Re-enable line-length linter

In 09088690 we mistakenly added E501 to the flake8 ignore list. Since
then, many new violations have been introduced. This patch re-enables
the check and corrects all violations, except in some cases like unit
test names where the subunit output would suffer if we attempted to
shorten the function name.

This may appear to be a pointless no-op that messes with
git-blameability, and it is, but the reason to do this is that if PEP8
violations are introduced in master and then backported to a stable
branch, most stable branches will fail the pep8 job since the flake8
ignore list is correct for those branches. Rather than loosening the
check in older branches or requiring those backports to fix the linter
errors independently of what's been merged in master, we should fix it
now so that we don't introduce more errors in the future and patches can
more easily be backported.

Change-Id: I9f71926105eb448bb0200201d1838b67d4963cd6
This commit is contained in:
Colleen Murphy 2019-10-18 09:08:07 -07:00
parent 19d4831daa
commit e2d83ae95d
35 changed files with 597 additions and 417 deletions

View File

@ -139,8 +139,8 @@ class CredentialResource(ks_flask.ResourceBase):
trust_id = getattr(self.oslo_context, 'trust_id', None)
ref = self._assign_unique_id(
self._normalize_dict(credential), trust_id=trust_id)
ref = PROVIDERS.credential_api.create_credential(ref['id'], ref,
initiator=self.audit_initiator)
ref = PROVIDERS.credential_api.create_credential(
ref['id'], ref, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED
def patch(self, credential_id):
@ -165,9 +165,9 @@ class CredentialResource(ks_flask.ResourceBase):
build_target=_build_target_enforcement
)
return (PROVIDERS.credential_api.delete_credential(credential_id,
initiator=self.audit_initiator),
http_client.NO_CONTENT)
return (PROVIDERS.credential_api.delete_credential(
credential_id, initiator=self.audit_initiator),
http_client.NO_CONTENT)
class CredentialAPI(ks_flask.APIBase):

View File

@ -228,12 +228,13 @@ class TrustResource(ks_flask.ResourceBase):
# rule check_str is ""
if isinstance(rules, op_checks.TrueCheck):
LOG.warning(
"The policy check string for rule \"identity:list_trusts\" has been overridden "
"to \"always true\". In the next release, this will cause the "
"\"identity:list_trusts\" action to be fully permissive as hardcoded "
"enforcement will be removed. To correct this issue, either stop overriding the "
"\"identity:list_trusts\" rule in config to accept the defaults, or explicitly "
"set a rule that is not empty."
"The policy check string for rule \"identity:list_trusts\" "
"has been overridden to \"always true\". In the next release, "
"this will cause the \"identity:list_trusts\" action to be "
"fully permissive as hardcoded enforcement will be removed. "
"To correct this issue, either stop overriding the "
"\"identity:list_trusts\" rule in config to accept the "
"defaults, or explicitly set a rule that is not empty."
)
if not flask.request.args:
# NOTE(morgan): Admin can list all trusts.
@ -242,9 +243,11 @@ class TrustResource(ks_flask.ResourceBase):
if not flask.request.args:
trusts += PROVIDERS.trust_api.list_trusts()
elif trustor_user_id:
trusts += PROVIDERS.trust_api.list_trusts_for_trustor(trustor_user_id)
trusts += PROVIDERS.trust_api.list_trusts_for_trustor(
trustor_user_id)
elif trustee_user_id:
trusts += PROVIDERS.trust_api.list_trusts_for_trustee(trustee_user_id)
trusts += PROVIDERS.trust_api.list_trusts_for_trustee(
trustee_user_id)
for trust in trusts:
# get_trust returns roles, list_trusts does not

View File

@ -143,7 +143,8 @@ class ApplicationCredential(base.ApplicationCredentialDriverBase):
access_rule_ref = session.query(AccessRuleModel).filter_by(
external_id=access_rule['id']).first()
if not access_rule_ref:
access_rule_ref = session.query(AccessRuleModel).filter_by(
query = session.query(AccessRuleModel)
access_rule_ref = query.filter_by(
user_id=app_cred['user_id'],
service=access_rule['service'],
path=access_rule['path'],
@ -154,7 +155,8 @@ class ApplicationCredential(base.ApplicationCredentialDriverBase):
for k, v in access_rule.items()})
access_rule_ref['user_id'] = app_cred['user_id']
session.add(access_rule_ref)
app_cred_access_rule = ApplicationCredentialAccessRuleModel()
app_cred_access_rule = (
ApplicationCredentialAccessRuleModel())
app_cred_access_rule.application_credential = ref
app_cred_access_rule.access_rule = access_rule_ref
session.add(app_cred_access_rule)
@ -253,7 +255,8 @@ class ApplicationCredential(base.ApplicationCredentialDriverBase):
access_rule_id=access_rule_id)
session.delete(ref)
except AssertionError:
raise exception.ForbiddenNotSecurity("May not delete access rule in use")
raise exception.ForbiddenNotSecurity(
"May not delete access rule in use")
def delete_access_rules_for_user(self, user_id):
with sql.session_for_write() as session:

View File

@ -127,7 +127,8 @@ class Bootstrapper(object):
"bootstrap command in the future.You can opt into "
"this behavior by using the --immutable-role "
"flag, or update role %(role)s with the "
"'immutable' resource option.", {'role': role_name})
"'immutable' resource option.",
{'role': role_name})
return role
except exception.Conflict:
LOG.info('Role %s exists, skipping creation.', role_name)

View File

@ -25,12 +25,12 @@ deprecated_get_endpoint_group = policy.DeprecatedRule(
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_list_projects_associated_with_endpoint_group = policy.DeprecatedRule(
deprecated_list_projects_assoc_with_endpoint_group = policy.DeprecatedRule(
name=base.IDENTITY % 'list_projects_associated_with_endpoint_group',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_list_endpoints_associated_with_endpoint_group = policy.DeprecatedRule(
deprecated_list_endpoints_assoc_with_endpoint_group = policy.DeprecatedRule(
name=base.IDENTITY % 'list_endpoints_associated_with_endpoint_group',
check_str=base.RULE_ADMIN_REQUIRED,
)
@ -142,7 +142,7 @@ group_endpoint_policies = [
operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
'{endpoint_group_id}/projects'),
'method': 'GET'}],
deprecated_rule=deprecated_list_projects_associated_with_endpoint_group,
deprecated_rule=deprecated_list_projects_assoc_with_endpoint_group,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -153,7 +153,7 @@ group_endpoint_policies = [
operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
'{endpoint_group_id}/endpoints'),
'method': 'GET'}],
deprecated_rule=deprecated_list_endpoints_associated_with_endpoint_group,
deprecated_rule=deprecated_list_endpoints_assoc_with_endpoint_group,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(

View File

@ -27,12 +27,18 @@ DOMAIN_MATCHES_USER_DOMAIN = 'domain_id:%(target.user.domain_id)s'
DOMAIN_MATCHES_GROUP_DOMAIN = 'domain_id:%(target.group.domain_id)s'
DOMAIN_MATCHES_PROJECT_DOMAIN = 'domain_id:%(target.project.domain_id)s'
DOMAIN_MATCHES_TARGET_DOMAIN = 'domain_id:%(target.domain.id)s'
DOMAIN_MATCHES_ROLE = 'domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s'
DOMAIN_MATCHES_ROLE = (
'domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s'
)
GRANTS_DOMAIN_READER = (
'(role:reader and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:reader and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and ' + DOMAIN_MATCHES_TARGET_DOMAIN + ') or '
'(role:reader and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:reader and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and ' + DOMAIN_MATCHES_TARGET_DOMAIN + ')'
'(role:reader and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:reader and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_TARGET_DOMAIN + ') or '
'(role:reader and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:reader and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_TARGET_DOMAIN + ')'
)
SYSTEM_READER_OR_DOMAIN_READER = (
'(' + base.SYSTEM_READER + ') or '
@ -45,10 +51,14 @@ SYSTEM_READER_OR_DOMAIN_READER_LIST = (
)
GRANTS_DOMAIN_ADMIN = (
'(role:admin and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:admin and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and ' + DOMAIN_MATCHES_TARGET_DOMAIN + ') or '
'(role:admin and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:admin and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and ' + DOMAIN_MATCHES_TARGET_DOMAIN + ')'
'(role:admin and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:admin and ' + DOMAIN_MATCHES_USER_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_TARGET_DOMAIN + ') or '
'(role:admin and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_PROJECT_DOMAIN + ') or '
'(role:admin and ' + DOMAIN_MATCHES_GROUP_DOMAIN + ' and'
' ' + DOMAIN_MATCHES_TARGET_DOMAIN + ')'
)
SYSTEM_ADMIN_OR_DOMAIN_ADMIN = (
'(' + base.SYSTEM_ADMIN + ') or '

View File

@ -19,17 +19,17 @@ from keystone.common.policies import base
# System-scoped tokens should be required to manage policy associations to
# existing system-level resources.
deprecated_check_policy_association_for_endpoint = policy.DeprecatedRule(
deprecated_check_policy_assoc_for_endpoint = policy.DeprecatedRule(
name=base.IDENTITY % 'check_policy_association_for_endpoint',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_check_policy_association_for_service = policy.DeprecatedRule(
deprecated_check_policy_assoc_for_service = policy.DeprecatedRule(
name=base.IDENTITY % 'check_policy_association_for_service',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_check_policy_association_for_region_and_service = policy.DeprecatedRule(
deprecated_check_policy_assoc_for_region_and_service = policy.DeprecatedRule(
name=base.IDENTITY % 'check_policy_association_for_region_and_service',
check_str=base.RULE_ADMIN_REQUIRED,
)
@ -44,38 +44,39 @@ deprecated_list_endpoints_for_policy = policy.DeprecatedRule(
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_create_policy_association_for_endpoint = policy.DeprecatedRule(
deprecated_create_policy_assoc_for_endpoint = policy.DeprecatedRule(
name=base.IDENTITY % 'create_policy_association_for_endpoint',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_delete_policy_association_for_endpoint = policy.DeprecatedRule(
deprecated_delete_policy_assoc_for_endpoint = policy.DeprecatedRule(
name=base.IDENTITY % 'delete_policy_association_for_endpoint',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_create_policy_association_for_service = policy.DeprecatedRule(
deprecated_create_policy_assoc_for_service = policy.DeprecatedRule(
name=base.IDENTITY % 'create_policy_association_for_service',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_delete_policy_association_for_service = policy.DeprecatedRule(
deprecated_delete_policy_assoc_for_service = policy.DeprecatedRule(
name=base.IDENTITY % 'delete_policy_association_for_service',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_create_policy_association_for_region_and_service = policy.DeprecatedRule(
deprecated_create_policy_assoc_for_region_and_service = policy.DeprecatedRule(
name=base.IDENTITY % 'create_policy_association_for_region_and_service',
check_str=base.RULE_ADMIN_REQUIRED,
)
deprecated_delete_policy_association_for_region_and_service = policy.DeprecatedRule(
deprecated_delete_policy_assoc_for_region_and_service = policy.DeprecatedRule(
name=base.IDENTITY % 'delete_policy_association_for_region_and_service',
check_str=base.RULE_ADMIN_REQUIRED,
)
DEPRECATED_REASON = (
"The policy association API is now aware of system scope and default roles."
"The policy association API is now aware of system scope and default "
"roles."
)
policy_association_policies = [
@ -87,7 +88,7 @@ policy_association_policies = [
operations=[{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'endpoints/{endpoint_id}'),
'method': 'PUT'}],
deprecated_rule=deprecated_create_policy_association_for_endpoint,
deprecated_rule=deprecated_create_policy_assoc_for_endpoint,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -101,7 +102,7 @@ policy_association_policies = [
{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'endpoints/{endpoint_id}'),
'method': 'HEAD'}],
deprecated_rule=deprecated_check_policy_association_for_endpoint,
deprecated_rule=deprecated_check_policy_assoc_for_endpoint,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -112,7 +113,7 @@ policy_association_policies = [
operations=[{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'endpoints/{endpoint_id}'),
'method': 'DELETE'}],
deprecated_rule=deprecated_delete_policy_association_for_endpoint,
deprecated_rule=deprecated_delete_policy_assoc_for_endpoint,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -123,7 +124,7 @@ policy_association_policies = [
operations=[{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'services/{service_id}'),
'method': 'PUT'}],
deprecated_rule=deprecated_create_policy_association_for_service,
deprecated_rule=deprecated_create_policy_assoc_for_service,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -137,7 +138,7 @@ policy_association_policies = [
{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'services/{service_id}'),
'method': 'HEAD'}],
deprecated_rule=deprecated_check_policy_association_for_service,
deprecated_rule=deprecated_check_policy_assoc_for_service,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -148,7 +149,7 @@ policy_association_policies = [
operations=[{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'services/{service_id}'),
'method': 'DELETE'}],
deprecated_rule=deprecated_delete_policy_association_for_service,
deprecated_rule=deprecated_delete_policy_assoc_for_service,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -161,7 +162,7 @@ policy_association_policies = [
operations=[{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'services/{service_id}/regions/{region_id}'),
'method': 'PUT'}],
deprecated_rule=deprecated_create_policy_association_for_region_and_service,
deprecated_rule=deprecated_create_policy_assoc_for_region_and_service,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -175,7 +176,7 @@ policy_association_policies = [
{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'services/{service_id}/regions/{region_id}'),
'method': 'HEAD'}],
deprecated_rule=deprecated_check_policy_association_for_region_and_service,
deprecated_rule=deprecated_check_policy_assoc_for_region_and_service,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(
@ -187,7 +188,7 @@ policy_association_policies = [
operations=[{'path': ('/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/'
'services/{service_id}/regions/{region_id}'),
'method': 'DELETE'}],
deprecated_rule=deprecated_delete_policy_association_for_region_and_service,
deprecated_rule=deprecated_delete_policy_assoc_for_region_and_service,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.TRAIN),
policy.DocumentedRuleDefault(

View File

@ -77,18 +77,22 @@ trust_policies = [
check_str=SYSTEM_READER_OR_TRUSTOR,
scope_types=['system', 'project'],
description='List trusts for trustor.',
operations=[{'path': '/v3/OS-TRUST/trusts?trustor_user_id={trustor_user_id}',
operations=[{'path': '/v3/OS-TRUST/trusts?'
'trustor_user_id={trustor_user_id}',
'method': 'GET'},
{'path': '/v3/OS-TRUST/trusts?trustor_user_id={trustor_user_id}',
{'path': '/v3/OS-TRUST/trusts?'
'trustor_user_id={trustor_user_id}',
'method': 'HEAD'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'list_trusts_for_trustee',
check_str=SYSTEM_READER_OR_TRUSTEE,
scope_types=['system', 'project'],
description='List trusts for trustee.',
operations=[{'path': '/v3/OS-TRUST/trusts?trustee_user_id={trustee_user_id}',
operations=[{'path': '/v3/OS-TRUST/trusts?'
'trustee_user_id={trustee_user_id}',
'method': 'GET'},
{'path': '/v3/OS-TRUST/trusts?trustee_user_id={trustee_user_id}',
{'path': '/v3/OS-TRUST/trusts?'
'trustee_user_id={trustee_user_id}',
'method': 'HEAD'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'list_roles_for_trust',

View File

@ -19,7 +19,8 @@ def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
application_credential = sql.Table('application_credential', meta, autoload=True)
application_credential = sql.Table(
'application_credential', meta, autoload=True)
access_rule = sql.Table(
'access_rule', meta,
sql.Column('id', sql.Integer, primary_key=True, nullable=False),

View File

@ -17,6 +17,7 @@ def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
federation_protocol_table = sql.Table('federation_protocol', meta, autoload=True)
federation_protocol_table = sql.Table(
'federation_protocol', meta, autoload=True)
remote_id_attribute = sql.Column('remote_id_attribute', sql.String(64))
federation_protocol_table.create_column(remote_id_attribute)

View File

@ -29,8 +29,9 @@ socket_timeout = cfg.IntOpt(
default=3,
deprecated_for_removal=True,
deprecated_reason='This option is duplicated with oslo.cache. '
'Configure ``keystone.conf [cache] memcache_socket_timeout`` '
'option to set the socket_timeout of memcached instead. ',
'Configure ``keystone.conf [cache] '
'memcache_socket_timeout`` option to set the '
'socket_timeout of memcached instead. ',
deprecated_since=versionutils.deprecated.TRAIN,
help=utils.fmt("""
Timeout in seconds for every call to a server. This is used by the key value

View File

@ -285,15 +285,16 @@ def validate_expiration(token):
def get_remote_id_parameter(idp, protocol):
# NOTE(marco-fargetta): Since we support any protocol ID, we attempt to
# retrieve the remote_id_attribute of the protocol ID. It will look up first
# if the remote_id_attribute exists.
# retrieve the remote_id_attribute of the protocol ID. It will look up
# first if the remote_id_attribute exists.
protocol_ref = PROVIDERS.federation_api.get_protocol(idp['id'], protocol)
remote_id_parameter = protocol_ref.get('remote_id_attribute')
if remote_id_parameter:
return remote_id_parameter
else:
# If it's not registered in the config, then register the option and try again.
# This allows the user to register protocols other than oidc and saml2.
# If it's not registered in the config, then register the option and
# try again. This allows the user to register protocols other than
# oidc and saml2.
try:
remote_id_parameter = CONF[protocol]['remote_id_attribute']
except AttributeError:
@ -303,7 +304,8 @@ def get_remote_id_parameter(idp, protocol):
try:
remote_id_parameter = CONF[protocol]['remote_id_attribute']
except AttributeError: # nosec
# No remote ID attr, will be logged and use the default instead.
# No remote ID attr, will be logged and use the default
# instead.
pass
if not remote_id_parameter:
LOG.debug('Cannot find "remote_id_attribute" in configuration '

View File

@ -290,7 +290,7 @@ class ReceiptPayload(object):
@classmethod
def random_urlsafe_str_to_bytes(cls, s):
"""Convert a string from :func:`random_urlsafe_str()` to six.binary_type.
"""Convert string from :func:`random_urlsafe_str()` to six.binary_type.
:type s: six.text_type
:rtype: six.binary_type

View File

@ -44,9 +44,11 @@ class _UserAccessRuleTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (self.user_id, app_cred['access_rules'][0]['id'])
path = '/v3/users/%s/access_rules/%s' % (
self.user_id, app_cred['access_rules'][0]['id'])
c.get(path, headers=self.headers)
def test_user_can_list_their_access_rules(self):
@ -63,9 +65,11 @@ class _UserAccessRuleTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
with self.test_client() as c:
r = c.get('/v3/users/%s/access_rules' % self.user_id, headers=self.headers)
r = c.get('/v3/users/%s/access_rules' % self.user_id,
headers=self.headers)
self.assertEqual(len(r.json['access_rules']), 1)
def test_user_can_delete_their_access_rules(self):
@ -83,10 +87,13 @@ class _UserAccessRuleTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.delete_application_credential(app_cred['id'])
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
PROVIDERS.application_credential_api.delete_application_credential(
app_cred['id'])
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (self.user_id, access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
self.user_id, access_rule_id)
c.delete(path, headers=self.headers)
@ -119,9 +126,11 @@ class _ProjectUsersTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (user['id'], access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
user['id'], access_rule_id)
c.get(
path, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
@ -136,7 +145,7 @@ class _ProjectUsersTests(object):
expected_status_code=http_client.NOT_FOUND
)
def test_user_cannot_get_non_existent_access_rule_other_user_forbidden(self):
def test_cannot_get_non_existent_access_rule_other_user_forbidden(self):
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user = PROVIDERS.identity_api.create_user(user)
with self.test_client() as c:
@ -171,7 +180,8 @@ class _ProjectUsersTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
with self.test_client() as c:
path = '/v3/users/%s/access_rules' % user['id']
@ -203,16 +213,19 @@ class _ProjectUsersTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.delete_application_credential(app_cred['id'])
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
PROVIDERS.application_credential_api.delete_application_credential(
app_cred['id'])
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (user['id'], access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
user['id'], access_rule_id)
c.delete(
path, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_delete_non_existent_access_rule_other_user_forbidden(self):
def test_cannot_delete_non_existent_access_rule_other_user_forbidden(self):
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user = PROVIDERS.identity_api.create_user(user)
with self.test_client() as c:
@ -252,7 +265,8 @@ class _SystemUserAccessRuleTests(object):
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
with self.test_client() as c:
r = c.get('/v3/users/%s/access_rules' % user['id'],
@ -329,10 +343,13 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.delete_application_credential(app_cred['id'])
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
PROVIDERS.application_credential_api.delete_application_credential(
app_cred['id'])
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (user['id'], access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
user['id'], access_rule_id)
c.delete(
path, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
@ -408,17 +425,21 @@ class SystemMemberTests(base_classes.TestCaseWithBootstrap,
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.delete_application_credential(app_cred['id'])
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
PROVIDERS.application_credential_api.delete_application_credential(
app_cred['id'])
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (user['id'], access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
user['id'], access_rule_id)
c.delete(
path, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (user['id'], access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
user['id'], access_rule_id)
c.delete(
path, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
@ -487,11 +508,14 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
'method': uuid.uuid4().hex[16:]
}]
}
PROVIDERS.application_credential_api.create_application_credential(app_cred)
PROVIDERS.application_credential_api.delete_application_credential(app_cred['id'])
PROVIDERS.application_credential_api.create_application_credential(
app_cred)
PROVIDERS.application_credential_api.delete_application_credential(
app_cred['id'])
with self.test_client() as c:
path = '/v3/users/%s/access_rules/%s' % (user['id'], access_rule_id)
path = '/v3/users/%s/access_rules/%s' % (
user['id'], access_rule_id)
c.delete(path, headers=self.headers)
def test_user_cannot_delete_non_existent_access_rule_not_found(self):

View File

@ -1086,9 +1086,9 @@ class _ProjectUserTests(object):
def test_user_cannot_filter_role_assignments_by_other_project_user(self):
assignments = self._setup_test_role_assignments()
# This user doesn't have any role assignments on self.project_id, so the
# project user of self.project_id should only see an empty list of role
# assignments.
# This user doesn't have any role assignments on self.project_id, so
# the project user of self.project_id should only see an empty list of
# role assignments.
user_id = assignments['user_id']
with self.test_client() as c:

View File

@ -50,10 +50,11 @@ class _SystemDomainAndProjectUserDomainConfigTests(object):
password_regex_description=password_regex_description
)
with self.test_client() as c:
c.get('/v3/domains/%s/config/security_compliance/password_regex_description'
c.get('/v3/domains/%s/config/security_compliance'
'/password_regex_description'
% CONF.identity.default_domain_id, headers=self.headers)
def test_user_can_get_security_compliance_config_with_user_from_other_domain(self):
def test_can_get_security_compliance_config_with_user_from_other_domain(self): # noqa: E501
domain = unit.new_domain_ref()
PROVIDERS.resource_api.create_domain(domain['id'], domain)
@ -95,7 +96,8 @@ class _SystemUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.get('/v3/domains/%s/config'
% domain['id'], headers=self.headers)
@ -104,7 +106,8 @@ class _SystemUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.get('/v3/domains/%s/config/ldap'
% domain['id'], headers=self.headers)
@ -113,7 +116,8 @@ class _SystemUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
invalid_domain_id = uuid.uuid4().hex
with self.test_client() as c:
c.get('/v3/domains/%s/config/ldap'
@ -144,7 +148,8 @@ class _SystemUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.get('/v3/domains/%s/config/ldap/url'
% domain['id'], headers=self.headers)
@ -195,10 +200,11 @@ class _SystemUserDomainConfigTests(object):
password_regex_description=password_regex_description
)
with self.test_client() as c:
c.get('/v3/domains/%s/config/security_compliance/password_regex_description'
c.get('/v3/domains/%s/config/security_compliance'
'/password_regex_description'
% CONF.identity.default_domain_id, headers=self.headers)
def test_user_can_get_security_compliance_config_with_user_from_other_domain(self):
def test_can_get_security_compliance_config_with_user_from_other_domain(self): # noqa: E501
domain = unit.new_domain_ref()
PROVIDERS.resource_api.create_domain(domain['id'], domain)
@ -238,58 +244,70 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object):
)
with self.test_client() as c:
c.put('/v3/domains/%s/config'
% domain['id'], json={'config': unit.new_domain_config_ref()},
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
% domain['id'],
json={'config': unit.new_domain_config_ref()},
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_update_domain_config(self):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
new_config = {'ldap': {'url': uuid.uuid4().hex},
'identity': {'driver': uuid.uuid4().hex}}
with self.test_client() as c:
c.patch('/v3/domains/%s/config'
% domain['id'], json={'config': new_config},
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_update_domain_group_config(self):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
new_config = {'ldap': {'url': uuid.uuid4().hex,
'user_filter': uuid.uuid4().hex}}
with self.test_client() as c:
c.patch('/v3/domains/%s/config/ldap'
% domain['id'], json={'config': new_config},
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_update_domain_config_option(self):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
new_config = {'url': uuid.uuid4().hex}
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.patch('/v3/domains/%s/config/ldap/url'
% domain['id'], json={'config': new_config},
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
% domain['id'],
json={'config': new_config},
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_delete_domain_config(self):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.delete('/v3/domains/%s/config' % domain['id'],
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_delete_domain_group_config(self):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.delete('/v3/domains/%s/config/ldap'
% domain['id'], headers=self.headers,
@ -299,7 +317,8 @@ class _SystemReaderMemberDomainAndProjectUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.delete('/v3/domains/%s/config/ldap/url'
% domain['id'], headers=self.headers,
@ -312,7 +331,8 @@ class _DomainAndProjectUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.get('/v3/domains/%s/config'
% domain['id'], headers=self.headers,
@ -322,7 +342,8 @@ class _DomainAndProjectUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.get('/v3/domains/%s/config/ldap'
% domain['id'], headers=self.headers,
@ -340,7 +361,8 @@ class _DomainAndProjectUserDomainConfigTests(object):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
PROVIDERS.domain_config_api.create_config(domain['id'], unit.new_domain_config_ref())
PROVIDERS.domain_config_api.create_config(
domain['id'], unit.new_domain_config_ref())
with self.test_client() as c:
c.get('/v3/domains/%s/config/ldap/url'
% domain['id'], headers=self.headers,
@ -362,11 +384,12 @@ class _DomainAndProjectUserDomainConfigTests(object):
expected_status_code=http_client.FORBIDDEN)
class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests,
_SystemDomainAndProjectUserDomainConfigTests):
class SystemReaderTests(
base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests,
_SystemDomainAndProjectUserDomainConfigTests):
def setUp(self):
super(SystemReaderTests, self).setUp()
@ -397,11 +420,12 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
self.headers = {'X-Auth-Token': self.token_id}
class SystemMemberTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests,
_SystemDomainAndProjectUserDomainConfigTests):
class SystemMemberTests(
base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests,
_SystemDomainAndProjectUserDomainConfigTests):
def setUp(self):
super(SystemMemberTests, self).setUp()
@ -465,15 +489,19 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
)
with self.test_client() as c:
c.put('/v3/domains/%s/config'
% domain['id'], json={'config': unit.new_domain_config_ref()},
headers=self.headers, expected_status_code=http_client.CREATED)
% domain['id'],
json={'config': unit.new_domain_config_ref()},
headers=self.headers,
expected_status_code=http_client.CREATED)
def test_user_cannot_create_invalid_domain_config(self):
invalid_domain_id = uuid.uuid4().hex
with self.test_client() as c:
c.put('/v3/domains/%s/config'
% invalid_domain_id, json={'config': unit.new_domain_config_ref()},
headers=self.headers, expected_status_code=http_client.NOT_FOUND)
% invalid_domain_id,
json={'config': unit.new_domain_config_ref()},
headers=self.headers,
expected_status_code=http_client.NOT_FOUND)
def test_user_can_update_domain_config(self):
domain = PROVIDERS.resource_api.create_domain(
@ -556,11 +584,12 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
expected_status_code=http_client.NOT_FOUND)
class DomainUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemDomainAndProjectUserDomainConfigTests,
_DomainAndProjectUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests):
class DomainUserTests(
base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemDomainAndProjectUserDomainConfigTests,
_DomainAndProjectUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests):
def setUp(self):
super(DomainUserTests, self).setUp()
@ -593,11 +622,12 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap,
self.headers = {'X-Auth-Token': self.token_id}
class ProjectUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemDomainAndProjectUserDomainConfigTests,
_DomainAndProjectUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests):
class ProjectUserTests(
base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemDomainAndProjectUserDomainConfigTests,
_DomainAndProjectUserDomainConfigTests,
_SystemReaderMemberDomainAndProjectUserDomainConfigTests):
def setUp(self):
super(ProjectUserTests, self).setUp()

View File

@ -248,14 +248,16 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
self.headers = {'X-Auth-Token': self.token_id}
def test_user_can_create_roles(self):
create = {'role': unit.new_role_ref(domain_id=CONF.identity.default_domain_id)}
create = {'role': unit.new_role_ref(
domain_id=CONF.identity.default_domain_id)}
with self.test_client() as c:
c.post('/v3/roles', json=create, headers=self.headers)
def test_user_can_update_roles(self):
role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
)
update = {'role': {'description': uuid.uuid4().hex}}
@ -267,7 +269,8 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
def test_user_can_delete_roles(self):
role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
)
with self.test_client() as c:

View File

@ -44,7 +44,8 @@ class _UserEC2CredentialTests(object):
credential_id = r.json['credential']['access']
path = '/v3/users/%s/credentials/OS-EC2/%s' % (self.user_id, credential_id)
path = '/v3/users/%s/credentials/OS-EC2/%s' % (
self.user_id, credential_id)
r = c.get(path, headers=self.headers)
self.assertEqual(
self.user_id, r.json['credential']['user_id']
@ -101,7 +102,8 @@ class _UserEC2CredentialTests(object):
json={'tenant_id': project['id']}, headers=self.headers)
credential_id = r.json['credential']['access']
c.delete('/v3/users/%s/credentials/OS-EC2/%s' % (self.user_id, credential_id),
c.delete('/v3/users/%s/credentials/OS-EC2/%s' % (
self.user_id, credential_id),
headers=self.headers)
def test_user_cannot_create_ec2_credentials_for_others(self):
@ -147,8 +149,10 @@ class _UserEC2CredentialTests(object):
json={'tenant_id': project['id']}, headers=headers)
credential_id = r.json['credential']['access']
c.delete('/v3/users/%s/credentials/OS-EC2/%s' % (self.user_id, credential_id),
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
c.delete('/v3/users/%s/credentials/OS-EC2/%s' % (
self.user_id, credential_id),
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
class _SystemUserTests(object):
@ -178,8 +182,10 @@ class _SystemUserTests(object):
json={'tenant_id': project['id']}, headers=headers)
credential_id = r.json['credential']['access']
path = '/v3/users/%s/credentials/OS-EC2/%s' % (self.user_id, credential_id)
c.get(path, headers=self.headers, expected_status_code=http_client.OK)
path = '/v3/users/%s/credentials/OS-EC2/%s' % (
self.user_id, credential_id)
c.get(path, headers=self.headers,
expected_status_code=http_client.OK)
class _SystemReaderAndMemberTests(object):
@ -377,7 +383,8 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
json={'tenant_id': project['id']}, headers=headers)
credential_id = r.json['credential']['access']
c.delete('/v3/users/%s/credentials/OS-EC2/%s' % (self.user_id, credential_id),
c.delete('/v3/users/%s/credentials/OS-EC2/%s' % (
self.user_id, credential_id),
headers=self.headers)
@ -395,13 +402,16 @@ class ProjectAdminTests(base_classes.TestCaseWithBootstrap,
# update permissions or update policies without breaking users. This
# will cause these specific tests to fail since we're trying to correct
# this broken behavior with better scope checking.
reader_or_cred_owner = bp.SYSTEM_READER_OR_CRED_OWNER
reader_or_owner = bp.RULE_SYSTEM_READER_OR_OWNER
admin_or_cred_owner = bp.SYSTEM_ADMIN_OR_CRED_OWNER
with open(self.policy_file_name, 'w') as f:
overridden_policies = {
'identity:ec2_get_credential': bp.SYSTEM_READER_OR_CRED_OWNER,
'identity:ec2_list_credentials': bp.RULE_SYSTEM_READER_OR_OWNER,
'identity:ec2_create_credential': bp.SYSTEM_ADMIN_OR_CRED_OWNER,
'identity:ec2_update_credential': bp.SYSTEM_ADMIN_OR_CRED_OWNER,
'identity:ec2_delete_credential': bp.SYSTEM_ADMIN_OR_CRED_OWNER
'identity:ec2_get_credential': reader_or_cred_owner,
'identity:ec2_list_credentials': reader_or_owner,
'identity:ec2_create_credential': admin_or_cred_owner,
'identity:ec2_update_credential': admin_or_cred_owner,
'identity:ec2_delete_credential': admin_or_cred_owner
}
f.write(jsonutils.dumps(overridden_policies))

View File

@ -29,7 +29,8 @@ class _SystemUserEndpointGroupsTests(object):
"""Common default functionality for all system users."""
def test_user_can_list_endpoint_groups(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -43,7 +44,8 @@ class _SystemUserEndpointGroupsTests(object):
self.assertIn(endpoint_group['id'], endpoint_groups)
def test_user_can_get_an_endpoint_group(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -57,7 +59,8 @@ class _SystemUserEndpointGroupsTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -79,7 +82,8 @@ class _SystemUserEndpointGroupsTests(object):
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -98,7 +102,8 @@ class _SystemUserEndpointGroupsTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -115,7 +120,8 @@ class _SystemUserEndpointGroupsTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -145,12 +151,14 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object):
with self.test_client() as c:
c.post(
'/v3/OS-EP-FILTER/endpoint_groups', json=create, headers=self.headers,
'/v3/OS-EP-FILTER/endpoint_groups', json=create,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_update_endpoint_groups(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -159,20 +167,23 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object):
with self.test_client() as c:
c.patch(
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], json=update,
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
json=update,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_delete_endpoint_groups(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
with self.test_client() as c:
c.delete(
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], headers=self.headers,
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
@ -182,7 +193,8 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -199,7 +211,8 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -214,7 +227,8 @@ class _SystemReaderAndMemberUserEndpointGroupsTests(object):
class _DomainAndProjectUserEndpointGroupTests(object):
def test_user_cannot_list_endpoint_groups(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -224,13 +238,15 @@ class _DomainAndProjectUserEndpointGroupTests(object):
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_get_an_endpoint_group(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_list_projects_associated_with_endpoint_groups(self):
project = PROVIDERS.resource_api.create_project(
@ -238,15 +254,18 @@ class _DomainAndProjectUserEndpointGroupTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
PROVIDERS.catalog_api.add_endpoint_group_to_project(
endpoint_group['id'], project['id'])
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/projects' % endpoint_group['id'],
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/projects'
% endpoint_group['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_list_endpoints_associated_with_endpoint_groups(self):
service = PROVIDERS.catalog_api.create_service(
@ -256,13 +275,16 @@ class _DomainAndProjectUserEndpointGroupTests(object):
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/endpoints' % endpoint_group['id'],
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/endpoints'
% endpoint_group['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_get_endpoints_associated_with_endpoint_groups(self):
project = PROVIDERS.resource_api.create_project(
@ -270,7 +292,8 @@ class _DomainAndProjectUserEndpointGroupTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -279,7 +302,8 @@ class _DomainAndProjectUserEndpointGroupTests(object):
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/projects/%s'
% (endpoint_group['id'], project['id']),
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_list_endpoint_groups_with_their_projects(self):
project = PROVIDERS.resource_api.create_project(
@ -287,15 +311,18 @@ class _DomainAndProjectUserEndpointGroupTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
PROVIDERS.catalog_api.add_endpoint_group_to_project(
endpoint_group['id'], project['id'])
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/projects/%s/endpoint_groups' % project['id'],
headers=self.headers, expected_status_code=http_client.FORBIDDEN)
c.get('/v3/OS-EP-FILTER/projects/%s/endpoint_groups'
% project['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_create_endpoint_groups(self):
create = {
@ -309,12 +336,14 @@ class _DomainAndProjectUserEndpointGroupTests(object):
with self.test_client() as c:
c.post(
'/v3/OS-EP-FILTER/endpoint_groups', json=create, headers=self.headers,
'/v3/OS-EP-FILTER/endpoint_groups', json=create,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_update_endpoint_groups(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -323,20 +352,23 @@ class _DomainAndProjectUserEndpointGroupTests(object):
with self.test_client() as c:
c.patch(
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], json=update,
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
json=update,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_delete_endpoint_groups(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
with self.test_client() as c:
c.delete(
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], headers=self.headers,
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
@ -346,7 +378,8 @@ class _DomainAndProjectUserEndpointGroupTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -363,7 +396,8 @@ class _DomainAndProjectUserEndpointGroupTests(object):
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -481,10 +515,12 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
with self.test_client() as c:
c.post(
'/v3/OS-EP-FILTER/endpoint_groups', json=create, headers=self.headers)
'/v3/OS-EP-FILTER/endpoint_groups', json=create,
headers=self.headers)
def test_user_can_update_endpoint_group(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -493,18 +529,21 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
with self.test_client() as c:
c.patch(
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], json=update,
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
json=update,
headers=self.headers)
def test_user_can_delete_endpoint_group(self):
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
with self.test_client() as c:
c.delete(
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'], headers=self.headers
'/v3/OS-EP-FILTER/endpoint_groups/%s' % endpoint_group['id'],
headers=self.headers
)
def test_user_add_endpoint_group_to_project(self):
@ -513,7 +552,8 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)
@ -529,7 +569,8 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
domain_id=CONF.identity.default_domain_id
)
)
endpoint_group = unit.new_endpoint_group_ref(filters={'interface': 'public'})
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group
)

View File

@ -30,7 +30,7 @@ PROVIDERS = provider_api.ProviderAPIs
class _SystemUserGrantTests(object):
def test_user_can_list_grants_for_user_on_project(self):
def test_can_list_grants_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -53,7 +53,7 @@ class _SystemUserGrantTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_list_grants_for_user_on_domain(self):
def test_can_list_grants_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -74,7 +74,7 @@ class _SystemUserGrantTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_list_grants_for_group_on_project(self):
def test_can_list_grants_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -98,7 +98,7 @@ class _SystemUserGrantTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_list_grants_for_group_on_domain(self):
def test_can_list_grants_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -119,7 +119,7 @@ class _SystemUserGrantTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_check_grant_for_user_on_project(self):
def test_can_check_grant_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -144,7 +144,7 @@ class _SystemUserGrantTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_can_check_grant_for_user_on_domain(self):
def test_can_check_grant_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -167,7 +167,7 @@ class _SystemUserGrantTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_can_check_grant_for_group_on_project(self):
def test_can_check_grant_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -194,7 +194,7 @@ class _SystemUserGrantTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_can_check_grant_for_group_on_domain(self):
def test_can_check_grant_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -220,7 +220,7 @@ class _SystemUserGrantTests(object):
class _SystemMemberAndReaderGrantTests(object):
def test_user_cannot_create_grant_for_user_on_project(self):
def test_cannot_create_grant_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -240,7 +240,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_user_on_domain(self):
def test_cannot_create_grant_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -258,7 +258,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_on_project(self):
def test_cannot_create_grant_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -280,7 +280,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_on_domain(self):
def test_cannot_create_grant_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -298,7 +298,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_on_project(self):
def test_cannot_revoke_grant_from_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -323,7 +323,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_on_domain(self):
def test_cannot_revoke_grant_from_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -346,7 +346,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_on_project(self):
def test_cannot_revoke_grant_from_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -373,7 +373,7 @@ class _SystemMemberAndReaderGrantTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_on_domain(self):
def test_cannot_revoke_grant_from_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -399,7 +399,7 @@ class _SystemMemberAndReaderGrantTests(object):
class _DomainUserTests(object):
def test_user_can_list_grants_for_user_on_project(self):
def test_can_list_grants_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -420,7 +420,7 @@ class _DomainUserTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_list_grants_for_user_on_domain(self):
def test_can_list_grants_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -437,7 +437,7 @@ class _DomainUserTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_list_grants_for_group_on_project(self):
def test_can_list_grants_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -459,7 +459,7 @@ class _DomainUserTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_list_grants_for_group_on_domain(self):
def test_can_list_grants_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -477,7 +477,7 @@ class _DomainUserTests(object):
)
self.assertEqual(1, len(r.json['roles']))
def test_user_can_check_grant_for_user_on_project(self):
def test_can_check_grant_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -502,7 +502,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_can_check_grant_for_user_on_domain(self):
def test_can_check_grant_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -522,7 +522,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_can_check_grant_for_group_on_project(self):
def test_can_check_grant_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -547,7 +547,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_can_check_grant_for_group_on_domain(self):
def test_can_check_grant_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -567,7 +567,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.NO_CONTENT
)
def test_user_cannot_list_grants_for_user_other_domain_on_project_own_domain(self):
def test_cannot_list_grants_for_user_other_domain_on_project_own_domain(self): # noqa: E501
user_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -591,7 +591,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_user_own_domain_on_project_other_domain(self):
def test_cannot_list_grants_for_user_own_domain_on_project_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -616,7 +616,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_user_own_domain_on_other_domain(self):
def test_cannot_list_grants_for_user_own_domain_on_other_domain(self):
user_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -636,7 +636,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_user_other_domain_on_own_domain(self):
def test_cannot_list_grants_for_user_other_domain_on_own_domain(self):
user_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -656,7 +656,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_group_other_domain_on_project_own_domain(self):
def test_cannot_list_grants_for_group_other_domain_on_project_own_domain(self): # noqa: E501
group_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -681,7 +681,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_group_own_domain_on_project_other_domain(self):
def test_cannot_list_grants_for_group_own_domain_on_project_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -707,7 +707,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_group_own_domain_on_other_domain(self):
def test_cannot_list_grants_for_group_own_domain_on_other_domain(self):
group_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -728,7 +728,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_grants_for_group_other_domain_on_own_domain(self):
def test_cannot_list_grants_for_group_other_domain_on_own_domain(self):
group_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -749,7 +749,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_user_other_domain_on_project_own_domain(self):
def test_cannot_check_grant_for_user_other_domain_on_project_own_domain(self): # noqa: E501
user_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -775,7 +775,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_user_own_domain_on_project_other_domain(self):
def test_cannot_check_grant_for_user_own_domain_on_project_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -802,7 +802,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_user_own_domain_on_project_own_domain_with_role_other_domain(self):
def test_cannot_check_grant_for_user_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
project_domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -833,7 +833,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_user_own_domain_on_other_domain(self):
def test_cannot_check_grant_for_user_own_domain_on_other_domain(self):
user_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -856,7 +856,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_user_other_domain_on_own_domain(self):
def test_cannot_check_grant_for_user_other_domain_on_own_domain(self):
user_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -879,7 +879,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_user_own_domain_on_own_domain_with_role_other_domain(self):
def test_cannot_check_grant_for_user_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -907,7 +907,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_group_other_domain_on_project_own_domain(self):
def test_cannot_check_grant_for_group_other_domain_on_project_own_domain(self): # noqa: E501
group_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -933,7 +933,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_group_own_domain_on_project_other_domain(self):
def test_cannot_check_grant_for_group_own_domain_on_project_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -959,7 +959,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_group_own_domain_on_project_own_domain_with_role_other_domain(self):
def test_cannot_check_grant_for_group_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
role_domain_id = CONF.identity.default_domain_id
@ -990,7 +990,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_group_own_domain_on_other_domain(self):
def test_cannot_check_grant_for_group_own_domain_on_other_domain(self):
group_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -1012,7 +1012,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_group_other_domain_on_own_domain(self):
def test_cannot_check_grant_for_group_other_domain_on_own_domain(self):
group_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -1034,12 +1034,13 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_check_grant_for_group_own_domain_on_own_domain_with_role_other_domain(self):
def test_cannot_check_grant_for_group_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
role = PROVIDERS.role_api.create_role(uuid.uuid4().hex, unit.new_role_ref(domain_id=role_domain_id))
role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, unit.new_role_ref(domain_id=role_domain_id))
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=group_domain_id)
@ -1059,7 +1060,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_user_other_domain_on_project_own_domain(self):
def test_cannot_create_grant_for_user_other_domain_on_project_own_domain(self): # noqa: E501
user_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -1082,7 +1083,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_user_own_domain_on_project_other_domain(self):
def test_cannot_create_grant_for_user_own_domain_on_project_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -1105,7 +1106,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_cannot_create_grant_for_user_own_domain_on_project_own_domain_with_role_other_domain(self):
def test_cannot_create_grant_for_user_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
project_domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -1131,7 +1132,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_user_other_domain_on_own_domain(self):
def test_cannot_create_grant_for_user_other_domain_on_own_domain(self):
user_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -1148,7 +1149,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_user_own_domain_on_other_domain(self):
def test_cannot_create_grant_for_user_own_domain_on_other_domain(self):
user_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -1165,7 +1166,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_cannot_create_grant_for_user_own_domain_on_own_domain_with_role_other_domain(self):
def test_cannot_create_grant_for_user_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -1186,7 +1187,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_other_domain_on_project_own_domain(self):
def test_cannot_create_grant_for_group_other_domain_on_project_own_domain(self): # noqa: E501
group_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -1211,7 +1212,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_own_domain_on_project_other_domain(self):
def test_cannot_create_grant_for_group_own_domain_on_project_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -1236,7 +1237,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_cannot_create_grant_for_group_own_domain_on_project_own_domain_with_role_other_domain(self):
def test_cannot_create_grant_for_group_own_domain_on_project_own_domain_with_role_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
project_domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -1265,7 +1266,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_other_domain_on_own_domain(self):
def test_cannot_create_grant_for_group_other_domain_on_own_domain(self):
group_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -1282,7 +1283,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_own_domain_on_other_domain(self):
def test_cannot_create_grant_for_group_own_domain_on_other_domain(self):
group_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -1299,7 +1300,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_own_domain_on_own_domain_with_role_other_domain(self):
def test_cannot_create_grant_for_group_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -1320,7 +1321,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_other_domain_on_project_own_domain(self):
def test_cannot_revoke_grant_from_user_other_domain_on_project_own_domain(self): # noqa: E501
user_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -1348,7 +1349,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_own_domain_on_project_other_domain(self):
def test_cannot_revoke_grant_from_user_own_domain_on_project_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -1376,7 +1377,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_other_domain_on_own_domain(self):
def test_cannot_revoke_grant_from_user_other_domain_on_own_domain(self):
user_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -1398,7 +1399,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_own_domain_on_other_domain(self):
def test_cannot_revoke_grant_from_user_own_domain_on_other_domain(self):
user_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -1420,7 +1421,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_own_domain_on_own_domain_with_role_other_domain(self):
def test_cannot_revoke_grant_from_user_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501
user_domain_id = self.domain_id
domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -1446,7 +1447,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_other_domain_on_project_own_domain(self):
def test_cannot_revoke_grant_from_group_other_domain_on_project_own_domain(self): # noqa: E501
group_domain_id = CONF.identity.default_domain_id
project_domain_id = self.domain_id
@ -1476,7 +1477,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_own_domain_on_project_other_domain(self):
def test_cannot_revoke_grant_from_group_own_domain_on_project_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
project_domain_id = CONF.identity.default_domain_id
@ -1506,7 +1507,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_other_domain_on_own_domain(self):
def test_cannot_revoke_grant_from_group_other_domain_on_own_domain(self):
group_domain_id = CONF.identity.default_domain_id
domain_id = self.domain_id
@ -1528,7 +1529,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_own_domain_on_other_domain(self):
def test_cannot_revoke_grant_from_group_own_domain_on_other_domain(self):
group_domain_id = self.domain_id
domain_id = CONF.identity.default_domain_id
@ -1550,7 +1551,7 @@ class _DomainUserTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_own_domain_on_own_domain_with_role_other_domain(self):
def test_cannot_revoke_grant_from_group_own_domain_on_own_domain_with_role_other_domain(self): # noqa: E501
group_domain_id = self.domain_id
domain_id = self.domain_id
role_domain_id = CONF.identity.default_domain_id
@ -1670,7 +1671,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}
def test_user_can_create_grant_for_user_on_project(self):
def test_can_create_grant_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1689,7 +1690,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_create_grant_for_user_on_domain(self):
def test_can_create_grant_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1706,7 +1707,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_create_grant_for_group_on_project(self):
def test_can_create_grant_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1727,7 +1728,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_create_grant_for_group_on_domain(self):
def test_can_create_grant_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1744,7 +1745,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_revoke_grant_from_user_on_project(self):
def test_can_revoke_grant_from_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1768,7 +1769,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_revoke_grant_from_user_on_domain(self):
def test_can_revoke_grant_from_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1790,7 +1791,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_revoke_grant_from_group_on_project(self):
def test_can_revoke_grant_from_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1816,7 +1817,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_revoke_grant_from_group_on_domain(self):
def test_can_revoke_grant_from_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)
@ -1841,7 +1842,7 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
class _DomainMemberAndReaderTests(object):
def test_user_cannot_create_grant_for_user_on_project(self):
def test_cannot_create_grant_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -1861,7 +1862,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_user_on_domain(self):
def test_cannot_create_grant_for_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -1879,7 +1880,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_on_project(self):
def test_cannot_create_grant_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -1899,7 +1900,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_grant_for_group_on_domain(self):
def test_cannot_create_grant_for_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -1917,7 +1918,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_on_project(self):
def test_cannot_revoke_grant_from_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -1940,7 +1941,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_user_on_domain(self):
def test_cannot_revoke_grant_from_user_on_domain(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -1963,7 +1964,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_on_project(self):
def test_cannot_revoke_grant_from_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -1990,7 +1991,7 @@ class _DomainMemberAndReaderTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_revoke_grant_from_group_on_domain(self):
def test_cannot_revoke_grant_from_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -2142,7 +2143,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap,
}
f.write(jsonutils.dumps(overridden_policies))
def test_user_can_create_grant_for_user_on_project(self):
def test_can_create_grant_for_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -2159,7 +2160,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_create_grant_for_group_on_project(self):
def test_can_create_grant_for_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -2178,7 +2179,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_revoke_grant_from_user_on_project(self):
def test_can_revoke_grant_from_user_on_project(self):
user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(domain_id=self.domain_id)
)
@ -2200,7 +2201,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_can_revoke_grant_from_group_on_project(self):
def test_can_revoke_grant_from_group_on_project(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=self.domain_id)
)
@ -2224,7 +2225,7 @@ class DomainAdminTests(base_classes.TestCaseWithBootstrap,
headers=self.headers
)
def test_user_cannot_revoke_grant_from_group_on_domain(self):
def test_cannot_revoke_grant_from_group_on_domain(self):
group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(domain_id=CONF.identity.default_domain_id)
)

View File

@ -252,7 +252,8 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
'name': uuid.uuid4().hex,
'description': uuid.uuid4().hex,
'enabled': True,
# Store serialized JSON data as the blob to mimic real world usage.
# Store serialized JSON data as the blob to mimic real world
# usage.
'blob': json.dumps({'data': uuid.uuid4().hex, }),
'type': uuid.uuid4().hex
}

View File

@ -194,7 +194,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_policy_association_for_region_and_service(self):
def test_user_cannot_create_policy_assoc_for_region_and_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(
@ -210,7 +210,7 @@ class _SystemReaderAndMemberPoliciesAssociationTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_delete_policy_association_for_region_and_service(self):
def test_user_cannot_delete_policy_assoc_for_region_and_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(
@ -392,7 +392,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_create_policy_association_for_region_and_service(self):
def test_user_cannot_create_policy_assoc_for_region_and_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(
@ -408,7 +408,7 @@ class _DomainAndProjectUserPolicyAssociationsTests(object):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_delete_policy_association_for_region_and_service(self):
def test_user_cannot_delete_policy_assoc_for_region_and_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(

View File

@ -45,9 +45,11 @@ class _SystemUserProjectEndpointTests(object):
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
r = c.get('/v3/OS-EP-FILTER/endpoints/%s/projects' % endpoint['id'],
r = c.get('/v3/OS-EP-FILTER/endpoints/%s/projects'
% endpoint['id'],
headers=self.headers)
for project_itr in r.json['projects']:
self.assertIn(project['id'], project_itr['id'])
@ -66,7 +68,8 @@ class _SystemUserProjectEndpointTests(object):
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/projects/%s/endpoints/%s'
% (project['id'], endpoint['id']),
@ -87,7 +90,8 @@ class _SystemUserProjectEndpointTests(object):
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
r = c.get('/v3/OS-EP-FILTER/projects/%s/endpoints' % project['id'],
headers=self.headers)
@ -152,7 +156,8 @@ class _DomainAndProjectUserProjectEndpointTests(object):
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/endpoints/%s/projects' % endpoint['id'],
headers=self.headers,
@ -172,7 +177,8 @@ class _DomainAndProjectUserProjectEndpointTests(object):
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/projects/%s/endpoints/%s'
% (project['id'], endpoint['id']),
@ -193,7 +199,8 @@ class _DomainAndProjectUserProjectEndpointTests(object):
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/projects/%s/endpoints' % project['id'],
headers=self.headers,
@ -326,7 +333,8 @@ class SystemAdminTests(base_classes.TestCaseWithBootstrap,
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint
)
PROVIDERS.catalog_api.add_endpoint_to_project(endpoint['id'], project['id'])
PROVIDERS.catalog_api.add_endpoint_to_project(
endpoint['id'], project['id'])
with self.test_client() as c:
c.delete('/v3/OS-EP-FILTER/projects/%s/endpoints/%s'
% (project['id'], endpoint['id']),

View File

@ -240,7 +240,8 @@ class _DomainAndProjectUserSystemAssignmentTests(object):
with self.test_client() as c:
c.get(
'/v3/system/groups/%s/roles' % group['id'], headers=self.headers,
'/v3/system/groups/%s/roles' % group['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)

View File

@ -441,7 +441,7 @@ class SystemAdminTests(TrustTests, _AdminTestsMixin, _SystemUserTests):
expected_status_code=http_client.FORBIDDEN
)
def test_admin_cannot_get_trust_role_for_other_user_overridden_defaults(self):
def test_admin_cannot_get_trust_role_for_other_user_overridden(self):
self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data)
@ -768,7 +768,7 @@ class ProjectUserTests(TrustTests):
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_list_trusts_for_other_trustor_overridden_default(self):
def test_user_cannot_list_trusts_for_other_trustor_overridden(self):
self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data)
@ -841,7 +841,7 @@ class ProjectUserTests(TrustTests):
expected_status_code=http_client.FORBIDDEN
)
def test_user_can_get_trust_of_whom_they_are_the_trustor_overridden_default(self):
def test_user_can_get_trust_of_whom_they_are_the_trustor_overridden(self):
self._override_policy_old_defaults()
ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data)

View File

@ -243,11 +243,14 @@ class ApplicationCredentialTests(object):
def test_removing_user_from_project_deletes_application_credentials(self):
app_cred_proj_A_1 = self._new_app_cred_data(
self.user_foo['id'], project_id=self.project_bar['id'], name='app1')
self.user_foo['id'], project_id=self.project_bar['id'],
name='app1')
app_cred_proj_A_2 = self._new_app_cred_data(
self.user_foo['id'], project_id=self.project_bar['id'], name='app2')
self.user_foo['id'], project_id=self.project_bar['id'],
name='app2')
app_cred_proj_B = self._new_app_cred_data(
self.user_foo['id'], project_id=self.project_baz['id'], name='app3')
self.user_foo['id'], project_id=self.project_baz['id'],
name='app3')
PROVIDERS.assignment_api.add_role_to_user_and_project(
project_id=self.project_baz['id'],
user_id=self.user_foo['id'],

View File

@ -37,7 +37,8 @@ class ResourceTests(object):
domain_count = len(default_fixtures.DOMAINS)
def test_get_project(self):
project_ref = PROVIDERS.resource_api.get_project(self.project_bar['id'])
project_ref = PROVIDERS.resource_api.get_project(
self.project_bar['id'])
self.assertDictEqual(self.project_bar, project_ref)
def test_get_project_returns_not_found(self):

View File

@ -220,8 +220,10 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
headers={'X-Auth-Token': r.headers['X-Subject-Token'],
'X-Subject-Token': token})
admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id)
reader_role = PROVIDERS.role_api.get_role(self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(self.bootstrap.member_role_id)
reader_role = PROVIDERS.role_api.get_role(
self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(
self.bootstrap.member_role_id)
self.assertEqual(admin_role['options'], {})
self.assertEqual(member_role['options'], {})
self.assertEqual(reader_role['options'], {})
@ -305,8 +307,10 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
project='keystone')
self._do_test_bootstrap(self.bootstrap)
admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id)
reader_role = PROVIDERS.role_api.get_role(self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(self.bootstrap.member_role_id)
reader_role = PROVIDERS.role_api.get_role(
self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(
self.bootstrap.member_role_id)
self.assertTrue(admin_role['options']['immutable'])
self.assertTrue(member_role['options']['immutable'])
self.assertTrue(reader_role['options']['immutable'])

View File

@ -1679,8 +1679,8 @@ class VersionTests(SqlMigrateBase):
self.repos[EXPAND_REPO].repo_path + versions_path + '/*.py')
self.assertRepoFileNamePrefix(expand_list, 'expand')
# test for migrate prefix, e.g. 001_migrate_new_fk_constraint.py
migrate_list = glob.glob(
self.repos[DATA_MIGRATION_REPO].repo_path + versions_path + '/*.py')
repo_path = self.repos[DATA_MIGRATION_REPO].repo_path
migrate_list = glob.glob(repo_path + versions_path + '/*.py')
self.assertRepoFileNamePrefix(migrate_list, 'migrate')
# test for contract prefix, e.g. 001_contract_new_fk_constraint.py
contract_list = glob.glob(
@ -3250,10 +3250,10 @@ class FullMigration(SqlMigrateBase, unit.TestCase):
'application_credential_access_rule',
['application_credential_id', 'access_rule_id']
)
self.assertTrue(self.does_fk_exist('application_credential_access_rule',
'application_credential_id'))
self.assertTrue(self.does_fk_exist('application_credential_access_rule',
'access_rule_id'))
self.assertTrue(self.does_fk_exist(
'application_credential_access_rule', 'application_credential_id'))
self.assertTrue(self.does_fk_exist(
'application_credential_access_rule', 'access_rule_id'))
app_cred_table = sqlalchemy.Table(
'application_credential', self.metadata, autoload=True
@ -3392,7 +3392,7 @@ class FullMigration(SqlMigrateBase, unit.TestCase):
['id', 'project_id', 'resource_limit', 'description',
'internal_id', 'registered_limit_id', 'domain_id'])
def test_migration_064_add_remote_id_attribute_to_federation_protocol(self):
def test_migration_064_add_remote_id_attribute_federation_protocol(self):
self.expand(63)
self.migrate(63)
self.contract(63)

View File

@ -58,10 +58,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
roles = [{'id': self.role_id}]
app_cred_body = self._app_cred_body(roles=roles)
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
# Create operation returns the secret
self.assertIn('secret', resp.json['application_credential'])
# But not the stored hash
@ -73,24 +74,27 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
roles = [{'id': self.role_id}]
app_cred_body = self._app_cred_body(roles=roles, secret=secret)
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
self.assertEqual(secret, resp.json['application_credential']['secret'])
def test_create_application_credential_roles_from_token(self):
with self.test_client() as c:
app_cred_body = self._app_cred_body()
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
self.assertThat(resp.json['application_credential']['roles'],
matchers.HasLength(1))
self.assertEqual(resp.json['application_credential']['roles'][0]['id'],
self.role_id)
self.assertEqual(
resp.json['application_credential']['roles'][0]['id'],
self.role_id)
def test_create_application_credential_wrong_user(self):
wrong_user = unit.create_user(PROVIDERS.identity_api,
@ -153,15 +157,16 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
roles = [{'id': self.role_id}]
app_cred_body_1 = self._app_cred_body(roles=roles)
token = self.get_scoped_token()
app_cred_1 = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body_1,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
app_cred_1 = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body_1,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
auth_data = self.build_authentication_request(
app_cred_id=app_cred_1.json['application_credential']['id'],
secret=app_cred_1.json['application_credential']['secret'])
token_data = self.v3_create_token(auth_data,
expected_status=http_client.CREATED)
token_data = self.v3_create_token(
auth_data, expected_status=http_client.CREATED)
app_cred_body_2 = self._app_cred_body(roles=roles)
token = token_data.headers['x-subject-token']
c.post('/v3/users/%s/application_credentials' % self.user_id,
@ -175,20 +180,22 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
app_cred_body_1 = self._app_cred_body(roles=roles)
app_cred_body_1['application_credential']['unrestricted'] = True
token = self.get_scoped_token()
app_cred_1 = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body_1,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
app_cred_1 = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body_1,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
auth_data = self.build_authentication_request(
app_cred_id=app_cred_1.json['application_credential']['id'],
secret=app_cred_1.json['application_credential']['secret'])
token_data = self.v3_create_token(auth_data,
expected_status=http_client.CREATED)
token_data = self.v3_create_token(
auth_data, expected_status=http_client.CREATED)
app_cred_body_2 = self._app_cred_body(roles=roles)
c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body_2,
expected_status_code=http_client.CREATED,
headers={'x-Auth-Token': token_data.headers['x-subject-token']})
headers={
'x-Auth-Token': token_data.headers['x-subject-token']})
def test_create_application_credential_with_access_rules(self):
roles = [{'id': self.role_id}]
@ -203,12 +210,14 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
access_rules=access_rules)
with self.test_client() as c:
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body,
expected_status_code=http_client.CREATED)
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body,
expected_status_code=http_client.CREATED)
app_cred_id = resp.json['application_credential']['id']
resp_access_rules = resp.json['application_credential']['access_rules']
resp_access_rules = (
resp.json['application_credential']['access_rules'])
access_rule_id = resp_access_rules[0].pop('id')
self.assertEqual(access_rules[0], resp_access_rules[0])
resp = c.get('/v3/users/%s/access_rules' % self.user_id,
@ -248,10 +257,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
access_rules=access_rules)
with self.test_client() as c:
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_1,
expected_status_code=http_client.CREATED)
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_1,
expected_status_code=http_client.CREATED)
resp_access_rules = resp.json['application_credential']['access_rules']
self.assertIn('id', resp_access_rules[0])
access_rule_id = resp_access_rules[0].pop('id')
@ -261,10 +271,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
access_rules=access_rules)
with self.test_client() as c:
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_2,
expected_status_code=http_client.CREATED)
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_2,
expected_status_code=http_client.CREATED)
resp_access_rules = resp.json['application_credential']['access_rules']
self.assertEqual(access_rule_id, resp_access_rules[0]['id'])
@ -281,10 +292,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
access_rules=access_rules)
with self.test_client() as c:
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_1,
expected_status_code=http_client.CREATED)
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_1,
expected_status_code=http_client.CREATED)
resp_access_rules = resp.json['application_credential']['access_rules']
access_rule_id = resp_access_rules
self.assertIn('id', resp_access_rules[0])
@ -296,10 +308,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
access_rules=access_rules)
with self.test_client() as c:
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_2,
expected_status_code=http_client.CREATED)
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
headers={'X-Auth-Token': token},
json=app_cred_body_2,
expected_status_code=http_client.CREATED)
resp_access_rules = resp.json['application_credential']['access_rules']
self.assertEqual(access_rule_id, resp_access_rules[0]['id'])
@ -349,10 +362,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
expected_status_code=http_client.OK,
headers={'X-Auth-Token': token})
self.assertEqual([], resp.json['application_credentials'])
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.get(search_path, expected_status_code=http_client.OK,
headers={'X-Auth-Token': token})
self.assertEqual(1, len(resp.json['application_credentials']))
@ -367,17 +381,19 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
resp = c.get(search_path, expected_status_code=http_client.OK,
headers={'X-Auth-Token': token})
self.assertEqual(1, len(resp.json['application_credentials']))
self.assertEqual(resp.json['application_credentials'][0]['name'], name)
self.assertEqual(resp.json['application_credentials'][0]['name'],
name)
def test_get_head_application_credential(self):
with self.test_client() as c:
roles = [{'id': self.role_id}]
app_cred_body = self._app_cred_body(roles=roles)
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
app_cred_id = resp.json['application_credential']['id']
c.head('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id,
'app_cred_id': app_cred_id},
@ -408,10 +424,11 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
roles = [{'id': self.role_id}]
app_cred_body = self._app_cred_body(roles=roles)
token = self.get_scoped_token()
resp = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
resp = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
app_cred_id = resp.json['application_credential']['id']
c.delete('/v3%s' % MEMBER_PATH_FMT % {'user_id': self.user_id,
'app_cred_id': app_cred_id},
@ -431,18 +448,19 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
roles = [{'id': self.role_id}]
app_cred_body = self._app_cred_body(roles=roles)
token = self.get_scoped_token()
app_cred = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
app_cred = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
auth_data = self.build_authentication_request(
app_cred_id=app_cred.json['application_credential']['id'],
secret=app_cred.json['application_credential']['secret'])
token_data = self.v3_create_token(auth_data,
expected_status=http_client.CREATED)
token_data = self.v3_create_token(
auth_data, expected_status=http_client.CREATED)
member_path = '/v3%s' % MEMBER_PATH_FMT % {
'user_id': self.user_id,
'app_cred_id': app_cred.json['application_credential']['id']}
'user_id': self.user_id,
'app_cred_id': app_cred.json['application_credential']['id']}
token = token_data.headers['x-subject-token']
c.delete(member_path,
json=app_cred_body,
@ -455,22 +473,25 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase):
app_cred_body = self._app_cred_body(roles=roles)
app_cred_body['application_credential']['unrestricted'] = True
token = self.get_scoped_token()
app_cred = c.post('/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
app_cred = c.post(
'/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body,
expected_status_code=http_client.CREATED,
headers={'X-Auth-Token': token})
auth_data = self.build_authentication_request(
app_cred_id=app_cred.json['application_credential']['id'],
secret=app_cred.json['application_credential']['secret'])
token_data = self.v3_create_token(auth_data,
expected_status=http_client.CREATED)
token_data = self.v3_create_token(
auth_data, expected_status=http_client.CREATED)
member_path = '/v3%s' % MEMBER_PATH_FMT % {
'user_id': self.user_id,
'app_cred_id': app_cred.json['application_credential']['id']}
'user_id': self.user_id,
'app_cred_id': app_cred.json['application_credential']['id']}
c.delete(member_path,
json=app_cred_body,
expected_status_code=http_client.NO_CONTENT,
headers={'x-Auth-Token': token_data.headers['x-subject-token']})
headers={
'x-Auth-Token': token_data.headers['x-subject-token']
})
def test_update_application_credential(self):
with self.test_client() as c:

View File

@ -5475,7 +5475,8 @@ class ApplicationCredentialAuth(test_v3.RestfulTestCase):
data['access_rules'] = access_rules
return data
def _validate_token(self, token, headers=None, expected_status=http_client.OK):
def _validate_token(self, token, headers=None,
expected_status=http_client.OK):
path = '/v3/auth/tokens'
headers = headers or {}
headers.update({'X-Auth-Token': token, 'X-Subject-Token': token})

View File

@ -231,18 +231,20 @@ class TestTokenFormatter(unit.TestCase):
exp_protocol_id = uuid.uuid4().hex
token_formatter = token_formatters.TokenFormatter()
token = token_formatter.create_token(user_id=exp_user_id,
expires_at=exp_expires_at,
audit_ids=exp_audit_ids,
payload_class=token_formatters.FederatedUnscopedPayload,
methods=exp_methods,
federated_group_ids=exp_federated_group_ids,
identity_provider_id=exp_idp_id,
protocol_id=exp_protocol_id)
token = token_formatter.create_token(
user_id=exp_user_id,
expires_at=exp_expires_at,
audit_ids=exp_audit_ids,
payload_class=token_formatters.FederatedUnscopedPayload,
methods=exp_methods,
federated_group_ids=exp_federated_group_ids,
identity_provider_id=exp_idp_id,
protocol_id=exp_protocol_id)
(user_id, methods, audit_ids, system, domain_id, project_id, trust_id,
federated_group_ids, identity_provider_id, protocol_id,
access_token_id, app_cred_id, issued_at, expires_at) = token_formatter.validate_token(token)
access_token_id, app_cred_id, issued_at,
expires_at) = token_formatter.validate_token(token)
self.assertEqual(exp_user_id, user_id)
self.assertTrue(isinstance(user_id, six.string_types))
@ -263,19 +265,21 @@ class TestTokenFormatter(unit.TestCase):
exp_project_id = uuid.uuid4().hex
token_formatter = token_formatters.TokenFormatter()
token = token_formatter.create_token(user_id=exp_user_id,
expires_at=exp_expires_at,
audit_ids=exp_audit_ids,
payload_class=token_formatters.FederatedProjectScopedPayload,
methods=exp_methods,
federated_group_ids=exp_federated_group_ids,
identity_provider_id=exp_idp_id,
protocol_id=exp_protocol_id,
project_id=exp_project_id)
token = token_formatter.create_token(
user_id=exp_user_id,
expires_at=exp_expires_at,
audit_ids=exp_audit_ids,
payload_class=token_formatters.FederatedProjectScopedPayload,
methods=exp_methods,
federated_group_ids=exp_federated_group_ids,
identity_provider_id=exp_idp_id,
protocol_id=exp_protocol_id,
project_id=exp_project_id)
(user_id, methods, audit_ids, system, domain_id, project_id, trust_id,
federated_group_ids, identity_provider_id, protocol_id,
access_token_id, app_cred_id, issued_at, expires_at) = token_formatter.validate_token(token)
access_token_id, app_cred_id, issued_at,
expires_at) = token_formatter.validate_token(token)
self.assertEqual(exp_user_id, user_id)
self.assertTrue(isinstance(user_id, six.string_types))

View File

@ -334,7 +334,7 @@ class BasePayload(object):
@classmethod
def random_urlsafe_str_to_bytes(cls, s):
"""Convert a string from :func:`random_urlsafe_str()` to six.binary_type.
"""Convert string from :func:`random_urlsafe_str()` to six.binary_type.
:type s: six.text_type
:rtype: six.binary_type

View File

@ -22,4 +22,4 @@ for FILE in $CHANGED; do
fi
done
diff -u --from-file /dev/null $CHECK | flake8 --diff --ignore=D100,D101,D102,D103,D104,E305,E402,E501,W503,W504,W605
diff -u --from-file /dev/null $CHECK | flake8 --diff --ignore=D100,D101,D102,D103,D104,E305,E402,W503,W504,W605

View File

@ -32,7 +32,7 @@ deps =
.[bandit]
{[testenv]deps}
commands =
flake8 --ignore=D100,D101,D102,D103,D104,E305,E402,E501,W503,W504,W605
flake8 --ignore=D100,D101,D102,D103,D104,E305,E402,W503,W504,W605
# Run bash8 during pep8 runs to ensure violations are caught by
# the check and gate queues
bashate devstack/plugin.sh