Browse Source

Add role assignment test coverage for domain admins

This commit adds role assignment test coverage for users
who have the admin role assigned on the domain.

Subsequent patches will:

- add functionality for project readers
- add functionality for project members
- add functionality for project admins
- remove the obsolete policies from policy.v3cloudsample.json

Partial-Bug: 1750673
Change-Id: I6f2231b549650d7e92920d1a67bc41eda5ab8db0
(cherry picked from commit 25f86d4e29ba085355554000dbf4dd949be37d7d)
tags/15.0.0.0rc2
Vishakha Agarwal 1 year ago
committed by Lance Bragstad
parent
commit
2696c36f56
1 changed files with 42 additions and 0 deletions
  1. +42
    -0
      keystone/tests/unit/protection/v3/test_assignment.py

+ 42
- 0
keystone/tests/unit/protection/v3/test_assignment.py View File

@@ -1111,3 +1111,45 @@ class DomainMemberTests(base_classes.TestCaseWithBootstrap,
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}


class DomainAdminTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_AssignmentTestUtilities,
_DomainUserTests):

def setUp(self):
super(DomainAdminTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)

domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
self.domain_id = domain['id']
domain_admin = unit.new_user_ref(domain_id=self.domain_id)
self.user_id = PROVIDERS.identity_api.create_user(domain_admin)['id']
PROVIDERS.assignment_api.create_grant(
self.bootstrapper.admin_role_id, user_id=self.user_id,
domain_id=self.domain_id
)
self.expected = [
# assignment of the user running the test case
{
'user_id': self.user_id,
'domain_id': self.domain_id,
'role_id': self.bootstrapper.admin_role_id
}]

auth = self.build_authentication_request(
user_id=self.user_id, password=domain_admin['password'],
domain_id=self.domain_id,
)

# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}

Loading…
Cancel
Save