diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index c43f389943..a7fb6644b1 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -17,7 +17,7 @@
import logging
-from keystoneauth1 import exceptions as ks_exc
+from openstack import exceptions as sdk_exc
from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
@@ -29,6 +29,25 @@ from openstackclient.identity import common
LOG = logging.getLogger(__name__)
+def _format_role(role):
+ columns = (
+ "id",
+ "name",
+ "domain_id",
+ "description",
+ )
+ column_headers = (
+ "id",
+ "name",
+ "domain_id",
+ "description",
+ )
+ return (
+ column_headers,
+ utils.get_item_properties(role, columns),
+ )
+
+
def _add_identity_and_resource_options_to_parser(parser):
system_or_domain_or_project = parser.add_mutually_exclusive_group()
system_or_domain_or_project.add_argument(
@@ -63,32 +82,79 @@ def _add_identity_and_resource_options_to_parser(parser):
common.add_inherited_option_to_parser(parser)
+def _find_sdk_id(
+ find_command, name_or_id, validate_actor_existence=True, **kwargs
+):
+ try:
+ resource = find_command(
+ name_or_id=name_or_id, ignore_missing=False, **kwargs
+ )
+
+ # Mimic the behavior of
+ # openstackclient.identity.common._find_identity_resource()
+ # and ignore if we don't have permission to find a resource.
+ except sdk_exc.ForbiddenException:
+ return name_or_id
+ except sdk_exc.ResourceNotFound as exc:
+ if not validate_actor_existence:
+ return name_or_id
+ raise exceptions.CommandError from exc
+ return resource.id
+
+
def _process_identity_and_resource_options(
- parsed_args, identity_client_manager, validate_actor_existence=True
+ parsed_args, identity_client, validate_actor_existence=True
):
def _find_user():
- try:
- return common.find_user(
- identity_client_manager,
- parsed_args.user,
- parsed_args.user_domain,
- ).id
- except exceptions.CommandError:
- if not validate_actor_existence:
- return parsed_args.user
- raise
+ domain_id = (
+ _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.user_domain,
+ validate_actor_existence=validate_actor_existence,
+ )
+ if parsed_args.user_domain
+ else None
+ )
+ return _find_sdk_id(
+ identity_client.find_user,
+ name_or_id=parsed_args.user,
+ validate_actor_existence=validate_actor_existence,
+ domain_id=domain_id,
+ )
def _find_group():
- try:
- return common.find_group(
- identity_client_manager,
- parsed_args.group,
- parsed_args.group_domain,
- ).id
- except exceptions.CommandError:
- if not validate_actor_existence:
- return parsed_args.group
- raise
+ domain_id = (
+ _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.group_domain,
+ validate_actor_existence=validate_actor_existence,
+ )
+ if parsed_args.group_domain
+ else None
+ )
+ return _find_sdk_id(
+ identity_client.find_group,
+ name_or_id=parsed_args.group,
+ validate_actor_existence=validate_actor_existence,
+ domain_id=domain_id,
+ )
+
+ def _find_project():
+ domain_id = (
+ _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.project_domain,
+ validate_actor_existence=validate_actor_existence,
+ )
+ if parsed_args.project_domain
+ else None
+ )
+ return _find_sdk_id(
+ identity_client.find_project,
+ name_or_id=parsed_args.project,
+ validate_actor_existence=validate_actor_existence,
+ domain_id=domain_id,
+ )
kwargs = {}
if parsed_args.user and parsed_args.system:
@@ -96,34 +162,35 @@ def _process_identity_and_resource_options(
kwargs['system'] = parsed_args.system
elif parsed_args.user and parsed_args.domain:
kwargs['user'] = _find_user()
- kwargs['domain'] = common.find_domain(
- identity_client_manager,
- parsed_args.domain,
- ).id
+ kwargs['domain'] = _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.domain,
+ validate_actor_existence=validate_actor_existence,
+ )
elif parsed_args.user and parsed_args.project:
kwargs['user'] = _find_user()
- kwargs['project'] = common.find_project(
- identity_client_manager,
- parsed_args.project,
- parsed_args.project_domain,
- ).id
+ kwargs['project'] = _find_project()
elif parsed_args.group and parsed_args.system:
kwargs['group'] = _find_group()
kwargs['system'] = parsed_args.system
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = _find_group()
- kwargs['domain'] = common.find_domain(
- identity_client_manager,
- parsed_args.domain,
- ).id
+ kwargs['domain'] = _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.domain,
+ validate_actor_existence=validate_actor_existence,
+ )
elif parsed_args.group and parsed_args.project:
kwargs['group'] = _find_group()
- kwargs['project'] = common.find_project(
- identity_client_manager,
- parsed_args.project,
- parsed_args.project_domain,
- ).id
- kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
+ kwargs['project'] = _find_project()
+ else:
+ msg = _(
+ "Role not added, incorrect set of arguments "
+ "provided. See openstack --help for more details"
+ )
+ raise exceptions.CommandError(msg)
+
+ kwargs['inherited'] = parsed_args.inherited
return kwargs
@@ -145,7 +212,7 @@ class AddRole(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
if (
not parsed_args.user
@@ -161,18 +228,71 @@ class AddRole(command.Command):
domain_id = None
if parsed_args.role_domain:
- domain_id = common.find_domain(
- identity_client, parsed_args.role_domain
- ).id
- role = utils.find_resource(
- identity_client.roles, parsed_args.role, domain_id=domain_id
+ domain_id = _find_sdk_id(
+ identity_client.find_domain, name_or_id=parsed_args.role_domain
+ )
+ role = _find_sdk_id(
+ identity_client.find_role,
+ name_or_id=parsed_args.role,
+ domain_id=domain_id,
)
- kwargs = _process_identity_and_resource_options(
- parsed_args, self.app.client_manager.identity
+ add_kwargs = _process_identity_and_resource_options(
+ parsed_args, identity_client
)
- identity_client.roles.grant(role.id, **kwargs)
+ if add_kwargs.get("domain"):
+ if add_kwargs.get("user"):
+ identity_client.assign_domain_role_to_user(
+ domain=add_kwargs["domain"],
+ user=add_kwargs["user"],
+ role=role,
+ inherited=add_kwargs["inherited"],
+ )
+ if add_kwargs.get("group"):
+ identity_client.assign_domain_role_to_group(
+ domain=add_kwargs["domain"],
+ group=add_kwargs["group"],
+ role=role,
+ inherited=add_kwargs["inherited"],
+ )
+ elif add_kwargs.get("project"):
+ if add_kwargs.get("user"):
+ identity_client.assign_project_role_to_user(
+ project=add_kwargs["project"],
+ user=add_kwargs["user"],
+ role=role,
+ inherited=add_kwargs["inherited"],
+ )
+ if add_kwargs.get("group"):
+ identity_client.assign_project_role_to_group(
+ project=add_kwargs["project"],
+ group=add_kwargs["group"],
+ role=role,
+ inherited=add_kwargs["inherited"],
+ )
+ elif add_kwargs.get("system"):
+ if add_kwargs["inherited"]:
+ LOG.warning(
+ _(
+ "'--inherited' was given, which is not supported "
+ "when adding a system role. This will be an error "
+ "in a future release."
+ )
+ )
+ # TODO(0weng): This should be an error in a future release
+ if add_kwargs.get("user"):
+ identity_client.assign_system_role_to_user(
+ system=add_kwargs["system"],
+ user=add_kwargs["user"],
+ role=role,
+ )
+ if add_kwargs.get("group"):
+ identity_client.assign_system_role_to_group(
+ system=add_kwargs["system"],
+ group=add_kwargs["group"],
+ role=role,
+ )
class CreateRole(command.ShowOne):
@@ -204,37 +324,35 @@ class CreateRole(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- domain_id = None
+ create_kwargs = {}
if parsed_args.domain:
- domain_id = common.find_domain(
- identity_client, parsed_args.domain
- ).id
-
- options = common.get_immutable_options(parsed_args)
-
- try:
- role = identity_client.roles.create(
- name=parsed_args.name,
- domain=domain_id,
- description=parsed_args.description,
- options=options,
+ create_kwargs['domain_id'] = _find_sdk_id(
+ identity_client.find_domain, name_or_id=parsed_args.domain
)
- except ks_exc.Conflict:
+ if parsed_args.name:
+ create_kwargs['name'] = parsed_args.name
+ if parsed_args.description:
+ create_kwargs['description'] = parsed_args.description
+ create_kwargs['options'] = common.get_immutable_options(parsed_args)
+
+ try:
+ role = identity_client.create_role(**create_kwargs)
+
+ except sdk_exc.ConflictException:
if parsed_args.or_show:
- role = utils.find_resource(
- identity_client.roles,
- parsed_args.name,
- domain_id=domain_id,
+ role = identity_client.find_role(
+ name_or_id=parsed_args.name,
+ domain_id=parsed_args.domain,
+ ignore_missing=False,
)
LOG.info(_('Returning existing role %s'), role.name)
else:
raise
- role._info.pop('links')
- return zip(*sorted(role._info.items()))
+ return _format_role(role)
class DeleteRole(command.Command):
@@ -245,7 +363,7 @@ class DeleteRole(command.Command):
parser.add_argument(
'roles',
metavar='<role>',
- nargs="+",
+ nargs='+',
help=_('Role(s) to delete (name or ID)'),
)
parser.add_argument(
@@ -256,20 +374,22 @@ class DeleteRole(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
domain_id = None
if parsed_args.domain:
- domain_id = common.find_domain(
- identity_client, parsed_args.domain
- ).id
+ domain_id = _find_sdk_id(
+ identity_client.find_domain, parsed_args.domain
+ )
errors = 0
for role in parsed_args.roles:
try:
- role_obj = utils.find_resource(
- identity_client.roles, role, domain_id=domain_id
+ role_id = _find_sdk_id(
+ identity_client.find_role,
+ name_or_id=role,
+ domain_id=domain_id,
)
- identity_client.roles.delete(role_obj.id)
+ identity_client.delete_role(role=role_id, ignore_missing=False)
except Exception as e:
errors += 1
LOG.error(
@@ -302,20 +422,17 @@ class ListRole(command.Lister):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
if parsed_args.domain:
- domain = common.find_domain(
- identity_client,
- parsed_args.domain,
+ domain = identity_client.find_domain(
+ name_or_id=parsed_args.domain,
)
columns = ('ID', 'Name', 'Domain')
- data = identity_client.roles.list(domain_id=domain.id)
- for role in data:
- role.domain = domain.name
+ data = identity_client.roles(domain_id=domain.id)
else:
columns = ('ID', 'Name')
- data = identity_client.roles.list()
+ data = identity_client.roles()
return (
columns,
@@ -323,7 +440,7 @@ class ListRole(command.Lister):
utils.get_item_properties(
s,
columns,
- formatters={},
+ formatters={'Domain': lambda _: domain.name},
)
for s in data
),
@@ -348,8 +465,7 @@ class RemoveRole(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
-
+ identity_client = self.app.client_manager.sdk_connection.identity
if (
not parsed_args.user
and not parsed_args.domain
@@ -364,19 +480,65 @@ class RemoveRole(command.Command):
domain_id = None
if parsed_args.role_domain:
- domain_id = common.find_domain(
- identity_client, parsed_args.role_domain
- ).id
- role = utils.find_resource(
- identity_client.roles, parsed_args.role, domain_id=domain_id
+ domain_id = _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.role_domain,
+ )
+ role = _find_sdk_id(
+ identity_client.find_role,
+ name_or_id=parsed_args.role,
+ domain_id=domain_id,
)
- kwargs = _process_identity_and_resource_options(
+ remove_kwargs = _process_identity_and_resource_options(
parsed_args,
- self.app.client_manager.identity,
+ identity_client,
validate_actor_existence=False,
)
- identity_client.roles.revoke(role.id, **kwargs)
+
+ if remove_kwargs.get("domain"):
+ if remove_kwargs.get("user"):
+ identity_client.unassign_domain_role_from_user(
+ domain=remove_kwargs["domain"],
+ user=remove_kwargs["user"],
+ role=role,
+ inherited=remove_kwargs["inherited"],
+ )
+ if remove_kwargs.get("group"):
+ identity_client.unassign_domain_role_from_group(
+ domain=remove_kwargs["domain"],
+ group=remove_kwargs["group"],
+ role=role,
+ inherited=remove_kwargs["inherited"],
+ )
+ elif remove_kwargs.get("project"):
+ if remove_kwargs.get("user"):
+ identity_client.unassign_project_role_from_user(
+ project=remove_kwargs["project"],
+ user=remove_kwargs["user"],
+ role=role,
+ inherited=remove_kwargs["inherited"],
+ )
+ if remove_kwargs.get("group"):
+ identity_client.unassign_project_role_from_group(
+ project=remove_kwargs["project"],
+ group=remove_kwargs["group"],
+ role=role,
+ inherited=remove_kwargs["inherited"],
+ )
+ elif remove_kwargs.get("system"):
+ if remove_kwargs.get("user"):
+ identity_client.unassign_system_role_from_user(
+ system=remove_kwargs["system"],
+ user=remove_kwargs["user"],
+ role=role,
+ )
+ if remove_kwargs.get("group"):
+ identity_client.unassign_system_role_from_group(
+ system=remove_kwargs["system"],
+ group=remove_kwargs["group"],
+ role=role,
+ )
class SetRole(command.Command):
@@ -408,25 +570,31 @@ class SetRole(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
+
+ update_kwargs = {}
+ if parsed_args.description:
+ update_kwargs["description"] = parsed_args.description
+ if parsed_args.name:
+ update_kwargs["name"] = parsed_args.name
domain_id = None
if parsed_args.domain:
- domain_id = common.find_domain(
- identity_client, parsed_args.domain
- ).id
+ domain_id = _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.domain,
+ )
+ update_kwargs["domain_id"] = domain_id
- options = common.get_immutable_options(parsed_args)
- role = utils.find_resource(
- identity_client.roles, parsed_args.role, domain_id=domain_id
+ update_kwargs["options"] = common.get_immutable_options(parsed_args)
+ role = _find_sdk_id(
+ identity_client.find_role,
+ name_or_id=parsed_args.role,
+ domain_id=domain_id,
)
+ update_kwargs["role"] = role
- identity_client.roles.update(
- role.id,
- name=parsed_args.name,
- description=parsed_args.description,
- options=options,
- )
+ identity_client.update_role(**update_kwargs)
class ShowRole(command.ShowOne):
@@ -447,17 +615,19 @@ class ShowRole(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
domain_id = None
if parsed_args.domain:
- domain_id = common.find_domain(
- identity_client, parsed_args.domain
- ).id
+ domain_id = _find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.domain,
+ )
- role = utils.find_resource(
- identity_client.roles, parsed_args.role, domain_id=domain_id
+ role = identity_client.find_role(
+ name_or_id=parsed_args.role,
+ domain_id=domain_id,
+ ignore_missing=False,
)
- role._info.pop('links')
- return zip(*sorted(role._info.items()))
+ return _format_role(role)
diff --git a/openstackclient/tests/functional/identity/v3/test_role.py b/openstackclient/tests/functional/identity/v3/test_role.py
index 16ddc23a3d..f4c6832f25 100644
--- a/openstackclient/tests/functional/identity/v3/test_role.py
+++ b/openstackclient/tests/functional/identity/v3/test_role.py
@@ -93,6 +93,30 @@ class RoleTests(common.IdentityTests):
)
self.assertEqual(0, len(raw_output))
+ def test_role_add_inherited(self):
+ role_name = self._create_dummy_role()
+ username = self._create_dummy_user()
+ raw_output = self.openstack(
+ 'role add '
+ f'--project {self.project_name} '
+ f'--project-domain {self.domain_name} '
+ f'--user {username} '
+ f'--user-domain {self.domain_name} '
+ '--inherited '
+ f'{role_name}'
+ )
+ self.addCleanup(
+ self.openstack,
+ 'role remove '
+ f'--project {self.project_name} '
+ f'--project-domain {self.domain_name} '
+ f'--user {username} '
+ f'--user-domain {self.domain_name} '
+ '--inherited '
+ f'{role_name}',
+ )
+ self.assertEqual(0, len(raw_output))
+
def test_role_remove(self):
role_name = self._create_dummy_role()
username = self._create_dummy_user()
diff --git a/openstackclient/tests/functional/identity/v3/test_role_assignment.py b/openstackclient/tests/functional/identity/v3/test_role_assignment.py
index 941563c7bd..6c53bc2778 100644
--- a/openstackclient/tests/functional/identity/v3/test_role_assignment.py
+++ b/openstackclient/tests/functional/identity/v3/test_role_assignment.py
@@ -151,6 +151,14 @@ class RoleAssignmentTests(common.IdentityTests):
'--inherited '
f'{role_name}'
)
+ self.addCleanup(
+ self.openstack,
+ 'role remove '
+ f'--project {self.project_name} '
+ f'--user {username} '
+ '--inherited '
+ f'{role_name}',
+ )
self.assertEqual(0, len(raw_output))
raw_output = self.openstack('role assignment list --inherited')
diff --git a/openstackclient/tests/unit/identity/v3/test_role.py b/openstackclient/tests/unit/identity/v3/test_role.py
index 09b7536e3b..e4a27ed113 100644
--- a/openstackclient/tests/unit/identity/v3/test_role.py
+++ b/openstackclient/tests/unit/identity/v3/test_role.py
@@ -13,110 +13,177 @@
# under the License.
#
-import copy
from unittest import mock
from osc_lib import exceptions
-from osc_lib import utils
-from openstackclient.identity import common
+from openstack import exceptions as sdk_exc
+from openstack.identity.v3 import domain as _domain
+from openstack.identity.v3 import group as _group
+from openstack.identity.v3 import project as _project
+from openstack.identity.v3 import role as _role
+from openstack.identity.v3 import system as _system
+from openstack.identity.v3 import user as _user
+from openstack.test import fakes as sdk_fakes
+
from openstackclient.identity.v3 import role
-from openstackclient.tests.unit import fakes
from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes
+from openstackclient.tests.unit import utils as test_utils
-class TestRole(identity_fakes.TestIdentityv3):
- def setUp(self):
- super().setUp()
-
- # Get a shortcut to the UserManager Mock
- self.users_mock = self.identity_client.users
- self.users_mock.reset_mock()
-
- # Get a shortcut to the UserManager Mock
- self.groups_mock = self.identity_client.groups
- self.groups_mock.reset_mock()
-
- # Get a shortcut to the DomainManager Mock
- self.domains_mock = self.identity_client.domains
- self.domains_mock.reset_mock()
-
- # Get a shortcut to the ProjectManager Mock
- self.projects_mock = self.identity_client.projects
- self.projects_mock.reset_mock()
-
- # Get a shortcut to the RoleManager Mock
- self.roles_mock = self.identity_client.roles
- self.roles_mock.reset_mock()
-
- def _is_inheritance_testcase(self):
- return False
-
-
-class TestRoleInherited(TestRole):
+class TestRoleInherited(identity_fakes.TestIdentityv3):
def _is_inheritance_testcase(self):
return True
-class TestRoleAdd(TestRole):
+class TestFindSDKId(test_utils.TestCase):
+ def setUp(self):
+ super().setUp()
+ self.user = sdk_fakes.generate_fake_resource(_user.User)
+ self.identity_sdk_client = mock.Mock()
+ self.identity_sdk_client.find_user = mock.Mock()
+
+ def test_find_sdk_id_validate(self):
+ self.identity_sdk_client.find_user.side_effect = [self.user]
+
+ result = role._find_sdk_id(
+ self.identity_sdk_client.find_user,
+ name_or_id=self.user.id,
+ validate_actor_existence=True,
+ )
+ self.assertEqual(self.user.id, result)
+
+ def test_find_sdk_id_no_validate(self):
+ self.identity_sdk_client.find_user.side_effect = [self.user]
+
+ result = role._find_sdk_id(
+ self.identity_sdk_client.find_user,
+ name_or_id=self.user.id,
+ validate_actor_existence=False,
+ )
+ self.assertEqual(self.user.id, result)
+
+ def test_find_sdk_id_not_found_validate(self):
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
+
+ self.assertRaises(
+ exceptions.CommandError,
+ role._find_sdk_id,
+ self.identity_sdk_client.find_user,
+ name_or_id=self.user.id,
+ validate_actor_existence=True,
+ )
+
+ def test_find_sdk_id_not_found_no_validate(self):
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
+
+ result = role._find_sdk_id(
+ self.identity_sdk_client.find_user,
+ name_or_id=self.user.id,
+ validate_actor_existence=False,
+ )
+ self.assertEqual(self.user.id, result)
+
+ def test_find_sdk_id_forbidden_validate(self):
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ForbiddenException,
+ ]
+
+ result = role._find_sdk_id(
+ self.identity_sdk_client.find_user,
+ name_or_id=self.user.id,
+ validate_actor_existence=True,
+ )
+
+ self.assertEqual(self.user.id, result)
+
+ def test_find_sdk_id_forbidden_no_validate(self):
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ForbiddenException,
+ ]
+
+ result = role._find_sdk_id(
+ self.identity_sdk_client.find_user,
+ name_or_id=self.user.id,
+ validate_actor_existence=False,
+ )
+
+ self.assertEqual(self.user.id, result)
+
+
+class TestRoleAdd(identity_fakes.TestIdentityv3):
+ def _is_inheritance_testcase(self):
+ return False
+
+ user = sdk_fakes.generate_fake_resource(_user.User)
+ group = sdk_fakes.generate_fake_resource(_group.Group)
+ domain = sdk_fakes.generate_fake_resource(_domain.Domain)
+ project = sdk_fakes.generate_fake_resource(_project.Project)
+
def setUp(self):
super().setUp()
- self.users_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.USER),
- loaded=True,
+ self.identity_sdk_client.find_user.return_value = self.user
+ self.identity_sdk_client.find_group.return_value = self.group
+ self.identity_sdk_client.find_domain.return_value = self.domain
+ self.identity_sdk_client.find_project.return_value = self.project
+
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ )
+ self.identity_sdk_client.find_role.return_value = self.role
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
)
- self.groups_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.GROUP),
- loaded=True,
+ self.identity_sdk_client.assign_domain_role_to_user.return_value = (
+ self.role
)
-
- self.domains_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.DOMAIN),
- loaded=True,
+ self.identity_sdk_client.assign_domain_role_to_group.return_value = (
+ self.role
)
-
- self.projects_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.PROJECT),
- loaded=True,
+ self.identity_sdk_client.assign_project_role_to_user.return_value = (
+ self.role
)
-
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
+ self.identity_sdk_client.assign_project_role_to_group.return_value = (
+ self.role
)
- self.roles_mock.grant.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
+ self.identity_sdk_client.assign_system_role_to_user.return_value = (
+ self.role
+ )
+ self.identity_sdk_client.assign_system_role_to_group.return_value = (
+ self.role
)
# Get the command object to test
self.cmd = role.AddRole(self.app, None)
- def test_role_add_user_system(self):
+ @mock.patch.object(role.LOG, 'warning')
+ def test_role_add_user_system(self, mock_warning):
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--system',
'all',
- identity_fakes.role_name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
('system', 'all'),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -125,32 +192,36 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
'system': 'all',
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'user': self.user.id,
+ 'role': self.role.id,
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.assign_system_role_to_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
+ if self._is_inheritance_testcase():
+ mock_warning.assert_called_with(
+ "'--inherited' was given, which is not supported when adding a system role; this will be an error in a future release"
+ )
+
def test_role_add_user_domain(self):
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.role_name,
+ self.domain.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
- ('domain', identity_fakes.domain_name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -159,32 +230,32 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'domain': self.domain.id,
+ 'user': self.user.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.assign_domain_role_to_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_add_user_project(self):
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--project',
- identity_fakes.project_name,
- identity_fakes.role_name,
+ self.project.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.role_name),
+ ('project', self.project.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -193,33 +264,34 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'project': self.project.id,
+ 'user': self.user.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.assign_project_role_to_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- def test_role_add_group_system(self):
+ @mock.patch.object(role.LOG, 'warning')
+ def test_role_add_group_system(self, mock_warning):
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--system',
'all',
- identity_fakes.role_name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
+ ('group', self.group.name),
('system', 'all'),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -228,32 +300,36 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
'system': 'all',
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'group': self.group.id,
+ 'role': self.role.id,
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.assign_system_role_to_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
+ if self._is_inheritance_testcase():
+ mock_warning.assert_called_with(
+ "'--inherited' was given, which is not supported when adding a system role; this will be an error in a future release"
+ )
+
def test_role_add_group_domain(self):
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.role_name,
+ self.domain.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
- ('domain', identity_fakes.domain_name),
+ ('group', self.group.name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -262,32 +338,32 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'domain': self.domain.id,
+ 'group': self.group.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.assign_domain_role_to_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_add_group_project(self):
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--project',
- identity_fakes.project_name,
- identity_fakes.role_name,
+ self.project.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
+ ('group', self.group.name),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.role_name),
+ ('project', self.project.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -296,39 +372,36 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'project': self.project.id,
+ 'group': self.group.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.assign_project_role_to_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_add_domain_role_on_user_project(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- )
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--project',
- identity_fakes.project_name,
+ self.project.name,
'--role-domain',
- identity_fakes.domain_name,
- identity_fakes.ROLE_2['name'],
+ self.domain.name,
+ self.role_with_domain.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.ROLE_2['name']),
+ ('project', self.project.name),
+ ('role', self.role_with_domain.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -337,26 +410,26 @@ class TestRoleAdd(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'project': self.project.id,
+ 'user': self.user.id,
+ 'role': self.role_with_domain.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.grant(role, user=, group=, domain=, project=)
- self.roles_mock.grant.assert_called_with(
- identity_fakes.ROLE_2['id'], **kwargs
+ self.identity_sdk_client.assign_project_role_to_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_add_with_error(self):
arglist = [
- identity_fakes.role_name,
+ self.role.name,
]
verifylist = [
('user', None),
('group', None),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -369,31 +442,47 @@ class TestRoleAddInherited(TestRoleAdd, TestRoleInherited):
pass
-class TestRoleCreate(TestRole):
+class TestRoleCreate(identity_fakes.TestIdentityv3):
+ collist = ('id', 'name', 'domain_id', 'description')
+ domain = sdk_fakes.generate_fake_resource(_domain.Domain)
+
def setUp(self):
super().setUp()
- self.domains_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.DOMAIN),
- loaded=True,
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
)
-
- self.roles_mock.create.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
)
+ self.role_with_description = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description='role description',
+ )
+ self.role_with_immutable_option = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ options={'immutable': True},
+ )
+ self.identity_sdk_client.find_domain.return_value = self.domain
# Get the command object to test
self.cmd = role.CreateRole(self.app, None)
def test_role_create_no_options(self):
+ self.identity_sdk_client.create_role.return_value = self.role
+
arglist = [
- identity_fakes.role_name,
+ self.role.name,
]
verifylist = [
- ('name', identity_fakes.role_name),
+ ('name', self.role.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -404,39 +493,34 @@ class TestRoleCreate(TestRole):
# Set expected values
kwargs = {
- 'domain': None,
- 'name': identity_fakes.role_name,
- 'description': None,
+ 'name': self.role.name,
'options': {},
}
- # RoleManager.create(name=, domain=)
- self.roles_mock.create.assert_called_with(**kwargs)
+ self.identity_sdk_client.create_role.assert_called_with(**kwargs)
- collist = ('domain', 'id', 'name')
- self.assertEqual(collist, columns)
+ self.assertEqual(self.collist, columns)
datalist = (
+ self.role.id,
+ self.role.name,
+ None,
None,
- identity_fakes.role_id,
- identity_fakes.role_name,
)
self.assertEqual(datalist, data)
def test_role_create_with_domain(self):
- self.roles_mock.create.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
+ self.identity_sdk_client.create_role.return_value = (
+ self.role_with_domain
)
arglist = [
'--domain',
- identity_fakes.domain_name,
- identity_fakes.ROLE_2['name'],
+ self.domain.name,
+ self.role_with_domain.name,
]
verifylist = [
- ('domain', identity_fakes.domain_name),
- ('name', identity_fakes.ROLE_2['name']),
+ ('domain', self.domain.name),
+ ('name', self.role_with_domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -447,38 +531,35 @@ class TestRoleCreate(TestRole):
# Set expected values
kwargs = {
- 'domain': identity_fakes.domain_id,
- 'name': identity_fakes.ROLE_2['name'],
- 'description': None,
+ 'domain_id': self.domain.id,
+ 'name': self.role_with_domain.name,
'options': {},
}
- # RoleManager.create(name=, domain=)
- self.roles_mock.create.assert_called_with(**kwargs)
+ self.identity_sdk_client.create_role.assert_called_with(**kwargs)
- collist = ('domain', 'id', 'name')
- self.assertEqual(collist, columns)
+ self.assertEqual(self.collist, columns)
datalist = (
- identity_fakes.domain_id,
- identity_fakes.ROLE_2['id'],
- identity_fakes.ROLE_2['name'],
+ self.role_with_domain.id,
+ self.role_with_domain.name,
+ self.domain.id,
+ None,
)
self.assertEqual(datalist, data)
def test_role_create_with_description(self):
- self.roles_mock.create.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
+ self.identity_sdk_client.create_role.return_value = (
+ self.role_with_description
)
+
arglist = [
'--description',
- identity_fakes.role_description,
- identity_fakes.ROLE_2['name'],
+ self.role_with_description.description,
+ self.role_with_description.name,
]
verifylist = [
- ('description', identity_fakes.role_description),
- ('name', identity_fakes.ROLE_2['name']),
+ ('description', self.role_with_description.description),
+ ('name', self.role_with_description.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -489,37 +570,32 @@ class TestRoleCreate(TestRole):
# Set expected values
kwargs = {
- 'description': identity_fakes.role_description,
- 'name': identity_fakes.ROLE_2['name'],
- 'domain': None,
+ 'name': self.role_with_description.name,
+ 'description': self.role_with_description.description,
'options': {},
}
- # RoleManager.create(name=, domain=)
- self.roles_mock.create.assert_called_with(**kwargs)
+ self.identity_sdk_client.create_role.assert_called_with(**kwargs)
- collist = ('domain', 'id', 'name')
- self.assertEqual(collist, columns)
+ self.assertEqual(self.collist, columns)
datalist = (
- 'd1',
- identity_fakes.ROLE_2['id'],
- identity_fakes.ROLE_2['name'],
+ self.role_with_description.id,
+ self.role_with_description.name,
+ None,
+ self.role_with_description.description,
)
self.assertEqual(datalist, data)
def test_role_create_with_immutable_option(self):
- self.roles_mock.create.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- )
+ self.identity_sdk_client.create_role.return_value = self.role
+
arglist = [
'--immutable',
- identity_fakes.ROLE_2['name'],
+ self.role.name,
]
verifylist = [
('immutable', True),
- ('name', identity_fakes.ROLE_2['name']),
+ ('name', self.role.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -531,36 +607,30 @@ class TestRoleCreate(TestRole):
# Set expected values
kwargs = {
'options': {'immutable': True},
- 'description': None,
- 'name': identity_fakes.ROLE_2['name'],
- 'domain': None,
+ 'name': self.role.name,
}
- # RoleManager.create(name=, domain=)
- self.roles_mock.create.assert_called_with(**kwargs)
+ self.identity_sdk_client.create_role.assert_called_with(**kwargs)
- collist = ('domain', 'id', 'name')
- self.assertEqual(collist, columns)
+ self.assertEqual(self.collist, columns)
datalist = (
- 'd1',
- identity_fakes.ROLE_2['id'],
- identity_fakes.ROLE_2['name'],
+ self.role.id,
+ self.role.name,
+ None,
+ None,
)
self.assertEqual(datalist, data)
def test_role_create_with_no_immutable_option(self):
- self.roles_mock.create.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- )
+ self.identity_sdk_client.create_role.return_value = self.role
+
arglist = [
'--no-immutable',
- identity_fakes.ROLE_2['name'],
+ self.role.name,
]
verifylist = [
('no_immutable', True),
- ('name', identity_fakes.ROLE_2['name']),
+ ('name', self.role.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -572,88 +642,94 @@ class TestRoleCreate(TestRole):
# Set expected values
kwargs = {
'options': {'immutable': False},
- 'description': None,
- 'name': identity_fakes.ROLE_2['name'],
- 'domain': None,
+ 'name': self.role.name,
}
- # RoleManager.create(name=, domain=)
- self.roles_mock.create.assert_called_with(**kwargs)
+ self.identity_sdk_client.create_role.assert_called_with(**kwargs)
- collist = ('domain', 'id', 'name')
- self.assertEqual(collist, columns)
+ self.assertEqual(self.collist, columns)
datalist = (
- 'd1',
- identity_fakes.ROLE_2['id'],
- identity_fakes.ROLE_2['name'],
+ self.role.id,
+ self.role.name,
+ None,
+ None,
)
self.assertEqual(datalist, data)
-class TestRoleDelete(TestRole):
+class TestRoleDelete(identity_fakes.TestIdentityv3):
def setUp(self):
super().setUp()
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
- )
- self.roles_mock.delete.return_value = None
-
# Get the command object to test
self.cmd = role.DeleteRole(self.app, None)
def test_role_delete_no_options(self):
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ )
+ self.identity_sdk_client.find_role.return_value = self.role
+ self.identity_sdk_client.delete_role.return_value = None
+
arglist = [
- identity_fakes.role_name,
+ self.role.name,
]
verifylist = [
- ('roles', [identity_fakes.role_name]),
+ ('roles', [self.role.name]),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
- self.roles_mock.delete.assert_called_with(
- identity_fakes.role_id,
+ self.identity_sdk_client.delete_role.assert_called_with(
+ role=self.role.id,
+ ignore_missing=False,
)
self.assertIsNone(result)
def test_role_delete_with_domain(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
+ self.domain = sdk_fakes.generate_fake_resource(_domain.Domain)
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
)
- self.roles_mock.delete.return_value = None
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+ self.identity_sdk_client.delete_role.return_value = None
arglist = [
'--domain',
- identity_fakes.domain_name,
- identity_fakes.ROLE_2['name'],
+ self.domain.name,
+ self.role_with_domain.name,
]
verifylist = [
- ('roles', [identity_fakes.ROLE_2['name']]),
- ('domain', identity_fakes.domain_name),
+ ('roles', [self.role_with_domain.name]),
+ ('domain', self.domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
- self.roles_mock.delete.assert_called_with(
- identity_fakes.ROLE_2['id'],
+ self.identity_sdk_client.delete_role.assert_called_with(
+ role=self.role_with_domain.id,
+ ignore_missing=False,
)
self.assertIsNone(result)
- @mock.patch.object(utils, 'find_resource')
- def test_delete_multi_roles_with_exception(self, find_mock):
- find_mock.side_effect = [
- self.roles_mock.get.return_value,
- exceptions.CommandError,
+ def test_delete_multi_roles_with_exception(self):
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ )
+ self.identity_sdk_client.find_role.side_effect = [
+ self.role,
+ sdk_exc.ResourceNotFound,
]
arglist = [
- identity_fakes.role_name,
+ self.role.id,
'unexist_role',
]
verifylist = [
@@ -667,44 +743,62 @@ class TestRoleDelete(TestRole):
except exceptions.CommandError as e:
self.assertEqual('1 of 2 roles failed to delete.', str(e))
- find_mock.assert_any_call(
- self.roles_mock, identity_fakes.role_name, domain_id=None
- )
- find_mock.assert_any_call(
- self.roles_mock, 'unexist_role', domain_id=None
+ self.identity_sdk_client.find_role.assert_has_calls(
+ [
+ mock.call(
+ name_or_id=self.role.id,
+ ignore_missing=False,
+ domain_id=None,
+ ),
+ mock.call(
+ name_or_id='unexist_role',
+ ignore_missing=False,
+ domain_id=None,
+ ),
+ ]
)
- self.assertEqual(2, find_mock.call_count)
- self.roles_mock.delete.assert_called_once_with(identity_fakes.role_id)
+ self.assertEqual(2, self.identity_sdk_client.find_role.call_count)
+ self.identity_sdk_client.delete_role.assert_called_once_with(
+ role=self.role.id, ignore_missing=False
+ )
-class TestRoleList(TestRole):
+class TestRoleList(identity_fakes.TestIdentityv3):
columns = (
'ID',
'Name',
)
- datalist = (
- (
- identity_fakes.role_id,
- identity_fakes.role_name,
- ),
- )
+ domain = sdk_fakes.generate_fake_resource(_domain.Domain)
def setUp(self):
super().setUp()
- self.roles_mock.list.return_value = [
- fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
- ),
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ )
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
+ )
+ self.identity_sdk_client.roles.return_value = [
+ self.role,
+ self.role_with_domain,
]
+ self.identity_sdk_client.find_domain.return_value = self.domain
- self.domains_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.DOMAIN),
- loaded=True,
+ self.datalist = (
+ (
+ self.role.id,
+ self.role.name,
+ ),
+ (
+ self.role_with_domain.id,
+ self.role_with_domain.name,
+ ),
)
# Get the command object to test
@@ -720,25 +814,19 @@ class TestRoleList(TestRole):
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
- self.roles_mock.list.assert_called_with()
+ self.identity_sdk_client.roles.assert_called_with()
self.assertEqual(self.columns, columns)
self.assertEqual(self.datalist, tuple(data))
def test_role_list_domain_role(self):
- self.roles_mock.list.return_value = [
- fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- ),
- ]
+ self.identity_sdk_client.roles.return_value = [self.role_with_domain]
arglist = [
'--domain',
- identity_fakes.domain_name,
+ self.domain.name,
]
verifylist = [
- ('domain', identity_fakes.domain_name),
+ ('domain', self.domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -748,56 +836,51 @@ class TestRoleList(TestRole):
columns, data = self.cmd.take_action(parsed_args)
# Set expected values
- kwargs = {'domain_id': identity_fakes.domain_id}
- # RoleManager.list(user=, group=, domain=, project=, **kwargs)
- self.roles_mock.list.assert_called_with(**kwargs)
+ kwargs = {'domain_id': self.domain.id}
+ self.identity_sdk_client.roles.assert_called_with(**kwargs)
collist = ('ID', 'Name', 'Domain')
self.assertEqual(collist, columns)
datalist = (
(
- identity_fakes.ROLE_2['id'],
- identity_fakes.ROLE_2['name'],
- identity_fakes.domain_name,
+ self.role_with_domain.id,
+ self.role_with_domain.name,
+ self.domain.name,
),
)
self.assertEqual(datalist, tuple(data))
-class TestRoleRemove(TestRole):
+class TestRoleRemove(identity_fakes.TestIdentityv3):
+ def _is_inheritance_testcase(self):
+ return False
+
+ user = sdk_fakes.generate_fake_resource(_user.User)
+ group = sdk_fakes.generate_fake_resource(_group.Group)
+ domain = sdk_fakes.generate_fake_resource(_domain.Domain)
+ project = sdk_fakes.generate_fake_resource(_project.Project)
+ system = sdk_fakes.generate_fake_resource(_system.System)
+
def setUp(self):
super().setUp()
- self.users_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.USER),
- loaded=True,
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
)
+ self.identity_sdk_client.find_role.return_value = self.role
+ self.identity_sdk_client.find_user.return_value = self.user
+ self.identity_sdk_client.find_group.return_value = self.group
+ self.identity_sdk_client.find_domain.return_value = self.domain
+ self.identity_sdk_client.find_project.return_value = self.project
- self.groups_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.GROUP),
- loaded=True,
- )
-
- self.domains_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.DOMAIN),
- loaded=True,
- )
-
- self.projects_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.PROJECT),
- loaded=True,
- )
-
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
- )
- self.roles_mock.revoke.return_value = None
+ self.identity_sdk_client.unassign_domain_role_from_user.return_value = None
+ self.identity_sdk_client.unassign_domain_role_from_group.return_value = None
+ self.identity_sdk_client.unassign_project_role_from_user.return_value = None
+ self.identity_sdk_client.unassign_project_role_from_group.return_value = None
+ self.identity_sdk_client.unassign_system_role_from_user.return_value = None
+ self.identity_sdk_client.unassign_system_role_from_group.return_value = None
# Get the command object to test
self.cmd = role.RemoveRole(self.app, None)
@@ -805,20 +888,20 @@ class TestRoleRemove(TestRole):
def test_role_remove_user_system(self):
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--system',
'all',
- identity_fakes.role_name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
('system', 'all'),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -827,40 +910,39 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
+ 'user': self.user.id,
'system': 'all',
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'role': self.role.id,
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_system_role_from_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- @mock.patch.object(common, 'find_user')
- def test_role_remove_non_existent_user_system(self, find_mock):
- # Simulate the user not being in keystone, the client should gracefully
+ def test_role_remove_non_existent_user_system(self):
+ # Simulate the user not being in keystone; the client should gracefully
# handle this exception and send the request to remove the role since
# keystone supports removing role assignments with non-existent actors
# (e.g., users or groups).
- find_mock.side_effect = exceptions.CommandError
-
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
arglist = [
'--user',
- identity_fakes.user_id,
+ self.user.id,
'--system',
'all',
- identity_fakes.role_name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_id),
+ ('user', self.user.id),
('group', None),
('system', 'all'),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -869,32 +951,31 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
+ 'user': self.user.id,
'system': 'all',
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'role': self.role.id,
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_system_role_from_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_user_domain(self):
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.role_name,
+ self.domain.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
- ('domain', identity_fakes.domain_name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -903,39 +984,39 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'user': self.user.id,
+ 'domain': self.domain.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_domain_role_from_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- @mock.patch.object(common, 'find_user')
- def test_role_remove_non_existent_user_domain(self, find_mock):
+ def test_role_remove_non_existent_user_domain(self):
# Simulate the user not being in keystone, the client the gracefully
# handle this exception and send the request to remove the role since
# keystone will validate.
- find_mock.side_effect = exceptions.CommandError
-
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
arglist = [
'--user',
- identity_fakes.user_id,
+ self.user.id,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.role_name,
+ self.domain.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_id),
+ ('user', self.user.id),
('group', None),
('system', None),
- ('domain', identity_fakes.domain_name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -944,32 +1025,32 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'user': self.user.id,
+ 'domain': self.domain.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_domain_role_from_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_user_project(self):
arglist = [
'--user',
- identity_fakes.user_name,
+ self.user.name,
'--project',
- identity_fakes.project_name,
- identity_fakes.role_name,
+ self.project.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_name),
+ ('user', self.user.name),
('group', None),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.role_name),
+ ('project', self.project.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -978,39 +1059,40 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'user': self.user.id,
+ 'project': self.project.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_project_role_from_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- @mock.patch.object(common, 'find_user')
- def test_role_remove_non_existent_user_project(self, find_mock):
+ def test_role_remove_non_existent_user_project(self):
# Simulate the user not being in keystone, the client the gracefully
# handle this exception and send the request to remove the role since
# keystone will validate.
- find_mock.side_effect = exceptions.CommandError
+ self.identity_sdk_client.find_user.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
arglist = [
'--user',
- identity_fakes.user_id,
+ self.user.id,
'--project',
- identity_fakes.project_name,
- identity_fakes.role_name,
+ self.project.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
- ('user', identity_fakes.user_id),
+ ('user', self.user.id),
('group', None),
('system', None),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.role_name),
+ ('project', self.project.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1019,34 +1101,34 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'user': identity_fakes.user_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'user': self.user.id,
+ 'project': self.project.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_project_role_from_user.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_group_system(self):
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--system',
'all',
- identity_fakes.role_name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
+ ('group', self.group.name),
('system', 'all'),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1055,39 +1137,39 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
+ 'group': self.group.id,
'system': 'all',
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'role': self.role.id,
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_system_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- @mock.patch.object(common, 'find_group')
- def test_role_remove_non_existent_group_system(self, find_mock):
+ def test_role_remove_non_existent_group_system(self):
# Simulate the user not being in keystone, the client the gracefully
# handle this exception and send the request to remove the role since
# keystone will validate.
- find_mock.side_effect = exceptions.CommandError
+ self.identity_sdk_client.find_group.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
arglist = [
'--group',
- identity_fakes.group_id,
+ self.group.id,
'--system',
'all',
- identity_fakes.role_name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_id),
+ ('group', self.group.id),
('system', 'all'),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1096,33 +1178,32 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
+ 'group': self.group.id,
'system': 'all',
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'role': self.role.id,
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_system_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_group_domain(self):
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.role_name,
+ self.domain.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
- ('domain', identity_fakes.domain_name),
+ ('group', self.group.name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.role_name),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1131,39 +1212,40 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'group': self.group.id,
+ 'domain': self.domain.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_domain_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- @mock.patch.object(common, 'find_group')
- def test_role_remove_non_existent_group_domain(self, find_mock):
+ def test_role_remove_non_existent_group_domain(self):
# Simulate the user not being in keystone, the client the gracefully
# handle this exception and send the request to remove the role since
# keystone will validate.
- find_mock.side_effect = exceptions.CommandError
+ self.identity_sdk_client.find_group.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
arglist = [
'--group',
- identity_fakes.group_id,
+ self.group.id,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.role_name,
+ self.domain.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_id),
+ ('group', self.group.id),
('system', None),
- ('domain', identity_fakes.domain_name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1172,32 +1254,32 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'group': self.group.id,
+ 'domain': self.domain.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_domain_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_group_project(self):
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--project',
- identity_fakes.project_name,
- identity_fakes.role_name,
+ self.project.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
+ ('group', self.group.name),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.role_name),
+ ('project', self.project.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1206,39 +1288,39 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'group': self.group.id,
+ 'project': self.project.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_project_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
- @mock.patch.object(common, 'find_group')
- def test_role_remove_non_existent_group_project(self, find_mock):
+ def test_role_remove_non_existent_group_project(self):
# Simulate the user not being in keystone, the client the gracefully
# handle this exception and send the request to remove the role since
# keystone will validate.
- find_mock.side_effect = exceptions.CommandError
-
+ self.identity_sdk_client.find_group.side_effect = [
+ sdk_exc.ResourceNotFound,
+ ]
arglist = [
'--group',
- identity_fakes.group_id,
+ self.group.id,
'--project',
- identity_fakes.project_name,
- identity_fakes.role_name,
+ self.project.name,
+ self.role.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_id),
+ ('group', self.group.id),
('system', None),
('domain', None),
- ('project', identity_fakes.project_name),
- ('role', identity_fakes.role_name),
+ ('project', self.project.name),
+ ('role', self.role.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1247,37 +1329,38 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'project': identity_fakes.project_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'group': self.group.id,
+ 'project': self.project.id,
+ 'role': self.role.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.role_id, **kwargs
+ self.identity_sdk_client.unassign_project_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_domain_role_on_group_domain(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
)
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
arglist = [
'--group',
- identity_fakes.group_name,
+ self.group.name,
'--domain',
- identity_fakes.domain_name,
- identity_fakes.ROLE_2['name'],
+ self.domain.name,
+ self.role_with_domain.name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
- ('group', identity_fakes.group_name),
- ('domain', identity_fakes.domain_name),
+ ('group', self.group.name),
+ ('domain', self.domain.name),
('project', None),
- ('role', identity_fakes.ROLE_2['name']),
+ ('role', self.role_with_domain.name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1286,26 +1369,26 @@ class TestRoleRemove(TestRole):
# Set expected values
kwargs = {
- 'group': identity_fakes.group_id,
- 'domain': identity_fakes.domain_id,
- 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ 'group': self.group.id,
+ 'domain': self.domain.id,
+ 'role': self.role_with_domain.id,
+ 'inherited': self._is_inheritance_testcase(),
}
- # RoleManager.revoke(role, user=, group=, domain=, project=)
- self.roles_mock.revoke.assert_called_with(
- identity_fakes.ROLE_2['id'], **kwargs
+ self.identity_sdk_client.unassign_domain_role_from_group.assert_called_with(
+ **kwargs
)
self.assertIsNone(result)
def test_role_remove_with_error(self):
arglist = [
- identity_fakes.role_name,
+ self.role.name,
]
verifylist = [
('user', None),
('group', None),
('domain', None),
('project', None),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
('inherited', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1314,29 +1397,37 @@ class TestRoleRemove(TestRole):
)
-class TestRoleSet(TestRole):
+class TestRoleSet(identity_fakes.TestIdentityv3):
def setUp(self):
super().setUp()
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
+ self.domain = sdk_fakes.generate_fake_resource(_domain.Domain)
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
)
- self.roles_mock.update.return_value = None
# Get the command object to test
self.cmd = role.SetRole(self.app, None)
def test_role_set_no_options(self):
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ )
+ self.identity_sdk_client.find_role.return_value = self.role
+ self.identity_sdk_client.update_role.return_value = self.role
+
arglist = [
'--name',
'over',
- identity_fakes.role_name,
+ self.role.name,
]
verifylist = [
('name', 'over'),
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1345,32 +1436,32 @@ class TestRoleSet(TestRole):
# Set expected values
kwargs = {
'name': 'over',
- 'description': None,
+ 'role': self.role.id,
'options': {},
}
- # RoleManager.update(role, name=)
- self.roles_mock.update.assert_called_with(
- identity_fakes.role_id, **kwargs
- )
+ self.identity_sdk_client.update_role.assert_called_with(**kwargs)
self.assertIsNone(result)
def test_role_set_domain_role(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
+ self.domain2 = sdk_fakes.generate_fake_resource(_domain.Domain)
+ self.identity_sdk_client.find_domain.return_value = self.domain2
+
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+ self.identity_sdk_client.update_role.return_value = (
+ self.role_with_domain
)
+
arglist = [
'--name',
'over',
'--domain',
- identity_fakes.domain_name,
- identity_fakes.ROLE_2['name'],
+ self.domain2.name,
+ self.role_with_domain.name,
]
verifylist = [
('name', 'over'),
- ('domain', identity_fakes.domain_name),
- ('role', identity_fakes.ROLE_2['name']),
+ ('domain', self.domain2.name),
+ ('role', self.role_with_domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1379,32 +1470,27 @@ class TestRoleSet(TestRole):
# Set expected values
kwargs = {
'name': 'over',
- 'description': None,
+ 'role': self.role_with_domain.id,
+ 'domain_id': self.domain2.id,
'options': {},
}
- # RoleManager.update(role, name=)
- self.roles_mock.update.assert_called_with(
- identity_fakes.ROLE_2['id'], **kwargs
- )
+ self.identity_sdk_client.update_role.assert_called_with(**kwargs)
self.assertIsNone(result)
def test_role_set_description(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- )
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+
arglist = [
'--name',
'over',
'--description',
- identity_fakes.role_description,
- identity_fakes.ROLE_2['name'],
+ 'role description',
+ self.role_with_domain.name,
]
verifylist = [
('name', 'over'),
- ('description', identity_fakes.role_description),
- ('role', identity_fakes.ROLE_2['name']),
+ ('description', 'role description'),
+ ('role', self.role_with_domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1413,31 +1499,26 @@ class TestRoleSet(TestRole):
# Set expected values
kwargs = {
'name': 'over',
- 'description': identity_fakes.role_description,
+ 'description': 'role description',
+ 'role': self.role_with_domain.id,
'options': {},
}
- # RoleManager.update(role, name=)
- self.roles_mock.update.assert_called_with(
- identity_fakes.ROLE_2['id'], **kwargs
- )
+ self.identity_sdk_client.update_role.assert_called_with(**kwargs)
self.assertIsNone(result)
def test_role_set_with_immutable(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- )
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+
arglist = [
'--name',
'over',
'--immutable',
- identity_fakes.ROLE_2['name'],
+ self.role_with_domain.name,
]
verifylist = [
('name', 'over'),
('immutable', True),
- ('role', identity_fakes.ROLE_2['name']),
+ ('role', self.role_with_domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1446,31 +1527,25 @@ class TestRoleSet(TestRole):
# Set expected values
kwargs = {
'name': 'over',
- 'description': None,
+ 'role': self.role_with_domain.id,
'options': {'immutable': True},
}
- # RoleManager.update(role, name=)
- self.roles_mock.update.assert_called_with(
- identity_fakes.ROLE_2['id'], **kwargs
- )
+ self.identity_sdk_client.update_role.assert_called_with(**kwargs)
self.assertIsNone(result)
def test_role_set_with_no_immutable(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
- )
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+
arglist = [
'--name',
'over',
'--no-immutable',
- identity_fakes.ROLE_2['name'],
+ self.role_with_domain.name,
]
verifylist = [
('name', 'over'),
('no_immutable', True),
- ('role', identity_fakes.ROLE_2['name']),
+ ('role', self.role_with_domain.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1479,35 +1554,37 @@ class TestRoleSet(TestRole):
# Set expected values
kwargs = {
'name': 'over',
- 'description': None,
+ 'role': self.role_with_domain.id,
'options': {'immutable': False},
}
- # RoleManager.update(role, name=)
- self.roles_mock.update.assert_called_with(
- identity_fakes.ROLE_2['id'], **kwargs
- )
+ self.identity_sdk_client.update_role.assert_called_with(**kwargs)
self.assertIsNone(result)
-class TestRoleShow(TestRole):
+class TestRoleShow(identity_fakes.TestIdentityv3):
+ domain = sdk_fakes.generate_fake_resource(_domain.Domain)
+
def setUp(self):
super().setUp()
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE),
- loaded=True,
- )
+ self.identity_sdk_client.find_domain.return_value = self.domain
# Get the command object to test
self.cmd = role.ShowRole(self.app, None)
def test_role_show(self):
+ self.role = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=None,
+ description=None,
+ )
+ self.identity_sdk_client.find_role.return_value = self.role
+
arglist = [
- identity_fakes.role_name,
+ self.role.name,
]
verifylist = [
- ('role', identity_fakes.role_name),
+ ('role', self.role.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1516,34 +1593,38 @@ class TestRoleShow(TestRole):
# data to be shown.
columns, data = self.cmd.take_action(parsed_args)
- # RoleManager.get(role)
- self.roles_mock.get.assert_called_with(
- identity_fakes.role_name,
+ self.identity_sdk_client.find_role.assert_called_with(
+ name_or_id=self.role.name,
+ domain_id=None,
+ ignore_missing=False,
)
- collist = ('domain', 'id', 'name')
+ collist = ('id', 'name', 'domain_id', 'description')
self.assertEqual(collist, columns)
datalist = (
+ self.role.id,
+ self.role.name,
+ None,
None,
- identity_fakes.role_id,
- identity_fakes.role_name,
)
self.assertEqual(datalist, data)
def test_role_show_domain_role(self):
- self.roles_mock.get.return_value = fakes.FakeResource(
- None,
- copy.deepcopy(identity_fakes.ROLE_2),
- loaded=True,
+ self.role_with_domain = sdk_fakes.generate_fake_resource(
+ resource_type=_role.Role,
+ domain_id=self.domain.id,
+ description=None,
)
+ self.identity_sdk_client.find_role.return_value = self.role_with_domain
+
arglist = [
'--domain',
- identity_fakes.domain_name,
- identity_fakes.ROLE_2['name'],
+ self.domain.name,
+ self.role_with_domain.id,
]
verifylist = [
- ('domain', identity_fakes.domain_name),
- ('role', identity_fakes.ROLE_2['name']),
+ ('domain', self.domain.name),
+ ('role', self.role_with_domain.id),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -1552,23 +1633,18 @@ class TestRoleShow(TestRole):
# data to be shown.
columns, data = self.cmd.take_action(parsed_args)
- # RoleManager.get(role). This is called from utils.find_resource().
- # In fact, the current implementation calls the get(role) first with
- # just the name, then with the name+domain_id. So technically we should
- # mock this out with a call list, with the first call returning None
- # and the second returning the object. However, if we did that we are
- # then just testing the current sequencing within the utils method, and
- # would become brittle to changes within that method. Hence we just
- # check for the first call which is always lookup by name.
- self.roles_mock.get.assert_called_with(
- identity_fakes.ROLE_2['name'],
+ self.identity_sdk_client.find_role.assert_called_with(
+ name_or_id=self.role_with_domain.id,
+ domain_id=self.domain.id,
+ ignore_missing=False,
)
- collist = ('domain', 'id', 'name')
+ collist = ('id', 'name', 'domain_id', 'description')
self.assertEqual(collist, columns)
datalist = (
- identity_fakes.domain_id,
- identity_fakes.ROLE_2['id'],
- identity_fakes.ROLE_2['name'],
+ self.role_with_domain.id,
+ self.role_with_domain.name,
+ self.domain.id,
+ None,
)
self.assertEqual(datalist, data)