From bd2b7f3ed55dcfeb0036bec71920c785db65214c Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Thu, 29 Nov 2018 18:46:48 +0000 Subject: [PATCH] Add tests for project users interacting with registered limits This commit introduces some tests that explicitly show how project users are expected to behave with the registered limits API. A subsequent patch will clean up the now obsolete policies in the policy.v3cloudsample.json policy file. Related-Bug: 1805880 Change-Id: I66c1d1273dae98f32802de244eb220bf998f9070 --- .../protection/v3/test_registered_limits.py | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/keystone/tests/unit/protection/v3/test_registered_limits.py b/keystone/tests/unit/protection/v3/test_registered_limits.py index bf3f44282b..8b78d681c9 100644 --- a/keystone/tests/unit/protection/v3/test_registered_limits.py +++ b/keystone/tests/unit/protection/v3/test_registered_limits.py @@ -350,3 +350,73 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, r = c.post('/v3/auth/tokens', json=auth) self.token_id = r.headers['X-Subject-Token'] self.headers = {'X-Auth-Token': self.token_id} + + +class ProjectUserTests(base_classes.TestCaseWithBootstrap, + common_auth.AuthTestMixin, + _UserRegisteredLimitTests): + + def setUp(self): + super(ProjectUserTests, self).setUp() + self.loadapp() + self.useFixture(ksfixtures.Policy(self.config_fixture)) + self.config_fixture.config(group='oslo_policy', enforce_scope=True) + + # Reuse the system administrator account created during + # ``keystone-manage bootstrap`` + self.user_id = self.bootstrapper.admin_user_id + auth = self.build_authentication_request( + user_id=self.user_id, + password=self.bootstrapper.admin_password, + project_id=self.bootstrapper.project_id + ) + + # Grab a token using the persona we're testing and prepare headers + # for requests we'll be making in the tests. + with self.test_client() as c: + r = c.post('/v3/auth/tokens', json=auth) + self.token_id = r.headers['X-Subject-Token'] + self.headers = {'X-Auth-Token': self.token_id} + + +class ProjectUserTestsWithoutEnforceScope( + base_classes.TestCaseWithBootstrap, + common_auth.AuthTestMixin, + _UserRegisteredLimitTests): + + def setUp(self): + super(ProjectUserTestsWithoutEnforceScope, self).setUp() + self.loadapp() + self.useFixture(ksfixtures.Policy(self.config_fixture)) + + # Explicityly set enforce_scope to False to make sure we maintain + # backwards compatibility with project users. + self.config_fixture.config(group='oslo_policy', enforce_scope=False) + + domain = PROVIDERS.resource_api.create_domain( + uuid.uuid4().hex, unit.new_domain_ref() + ) + user = unit.new_user_ref(domain_id=domain['id']) + self.user_id = PROVIDERS.identity_api.create_user(user)['id'] + + self.project_id = PROVIDERS.resource_api.create_project( + uuid.uuid4().hex, unit.new_project_ref(domain_id=domain['id']) + )['id'] + + PROVIDERS.assignment_api.create_grant( + self.bootstrapper.member_role_id, user_id=self.user_id, + project_id=self.project_id + ) + + auth = self.build_authentication_request( + user_id=self.user_id, + password=user['password'], + project_id=self.project_id + ) + + # Grab a token using the persona we're testing and prepare headers + # for requests we'll be making in the tests. + with self.test_client() as c: + r = c.post('/v3/auth/tokens', json=auth) + self.token_id = r.headers['X-Subject-Token'] + self.headers = {'X-Auth-Token': self.token_id}