openstack/keystone
Code Issues Proposed changes

Merge "Check url is in the 'self' link in list responses"

Browse Source
This commit is contained in:
Jenkins
2014-07-30 00:37:47 +00:00
committed by Gerrit Code Review
parent a19dd6c2ab 2329549d5b
commit d16f1dc565
2 changed files with 104 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
keystone/tests/test_v3.py
View File

@@ -503,11 +503,14 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase,
self.assertIsNotNone(resp['error'].get('message')) self.assertIsNotNone(resp['error'].get('message'))
self.assertEqual(int(resp['error']['code']), r.status_code) self.assertEqual(int(resp['error']['code']), r.status_code)
def assertValidListLinks(self, links): def assertValidListLinks(self, links, resource_url=None):
self.assertIsNotNone(links) self.assertIsNotNone(links)
self.assertIsNotNone(links.get('self')) self.assertIsNotNone(links.get('self'))
self.assertThat(links['self'], matchers.StartsWith('http://localhost')) self.assertThat(links['self'], matchers.StartsWith('http://localhost'))
if resource_url:
self.assertThat(links['self'], matchers.EndsWith(resource_url))
self.assertIn('next', links) self.assertIn('next', links)
if links['next'] is not None: if links['next'] is not None:
self.assertThat(links['next'], self.assertThat(links['next'],
@@ -519,7 +522,8 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase,
matchers.StartsWith('http://localhost')) matchers.StartsWith('http://localhost'))
def assertValidListResponse(self, resp, key, entity_validator, ref=None, def assertValidListResponse(self, resp, key, entity_validator, ref=None,
expected_length=None, keys_to_check=None): expected_length=None, keys_to_check=None,
resource_url=None):
"""Make assertions common to all API list responses. """Make assertions common to all API list responses.
If a reference is provided, it's ID will be searched for in the If a reference is provided, it's ID will be searched for in the
@@ -536,7 +540,8 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase,
self.assertNotEmpty(entities) self.assertNotEmpty(entities)
# collections should have relational links # collections should have relational links
self.assertValidListLinks(resp.result.get('links')) self.assertValidListLinks(resp.result.get('links'),
resource_url=resource_url)
for entity in entities: for entity in entities:
self.assertIsNotNone(entity) self.assertIsNotNone(entity)
@@ -1003,7 +1008,8 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase,
return entity return entity
def assertValidRoleAssignmentListResponse(self, resp, ref=None, def assertValidRoleAssignmentListResponse(self, resp, ref=None,
expected_length=None): expected_length=None,
resource_url=None):
entities = resp.result.get('role_assignments') entities = resp.result.get('role_assignments')
@@ -1014,7 +1020,8 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase,
self.assertNotEmpty(entities) self.assertNotEmpty(entities)
# collections should have relational links # collections should have relational links
self.assertValidListLinks(resp.result.get('links')) self.assertValidListLinks(resp.result.get('links'),
resource_url=resource_url)
for entity in entities: for entity in entities:
self.assertIsNotNone(entity) self.assertIsNotNone(entity)

152
keystone/tests/test_v3_identity.py
View File

@@ -132,13 +132,17 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_domains(self): def test_list_domains(self):
"""Call ``GET /domains``.""" """Call ``GET /domains``."""
r = self.get('/domains') resource_url = '/domains'
self.assertValidDomainListResponse(r, ref=self.domain) r = self.get(resource_url)
self.assertValidDomainListResponse(r, ref=self.domain,
resource_url=resource_url)
def test_list_domains_xml(self): def test_list_domains_xml(self):
"""Call ``GET /domains (xml data)``.""" """Call ``GET /domains (xml data)``."""
r = self.get('/domains', content_type='xml') resource_url = '/domains'
self.assertValidDomainListResponse(r, ref=self.domain) r = self.get(resource_url, content_type='xml')
self.assertValidDomainListResponse(r, ref=self.domain,
resource_url=resource_url)
def test_get_domain(self): def test_get_domain(self):
"""Call ``GET /domains/{domain_id}``.""" """Call ``GET /domains/{domain_id}``."""
@@ -429,13 +433,17 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_projects(self): def test_list_projects(self):
"""Call ``GET /projects``.""" """Call ``GET /projects``."""
r = self.get('/projects') resource_url = '/projects'
self.assertValidProjectListResponse(r, ref=self.project) r = self.get(resource_url)
self.assertValidProjectListResponse(r, ref=self.project,
resource_url=resource_url)
def test_list_projects_xml(self): def test_list_projects_xml(self):
"""Call ``GET /projects`` (xml data).""" """Call ``GET /projects`` (xml data)."""
r = self.get('/projects', content_type='xml') resource_url = '/projects'
self.assertValidProjectListResponse(r, ref=self.project) r = self.get(resource_url, content_type='xml')
self.assertValidProjectListResponse(r, ref=self.project,
resource_url=resource_url)
def test_create_project(self): def test_create_project(self):
"""Call ``POST /projects``.""" """Call ``POST /projects``."""
@@ -580,8 +588,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_users(self): def test_list_users(self):
"""Call ``GET /users``.""" """Call ``GET /users``."""
r = self.get('/users') resource_url = '/users'
self.assertValidUserListResponse(r, ref=self.user) r = self.get(resource_url)
self.assertValidUserListResponse(r, ref=self.user,
resource_url=resource_url)
def test_list_users_with_multiple_backends(self): def test_list_users_with_multiple_backends(self):
"""Call ``GET /users`` when multiple backends is enabled. """Call ``GET /users`` when multiple backends is enabled.
@@ -635,8 +645,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_users_xml(self): def test_list_users_xml(self):
"""Call ``GET /users`` (xml data).""" """Call ``GET /users`` (xml data)."""
r = self.get('/users', content_type='xml') resource_url = '/users'
self.assertValidUserListResponse(r, ref=self.user) r = self.get(resource_url, content_type='xml')
self.assertValidUserListResponse(r, ref=self.user,
resource_url=resource_url)
def test_get_user(self): def test_get_user(self):
"""Call ``GET /users/{user_id}``.""" """Call ``GET /users/{user_id}``."""
@@ -812,13 +824,17 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_groups(self): def test_list_groups(self):
"""Call ``GET /groups``.""" """Call ``GET /groups``."""
r = self.get('/groups') resource_url = '/groups'
self.assertValidGroupListResponse(r, ref=self.group) r = self.get(resource_url)
self.assertValidGroupListResponse(r, ref=self.group,
resource_url=resource_url)
def test_list_groups_xml(self): def test_list_groups_xml(self):
"""Call ``GET /groups`` (xml data).""" """Call ``GET /groups`` (xml data)."""
r = self.get('/groups', content_type='xml') resource_url = '/groups'
self.assertValidGroupListResponse(r, ref=self.group) r = self.get(resource_url, content_type='xml')
self.assertValidGroupListResponse(r, ref=self.group,
resource_url=resource_url)
def test_get_group(self): def test_get_group(self):
"""Call ``GET /groups/{group_id}``.""" """Call ``GET /groups/{group_id}``."""
@@ -872,13 +888,17 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_roles(self): def test_list_roles(self):
"""Call ``GET /roles``.""" """Call ``GET /roles``."""
r = self.get('/roles') resource_url = '/roles'
self.assertValidRoleListResponse(r, ref=self.role) r = self.get(resource_url)
self.assertValidRoleListResponse(r, ref=self.role,
resource_url=resource_url)
def test_list_roles_xml(self): def test_list_roles_xml(self):
"""Call ``GET /roles`` (xml data).""" """Call ``GET /roles`` (xml data)."""
r = self.get('/roles', content_type='xml') resource_url = '/roles'
self.assertValidRoleListResponse(r, ref=self.role) r = self.get(resource_url, content_type='xml')
self.assertValidRoleListResponse(r, ref=self.role,
resource_url=resource_url)
def test_get_role(self): def test_get_role(self):
"""Call ``GET /roles/{role_id}``.""" """Call ``GET /roles/{role_id}``."""
@@ -912,8 +932,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=self.role) self.assertValidRoleListResponse(r, ref=self.role,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
# FIXME(gyee): this test is no longer valid as user # FIXME(gyee): this test is no longer valid as user
# have no role in the project. Can't get a scoped token # have no role in the project. Can't get a scoped token
@@ -953,13 +973,13 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=self.role) self.assertValidRoleListResponse(r, ref=self.role,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
self.delete(member_url) self.delete(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, expected_length=0) self.assertValidRoleListResponse(r, expected_length=0,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
def test_crud_user_domain_role_grants_no_user(self): def test_crud_user_domain_role_grants_no_user(self):
"""Grant role on a domain to a user that doesn't exist, 404 result. """Grant role on a domain to a user that doesn't exist, 404 result.
@@ -992,13 +1012,13 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=self.role) self.assertValidRoleListResponse(r, ref=self.role,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
self.delete(member_url) self.delete(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, expected_length=0) self.assertValidRoleListResponse(r, expected_length=0,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
def test_crud_group_project_role_grants_no_group(self): def test_crud_group_project_role_grants_no_group(self):
"""Grant role on a project to a group that doesn't exist, 404 result. """Grant role on a project to a group that doesn't exist, 404 result.
@@ -1032,13 +1052,13 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=self.role) self.assertValidRoleListResponse(r, ref=self.role,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
self.delete(member_url) self.delete(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, expected_length=0) self.assertValidRoleListResponse(r, expected_length=0,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
def test_crud_group_domain_role_grants_no_group(self): def test_crud_group_domain_role_grants_no_group(self):
"""Grant role on a domain to a group that doesn't exist, 404 result. """Grant role on a domain to a group that doesn't exist, 404 result.
@@ -1096,8 +1116,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
collection_url = '/role_assignments' collection_url = '/role_assignments'
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
existing_assignments = len(r.result.get('role_assignments')) existing_assignments = len(r.result.get('role_assignments'))
# Now add one of each of the four types of assignment, making sure # Now add one of each of the four types of assignment, making sure
@@ -1107,7 +1127,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
role_id=self.role_id) role_id=self.role_id)
self.put(gd_url) self.put(gd_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments + 1, self.assertEqual(existing_assignments + 1,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentInListResponse(r, gd_entity, link_url=gd_url) self.assertRoleAssignmentInListResponse(r, gd_entity, link_url=gd_url)
@@ -1117,7 +1138,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
role_id=self.role_id) role_id=self.role_id)
self.put(ud_url) self.put(ud_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments + 2, self.assertEqual(existing_assignments + 2,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentInListResponse(r, ud_entity, link_url=ud_url) self.assertRoleAssignmentInListResponse(r, ud_entity, link_url=ud_url)
@@ -1127,7 +1149,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
role_id=self.role_id) role_id=self.role_id)
self.put(gp_url) self.put(gp_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments + 3, self.assertEqual(existing_assignments + 3,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentInListResponse(r, gp_entity, link_url=gp_url) self.assertRoleAssignmentInListResponse(r, gp_entity, link_url=gp_url)
@@ -1137,7 +1160,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
role_id=self.role_id) role_id=self.role_id)
self.put(up_url) self.put(up_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments + 4, self.assertEqual(existing_assignments + 4,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentInListResponse(r, up_entity, link_url=up_url) self.assertRoleAssignmentInListResponse(r, up_entity, link_url=up_url)
@@ -1150,7 +1174,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.delete(gp_url) self.delete(gp_url)
self.delete(up_url) self.delete(up_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments, self.assertEqual(existing_assignments,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentNotInListResponse(r, gd_entity) self.assertRoleAssignmentNotInListResponse(r, gd_entity)
@@ -1187,8 +1212,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
collection_url = '/role_assignments' collection_url = '/role_assignments'
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
existing_assignments = len(r.result.get('role_assignments')) existing_assignments = len(r.result.get('role_assignments'))
gd_url, gd_entity = _build_role_assignment_url_and_entity( gd_url, gd_entity = _build_role_assignment_url_and_entity(
@@ -1196,7 +1221,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
role_id=self.role_id) role_id=self.role_id)
self.put(gd_url) self.put(gd_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments + 1, self.assertEqual(existing_assignments + 1,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentInListResponse(r, gd_entity, link_url=gd_url) self.assertRoleAssignmentInListResponse(r, gd_entity, link_url=gd_url)
@@ -1262,7 +1288,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
collection_url = '/role_assignments' collection_url = '/role_assignments'
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
existing_assignments = len(r.result.get('role_assignments')) existing_assignments = len(r.result.get('role_assignments'))
gd_url, gd_entity = _build_role_assignment_url_and_entity( gd_url, gd_entity = _build_role_assignment_url_and_entity(
@@ -1270,7 +1297,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
role_id=self.role_id) role_id=self.role_id)
self.put(gd_url) self.put(gd_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r,
resource_url=collection_url)
self.assertEqual(existing_assignments + 1, self.assertEqual(existing_assignments + 1,
len(r.result.get('role_assignments'))) len(r.result.get('role_assignments')))
self.assertRoleAssignmentInListResponse(r, gd_entity, link_url=gd_url) self.assertRoleAssignmentInListResponse(r, gd_entity, link_url=gd_url)
@@ -1508,14 +1536,14 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
# Check we can read it back # Check we can read it back
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=role_list[0]) self.assertValidRoleListResponse(r, ref=role_list[0],
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
# Now delete and check its gone # Now delete and check its gone
self.delete(member_url) self.delete(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, expected_length=0) self.assertValidRoleListResponse(r, expected_length=0,
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
def test_list_role_assignments_for_inherited_domain_grants(self): def test_list_role_assignments_for_inherited_domain_grants(self):
"""Call ``GET /role_assignments with inherited domain grants``. """Call ``GET /role_assignments with inherited domain grants``.
@@ -1573,8 +1601,8 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=role_list[3]) self.assertValidRoleListResponse(r, ref=role_list[3],
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
# Now use the list domain role assignments api to check if this # Now use the list domain role assignments api to check if this
# is included # is included
@@ -1667,8 +1695,8 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=role_list[3]) self.assertValidRoleListResponse(r, ref=role_list[3],
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
# Get effective list role assignments - the role should # Get effective list role assignments - the role should
# turn into a project role, along with the two direct roles that are # turn into a project role, along with the two direct roles that are
@@ -1774,8 +1802,8 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=role_list[3]) self.assertValidRoleListResponse(r, ref=role_list[3],
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
# Now use the list domain role assignments api to check if this # Now use the list domain role assignments api to check if this
# is included # is included
@@ -1801,6 +1829,8 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
'user_id': user1['id'], 'user_id': user1['id'],
'project_id': project1['id']}) 'project_id': project1['id']})
r = self.get(collection_url) r = self.get(collection_url)
# TODO(amirosh): Due to the bug #1195037 we can't validate
# url in the 'self' link in list responses
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r)
self.assertEqual(3, len(r.result.get('role_assignments'))) self.assertEqual(3, len(r.result.get('role_assignments')))
# An effective role for an inherited role will be a project # An effective role for an inherited role will be a project
@@ -1872,8 +1902,8 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=role_list[3]) self.assertValidRoleListResponse(r, ref=role_list[3],
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
base_collection_url = ( base_collection_url = (
'/OS-INHERIT/domains/%(domain_id)s/groups/%(group_id)s/roles' % { '/OS-INHERIT/domains/%(domain_id)s/groups/%(group_id)s/roles' % {
@@ -1887,14 +1917,16 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.put(member_url) self.put(member_url)
self.head(member_url) self.head(member_url)
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleListResponse(r, ref=role_list[4]) self.assertValidRoleListResponse(r, ref=role_list[4],
self.assertIn(collection_url, r.result['links']['self']) resource_url=collection_url)
# Now use the list role assignments api to get a list of inherited # Now use the list role assignments api to get a list of inherited
# roles on the domain - should get back the two roles # roles on the domain - should get back the two roles
collection_url = ( collection_url = (
'/role_assignments?scope.OS-INHERIT:inherited_to=projects') '/role_assignments?scope.OS-INHERIT:inherited_to=projects')
r = self.get(collection_url) r = self.get(collection_url)
# TODO(amirosh): Due to the bug #1195037 we can't validate
# url in the 'self' link in list responses
self.assertValidRoleAssignmentListResponse(r) self.assertValidRoleAssignmentListResponse(r)
self.assertEqual(2, len(r.result.get('role_assignments'))) self.assertEqual(2, len(r.result.get('role_assignments')))
ud_url, ud_entity = _build_role_assignment_url_and_entity( ud_url, ud_entity = _build_role_assignment_url_and_entity(