Browse Source

Implement domain member functionality for projects

This commit adds explicit testing for how users with the member role
on a domain should interact with projects both inside and outside of
the domain they have authorization on.

Subsequent patches will continue to build on this by incorporating:

 - domain admin functionality
 - project user test coverage

Change-Id: Ic0fe47b7a578270ef4a5e579ac64db63337956c6
Related-Bug: 1750660
Related-Bug: 1806762
changes/19/624219/8
Lance Bragstad 3 years ago
parent
commit
04dc72a908
  1. 35
      keystone/tests/unit/protection/v3/test_projects.py

35
keystone/tests/unit/protection/v3/test_projects.py

@ -545,6 +545,41 @@ class DomainReaderTests(base_classes.TestCaseWithBootstrap,
self.headers = {'X-Auth-Token': self.token_id}
class DomainMemberTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_DomainUsersTests,
_DomainMemberAndReaderProjectTests):
def setUp(self):
super(DomainMemberTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
self.domain_id = domain['id']
domain_user = unit.new_user_ref(domain_id=self.domain_id)
self.user_id = PROVIDERS.identity_api.create_user(domain_user)['id']
PROVIDERS.assignment_api.create_grant(
self.bootstrapper.member_role_id, user_id=self.user_id,
domain_id=self.domain_id
)
auth = self.build_authentication_request(
user_id=self.user_id, password=domain_user['password'],
domain_id=self.domain_id
)
# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}
class ProjectUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin):

Loading…
Cancel
Save