b22fa5d2f3
The framework for being able to do RBAC unit testing
in Deckhand was added here:
#I86f269a5b616b518e5f742a4005891412226fe2a
https://review.gerrithub.io/#/c/381205/
This PS expands on that foundation by implementing
negative RBAC tests for the remainder of the Deckhand
APIs. Negative testing means attempting to call APIs
with insufficient permissions and expecting 403s or
empty response bodies, depending on whether the
policy enforcement is critical or conditionally
applied.
Also fixes a minor bug related to returning a deleted
document for the endpoint PUT /api/v1.0/bucket/{bucket_name}/documents
Change-Id: I7ae50f300c1c877c3c162a032611a380f8948065
31 lines
1.2 KiB
Python
31 lines
1.2 KiB
Python
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from deckhand.tests.unit.control import base as test_base
|
|
|
|
|
|
class TestRevisionsDiffControllerNegativeRBAC(test_base.BaseControllerTest):
|
|
"""Test suite for validating negative RBAC scenarios for revisions diff
|
|
controller.
|
|
"""
|
|
|
|
def test_show_revision_diff_except_forbidden(self):
|
|
rules = {'deckhand:show_revision_diff': 'rule:admin_api'}
|
|
self.policy.set_rules(rules)
|
|
|
|
resp = self.app.simulate_get(
|
|
'/api/v1.0/revisions/0/diff/0',
|
|
headers={'Content-Type': 'application/x-yaml'})
|
|
self.assertEqual(403, resp.status_code)
|