slapos_erp5:

* draft Remote Node security * create 2 projects to simulate remote allocation * remote node security interaction workflow

slapos_erp5:
* draft Remote Node security * create 2 projects to simulate remote allocation * remote node security interaction workflow
ff858ce7 · Romain Courteaud · fc578f5c · ff858ce7 · ff858ce7 · ff858ce7
Commit ff858ce7 authored Dec 01, 2022 by Romain Courteaud
7 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Remote%20Node.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Remote%20Node.xml
+<type_roles>
+  <role id='Auditor'>
+   <property id='title'>Project Customer</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
+++ b/master/bt5/slapos_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
@@ -107,6 +107,10 @@
  <type>Purchase Packing List Line</type>
  <workflow>-immobilisation_movement_interaction_workflow</workflow>
 </chain>
+ <chain>
+  <type>Remote Node</type>
+  <workflow>local_permission_slapos_interaction_workflow</workflow>
+ </chain>
 <chain>
  <type>Restricted Access Token</type>
  <workflow>local_permission_slapos_interaction_workflow</workflow>

--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5VirtualMasterScenario.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5VirtualMasterScenario.py
@@ -40,6 +40,27 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
    project.validate()
    return project
+  def requestRemoteNode(self, project):
+    remote_node = self.portal.compute_node_module.newContent(
+      portal_type='Remote Node',
+      title='remote-%s' % self.generateNewId(),
+      follow_up_value=project,
+      # XXX
+      capacity_scope='close'
+    )
+    self.setServerOpenPublic(remote_node)
+    remote_node.setCapacityScope('open')
+    # XXX format
+    partition = remote_node.newContent(
+      portal_type='Compute Partition',
+      reference='slapremote0'
+    )
+    partition.markFree()
+    partition.validate()
+    remote_node.validate()
+    return remote_node
  def addSoftwareProduct(self, title, project, public_server_software,
                         public_instance_type):
    software_product = self.portal.software_product_module.newContent(
@@ -726,6 +747,162 @@ class TestSlapOSVirtualMasterScenario(DefaultScenarioMixin):
    assert last_message is None, last_message
+  def test_virtual_master_on_remote_tree_without_accounting_scenario(self):
+    self.web_site = self.portal.web_site_module.slapos_master_panel
+    preference = self.portal.portal_preferences.slapos_default_system_preference
+    ####################################
+    # Create a remote project
+    ####################################
+    remote_project = self.addProject()
+    preference.edit(
+      preferred_subscription_assignment_category_list=[
+        'function/customer',
+        'role/client',
+        'destination_project/%s' % remote_project.getRelativeUrl()
+      ]
+    )
+    # some preparation
+    self.logout()
+    # lets join as slapos administrator, which will own few compute_nodes
+    remote_owner_reference = 'remote-owner-%s' % self.generateNewId()
+    self.joinSlapOS(self.web_site, remote_owner_reference)
+    self.login()
+    remote_owner_person = self.portal.portal_catalog.getResultValue(
+      portal_type="ERP5 Login",
+      reference=remote_owner_reference).getParentValue()
+    # first slapos administrator assignment can only be created by
+    # the erp5 manager
+    self.addProjectProductionManagerAssignment(remote_owner_person, remote_project)
+    self.tic()
+    # hooray, now it is time to create compute_nodes
+    self.login(remote_owner_person.getUserId())
+    remote_server_title = 'Remote Server for %s' % remote_owner_person
+    remote_server_id = self.requestComputeNode(remote_server_title, remote_project.getReference())
+    remote_server = self.portal.portal_catalog.getResultValue(
+        portal_type='Compute Node', reference=remote_server_id)
+    self.setAccessToMemcached(remote_server)
+    self.assertNotEqual(None, remote_server)
+    self.setServerOpenPublic(remote_server)
+    # and install some software on them
+    remote_server_software = self.generateNewSoftwareReleaseUrl()
+    remote_instance_type = 'public type'
+    self.supplySoftware(remote_server, remote_server_software)
+    # format the compute_nodes
+    self.formatComputeNode(remote_server)
+    remote_software_product, remote_release_variation, remote_type_variation = self.addSoftwareProduct(
+      "remote product", remote_project, remote_server_software, remote_instance_type
+    )
+    self.addAllocationSupply("for compute node", remote_server, remote_software_product,
+                             remote_release_variation, remote_type_variation)
+    # join as the another visitor and request software instance on public
+    # compute_node
+    self.logout()
+    remote_public_reference = 'remote-public-%s' % self.generateNewId()
+    self.joinSlapOS(self.web_site, remote_public_reference)
+    self.login()
+    remote_public_person = self.portal.portal_catalog.getResultValue(
+      portal_type="ERP5 Login",
+      reference=remote_public_reference).getParentValue()
+    ####################################
+    # Create a local project
+    ####################################
+    project = self.addProject()
+    preference.edit(
+      preferred_subscription_assignment_category_list=[
+        'function/customer',
+        'role/client',
+        'destination_project/%s' % project.getRelativeUrl()
+      ]
+    )
+    owner_person = remote_public_person
+    # first slapos administrator assignment can only be created by
+    # the erp5 manager
+    self.addProjectProductionManagerAssignment(owner_person, project)
+    self.tic()
+    # hooray, now it is time to create compute_nodes
+    self.login(owner_person.getUserId())
+    remote_server = self.requestRemoteNode(project)
+    # and install some software on them
+    public_server_software = self.generateNewSoftwareReleaseUrl()
+    remote_server.requestSoftwareRelease(software_release_url=public_server_software,
+                                         state='available')
+    #software_product, release_variation, type_variation = self.addSoftwareProduct(
+    public_instance_type = 'public type'
+    software_product, software_release, software_type = self.addSoftwareProduct(
+      "instance product", project, public_server_software, public_instance_type
+    )
+    self.addAllocationSupply("for compute node", remote_server, software_product,
+                             software_release, software_type,
+                             is_slave_on_same_instance_tree_allocable=True)
+    # join as the another visitor and request software instance on public
+    # compute_node
+    self.logout()
+    public_reference = 'public-%s' % self.generateNewId()
+    self.joinSlapOS(self.web_site, public_reference)
+    self.login()
+    public_person = self.portal.portal_catalog.getResultValue(
+      portal_type="ERP5 Login",
+      reference=public_reference).getParentValue()
+    public_instance_title = 'Public title %s' % self.generateNewId()
+    self.checkRemoteInstanceAllocation(public_person.getUserId(),
+        public_reference, public_instance_title,
+        public_server_software, public_instance_type,
+        remote_server, project.getReference())
+    self.tic()
+    self.login()
+    # Ensure no unexpected object has been created
+    # 3 (can reduce to 2) assignment, 1 remote node, 1 software installation
+    # 2 credential request
+    # 1 software product
+    # 3 allocation supply/line/cell
+    related_object_list = remote_project.Base_getRelatedObjectList(**{'category.category_strict_membership': 1})
+    assert len(related_object_list) == 11, [x.getRelativeUrl() for x in related_object_list]
+    # Ensure no unexpected object has been created
+    # 2 (can reduce to 2) assignment, 1 instance tree, 1 remote node, 1 software installation
+    # 1 software instance
+    # 1 credential request
+    # 1 software product
+    # 3 allocation supply/line/cell
+    related_object_list = project.Base_getRelatedObjectList(**{'category.category_strict_membership': 1})
+    assert len(related_object_list) == 11, [x.getRelativeUrl() for x in related_object_list]
+    self.stepcheckERP5Consistency()
+    # after accept, an email is send containing the reset link
+    last_message = self.portal.MailHost._last_message
+    assert last_message is None, last_message
  def test_open_order_with_service_scenario(self):
    # create a default project

--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
@@ -34,6 +34,7 @@
              <tuple>
                <string>Compute Node</string>
                <string>Instance Node</string>
+                <string>Remote Node</string>
              </tuple>
            </value>
        </item>

--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_reindexObject.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_reindexObject.xml
@@ -31,6 +31,7 @@
            <value>
              <tuple>
                <string>Compute Node</string>
+                <string>Remote Node</string>
              </tuple>
            </value>
        </item>

--- a/master/bt5/slapos_erp5/bt/template_portal_type_role_list
+++ b/master/bt5/slapos_erp5/bt/template_portal_type_role_list
@@ -72,6 +72,7 @@ Project Module
 Purchase Invoice Transaction
 Regularisation Request
 Regularisation Request Module
+Remote Node
 Restricted Access Token
 Sale Invoice Transaction
 Sale Packing List

--- a/master/bt5/slapos_erp5/bt/template_portal_type_workflow_chain_list
+++ b/master/bt5/slapos_erp5/bt/template_portal_type_workflow_chain_list
@@ -29,6 +29,7 @@ Project | local_permission_slapos_interaction_workflow
 Purchase Packing List Cell | -immobilisation_movement_interaction_workflow
 Purchase Packing List Line | -immobilisation_movement_interaction_workflow
 Purchase Packing List | -immobilisation_movement_interaction_workflow
+Remote Node | local_permission_slapos_interaction_workflow
 Restricted Access Token | local_permission_slapos_interaction_workflow
 Sale Invoice Transaction | local_permission_slapos_interaction_workflow
 Sale Packing List Cell | -immobilisation_movement_interaction_workflow