351 lines
11 KiB
Python
351 lines
11 KiB
Python
# Copyright 2012 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import uuid
|
|
|
|
import httpretty
|
|
|
|
from keystoneclient import exceptions
|
|
from keystoneclient.tests.v3 import utils
|
|
from keystoneclient.v3 import roles
|
|
|
|
|
|
class RoleTests(utils.TestCase, utils.CrudTests):
|
|
def setUp(self):
|
|
super(RoleTests, self).setUp()
|
|
self.key = 'role'
|
|
self.collection_key = 'roles'
|
|
self.model = roles.Role
|
|
self.manager = self.client.roles
|
|
|
|
def new_ref(self, **kwargs):
|
|
kwargs = super(RoleTests, self).new_ref(**kwargs)
|
|
kwargs.setdefault('name', uuid.uuid4().hex)
|
|
return kwargs
|
|
|
|
@httpretty.activate
|
|
def test_domain_role_grant(self):
|
|
user_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.PUT,
|
|
['domains', domain_id, 'users', user_id,
|
|
self.collection_key, ref['id']],
|
|
status=201)
|
|
|
|
self.manager.grant(role=ref['id'], domain=domain_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_group_role_grant(self):
|
|
group_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.PUT,
|
|
['domains', domain_id, 'groups', group_id,
|
|
self.collection_key, ref['id']],
|
|
status=201)
|
|
|
|
self.manager.grant(role=ref['id'], domain=domain_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_role_list(self):
|
|
user_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref_list = [self.new_ref(), self.new_ref()]
|
|
|
|
self.stub_entity(httpretty.GET,
|
|
['domains', domain_id, 'users', user_id,
|
|
self.collection_key], entity=ref_list)
|
|
|
|
self.manager.list(domain=domain_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_group_role_list(self):
|
|
group_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref_list = [self.new_ref(), self.new_ref()]
|
|
|
|
self.stub_entity(httpretty.GET,
|
|
['domains', domain_id, 'groups', group_id,
|
|
self.collection_key], entity=ref_list)
|
|
|
|
self.manager.list(domain=domain_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_role_check(self):
|
|
user_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.HEAD,
|
|
['domains', domain_id, 'users', user_id,
|
|
self.collection_key, ref['id']],
|
|
status=204)
|
|
|
|
self.manager.check(role=ref['id'], domain=domain_id,
|
|
user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_group_role_check(self):
|
|
return
|
|
group_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.HEAD,
|
|
['domains', domain_id, 'groups', group_id,
|
|
self.collection_key, ref['id']],
|
|
status=204)
|
|
|
|
self.manager.check(role=ref['id'], domain=domain_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_role_revoke(self):
|
|
user_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.DELETE,
|
|
['domains', domain_id, 'users', user_id,
|
|
self.collection_key, ref['id']],
|
|
status=204)
|
|
|
|
self.manager.revoke(role=ref['id'], domain=domain_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_group_role_revoke(self):
|
|
group_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.DELETE,
|
|
['domains', domain_id, 'groups', group_id,
|
|
self.collection_key, ref['id']],
|
|
status=204)
|
|
|
|
self.manager.revoke(role=ref['id'], domain=domain_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_role_grant(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.PUT,
|
|
['projects', project_id, 'users', user_id,
|
|
self.collection_key, ref['id']],
|
|
status=201)
|
|
|
|
self.manager.grant(role=ref['id'], project=project_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_group_role_grant(self):
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.PUT,
|
|
['projects', project_id, 'groups', group_id,
|
|
self.collection_key, ref['id']],
|
|
status=201)
|
|
|
|
self.manager.grant(role=ref['id'], project=project_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_role_list(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref_list = [self.new_ref(), self.new_ref()]
|
|
|
|
self.stub_entity(httpretty.GET,
|
|
['projects', project_id, 'users', user_id,
|
|
self.collection_key], entity=ref_list)
|
|
|
|
self.manager.list(project=project_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_group_role_list(self):
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref_list = [self.new_ref(), self.new_ref()]
|
|
|
|
self.stub_entity(httpretty.GET,
|
|
['projects', project_id, 'groups', group_id,
|
|
self.collection_key], entity=ref_list)
|
|
|
|
self.manager.list(project=project_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_role_check(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.HEAD,
|
|
['projects', project_id, 'users', user_id,
|
|
self.collection_key, ref['id']],
|
|
status=200)
|
|
|
|
self.manager.check(role=ref['id'], project=project_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_group_role_check(self):
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.HEAD,
|
|
['projects', project_id, 'groups', group_id,
|
|
self.collection_key, ref['id']],
|
|
status=200)
|
|
|
|
self.manager.check(role=ref['id'], project=project_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_role_revoke(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.DELETE,
|
|
['projects', project_id, 'users', user_id,
|
|
self.collection_key, ref['id']],
|
|
status=204)
|
|
|
|
self.manager.revoke(role=ref['id'], project=project_id, user=user_id)
|
|
|
|
@httpretty.activate
|
|
def test_project_group_role_revoke(self):
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.stub_url(httpretty.DELETE,
|
|
['projects', project_id, 'groups', group_id,
|
|
self.collection_key, ref['id']],
|
|
status=204)
|
|
|
|
self.manager.revoke(role=ref['id'], project=project_id, group=group_id)
|
|
|
|
@httpretty.activate
|
|
def test_domain_project_role_grant_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.grant,
|
|
role=ref['id'],
|
|
domain=domain_id,
|
|
project=project_id,
|
|
user=user_id)
|
|
|
|
def test_domain_project_role_list_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.list,
|
|
domain=domain_id,
|
|
project=project_id,
|
|
user=user_id)
|
|
|
|
def test_domain_project_role_check_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.check,
|
|
role=ref['id'],
|
|
domain=domain_id,
|
|
project=project_id,
|
|
user=user_id)
|
|
|
|
def test_domain_project_role_revoke_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
domain_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.revoke,
|
|
role=ref['id'],
|
|
domain=domain_id,
|
|
project=project_id,
|
|
user=user_id)
|
|
|
|
def test_user_group_role_grant_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.grant,
|
|
role=ref['id'],
|
|
project=project_id,
|
|
group=group_id,
|
|
user=user_id)
|
|
|
|
def test_user_group_role_list_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.list,
|
|
project=project_id,
|
|
group=group_id,
|
|
user=user_id)
|
|
|
|
def test_user_group_role_check_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.check,
|
|
role=ref['id'],
|
|
project=project_id,
|
|
group=group_id,
|
|
user=user_id)
|
|
|
|
def test_user_group_role_revoke_fails(self):
|
|
user_id = uuid.uuid4().hex
|
|
group_id = uuid.uuid4().hex
|
|
project_id = uuid.uuid4().hex
|
|
ref = self.new_ref()
|
|
|
|
self.assertRaises(
|
|
exceptions.ValidationError,
|
|
self.manager.revoke,
|
|
role=ref['id'],
|
|
project=project_id,
|
|
group=group_id,
|
|
user=user_id)
|