Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Romain Courteaud
slapos.core
Commits
b34ed47d
Commit
b34ed47d
authored
Dec 01, 2022
by
Romain Courteaud
🐙
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos_erp5: draft Remote Node security
parent
2cd6cbc3
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
138 additions
and
0 deletions
+138
-0
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Remote%20Node.xml
...slapos_erp5/PortalTypeRolesTemplateItem/Remote%20Node.xml
+26
-0
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5VirtualMasterScenario.py
...mponents/test.erp5.testSlapOSERP5VirtualMasterScenario.py
+109
-0
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
...pos_interaction_workflow/interaction_ComputeNode_edit.xml
+1
-0
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_reindexObject.xml
...action_workflow/interaction_ComputeNode_reindexObject.xml
+1
-0
master/bt5/slapos_erp5/bt/template_portal_type_role_list
master/bt5/slapos_erp5/bt/template_portal_type_role_list
+1
-0
No files found.
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Remote%20Node.xml
0 → 100644
View file @
b34ed47d
<type_roles>
<role
id=
'Auditor'
>
<property
id=
'title'
>
Project Customer
</property>
<property
id=
'description'
>
XXX add local role group
</property>
<property
id=
'condition'
>
python: context.getFollowUp("") != ""
</property>
<property
id=
'base_category_script'
>
ERP5Type_getSecurityCategoryFromContent
</property>
<multi_property
id=
'category'
>
function/customer
</multi_property>
<multi_property
id=
'base_category'
>
follow_up
</multi_property>
</role>
<role
id=
'Assignee'
>
<property
id=
'title'
>
Project Production Agent
</property>
<property
id=
'description'
>
XXX add local role group
</property>
<property
id=
'condition'
>
python: context.getFollowUp("") != ""
</property>
<property
id=
'base_category_script'
>
ERP5Type_getSecurityCategoryFromContent
</property>
<multi_property
id=
'category'
>
function/production/agent
</multi_property>
<multi_property
id=
'base_category'
>
follow_up
</multi_property>
</role>
<role
id=
'Assignor'
>
<property
id=
'title'
>
Project Production Manager
</property>
<property
id=
'description'
>
XXX add local role group
</property>
<property
id=
'condition'
>
python: context.getFollowUp("") != ""
</property>
<property
id=
'base_category_script'
>
ERP5Type_getSecurityCategoryFromContent
</property>
<multi_property
id=
'category'
>
function/production/manager
</multi_property>
<multi_property
id=
'base_category'
>
follow_up
</multi_property>
</role>
</type_roles>
\ No newline at end of file
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5VirtualMasterScenario.py
View file @
b34ed47d
...
...
@@ -40,6 +40,27 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
project
.
validate
()
return
project
def
requestRemoteNode
(
self
,
project
):
remote_node
=
self
.
portal
.
compute_node_module
.
newContent
(
portal_type
=
'Remote Node'
,
title
=
'remote-%s'
%
self
.
generateNewId
(),
follow_up_value
=
project
,
# XXX
capacity_scope
=
'close'
)
self
.
setServerOpenPublic
(
remote_node
)
remote_node
.
setCapacityScope
(
'open'
)
# XXX format
partition
=
remote_node
.
newContent
(
portal_type
=
'Compute Partition'
,
reference
=
'slapremote0'
)
partition
.
markFree
()
partition
.
validate
()
remote_node
.
validate
()
return
remote_node
def
addSoftwareProduct
(
self
,
title
,
project
,
public_server_software
,
public_instance_type
):
software_product
=
self
.
portal
.
software_product_module
.
newContent
(
...
...
@@ -726,6 +747,94 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
assert
last_message
is
None
,
last_message
def
test_virtual_master_on_remote_tree_without_accounting_scenario
(
self
):
# create a default project
project
=
self
.
addProject
()
self
.
web_site
=
self
.
portal
.
web_site_module
.
slapos_master_panel
preference
=
self
.
portal
.
portal_preferences
.
slapos_default_system_preference
preference
.
edit
(
preferred_subscription_assignment_category_list
=
[
'function/customer'
,
'role/client'
,
'destination_project/%s'
%
project
.
getRelativeUrl
()
]
)
# some preparation
self
.
logout
()
# lets join as slapos administrator, which will own few compute_nodes
owner_reference
=
'owner-%s'
%
self
.
generateNewId
()
self
.
joinSlapOS
(
self
.
web_site
,
owner_reference
)
self
.
login
()
owner_person
=
self
.
portal
.
portal_catalog
.
getResultValue
(
portal_type
=
"ERP5 Login"
,
reference
=
owner_reference
).
getParentValue
()
# first slapos administrator assignment can only be created by
# the erp5 manager
self
.
addProjectProductionManagerAssignment
(
owner_person
,
project
)
self
.
tic
()
# hooray, now it is time to create compute_nodes
self
.
login
(
owner_person
.
getUserId
())
remote_server
=
self
.
requestRemoteNode
(
project
)
# and install some software on them
public_server_software
=
self
.
generateNewSoftwareReleaseUrl
()
remote_server
.
requestSoftwareRelease
(
software_release_url
=
public_server_software
,
state
=
'available'
)
#software_product, release_variation, type_variation = self.addSoftwareProduct(
public_instance_type
=
'public type'
software_product
,
software_release
,
software_type
=
self
.
addSoftwareProduct
(
"instance product"
,
project
,
public_server_software
,
public_instance_type
)
self
.
addAllocationSupply
(
"for compute node"
,
remote_server
,
software_product
,
software_release
,
software_type
,
is_slave_on_same_instance_tree_allocable
=
True
)
# join as the another visitor and request software instance on public
# compute_node
self
.
logout
()
public_reference
=
'public-%s'
%
self
.
generateNewId
()
self
.
joinSlapOS
(
self
.
web_site
,
public_reference
)
self
.
login
()
public_person
=
self
.
portal
.
portal_catalog
.
getResultValue
(
portal_type
=
"ERP5 Login"
,
reference
=
public_reference
).
getParentValue
()
public_instance_title
=
'Public title %s'
%
self
.
generateNewId
()
self
.
checkRemoteInstanceAllocation
(
public_person
.
getUserId
(),
public_reference
,
public_instance_title
,
public_server_software
,
public_instance_type
,
remote_server
,
project
.
getReference
())
self
.
tic
()
self
.
login
()
# Ensure no unexpected object has been created
# 3 (can reduce to 2) assignment, 1 instance tree, 1 remote node, 1 software installation
# 1 software instance
# 2 credential request
# 1 software product
# 3 allocation supply/line/cell
related_object_list
=
project
.
Base_getRelatedObjectList
(
**
{
'category.category_strict_membership'
:
1
})
assert
len
(
related_object_list
)
==
13
,
[
x
.
getRelativeUrl
()
for
x
in
related_object_list
]
self
.
stepcheckERP5Consistency
()
# after accept, an email is send containing the reset link
last_message
=
self
.
portal
.
MailHost
.
_last_message
assert
last_message
is
None
,
last_message
def
test_open_order_with_service_scenario
(
self
):
# create a default project
...
...
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
View file @
b34ed47d
...
...
@@ -34,6 +34,7 @@
<tuple>
<string>
Compute Node
</string>
<string>
Instance Node
</string>
<string>
Remote Node
</string>
</tuple>
</value>
</item>
...
...
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_reindexObject.xml
View file @
b34ed47d
...
...
@@ -31,6 +31,7 @@
<value>
<tuple>
<string>
Compute Node
</string>
<string>
Remote Node
</string>
</tuple>
</value>
</item>
...
...
master/bt5/slapos_erp5/bt/template_portal_type_role_list
View file @
b34ed47d
...
...
@@ -72,6 +72,7 @@ Project Module
Purchase Invoice Transaction
Regularisation Request
Regularisation Request Module
Remote Node
Restricted Access Token
Sale Invoice Transaction
Sale Packing List
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment