Identity v3 RBAC Tests - EP Filter Groups
This patch adds project-specific RBAC tests for the identity v3 extension API: OS-EP-FILTER, providing coverage for the following policy actions: * identity:create_endpoint_group * identity:list_endpoint_groups * identity:get_endpoint_group * identity:update_endpoint_group * identity:delete_endpoint_group This patch also updates namespaces used in project-specific RBAC tests for OS-EP-FILTER API, for consistency. Co-Authored-By: Kaustuv Royburman <kr336r@att.com> Co-Authored-By: Felipe Monteiro <felipe.monteiro@att.com> Change-Id: Ida8fd205d38a1b1231bfd9fb04dd3d2a94bde0dc Depends-On: I96a8dbe02ff70d9cf8b23e194fe60fc5df08c43b
This commit is contained in:
parent
4a89216803
commit
c5ebd76366
|
@ -216,6 +216,8 @@ class BaseIdentityV3RbacTest(BaseIdentityRbacTest):
|
|||
cls.domains_client = cls.os_primary.domains_client
|
||||
cls.domain_config_client = cls.os_primary.domain_config_client
|
||||
cls.endpoints_client = cls.os_primary.endpoints_v3_client
|
||||
cls.endpoint_filter_client = cls.os_primary.endpoint_filter_client
|
||||
cls.endpoint_groups_client = cls.os_primary.endpoint_groups_client
|
||||
cls.groups_client = cls.os_primary.groups_client
|
||||
cls.identity_client = cls.os_primary.identity_v3_client
|
||||
cls.projects_client = cls.os_primary.projects_client
|
||||
|
|
|
@ -0,0 +1,108 @@
|
|||
# Copyright 2017 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.identity import rbac_base
|
||||
|
||||
|
||||
class EndpointFilterGroupsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
|
||||
|
||||
interface = 'public'
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(EndpointFilterGroupsV3RbacTest, cls).resource_setup()
|
||||
cls.service_id = cls.setup_test_service()['id']
|
||||
|
||||
def setUp(self):
|
||||
super(EndpointFilterGroupsV3RbacTest, self).setUp()
|
||||
self.endpoint_group_id = self._create_endpoint_group()
|
||||
|
||||
def _create_endpoint_group(self, ignore_not_found=False):
|
||||
# Create an endpoint group
|
||||
ep_group_name = data_utils.rand_name(
|
||||
self.__class__.__name__ + '-EPFilterGroup')
|
||||
filters = {
|
||||
'filters': {
|
||||
'interface': self.interface,
|
||||
'service_id': self.service_id
|
||||
}
|
||||
}
|
||||
endpoint_group = self.endpoint_groups_client.create_endpoint_group(
|
||||
name=ep_group_name, **filters)['endpoint_group']
|
||||
|
||||
if ignore_not_found:
|
||||
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||
self.endpoint_groups_client.delete_endpoint_group,
|
||||
endpoint_group['id'])
|
||||
else:
|
||||
self.addCleanup(self.endpoint_groups_client.delete_endpoint_group,
|
||||
endpoint_group['id'])
|
||||
|
||||
return endpoint_group['id']
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:create_endpoint_group")
|
||||
@decorators.idempotent_id('b4765906-52ec-477b-b441-a8508ced68e3')
|
||||
def test_create_endpoint_group(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self._create_endpoint_group(ignore_not_found=True)
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:list_endpoint_groups")
|
||||
@decorators.idempotent_id('089aa3a7-ba1f-4f70-a1cf-f298a845058a')
|
||||
def test_list_endpoint_groups(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.endpoint_groups_client.list_endpoint_groups()['endpoint_groups']
|
||||
|
||||
@decorators.idempotent_id('5c16368d-1485-4c28-9803-db3fa3510623')
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:check_endpoint_group")
|
||||
def test_check_endpoint_group(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.endpoint_groups_client.check_endpoint_group(
|
||||
self.endpoint_group_id)
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:get_endpoint_group")
|
||||
@decorators.idempotent_id('bd2b6fb8-661f-4255-84b2-50fea4a1dc61')
|
||||
def test_show_endpoint_group(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.endpoint_groups_client.show_endpoint_group(
|
||||
self.endpoint_group_id)['endpoint_group']
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:update_endpoint_group")
|
||||
@decorators.idempotent_id('028b9198-ec35-4bd5-8f72-e23dfb7a0c8e')
|
||||
def test_update_endpoint_group(self):
|
||||
updated_name = data_utils.rand_name(
|
||||
self.__class__.__name__ + '-EPFilterGroup')
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.endpoint_groups_client.update_endpoint_group(
|
||||
self.endpoint_group_id, name=updated_name)['endpoint_group']
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:delete_endpoint_group")
|
||||
@decorators.idempotent_id('88cc105e-70d9-48ac-927e-200ef41e070c')
|
||||
def test_delete_endpoint_group(self):
|
||||
endpoint_group_id = self._create_endpoint_group(ignore_not_found=True)
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.endpoint_groups_client.delete_endpoint_group(endpoint_group_id)
|
|
@ -20,28 +20,27 @@ from patrole_tempest_plugin import rbac_rule_validation
|
|||
from patrole_tempest_plugin.tests.api.identity import rbac_base
|
||||
|
||||
|
||||
class IdentityEndpointsFilterV3RbacTest(
|
||||
rbac_base.BaseIdentityV3RbacTest):
|
||||
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
super(IdentityEndpointsFilterV3RbacTest, cls).setup_clients()
|
||||
cls.ep_api_client = cls.os_primary.endpoint_filter_client
|
||||
class EndpointFilterProjectsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(IdentityEndpointsFilterV3RbacTest, cls).resource_setup()
|
||||
super(EndpointFilterProjectsV3RbacTest, cls).resource_setup()
|
||||
cls.project = cls.setup_test_project()
|
||||
cls.service = cls.setup_test_service()
|
||||
cls.endpoint = cls.setup_test_endpoint(service=cls.service)
|
||||
cls.endpoint = cls.setup_test_endpoint()
|
||||
|
||||
def _add_endpoint_to_project(self):
|
||||
# Adding and cleaning up endpoints to projects
|
||||
self.ep_api_client.add_endpoint_to_project(
|
||||
def _add_endpoint_to_project(self, ignore_not_found=False):
|
||||
self.endpoint_filter_client.add_endpoint_to_project(
|
||||
self.project['id'], self.endpoint['id'])
|
||||
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||
self.ep_api_client.delete_endpoint_from_project,
|
||||
self.project['id'], self.endpoint['id'])
|
||||
|
||||
if ignore_not_found:
|
||||
self.addCleanup(
|
||||
test_utils.call_and_ignore_notfound_exc,
|
||||
self.endpoint_filter_client.delete_endpoint_from_project,
|
||||
self.project['id'], self.endpoint['id'])
|
||||
else:
|
||||
self.addCleanup(
|
||||
self.endpoint_filter_client.delete_endpoint_from_project,
|
||||
self.project['id'], self.endpoint['id'])
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="keystone",
|
||||
|
@ -50,7 +49,7 @@ class IdentityEndpointsFilterV3RbacTest(
|
|||
def test_add_endpoint_to_project(self):
|
||||
# Adding endpoints to projects
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self._add_endpoint_to_project()
|
||||
self._add_endpoint_to_project(ignore_not_found=True)
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="keystone",
|
||||
|
@ -58,7 +57,7 @@ class IdentityEndpointsFilterV3RbacTest(
|
|||
@decorators.idempotent_id('f53dca42-ec8a-48e9-924b-0bbe6c99727f')
|
||||
def test_list_projects_for_endpoint(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.ep_api_client.list_projects_for_endpoint(
|
||||
self.endpoint_filter_client.list_projects_for_endpoint(
|
||||
self.endpoint['id'])
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -68,7 +67,7 @@ class IdentityEndpointsFilterV3RbacTest(
|
|||
def test_check_endpoint_in_project(self):
|
||||
self._add_endpoint_to_project()
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.ep_api_client.check_endpoint_in_project(
|
||||
self.endpoint_filter_client.check_endpoint_in_project(
|
||||
self.project['id'], self.endpoint['id'])
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -77,7 +76,7 @@ class IdentityEndpointsFilterV3RbacTest(
|
|||
@decorators.idempotent_id('5d86c659-c6ad-41e0-854e-3823e95c7cc2')
|
||||
def test_list_endpoints_in_project(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.ep_api_client.list_endpoints_in_project(
|
||||
self.endpoint_filter_client.list_endpoints_in_project(
|
||||
self.project['id'])
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -85,7 +84,7 @@ class IdentityEndpointsFilterV3RbacTest(
|
|||
rule="identity:remove_endpoint_from_project")
|
||||
@decorators.idempotent_id('b4e21c10-4f47-427b-9b8a-f5b5601adfda')
|
||||
def test_remove_endpoint_from_project(self):
|
||||
self._add_endpoint_to_project()
|
||||
self._add_endpoint_to_project(ignore_not_found=True)
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.ep_api_client.delete_endpoint_from_project(
|
||||
self.endpoint_filter_client.delete_endpoint_from_project(
|
||||
self.project['id'], self.endpoint['id'])
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Add group-specific RBAC tests for the identity v3 extension API,
|
||||
OS-EP-FILTER, providing coverage for the following policy actions:
|
||||
|
||||
* identity:create_endpoint_group
|
||||
* identity:list_endpoint_groups
|
||||
* identity:show_endpoint_group (get endpoint group)
|
||||
* identity:check_endpoint_group
|
||||
* identity:list_endpoint_group (get endpoint groups)
|
||||
* identity:update_endpoint_group
|
||||
* identity:delete_endpoint_group
|
Loading…
Reference in New Issue