Browse Source

Add role assignment test coverage for domain admins

This commit adds role assignment test coverage for users
who have the admin role assigned on the domain.

Subsequent patches will:

- add functionality for project readers
- add functionality for project members
- add functionality for project admins
- remove the obsolete policies from policy.v3cloudsample.json

Partial-Bug: 1750673
Change-Id: I6f2231b549650d7e92920d1a67bc41eda5ab8db0
tags/16.0.0.0rc1
Vishakha Agarwal 1 year ago
committed by Lance Bragstad
parent
commit
25f86d4e29
1 changed files with 42 additions and 0 deletions
  1. +42
    -0
      keystone/tests/unit/protection/v3/test_assignment.py

+ 42
- 0
keystone/tests/unit/protection/v3/test_assignment.py View File

@@ -1111,3 +1111,45 @@ class DomainMemberTests(base_classes.TestCaseWithBootstrap,
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}


class DomainAdminTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_AssignmentTestUtilities,
_DomainUserTests):

def setUp(self):
super(DomainAdminTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)

domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
self.domain_id = domain['id']
domain_admin = unit.new_user_ref(domain_id=self.domain_id)
self.user_id = PROVIDERS.identity_api.create_user(domain_admin)['id']
PROVIDERS.assignment_api.create_grant(
self.bootstrapper.admin_role_id, user_id=self.user_id,
domain_id=self.domain_id
)
self.expected = [
# assignment of the user running the test case
{
'user_id': self.user_id,
'domain_id': self.domain_id,
'role_id': self.bootstrapper.admin_role_id
}]

auth = self.build_authentication_request(
user_id=self.user_id, password=domain_admin['password'],
domain_id=self.domain_id,
)

# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}

Loading…
Cancel
Save