Browse Source

Add role assignment test coverage for system members

This commit adds role assignment test coverage for users who have the
member role assigned on the system.

Subsequent patches will:

  - add test coverage for system admins
  - add functionality for domain readers
  - add functionality for domain members
  - add functionality for domain admins
  - add functionality for project readers
  - add functionality for project members
  - add functionality for project admins
  - remove the obsolete policies from policy.v3cloudsample.json

Change-Id: Ie5333bf61a704d4167004457ec1d9b19b4bb01e8
Partial-Bug: 1750673
Partial-Bug: 1816833
tags/15.0.0.0rc1
Lance Bragstad 1 year ago
parent
commit
b35fb58ea5
1 changed files with 42 additions and 0 deletions
  1. +42
    -0
      keystone/tests/unit/protection/v3/test_assignment.py

+ 42
- 0
keystone/tests/unit/protection/v3/test_assignment.py View File

@@ -689,3 +689,45 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}


class SystemMemberTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_AssignmentTestUtilities,
_SystemUserTests):

def setUp(self):
super(SystemMemberTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)

system_member = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
self.user_id = PROVIDERS.identity_api.create_user(
system_member
)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
self.user_id, self.bootstrapper.member_role_id
)
self.expected = [
# assignment of the user running the test case
{
'user_id': self.user_id,
'system': 'all',
'role_id': self.bootstrapper.member_role_id
}
]

auth = self.build_authentication_request(
user_id=self.user_id, password=system_member['password'],
system=True
)

# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}

Loading…
Cancel
Save