Implement system member role project test coverage

This commit introduces explicit test coverage for system members, making sure they are allowed to do readable and not writable project operations. Subsequent patches will incorporate: - system admin functionality - domain reader functionality - domain member test coverage - domain admin functionality - project user test coverage Change-Id: I69ff308ea528d54e0db8e475d047e3dbf356ed2f Related-Bug: 1805403 Related-Bug: 1750660 Related-Bug: 1806762
2018-12-10 18:45:25 +00:00 · 2018-12-10 18:45:25 +00:00 · 6037ac58de
commit 6037ac58de
parent b35928d5dc
1 changed files with 34 additions and 0 deletions
--- a/keystone/tests/unit/protection/v3/test_projects.py
+++ b/keystone/tests/unit/protection/v3/test_projects.py
@ -180,6 +180,40 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
            self.headers = {'X-Auth-Token': self.token_id}


+class SystemMemberTests(base_classes.TestCaseWithBootstrap,
+                        common_auth.AuthTestMixin,
+                        _SystemUserTests,
+                        _SystemMemberAndReaderProjectTests):
+
+    def setUp(self):
+        super(SystemMemberTests, self).setUp()
+        self.loadapp()
+        self.useFixture(ksfixtures.Policy(self.config_fixture))
+        self.config_fixture.config(group='oslo_policy', enforce_scope=True)
+
+        system_member = unit.new_user_ref(
+            domain_id=CONF.identity.default_domain_id
+        )
+        self.user_id = PROVIDERS.identity_api.create_user(
+            system_member
+        )['id']
+        PROVIDERS.assignment_api.create_system_grant_for_user(
+            self.user_id, self.bootstrapper.member_role_id
+        )
+
+        auth = self.build_authentication_request(
+            user_id=self.user_id, password=system_member['password'],
+            system=True
+        )
+
+        # Grab a token using the persona we're testing and prepare headers
+        # for requests we'll be making in the tests.
+        with self.test_client() as c:
+            r = c.post('/v3/auth/tokens', json=auth)
+            self.token_id = r.headers['X-Subject-Token']
+            self.headers = {'X-Auth-Token': self.token_id}
+
+
 class ProjectUserTests(base_classes.TestCaseWithBootstrap,
                       common_auth.AuthTestMixin):