =
+   {[testenv]setenv}
+   DJANGO_SETTINGS_MODULE=monitoring.test.settings
+
 [testenv:pep8]
 commands = /bin/bash run_tests.sh -N --pep8