Add manager support for app cred access rules
bp whitelist-extension-for-app-creds Change-Id: Icce8b54e45ad94ca41a6b47ec6109346dc886334
This commit is contained in:
parent
2203e81729
commit
ee7315971c
|
@ -127,12 +127,13 @@ class Manager(manager.Manager):
|
|||
user_id = application_credential['user_id']
|
||||
project_id = application_credential['project_id']
|
||||
roles = application_credential.pop('roles', [])
|
||||
access_rules = application_credential.pop('access_rules', None)
|
||||
|
||||
self._assert_limit_not_exceeded(user_id)
|
||||
self._require_user_has_role_in_project(roles, user_id, project_id)
|
||||
unhashed_secret = application_credential['secret']
|
||||
ref = self.driver.create_application_credential(
|
||||
application_credential, roles)
|
||||
application_credential, roles, access_rules)
|
||||
ref['secret'] = unhashed_secret
|
||||
ref = self._process_app_cred(ref)
|
||||
notifications.Audit.created(
|
||||
|
|
|
@ -107,6 +107,42 @@ class ApplicationCredentialTests(object):
|
|||
self.app_cred_api.create_application_credential,
|
||||
app_cred)
|
||||
|
||||
def test_create_application_credential_with_access_rules(self):
|
||||
app_cred = self._new_app_cred_data(self.user_foo['id'],
|
||||
project_id=self.project_bar['id'])
|
||||
app_cred['access_rules'] = [{
|
||||
'id': uuid.uuid4().hex,
|
||||
'service': uuid.uuid4().hex,
|
||||
'path': uuid.uuid4().hex,
|
||||
'method': uuid.uuid4().hex[16:]
|
||||
}]
|
||||
resp = self.app_cred_api.create_application_credential(app_cred)
|
||||
resp.pop('roles')
|
||||
resp_access_rules = resp.pop('access_rules')
|
||||
app_cred.pop('roles')
|
||||
orig_access_rules = app_cred.pop('access_rules')
|
||||
self.assertDictEqual(app_cred, resp)
|
||||
for i, ar in enumerate(resp_access_rules):
|
||||
self.assertDictEqual(orig_access_rules[i], ar)
|
||||
|
||||
def test_create_application_credential_with_preexisting_access_rules(self):
|
||||
app_cred_1 = self._new_app_cred_data(self.user_foo['id'],
|
||||
project_id=self.project_bar['id'])
|
||||
app_cred_1['access_rules'] = [{
|
||||
'id': uuid.uuid4().hex,
|
||||
'service': uuid.uuid4().hex,
|
||||
'path': uuid.uuid4().hex,
|
||||
'method': uuid.uuid4().hex[16:]
|
||||
}]
|
||||
resp = self.app_cred_api.create_application_credential(app_cred_1)
|
||||
resp_access_rules_1 = resp.pop('access_rules')
|
||||
app_cred_2 = self._new_app_cred_data(self.user_foo['id'],
|
||||
project_id=self.project_bar['id'])
|
||||
app_cred_2['access_rules'] = [{'id': resp_access_rules_1[0]['id']}]
|
||||
resp = self.app_cred_api.create_application_credential(app_cred_2)
|
||||
resp_access_rules_2 = resp.pop('access_rules')
|
||||
self.assertDictEqual(resp_access_rules_1[0], resp_access_rules_2[0])
|
||||
|
||||
def test_get_application_credential(self):
|
||||
app_cred = self._new_app_cred_data(self.user_foo['id'],
|
||||
project_id=self.project_bar['id'])
|
||||
|
|
Loading…
Reference in New Issue