Browse Source

Add testcases for list_role_assignments of v3 domains

There are no unit testcases to cover list_role_assignments in
assignment_api.

Change-Id: Id7d3fe77e63aaff30e09b8b850ade9eef598ce75
Related-Bug: #1437407
liuchenhong 4 years ago
parent
commit
e2061c291c
1 changed files with 137 additions and 1 deletions
  1. 137
    1
      keystone/tests/unit/test_v3_protection.py

+ 137
- 1
keystone/tests/unit/test_v3_protection.py View File

@@ -573,7 +573,8 @@ class IdentityTestPolicySample(test_v3.RestfulTestCase):
573 573
                     headers={'X-Subject-Token': user_token})
574 574
 
575 575
 
576
-class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase):
576
+class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
577
+                                      test_v3.AssignmentTestMixin):
577 578
     """Test policy enforcement of the sample v3 cloud policy file."""
578 579
 
579 580
     def setUp(self):
@@ -887,6 +888,141 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase):
887 888
 
888 889
         self._test_grants('projects', self.project['id'])
889 890
 
891
+    def test_cloud_admin_list_assignments_of_domain(self):
892
+        self.auth = self.build_authentication_request(
893
+            user_id=self.cloud_admin_user['id'],
894
+            password=self.cloud_admin_user['password'],
895
+            domain_id=self.admin_domain['id'])
896
+
897
+        collection_url = self.build_role_assignment_query_url(
898
+            domain_id=self.domainA['id'])
899
+        r = self.get(collection_url, auth=self.auth)
900
+        self.assertValidRoleAssignmentListResponse(
901
+            r, expected_length=2, resource_url=collection_url)
902
+
903
+        domainA_admin_entity = self.build_role_assignment_entity(
904
+            domain_id=self.domainA['id'],
905
+            user_id=self.domain_admin_user['id'],
906
+            role_id=self.admin_role['id'],
907
+            inherited_to_projects=False)
908
+        domainA_user_entity = self.build_role_assignment_entity(
909
+            domain_id=self.domainA['id'],
910
+            user_id=self.just_a_user['id'],
911
+            role_id=self.role['id'],
912
+            inherited_to_projects=False)
913
+
914
+        self.assertRoleAssignmentInListResponse(r, domainA_admin_entity)
915
+        self.assertRoleAssignmentInListResponse(r, domainA_user_entity)
916
+
917
+    def test_domain_admin_list_assignments_of_domain(self):
918
+        self.auth = self.build_authentication_request(
919
+            user_id=self.domain_admin_user['id'],
920
+            password=self.domain_admin_user['password'],
921
+            domain_id=self.domainA['id'])
922
+
923
+        collection_url = self.build_role_assignment_query_url(
924
+            domain_id=self.domainA['id'])
925
+        r = self.get(collection_url, auth=self.auth)
926
+        self.assertValidRoleAssignmentListResponse(
927
+            r, expected_length=2, resource_url=collection_url)
928
+
929
+        domainA_admin_entity = self.build_role_assignment_entity(
930
+            domain_id=self.domainA['id'],
931
+            user_id=self.domain_admin_user['id'],
932
+            role_id=self.admin_role['id'],
933
+            inherited_to_projects=False)
934
+        domainA_user_entity = self.build_role_assignment_entity(
935
+            domain_id=self.domainA['id'],
936
+            user_id=self.just_a_user['id'],
937
+            role_id=self.role['id'],
938
+            inherited_to_projects=False)
939
+
940
+        self.assertRoleAssignmentInListResponse(r, domainA_admin_entity)
941
+        self.assertRoleAssignmentInListResponse(r, domainA_user_entity)
942
+
943
+    def test_domain_admin_list_assignments_of_another_domain_failed(self):
944
+        self.auth = self.build_authentication_request(
945
+            user_id=self.domain_admin_user['id'],
946
+            password=self.domain_admin_user['password'],
947
+            domain_id=self.domainA['id'])
948
+
949
+        collection_url = self.build_role_assignment_query_url(
950
+            domain_id=self.domainB['id'])
951
+        self.get(collection_url, auth=self.auth, expected_status=403)
952
+
953
+    def test_domain_user_list_assignments_of_domain_failed(self):
954
+        self.auth = self.build_authentication_request(
955
+            user_id=self.just_a_user['id'],
956
+            password=self.just_a_user['password'],
957
+            domain_id=self.domainA['id'])
958
+
959
+        collection_url = self.build_role_assignment_query_url(
960
+            domain_id=self.domainA['id'])
961
+        self.get(collection_url, auth=self.auth, expected_status=403)
962
+
963
+    def test_cloud_admin_list_assignments_of_project(self):
964
+        self.auth = self.build_authentication_request(
965
+            user_id=self.cloud_admin_user['id'],
966
+            password=self.cloud_admin_user['password'],
967
+            domain_id=self.admin_domain['id'])
968
+
969
+        collection_url = self.build_role_assignment_query_url(
970
+            project_id=self.project['id'])
971
+        r = self.get(collection_url, auth=self.auth)
972
+        self.assertValidRoleAssignmentListResponse(
973
+            r, expected_length=2, resource_url=collection_url)
974
+
975
+        project_admin_entity = self.build_role_assignment_entity(
976
+            project_id=self.project['id'],
977
+            user_id=self.project_admin_user['id'],
978
+            role_id=self.admin_role['id'],
979
+            inherited_to_projects=False)
980
+        project_user_entity = self.build_role_assignment_entity(
981
+            project_id=self.project['id'],
982
+            user_id=self.just_a_user['id'],
983
+            role_id=self.role['id'],
984
+            inherited_to_projects=False)
985
+
986
+        self.assertRoleAssignmentInListResponse(r, project_admin_entity)
987
+        self.assertRoleAssignmentInListResponse(r, project_user_entity)
988
+
989
+    @tests.utils.wip('waiting on bug #1437407')
990
+    def test_domain_admin_list_assignments_of_project(self):
991
+        self.auth = self.build_authentication_request(
992
+            user_id=self.domain_admin_user['id'],
993
+            password=self.domain_admin_user['password'],
994
+            domain_id=self.domainA['id'])
995
+
996
+        collection_url = self.build_role_assignment_query_url(
997
+            project_id=self.project['id'])
998
+        r = self.get(collection_url, auth=self.auth)
999
+        self.assertValidRoleAssignmentListResponse(
1000
+            r, expected_length=2, resource_url=collection_url)
1001
+
1002
+        project_admin_entity = self.build_role_assignment_entity(
1003
+            project_id=self.project['id'],
1004
+            user_id=self.project_admin_user['id'],
1005
+            role_id=self.admin_role['id'],
1006
+            inherited_to_projects=False)
1007
+        project_user_entity = self.build_role_assignment_entity(
1008
+            project_id=self.project['id'],
1009
+            user_id=self.just_a_user['id'],
1010
+            role_id=self.role['id'],
1011
+            inherited_to_projects=False)
1012
+
1013
+        self.assertRoleAssignmentInListResponse(r, project_admin_entity)
1014
+        self.assertRoleAssignmentInListResponse(r, project_user_entity)
1015
+
1016
+    def test_domain_user_list_assignments_of_project_failed(self):
1017
+        self.auth = self.build_authentication_request(
1018
+            user_id=self.just_a_user['id'],
1019
+            password=self.just_a_user['password'],
1020
+            domain_id=self.domainA['id'])
1021
+
1022
+        collection_url = self.build_role_assignment_query_url(
1023
+            project_id=self.project['id'])
1024
+        self.get(collection_url, auth=self.auth, expected_status=403)
1025
+
890 1026
     def test_cloud_admin(self):
891 1027
         self.auth = self.build_authentication_request(
892 1028
             user_id=self.domain_admin_user['id'],

Loading…
Cancel
Save