Correct Handling of Default Tenant
- implements solution for bug 881794 - GET /tenants returns all tenants if scoped to a default tenant Change-Id: I49246a24f97ace19467aaaa72077c8f78f064759
This commit is contained in:
parent
6babef7906
commit
f2b8ce035b
|
@ -515,12 +515,23 @@ class IdentityService(object):
|
|||
if is_service_operation:
|
||||
# Check regular token validity.
|
||||
(_token, user) = validate_token(admin_token, False)
|
||||
scope = _token.tenant_id
|
||||
default_tenant = user.tenant_id
|
||||
|
||||
# Return tenants specific to user
|
||||
dtenants = api.TENANT.tenants_for_user_get_page(
|
||||
user, marker, limit)
|
||||
prev_page, next_page = api.TENANT.\
|
||||
tenants_for_user_get_page_markers(user, marker, limit)
|
||||
if scope is None or \
|
||||
((scope and default_tenant) and (scope == default_tenant)):
|
||||
# Return all tenants specific to user if token has no scope
|
||||
# or if token is scoped to a default tenant
|
||||
dtenants = api.TENANT.tenants_for_user_get_page(
|
||||
user, marker, limit)
|
||||
prev_page, next_page = api.TENANT.\
|
||||
tenants_for_user_get_page_markers(user, marker, limit)
|
||||
else:
|
||||
# Return scoped tenant only
|
||||
dtenants = [api.TENANT.get(scope or default_tenant)]
|
||||
prev_page = 2
|
||||
next_page = None
|
||||
limit = 10
|
||||
else:
|
||||
#Check Admin Token
|
||||
(_token, user) = validate_admin_token(admin_token)
|
||||
|
|
|
@ -434,7 +434,9 @@ class ApiTestCase(RestfulTestCase):
|
|||
if protocol is None:
|
||||
protocol = client_tests.TEST_TARGET_SERVER_SERVICE_PROTOCOL
|
||||
|
||||
if self.service_token:
|
||||
if 'use_token' in kwargs:
|
||||
headers['X-Auth-Token'] = kwargs.pop('use_token')
|
||||
elif self.service_token:
|
||||
headers['X-Auth-Token'] = self.service_token
|
||||
elif self.admin_token:
|
||||
headers['X-Auth-Token'] = self.admin_token
|
||||
|
@ -458,7 +460,9 @@ class ApiTestCase(RestfulTestCase):
|
|||
if protocol is None:
|
||||
protocol = client_tests.TEST_TARGET_SERVER_ADMIN_PROTOCOL
|
||||
|
||||
if self.admin_token:
|
||||
if 'use_token' in kwargs:
|
||||
headers['X-Auth-Token'] = kwargs.pop('use_token')
|
||||
elif self.admin_token:
|
||||
headers['X-Auth-Token'] = self.admin_token
|
||||
|
||||
return self.restful_request(host=host, protocol=protocol, port=port,
|
||||
|
|
|
@ -41,11 +41,11 @@ class AuthenticationTest(common.FunctionalTestCase):
|
|||
self.endpoint_templates['id'])
|
||||
|
||||
def test_authenticate_for_a_tenant(self):
|
||||
r = self.authenticate(self.user['name'], self.user['password'],
|
||||
response = self.authenticate(self.user['name'], self.user['password'],
|
||||
self.tenant['id'], assert_status=200)
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(service_catalog)
|
||||
self.check_urls_for_regular_user(service_catalog)
|
||||
|
||||
|
@ -56,19 +56,19 @@ class AuthenticationTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.tenant['id'],
|
||||
self.user['name'], self.user['password'])
|
||||
r = self.post_token(as_xml=data, assert_status=200)
|
||||
response = self.post_token(as_xml=data, assert_status=200)
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_regular_user_xml(service_catalog)
|
||||
|
||||
def test_authenticate_for_a_tenant_on_admin_api(self):
|
||||
r = self.authenticate(self.user['name'], self.user['password'],
|
||||
response = self.authenticate(self.user['name'], self.user['password'],
|
||||
self.tenant['id'], assert_status=200, request_type='admin')
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
self.assertIsNotNone(r.json['access']['serviceCatalog'])
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
self.assertIsNotNone(response.json['access']['serviceCatalog'])
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.check_urls_for_regular_user(service_catalog)
|
||||
|
||||
def test_authenticate_for_a_tenant_xml_on_admin_api(self):
|
||||
|
@ -78,11 +78,11 @@ class AuthenticationTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.tenant['id'],
|
||||
self.user['name'], self.user['password'])
|
||||
r = self.post_token(as_xml=data, assert_status=200,
|
||||
response = self.post_token(as_xml=data, assert_status=200,
|
||||
request_type='admin')
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_regular_user_xml(service_catalog)
|
||||
|
||||
def test_authenticate_user_disabled(self):
|
||||
|
@ -134,11 +134,11 @@ class AuthenticationUsingTokenTest(common.FunctionalTestCase):
|
|||
self.user['password']).json['access']['token']['id']
|
||||
|
||||
def test_authenticate_for_a_tenant_using_token(self):
|
||||
r = self.authenticate_using_token(self.token,
|
||||
response = self.authenticate_using_token(self.token,
|
||||
self.tenant['id'], assert_status=200)
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(service_catalog)
|
||||
self.check_urls_for_regular_user(service_catalog)
|
||||
|
||||
|
@ -149,19 +149,19 @@ class AuthenticationUsingTokenTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.tenant['id'],
|
||||
self.token)
|
||||
r = self.post_token(as_xml=data, assert_status=200)
|
||||
response = self.post_token(as_xml=data, assert_status=200)
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_regular_user_xml(service_catalog)
|
||||
|
||||
def test_authenticate_for_a_tenant_on_admin_api(self):
|
||||
r = self.authenticate_using_token(self.token,
|
||||
response = self.authenticate_using_token(self.token,
|
||||
self.tenant['id'], request_type='admin')
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
self.assertIsNotNone(r.json['access']['serviceCatalog'])
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
self.assertIsNotNone(response.json['access']['serviceCatalog'])
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.check_urls_for_regular_user(service_catalog)
|
||||
|
||||
def test_authenticate_for_a_tenant_xml_on_admin_api(self):
|
||||
|
@ -171,11 +171,11 @@ class AuthenticationUsingTokenTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.tenant['id'],
|
||||
self.token)
|
||||
r = self.post_token(as_xml=data, assert_status=200,
|
||||
response = self.post_token(as_xml=data, assert_status=200,
|
||||
request_type='admin')
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_regular_user_xml(service_catalog)
|
||||
|
||||
|
||||
|
@ -183,11 +183,9 @@ class UnScopedAuthenticationTest(common.FunctionalTestCase):
|
|||
def setUp(self, *args, **kwargs):
|
||||
super(UnScopedAuthenticationTest, self).setUp(*args, **kwargs)
|
||||
|
||||
password = common.unique_str()
|
||||
self.tenant = self.create_tenant().json['tenant']
|
||||
self.user = self.create_user(user_password=password,
|
||||
self.user = self.create_user_with_known_password(
|
||||
tenant_id=self.tenant['id']).json['user']
|
||||
self.user['password'] = password
|
||||
|
||||
self.services = {}
|
||||
self.endpoint_templates = {}
|
||||
|
@ -201,12 +199,12 @@ class UnScopedAuthenticationTest(common.FunctionalTestCase):
|
|||
self.endpoint_templates[x]['id'])
|
||||
|
||||
def test_authenticate(self):
|
||||
r = self.authenticate(self.user['name'], self.user['password'],\
|
||||
response = self.authenticate(self.user['name'], self.user['password'],\
|
||||
assert_status=200)
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
service_catalog = r.json['access'].get('serviceCatalog')
|
||||
self.assertIsNotNone(service_catalog, r.json)
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
service_catalog = response.json['access'].get('serviceCatalog')
|
||||
self.assertIsNotNone(service_catalog, response.json)
|
||||
self.check_urls_for_regular_user(service_catalog)
|
||||
|
||||
def test_authenticate_xml(self):
|
||||
|
@ -216,19 +214,21 @@ class UnScopedAuthenticationTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.user['name'],
|
||||
self.user['password'])
|
||||
r = self.post_token(as_xml=data, assert_status=200)
|
||||
response = self.post_token(as_xml=data, assert_status=200)
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_regular_user_xml(service_catalog)
|
||||
|
||||
def test_authenticate_on_admin_api(self):
|
||||
r = self.authenticate(self.user['name'], self.user['password'],
|
||||
response = self.authenticate(self.user['name'], self.user['password'],
|
||||
assert_status=200, request_type='admin')
|
||||
|
||||
self.assertIsNotNone(r.json['access'].get('token'), r.json)
|
||||
self.assertIsNotNone(r.json['access'].get('serviceCatalog'), r.json)
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access'].get('token'),
|
||||
response.json)
|
||||
self.assertIsNotNone(response.json['access'].get('serviceCatalog'),
|
||||
response.json)
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.check_urls_for_regular_user(service_catalog)
|
||||
|
||||
def test_authenticate_for_a_tenant_xml_on_admin_api(self):
|
||||
|
@ -238,13 +238,28 @@ class UnScopedAuthenticationTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.tenant['id'],
|
||||
self.user['name'], self.user['password'])
|
||||
r = self.post_token(as_xml=data,
|
||||
response = self.post_token(as_xml=data,
|
||||
assert_status=200, request_type='admin')
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_regular_user_xml(service_catalog)
|
||||
|
||||
def test_authenticate_without_default_tenant(self):
|
||||
# Create user with no default tenant set (but granted a role)
|
||||
self.nodefaultuser = self.create_user_with_known_password()\
|
||||
.json['user']
|
||||
self.role = self.create_role().json['role']
|
||||
self.grant_role_to_user(self.nodefaultuser['id'], self.role['id'],
|
||||
self.tenant['id'])
|
||||
|
||||
response = self.authenticate(self.nodefaultuser['name'],
|
||||
self.nodefaultuser['password'],
|
||||
tenant_id=None, assert_status=200)
|
||||
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
self.assertNotIn('tenant', response.json['access']['token'])
|
||||
|
||||
|
||||
class AdminUserAuthenticationTest(common.FunctionalTestCase):
|
||||
def setUp(self, *args, **kwargs):
|
||||
|
@ -270,11 +285,11 @@ class AdminUserAuthenticationTest(common.FunctionalTestCase):
|
|||
self.endpoint_templates[x]['id'])
|
||||
|
||||
def test_authenticate(self):
|
||||
r = self.authenticate(self.user['name'], self.user['password'],\
|
||||
response = self.authenticate(self.user['name'], self.user['password'],\
|
||||
assert_status=200)
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(service_catalog)
|
||||
self.check_urls_for_admin_user(service_catalog)
|
||||
|
||||
|
@ -285,18 +300,18 @@ class AdminUserAuthenticationTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.user['name'],
|
||||
self.user['password'])
|
||||
r = self.post_token(as_xml=data, assert_status=200)
|
||||
response = self.post_token(as_xml=data, assert_status=200)
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_admin_user_xml(service_catalog)
|
||||
|
||||
def test_authenticate_for_a_tenant(self):
|
||||
r = self.authenticate(self.user['name'], self.user['password'],
|
||||
response = self.authenticate(self.user['name'], self.user['password'],
|
||||
self.tenant['id'], assert_status=200)
|
||||
|
||||
self.assertIsNotNone(r.json['access']['token'])
|
||||
service_catalog = r.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(response.json['access']['token'])
|
||||
service_catalog = response.json['access']['serviceCatalog']
|
||||
self.assertIsNotNone(service_catalog)
|
||||
self.check_urls_for_admin_user(service_catalog)
|
||||
|
||||
|
@ -307,10 +322,10 @@ class AdminUserAuthenticationTest(common.FunctionalTestCase):
|
|||
'/> </auth>') % (
|
||||
self.xmlns, self.tenant['id'],
|
||||
self.user['name'], self.user['password'])
|
||||
r = self.post_token(as_xml=data, assert_status=200)
|
||||
response = self.post_token(as_xml=data, assert_status=200)
|
||||
|
||||
self.assertEquals(r.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = r.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}access' % self.xmlns)
|
||||
service_catalog = response.xml.find('{%s}serviceCatalog' % self.xmlns)
|
||||
self.check_urls_for_admin_user_xml(service_catalog)
|
||||
|
||||
|
||||
|
|
|
@ -45,13 +45,13 @@ class TenantTest(common.FunctionalTestCase):
|
|||
self.assertIn(xml.get('enabled'), ['true', 'false'])
|
||||
return xml
|
||||
|
||||
def assertValidJsonTenantResponse(self, r):
|
||||
tenant = r.json.get('tenant')
|
||||
def assertValidJsonTenantResponse(self, response):
|
||||
tenant = response.json.get('tenant')
|
||||
self._assertValidJsonTenant(tenant)
|
||||
return tenant
|
||||
|
||||
def assertValidXmlTenantResponse(self, r):
|
||||
return self._assertValidXmlTenant(r.xml)
|
||||
def assertValidXmlTenantResponse(self, response):
|
||||
return self._assertValidXmlTenant(response.xml)
|
||||
|
||||
def _assertValidTenantList(self, tenants):
|
||||
pass
|
||||
|
@ -71,11 +71,11 @@ class TenantTest(common.FunctionalTestCase):
|
|||
self._assertValidJsonTenant(tenant)
|
||||
return tenants
|
||||
|
||||
def assertValidXmlTenantListResponse(self, r):
|
||||
return self._assertValidXmlTenantList(r.xml)
|
||||
def assertValidXmlTenantListResponse(self, response):
|
||||
return self._assertValidXmlTenantList(response.xml)
|
||||
|
||||
def assertValidJsonTenantListResponse(self, r):
|
||||
tenants = r.json.get('tenants')
|
||||
def assertValidJsonTenantListResponse(self, response):
|
||||
tenants = response.json.get('tenants')
|
||||
self.assertIsNotNone(tenants)
|
||||
return self._assertValidJsonTenantList(tenants)
|
||||
|
||||
|
@ -90,9 +90,9 @@ class CreateTenantTest(TenantTest):
|
|||
def test_create_tenant(self):
|
||||
name = common.unique_str()
|
||||
description = common.unique_str()
|
||||
r = self.create_tenant(tenant_name=name,
|
||||
response = self.create_tenant(tenant_name=name,
|
||||
tenant_description=description, assert_status=201)
|
||||
tenant = self.assertValidJsonTenantResponse(r)
|
||||
tenant = self.assertValidJsonTenantResponse(response)
|
||||
self.assertEqual(name, tenant.get('name'))
|
||||
self.assertEqual(description, tenant.get('description'))
|
||||
|
||||
|
@ -107,9 +107,9 @@ class CreateTenantTest(TenantTest):
|
|||
'enabled="true" name="%s"> '
|
||||
'<description>%s</description> '
|
||||
'</tenant>') % (name, description)
|
||||
r = self.post_tenant(as_xml=data, assert_status=201, headers={
|
||||
response = self.post_tenant(as_xml=data, assert_status=201, headers={
|
||||
'Accept': 'application/xml'})
|
||||
tenant = self.assertValidXmlTenantResponse(r)
|
||||
tenant = self.assertValidXmlTenantResponse(response)
|
||||
self.assertEqual(name, tenant.get('name'))
|
||||
self.assertEqual(description,
|
||||
tenant.find('{%s}description' % self.xmlns).text)
|
||||
|
@ -202,17 +202,17 @@ class CreateTenantTest(TenantTest):
|
|||
|
||||
class GetTenantsTest(TenantTest):
|
||||
def test_get_tenants_using_admin_token(self):
|
||||
r = self.list_tenants(assert_status=200)
|
||||
self.assertValidJsonTenantListResponse(r)
|
||||
response = self.list_tenants(assert_status=200)
|
||||
self.assertValidJsonTenantListResponse(response)
|
||||
|
||||
def test_get_tenants_using_admin_token_xml(self):
|
||||
r = self.get_tenants(assert_status=200, headers={
|
||||
response = self.get_tenants(assert_status=200, headers={
|
||||
'Accept': 'application/xml'})
|
||||
self.assertValidXmlTenantListResponse(r)
|
||||
self.assertValidXmlTenantListResponse(response)
|
||||
|
||||
def test_get_tenants_using_admin_token_xml_on_service_api(self):
|
||||
r = self.create_tenant()
|
||||
tenant = self.assertValidJsonTenantResponse(r)
|
||||
response = self.create_tenant()
|
||||
tenant = self.assertValidJsonTenantResponse(response)
|
||||
role = self.create_role().json['role']
|
||||
user = self.create_user_with_known_password(tenant_id=tenant['id']).\
|
||||
json['user']
|
||||
|
@ -231,41 +231,41 @@ class GetTenantsTest(TenantTest):
|
|||
user['password']).json['access']['token']['id']
|
||||
|
||||
# make a service call with our admin token
|
||||
r = self.get_tenants(assert_status=200, headers={
|
||||
response = self.get_tenants(assert_status=200, headers={
|
||||
'Accept': 'application/xml'}, request_type='service')
|
||||
tenants = self.assertValidXmlTenantListResponse(r)
|
||||
tenants = self.assertValidXmlTenantListResponse(response)
|
||||
self.assertEquals(len(tenants), 1)
|
||||
self.assertIn(tenant['id'], [t.get('id') for t in tenants])
|
||||
|
||||
def test_get_tenants_using_user_token(self):
|
||||
r = self.create_tenant()
|
||||
tenant = self.assertValidJsonTenantResponse(r)
|
||||
response = self.create_tenant()
|
||||
tenant = self.assertValidJsonTenantResponse(response)
|
||||
user = self.create_user_with_known_password(tenant_id=tenant['id']).\
|
||||
json['user']
|
||||
token = self.authenticate(user['name'], user['password'],
|
||||
tenant['id']).json['access']['token']
|
||||
tmp = self.service_token
|
||||
self.service_token = token['id']
|
||||
r = self.service_request(method='GET', path='/tenants',
|
||||
response = self.service_request(method='GET', path='/tenants',
|
||||
assert_status=200)
|
||||
self.service_token = tmp
|
||||
tenants = self.assertValidJsonTenantListResponse(r)
|
||||
tenants = self.assertValidJsonTenantListResponse(response)
|
||||
self.assertTrue(len(tenants) == 1)
|
||||
self.assertIn(tenant['id'], [t['id'] for t in tenants])
|
||||
|
||||
def test_get_tenants_using_user_token_xml(self):
|
||||
r = self.create_tenant()
|
||||
tenant = self.assertValidJsonTenantResponse(r)
|
||||
response = self.create_tenant()
|
||||
tenant = self.assertValidJsonTenantResponse(response)
|
||||
user = self.create_user_with_known_password(tenant_id=tenant['id']).\
|
||||
json['user']
|
||||
token = self.authenticate(user['name'], user['password'],
|
||||
tenant['id']).json['access']['token']
|
||||
tmp = self.service_token
|
||||
self.service_token = token['id']
|
||||
r = self.service_request(method='GET', path='/tenants',
|
||||
response = self.service_request(method='GET', path='/tenants',
|
||||
assert_status=200, headers={'Accept': 'application/xml'})
|
||||
self.service_token = tmp
|
||||
tenants = self.assertValidXmlTenantListResponse(r)
|
||||
tenants = self.assertValidXmlTenantListResponse(response)
|
||||
self.assertIn(tenant['id'], [t.get('id') for t in tenants])
|
||||
|
||||
def test_get_tenants_exp_token(self):
|
||||
|
@ -279,6 +279,70 @@ class GetTenantsTest(TenantTest):
|
|||
self.get_tenants(assert_status=403, headers={
|
||||
'Accept': 'application/xml'})
|
||||
|
||||
def test_get_tenants_blank(self):
|
||||
# Create user with no default tenant set
|
||||
self.nodefaultuser = self.create_user_with_known_password()\
|
||||
.json['user']
|
||||
response = self.authenticate(self.nodefaultuser['name'],
|
||||
self.nodefaultuser['password'],
|
||||
tenant_id=None, assert_status=200)
|
||||
token_id = response.json['access']['token']['id']
|
||||
response = self.get_tenants(request_type='service', use_token=token_id)
|
||||
self.assertTrue(len(response.json['tenants']) == 0,
|
||||
"No tenants should be returned")
|
||||
|
||||
def test_get_tenants_default_and_role(self):
|
||||
""" Validates that the GET /tenants call returns tenants that are
|
||||
assigned to the user by role AND by default tenant setting """
|
||||
self.fixture_create_normal_tenant()
|
||||
self.fixture_create_tenant_user()
|
||||
other_tenant = self.create_tenant().json['tenant']
|
||||
role = self.create_role().json['role']
|
||||
self.grant_role_to_user(self.tenant_user['id'], role['id'],
|
||||
other_tenant['id'])
|
||||
|
||||
response = self.authenticate(self.tenant_user['name'],
|
||||
self.tenant_user['password'],
|
||||
tenant_id=None, assert_status=200)
|
||||
token_id = response.json['access']['token']['id']
|
||||
response = self.get_tenants(request_type='service', use_token=token_id)
|
||||
tenants = response.json['tenants']
|
||||
second_tenant = [tenant for tenant in tenants
|
||||
if tenant['id'] == other_tenant['id']]
|
||||
self.assertTrue(len(second_tenant) > 0,
|
||||
"Tenants with roles assigned should be returned")
|
||||
|
||||
default_tenant = [tenant for tenant in tenants
|
||||
if tenant['id'] == self.tenant['id']]
|
||||
self.assertTrue(len(default_tenant) > 0,
|
||||
"Default tenant should be returned")
|
||||
|
||||
def test_get_tenants_does_not_return_default(self):
|
||||
self.fixture_create_normal_tenant()
|
||||
self.fixture_create_tenant_user()
|
||||
other_tenant = self.create_tenant().json['tenant']
|
||||
role = self.create_role().json['role']
|
||||
self.grant_role_to_user(self.tenant_user['id'], role['id'],
|
||||
other_tenant['id'])
|
||||
|
||||
# Authenticate scoped to the non-default tenant
|
||||
response = self.authenticate(self.tenant_user['name'],
|
||||
self.tenant_user['password'],
|
||||
tenant_id=other_tenant['id'],
|
||||
assert_status=200)
|
||||
token_id = response.json['access']['token']['id']
|
||||
response = self.get_tenants(request_type='service', use_token=token_id)
|
||||
tenants = response.json['tenants']
|
||||
second_tenant = [tenant for tenant in tenants
|
||||
if tenant['id'] == other_tenant['id']]
|
||||
self.assertTrue(len(second_tenant) > 0,
|
||||
"Tenants with roles assigned should be returned")
|
||||
|
||||
default_tenant = [tenant for tenant in tenants
|
||||
if tenant['id'] == self.tenant['id']]
|
||||
self.assertTrue(len(default_tenant) == 0,
|
||||
"Default tenant should not be returned")
|
||||
|
||||
|
||||
class GetTenantTest(TenantTest):
|
||||
def setUp(self, *args, **kwargs):
|
||||
|
@ -286,17 +350,17 @@ class GetTenantTest(TenantTest):
|
|||
self.fixture_create_normal_tenant()
|
||||
|
||||
def test_get_tenant(self):
|
||||
r = self.fetch_tenant(self.tenant['id'], assert_status=200)
|
||||
tenant = self.assertValidJsonTenantResponse(r)
|
||||
response = self.fetch_tenant(self.tenant['id'], assert_status=200)
|
||||
tenant = self.assertValidJsonTenantResponse(response)
|
||||
self.assertEquals(self.tenant['id'], tenant['id'])
|
||||
self.assertEquals(self.tenant['name'], tenant['name'])
|
||||
self.assertFalse('description' in tenant)
|
||||
self.assertEquals(self.tenant['enabled'], tenant['enabled'])
|
||||
|
||||
def test_get_tenant_xml(self):
|
||||
r = self.fetch_tenant(self.tenant['id'], assert_status=200, headers={
|
||||
"Accept": "application/xml"})
|
||||
tenant = self.assertValidXmlTenantResponse(r)
|
||||
response = self.fetch_tenant(self.tenant['id'], assert_status=200,
|
||||
headers={"Accept": "application/xml"})
|
||||
tenant = self.assertValidXmlTenantResponse(response)
|
||||
self.assertEquals(self.tenant['id'], tenant.get('id'))
|
||||
self.assertEquals(self.tenant['name'], tenant.get('name'))
|
||||
self.assertEquals(str(self.tenant['enabled']).lower(),
|
||||
|
@ -328,11 +392,11 @@ class GetTenantUsersTest(TenantTest):
|
|||
self.assertEquals(user['name'], self.user['name'])
|
||||
|
||||
def test_list_tenant_users_xml(self):
|
||||
r = self.list_tenant_users(self.tenant['id'],
|
||||
response = self.list_tenant_users(self.tenant['id'],
|
||||
assert_status=200, headers={
|
||||
"Accept": "application/xml"})
|
||||
self.assertEquals(r.xml.tag, '{%s}users' % self.xmlns)
|
||||
users = r.xml.findall('{%s}user' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}users' % self.xmlns)
|
||||
users = response.xml.findall('{%s}user' % self.xmlns)
|
||||
for user in users:
|
||||
self.assertEqual(user.get('name'), self.user['name'])
|
||||
|
||||
|
@ -371,11 +435,11 @@ class GetTenantUsersByRoleTest(TenantTest):
|
|||
self.assertEquals(user['name'], self.user['name'])
|
||||
|
||||
def test_list_tenant_users_xml(self):
|
||||
r = self.list_tenant_users(self.tenant['id'],
|
||||
response = self.list_tenant_users(self.tenant['id'],
|
||||
self.role['id'], assert_status=200, headers={
|
||||
"Accept": "application/xml"})
|
||||
self.assertEquals(r.xml.tag, '{%s}users' % self.xmlns)
|
||||
users = r.xml.findall('{%s}user' % self.xmlns)
|
||||
self.assertEquals(response.xml.tag, '{%s}users' % self.xmlns)
|
||||
users = response.xml.findall('{%s}user' % self.xmlns)
|
||||
for user in users:
|
||||
self.assertEqual(user.get('name'), self.user['name'])
|
||||
|
||||
|
@ -408,8 +472,9 @@ class GetTenantByNameTest(TenantTest):
|
|||
self.fixture_create_normal_tenant()
|
||||
|
||||
def test_get_tenant(self):
|
||||
r = self.fetch_tenant_by_name(self.tenant['name'], assert_status=200)
|
||||
tenant = self.assertValidJsonTenantResponse(r)
|
||||
response = self.fetch_tenant_by_name(self.tenant['name'],
|
||||
assert_status=200)
|
||||
tenant = self.assertValidJsonTenantResponse(response)
|
||||
self.assertEquals(self.tenant['id'], tenant['id'])
|
||||
self.assertEquals(self.tenant['name'], tenant['name'])
|
||||
self.assertEquals(self.tenant['enabled'], tenant['enabled'])
|
||||
|
@ -418,18 +483,18 @@ class GetTenantByNameTest(TenantTest):
|
|||
tenant = self.fixture_create_tenant(name=common.unique_str(),
|
||||
description=common.unique_str(),
|
||||
enabled=True)
|
||||
r = self.fetch_tenant_by_name(tenant['name'], assert_status=200)
|
||||
returned = self.assertValidJsonTenantResponse(r)
|
||||
response = self.fetch_tenant_by_name(tenant['name'], assert_status=200)
|
||||
returned = self.assertValidJsonTenantResponse(response)
|
||||
self.assertEquals(returned['id'], tenant['id'])
|
||||
self.assertEquals(returned['name'], tenant['name'])
|
||||
self.assertEquals(returned['description'], tenant['description'])
|
||||
self.assertEquals(returned['enabled'], tenant['enabled'])
|
||||
|
||||
def test_get_tenant_xml(self):
|
||||
r = self.fetch_tenant_by_name(
|
||||
response = self.fetch_tenant_by_name(
|
||||
self.tenant['name'], assert_status=200, headers={
|
||||
"Accept": "application/xml"})
|
||||
tenant = self.assertValidXmlTenantResponse(r)
|
||||
tenant = self.assertValidXmlTenantResponse(response)
|
||||
|
||||
self.assertEquals(self.tenant['id'], tenant.get('id'))
|
||||
self.assertEquals(self.tenant['name'], tenant.get('name'))
|
||||
|
@ -456,10 +521,10 @@ class UpdateTenantTest(TenantTest):
|
|||
def test_update_tenant(self):
|
||||
new_tenant_name = common.unique_str()
|
||||
new_description = common.unique_str()
|
||||
r = self.update_tenant(self.tenant['id'],
|
||||
response = self.update_tenant(self.tenant['id'],
|
||||
tenant_name=new_tenant_name, tenant_enabled=False,
|
||||
tenant_description=new_description, assert_status=200)
|
||||
updated_tenant = self.assertValidJsonTenantResponse(r)
|
||||
updated_tenant = self.assertValidJsonTenantResponse(response)
|
||||
self.assertEqual(updated_tenant['name'], new_tenant_name)
|
||||
self.assertEqual(updated_tenant['description'], new_description)
|
||||
self.assertEqual(updated_tenant['enabled'], False)
|
||||
|
@ -473,9 +538,9 @@ class UpdateTenantTest(TenantTest):
|
|||
'enabled="false"> '
|
||||
'<description>%s</description> '
|
||||
'</tenant>') % (new_tenant_name, new_description,)
|
||||
r = self.post_tenant_for_update(
|
||||
response = self.post_tenant_for_update(
|
||||
self.tenant['id'], as_xml=data, assert_status=200)
|
||||
updated = self.assertValidXmlTenantResponse(r)
|
||||
updated = self.assertValidXmlTenantResponse(response)
|
||||
|
||||
self.assertEqual(updated.get('id'), self.tenant['id'])
|
||||
self.assertEqual(updated.get('name'), new_tenant_name)
|
||||
|
|
Loading…
Reference in New Issue