openstack
/
barbican-tempest-plugin
Code Issues Proposed changes

Add secure-rbac test for Consumers 

This patch adds tests for Container Consumers.

Depends-On: I1724152839f0f5850f8d32d40b36d1670c0ad996
Change-Id: If2209b12dce107c5648d39270d977a1e9f3bea1d
This commit is contained in:
Douglas Mendizábal 2021-10-21 20:50:27 +00:00 committed by Douglas Mendizábal
parent 263a326d05
commit 82fa4a08a3
3 changed files with 56 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
barbican_tempest_plugin/services/key_manager/json/consumer_client.py
View File

@ -18,12 +18,14 @@ import json
from urllib import parse as urllib
from tempest import config
from tempest.lib.common import rest_client
from barbican_tempest_plugin.services.key_manager.json import base
CONF = config.CONF
class ConsumerClient(rest_client.RestClient):
class ConsumerClient(base.BarbicanTempestClient):
def list_consumers_in_container(self, container_id, **kwargs):
uri = "/v1/containers/%s/consumers" % container_id

18
barbican_tempest_plugin/tests/rbac/v1/base.py
View File

@ -130,9 +130,7 @@ class BarbicanV1RbacBase(test.BaseTestCase):
adm = cls.os_project_admin
cls.admin_secret_client = adm.secret_v1.SecretClient()
cls.admin_secret_metadata_client = adm.secret_v1.SecretMetadataClient()
cls.admin_consumer_client = adm.secret_v1.ConsumerClient(
service='key-manager'
)
cls.admin_consumer_client = adm.secret_v1.ConsumerClient()
cls.admin_container_client = adm.secret_v1.ContainerClient()
cls.admin_order_client = adm.secret_v1.OrderClient(
secret_client=cls.admin_secret_client,
@ -144,9 +142,7 @@ class BarbicanV1RbacBase(test.BaseTestCase):
member = cls.os_project_member
cls.secret_client = member.secret_v1.SecretClient()
cls.secret_metadata_client = member.secret_v1.SecretMetadataClient()
cls.consumer_client = member.secret_v1.ConsumerClient(
service='key-manager'
)
cls.member_consumer_client = member.secret_v1.ConsumerClient()
cls.container_client = member.secret_v1.ContainerClient()
cls.order_client = member.secret_v1.OrderClient(
secret_client=cls.secret_client,
@ -239,16 +235,6 @@ class BarbicanV1RbacBase(test.BaseTestCase):
name=container_name,
type=container_type)
def add_consumer_to_container_admin(self,
consumer_name,
consumer_url,
container_id):
"""add consumer to container as admin user"""
return self.admin_consumer_client.add_consumer_to_container(
name=consumer_name,
URL=consumer_url,
container_id=container_id)
def create_aes_secret_admin(self, secret_name):
key = create_aes_key()
expire_time = (datetime.utcnow() + timedelta(days=5))

56
barbican_tempest_plugin/tests/rbac/v1/test_containers.py
View File

@ -168,6 +168,7 @@ class ProjectReaderTests(base.BarbicanV1RbacBase, BarbicanV1RbacContainers):
def setup_clients(cls):
super().setup_clients()
cls.client = cls.os_project_reader.secret_v1.ContainerClient()
cls.consumer_client = cls.os_project_reader.secret_v1.ConsumerClient()
def setUp(self):
super().setUp()
@ -185,6 +186,14 @@ class ProjectReaderTests(base.BarbicanV1RbacBase, BarbicanV1RbacContainers):
'project-access': True
}
}
self.test_consumer = {
"name": "test-consumer",
"URL": "https://example.test/consumer"
}
self.member_consumer_client.add_consumer_to_container(
self.container_id,
**self.test_consumer
)
def test_list_containers(self):
self.assertRaises(
@ -235,16 +244,24 @@ class ProjectReaderTests(base.BarbicanV1RbacBase, BarbicanV1RbacContainers):
self.container_id)
def test_list_container_consumers(self):
pass
self.assertRaises(
exceptions.Forbidden,
self.consumer_client.list_consumers_in_container,
self.container_id)
def test_create_container_consumer(self):
pass
def test_get_container_consumer(self):
pass
self.assertRaises(
exceptions.Forbidden,
self.consumer_client.add_consumer_to_container,
self.container_id,
**self.test_consumer)
def test_delete_container_consumer(self):
pass
self.assertRaises(
exceptions.Forbidden,
self.consumer_client.delete_consumer_from_container,
self.container_id,
**self.test_consumer)
def test_add_secret_to_container(self):
self.assertRaises(
@ -267,6 +284,7 @@ class ProjectMemberTests(ProjectReaderTests):
def setup_clients(cls):
super().setup_clients()
cls.client = cls.container_client
cls.consumer_client = cls.member_consumer_client
def test_list_containers(self):
resp = self.client.list_containers()
@ -360,6 +378,31 @@ class ProjectMemberTests(ProjectReaderTests):
acl = self.client.get_container_acl(self.container_id)
self.assertNotIn('users', acl['read'].keys())
def test_list_container_consumers(self):
resp = self.consumer_client.list_consumers_in_container(
self.container_id
)
self.assertEqual(1, resp['total'])
def test_create_container_consumer(self):
second_consumer = {
'name': 'another-test-consumer',
'URL': 'https://exlample.test/consumer/two'
}
resp = self.consumer_client.add_consumer_to_container(
self.container_id,
**second_consumer)
self.assertEqual(2, len(resp['consumers']))
def test_delete_container_consumer(self):
resp = self.consumer_client.delete_consumer_from_container(
self.container_id,
**self.test_consumer)
self.assertEqual(0, len(resp['consumers']))
class ProjectAdminTests(ProjectMemberTests):
@ -367,6 +410,7 @@ class ProjectAdminTests(ProjectMemberTests):
def setup_clients(cls):
super().setup_clients()
cls.client = cls.admin_container_client
cls.consumer_client = cls.admin_consumer_client
class ProjectReaderTestsAcrossProjects(ProjectReaderTests):