Implement system member role domain test coverage

This commit introduces the system member role to the API, making sure system members can execute readable operations, leaving writable domain operations to system administrators. Subsequent patches will include domain support for: - system admin functionality - domain user test coverage - project user test coverage Change-Id: I1d21ba562b007b43fc36a7a2010d35591ca3bae5 Partial-Bug: 1794376 Partial-Bug: 968696
2018-09-27 18:15:48 +00:00 · 2018-09-27 18:15:48 +00:00 · d5a57414b4
commit d5a57414b4
parent 9e8849561b
1 changed files with 69 additions and 30 deletions
--- a/keystone/tests/unit/protection/v3/test_domains.py
+++ b/keystone/tests/unit/protection/v3/test_domains.py
@ -89,36 +89,7 @@ class _SystemUserDomainTests(object):
            self.assertEqual(domain['id'], r.json['domain']['id'])


-class SystemReaderTests(base_classes.TestCaseWithBootstrap,
-                        common_auth.AuthTestMixin):
-
-    def setUp(self):
-        super(SystemReaderTests, self).setUp()
-        self.loadapp()
-        self.useFixture(ksfixtures.Policy(self.config_fixture))
-        self.config_fixture.config(group='oslo_policy', enforce_scope=True)
-
-        system_reader = unit.new_user_ref(
-            domain_id=CONF.identity.default_domain_id
-        )
-        self.system_reader_id = PROVIDERS.identity_api.create_user(
-            system_reader
-        )['id']
-        PROVIDERS.assignment_api.create_system_grant_for_user(
-            self.system_reader_id, self.bootstrapper.reader_role_id
-        )
-
-        auth = self.build_authentication_request(
-            user_id=self.system_reader_id, password=system_reader['password'],
-            system=True
-        )
-
-        # Grab a token using the persona we're testing and prepare headers
-        # for requests we'll be making in the tests.
-        with self.test_client() as c:
-            r = c.post('/v3/auth/tokens', json=auth)
-            self.token_id = r.headers['X-Subject-Token']
-            self.headers = {'X-Auth-Token': self.token_id}
+class _SystemMemberAndReaderDomainTests(object):

    def test_user_cannot_create_a_domain(self):
        create = {'domain': {'name': uuid.uuid4().hex}}
@ -152,3 +123,71 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
                '/v3/domains/%s' % domain['id'], headers=self.headers,
                expected_status_code=http_client.FORBIDDEN
            )
+
+
+class SystemReaderTests(base_classes.TestCaseWithBootstrap,
+                        common_auth.AuthTestMixin,
+                        _SystemUserDomainTests,
+                        _SystemMemberAndReaderDomainTests):
+
+    def setUp(self):
+        super(SystemReaderTests, self).setUp()
+        self.loadapp()
+        self.useFixture(ksfixtures.Policy(self.config_fixture))
+        self.config_fixture.config(group='oslo_policy', enforce_scope=True)
+
+        system_reader = unit.new_user_ref(
+            domain_id=CONF.identity.default_domain_id
+        )
+        self.system_reader_id = PROVIDERS.identity_api.create_user(
+            system_reader
+        )['id']
+        PROVIDERS.assignment_api.create_system_grant_for_user(
+            self.system_reader_id, self.bootstrapper.reader_role_id
+        )
+
+        auth = self.build_authentication_request(
+            user_id=self.system_reader_id, password=system_reader['password'],
+            system=True
+        )
+
+        # Grab a token using the persona we're testing and prepare headers
+        # for requests we'll be making in the tests.
+        with self.test_client() as c:
+            r = c.post('/v3/auth/tokens', json=auth)
+            self.token_id = r.headers['X-Subject-Token']
+            self.headers = {'X-Auth-Token': self.token_id}
+
+
+class SystemMemberTests(base_classes.TestCaseWithBootstrap,
+                        common_auth.AuthTestMixin,
+                        _SystemUserDomainTests,
+                        _SystemMemberAndReaderDomainTests):
+
+    def setUp(self):
+        super(SystemMemberTests, self).setUp()
+        self.loadapp()
+        self.useFixture(ksfixtures.Policy(self.config_fixture))
+        self.config_fixture.config(group='oslo_policy', enforce_scope=True)
+
+        system_member = unit.new_user_ref(
+            domain_id=CONF.identity.default_domain_id
+        )
+        self.system_member_id = PROVIDERS.identity_api.create_user(
+            system_member
+        )['id']
+        PROVIDERS.assignment_api.create_system_grant_for_user(
+            self.system_member_id, self.bootstrapper.member_role_id
+        )
+
+        auth = self.build_authentication_request(
+            user_id=self.system_member_id, password=system_member['password'],
+            system=True
+        )
+
+        # Grab a token using the persona we're testing and prepare headers
+        # for requests we'll be making in the tests.
+        with self.test_client() as c:
+            r = c.post('/v3/auth/tokens', json=auth)
+            self.token_id = r.headers['X-Subject-Token']
+            self.headers = {'X-Auth-Token': self.token_id}