Browse Source

Implement system member role project test coverage

This commit introduces explicit test coverage for system members,
making sure they are allowed to do readable and not writable project
operations.

Subsequent patches will incorporate:

  - system admin functionality
  - domain reader functionality
  - domain member test coverage
  - domain admin functionality
  - project user test coverage

Change-Id: I69ff308ea528d54e0db8e475d047e3dbf356ed2f
Related-Bug: 1805403
Related-Bug: 1750660
Related-Bug: 1806762
changes/16/624216/4
Lance Bragstad 3 years ago
parent
commit
6037ac58de
  1. 34
      keystone/tests/unit/protection/v3/test_projects.py

34
keystone/tests/unit/protection/v3/test_projects.py

@ -180,6 +180,40 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
self.headers = {'X-Auth-Token': self.token_id}
class SystemMemberTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserTests,
_SystemMemberAndReaderProjectTests):
def setUp(self):
super(SystemMemberTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)
system_member = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
self.user_id = PROVIDERS.identity_api.create_user(
system_member
)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
self.user_id, self.bootstrapper.member_role_id
)
auth = self.build_authentication_request(
user_id=self.user_id, password=system_member['password'],
system=True
)
# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}
class ProjectUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin):

Loading…
Cancel
Save