Add views and tests for internal integration API

Signed-off-by: Chris Mitchell <[email protected]>

rbac/internal/integration_views.py

@@ -16,46 +16,43 @@
 #
 
 """View for OCM group/role API."""
-from audioop import reverse
-import datetime
-import json
+
 import logging
 
-import pytz
-from django.conf import settings
-from django.db import transaction
-from django.db.migrations.recorder import MigrationRecorder
-from django.http import Http404, HttpResponse
+from django.http import HttpResponseBadRequest
 from django.shortcuts import redirect, reverse
-from management import views
 from management.cache import TenantCache
-from management.models import Group, Role
-
-
-from api.models import Tenant
 
 
 logger = logging.getLogger(__name__)
 TENANTS = TenantCache()
 
+
 def groups(request, account_number):
+    """Formant and pass internal groups request to /groups/ API."""
     username = request.GET.get("username")
     if username:
         base_url = reverse("group-list")
-        url = f'{base_url}?principals={username}'
+        url = f"{base_url}?principals={username}"
         return redirect(url)
     else:
-        return Http404
+        return HttpResponseBadRequest("Username must be supplied.")
+
 
 def groups_for_principal(request, account_number, username):
+    """Format and pass internal groups for principal request to /groups/ API."""
     base_url = reverse("group-list")
-    url = f'{base_url}?principals={username}'
+    url = f"{base_url}?principals={username}"
     return redirect(url)
 
+
 def roles_from_group(request, account_number, uuid):
+    """Pass internal /groups/<uuid>/roles/ request to /groups/ API."""
     return redirect("group-roles", uuid=uuid)
 
-def roles_for_group(request, account_number, username, uuid):
-    base_url = reverse("group-roles", kwargs={'uuid': uuid})
-    url = f'{base_url}?principals={username}'
-    return redirect(url)
+
+def roles_for_group_principal(request, account_number, username, uuid):
+    """Pass internal /principal/<username>/groups/<uuid>/roles/ request to /groups/ API."""
+    base_url = reverse("group-roles", kwargs={"uuid": uuid})
+    url = f"{base_url}?principals={username}"
+    return redirect(url)

rbac/internal/middleware.py

@@ -27,7 +27,7 @@
 from django.utils.deprecation import MiddlewareMixin
 
 from api.common import RH_IDENTITY_HEADER
-from api.models import User, Tenant
+from api.models import Tenant, User
 from api.serializers import extract_header
 from rbac.middleware import IdentityHeaderMiddleware
 
@@ -61,7 +61,8 @@ def process_request(self, request):
             logger.error("Malformed X-RH-Identity header.")
             return HttpResponseForbidden()
 
-        if "integration" in resolve(request.path).url_name:
+        target = resolve(request.path)
+        if target and "integration" in target:
             return IdentityHeaderMiddleware.process_request(self, request)
 
         request.user = user
@@ -71,4 +72,7 @@ def process_response(self, request, response):
         return response
 
     def get_tenant(self, request):
-        request.tenant = get_object_or_404(Tenant, tenant_name=self.tenant_re.match(request.path_info).group('tenant_id'))
+        """Ensure internal requests carry proper tenant id."""
+        request.tenant = get_object_or_404(
+            Tenant, tenant_name=self.tenant_re.match(request.path_info).group("tenant_id")
+        )

rbac/internal/urls.py

@@ -27,9 +27,21 @@
     path("api/tenant/", views.list_tenants),
     path("api/tenant/<str:tenant_name>/", views.tenant_view),
     path("api/tenant/<str:account_number>/groups/", integration_views.groups, name="integration-groups"),
-    path("api/tenant/<str:account_number>/groups/<str:uuid>/roles/", integration_views.roles_from_group, name="integration-group-roles"),
-    path("api/tenant/<str:account_number>/principal/<str:username>/groups/", integration_views.groups_for_principal, name="integration-princ-groups"),
-    path("api/tenant/<str:account_number>/principal/<str:username>/groups/<str:uuid>/roles/", integration_views.roles_for_group, name="integration-princ-roles"),
+    path(
+        "api/tenant/<str:account_number>/groups/<str:uuid>/roles/",
+        integration_views.roles_from_group,
+        name="integration-group-roles",
+    ),
+    path(
+        "api/tenant/<str:account_number>/principal/<str:username>/groups/",
+        integration_views.groups_for_principal,
+        name="integration-princ-groups",
+    ),
+    path(
+        "api/tenant/<str:account_number>/principal/<str:username>/groups/<str:uuid>/roles/",
+        integration_views.roles_for_group_principal,
+        name="integration-princ-roles",
+    ),
     path("api/migrations/run/", views.run_migrations),
     path("api/migrations/progress/", views.migration_progress),
     path("api/seeds/run/", views.run_seeds),

rbac/management/group/view.py

@@ -106,7 +106,7 @@ def principal_filter(self, queryset, field, values):
         principals = [value.lower() for value in values.split(",")]
 
         for principal in principals:
-            queryset = queryset.filter(principals__username__icontains=principal)
+            queryset = queryset.filter(principals__username__iexact=principal)
 
         return queryset
 

tests/identity_request.py

@@ -130,7 +130,7 @@ def _build_identity(cls, user_data, account, org_id, is_org_admin, is_internal):
 
         if is_internal:
             identity["identity"]["type"] = "Associate"
-            identity["identity"]["associate"] = {"email": user_data["email"]}
+            identity["identity"]["associate"] = identity.get("identity").get("user")
             identity["identity"]["user"]["is_internal"] = True
         else:
             identity["identity"]["type"] = "User"