 70ab3f9dd5
			
		
	
	70ab3f9dd5
	
	
	
		
			
			This commit introduces the --access-rules option for 'application credential create' as well as new 'access rule' commands for listing, showing, and deleting access rules. bp whitelist-extension-for-app-creds Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
		
			
				
	
	
		
			421 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			421 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #   Copyright 2018 SUSE Linux GmbH
 | |
| #
 | |
| #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 | |
| #   not use this file except in compliance with the License. You may obtain
 | |
| #   a copy of the License at
 | |
| #
 | |
| #        http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| #   Unless required by applicable law or agreed to in writing, software
 | |
| #   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 | |
| #   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 | |
| #   License for the specific language governing permissions and limitations
 | |
| #   under the License.
 | |
| #
 | |
| 
 | |
| import copy
 | |
| import json
 | |
| from unittest import mock
 | |
| 
 | |
| from osc_lib import exceptions
 | |
| from osc_lib import utils
 | |
| 
 | |
| from openstackclient.identity.v3 import application_credential
 | |
| from openstackclient.tests.unit import fakes
 | |
| from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes
 | |
| 
 | |
| 
 | |
| class TestApplicationCredential(identity_fakes.TestIdentityv3):
 | |
| 
 | |
|     def setUp(self):
 | |
|         super(TestApplicationCredential, self).setUp()
 | |
| 
 | |
|         identity_manager = self.app.client_manager.identity
 | |
|         self.app_creds_mock = identity_manager.application_credentials
 | |
|         self.app_creds_mock.reset_mock()
 | |
|         self.roles_mock = identity_manager.roles
 | |
|         self.roles_mock.reset_mock()
 | |
| 
 | |
| 
 | |
| class TestApplicationCredentialCreate(TestApplicationCredential):
 | |
| 
 | |
|     def setUp(self):
 | |
|         super(TestApplicationCredentialCreate, self).setUp()
 | |
| 
 | |
|         self.roles_mock.get.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.ROLE),
 | |
|             loaded=True,
 | |
|         )
 | |
| 
 | |
|         # Get the command object to test
 | |
|         self.cmd = application_credential.CreateApplicationCredential(
 | |
|             self.app, None)
 | |
| 
 | |
|     def test_application_credential_create_basic(self):
 | |
|         self.app_creds_mock.create.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.APP_CRED_BASIC),
 | |
|             loaded=True,
 | |
|         )
 | |
| 
 | |
|         name = identity_fakes.app_cred_name
 | |
|         arglist = [
 | |
|             name
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('name', identity_fakes.app_cred_name)
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         # In base command class ShowOne in cliff, abstract method take_action()
 | |
|         # returns a two-part tuple with a tuple of column names and a tuple of
 | |
|         # data to be shown.
 | |
|         columns, data = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         # Set expected values
 | |
|         kwargs = {
 | |
|             'secret': None,
 | |
|             'roles': [],
 | |
|             'expires_at': None,
 | |
|             'description': None,
 | |
|             'unrestricted': False,
 | |
|             'access_rules': None,
 | |
|         }
 | |
|         self.app_creds_mock.create.assert_called_with(
 | |
|             name,
 | |
|             **kwargs
 | |
|         )
 | |
| 
 | |
|         collist = ('access_rules', 'description', 'expires_at', 'id', 'name',
 | |
|                    'project_id', 'roles', 'secret', 'unrestricted')
 | |
|         self.assertEqual(collist, columns)
 | |
|         datalist = (
 | |
|             None,
 | |
|             None,
 | |
|             None,
 | |
|             identity_fakes.app_cred_id,
 | |
|             identity_fakes.app_cred_name,
 | |
|             identity_fakes.project_id,
 | |
|             identity_fakes.role_name,
 | |
|             identity_fakes.app_cred_secret,
 | |
|             False,
 | |
|         )
 | |
|         self.assertEqual(datalist, data)
 | |
| 
 | |
|     def test_application_credential_create_with_options(self):
 | |
|         name = identity_fakes.app_cred_name
 | |
|         self.app_creds_mock.create.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.APP_CRED_OPTIONS),
 | |
|             loaded=True,
 | |
|         )
 | |
| 
 | |
|         arglist = [
 | |
|             name,
 | |
|             '--secret', 'moresecuresecret',
 | |
|             '--role', identity_fakes.role_id,
 | |
|             '--expiration', identity_fakes.app_cred_expires_str,
 | |
|             '--description', 'credential for testing'
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('name', identity_fakes.app_cred_name),
 | |
|             ('secret', 'moresecuresecret'),
 | |
|             ('role', [identity_fakes.role_id]),
 | |
|             ('expiration', identity_fakes.app_cred_expires_str),
 | |
|             ('description', 'credential for testing')
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         # In base command class ShowOne in cliff, abstract method take_action()
 | |
|         # returns a two-part tuple with a tuple of column names and a tuple of
 | |
|         # data to be shown.
 | |
|         columns, data = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         # Set expected values
 | |
|         kwargs = {
 | |
|             'secret': 'moresecuresecret',
 | |
|             'roles': [identity_fakes.role_id],
 | |
|             'expires_at': identity_fakes.app_cred_expires,
 | |
|             'description': 'credential for testing',
 | |
|             'unrestricted': False,
 | |
|             'access_rules': None,
 | |
|         }
 | |
|         self.app_creds_mock.create.assert_called_with(
 | |
|             name,
 | |
|             **kwargs
 | |
|         )
 | |
| 
 | |
|         collist = ('access_rules', 'description', 'expires_at', 'id', 'name',
 | |
|                    'project_id', 'roles', 'secret', 'unrestricted')
 | |
|         self.assertEqual(collist, columns)
 | |
|         datalist = (
 | |
|             None,
 | |
|             identity_fakes.app_cred_description,
 | |
|             identity_fakes.app_cred_expires_str,
 | |
|             identity_fakes.app_cred_id,
 | |
|             identity_fakes.app_cred_name,
 | |
|             identity_fakes.project_id,
 | |
|             identity_fakes.role_name,
 | |
|             identity_fakes.app_cred_secret,
 | |
|             False,
 | |
|         )
 | |
|         self.assertEqual(datalist, data)
 | |
| 
 | |
|     def test_application_credential_create_with_access_rules_string(self):
 | |
|         name = identity_fakes.app_cred_name
 | |
|         self.app_creds_mock.create.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.APP_CRED_ACCESS_RULES),
 | |
|             loaded=True,
 | |
|         )
 | |
| 
 | |
|         arglist = [
 | |
|             name,
 | |
|             '--access-rules', identity_fakes.app_cred_access_rules,
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('name', identity_fakes.app_cred_name),
 | |
|             ('access_rules', identity_fakes.app_cred_access_rules),
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         columns, data = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         # Set expected values
 | |
|         kwargs = {
 | |
|             'secret': None,
 | |
|             'roles': [],
 | |
|             'expires_at': None,
 | |
|             'description': None,
 | |
|             'unrestricted': False,
 | |
|             'access_rules': json.loads(identity_fakes.app_cred_access_rules)
 | |
|         }
 | |
|         self.app_creds_mock.create.assert_called_with(
 | |
|             name,
 | |
|             **kwargs
 | |
|         )
 | |
| 
 | |
|         collist = ('access_rules', 'description', 'expires_at', 'id', 'name',
 | |
|                    'project_id', 'roles', 'secret', 'unrestricted')
 | |
|         self.assertEqual(collist, columns)
 | |
|         datalist = (
 | |
|             identity_fakes.app_cred_access_rules,
 | |
|             None,
 | |
|             None,
 | |
|             identity_fakes.app_cred_id,
 | |
|             identity_fakes.app_cred_name,
 | |
|             identity_fakes.project_id,
 | |
|             identity_fakes.role_name,
 | |
|             identity_fakes.app_cred_secret,
 | |
|             False,
 | |
|         )
 | |
|         self.assertEqual(datalist, data)
 | |
| 
 | |
|     @mock.patch('openstackclient.identity.v3.application_credential.json.load')
 | |
|     @mock.patch('openstackclient.identity.v3.application_credential.open')
 | |
|     def test_application_credential_create_with_access_rules_file(
 | |
|             self, _, mock_json_load):
 | |
|         mock_json_load.return_value = identity_fakes.app_cred_access_rules
 | |
| 
 | |
|         name = identity_fakes.app_cred_name
 | |
|         self.app_creds_mock.create.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.APP_CRED_ACCESS_RULES),
 | |
|             loaded=True,
 | |
|         )
 | |
| 
 | |
|         arglist = [
 | |
|             name,
 | |
|             '--access-rules', identity_fakes.app_cred_access_rules_path,
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('name', identity_fakes.app_cred_name),
 | |
|             ('access_rules', identity_fakes.app_cred_access_rules_path),
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         columns, data = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         # Set expected values
 | |
|         kwargs = {
 | |
|             'secret': None,
 | |
|             'roles': [],
 | |
|             'expires_at': None,
 | |
|             'description': None,
 | |
|             'unrestricted': False,
 | |
|             'access_rules': identity_fakes.app_cred_access_rules
 | |
|         }
 | |
|         self.app_creds_mock.create.assert_called_with(
 | |
|             name,
 | |
|             **kwargs
 | |
|         )
 | |
| 
 | |
|         collist = ('access_rules', 'description', 'expires_at', 'id', 'name',
 | |
|                    'project_id', 'roles', 'secret', 'unrestricted')
 | |
|         self.assertEqual(collist, columns)
 | |
|         datalist = (
 | |
|             identity_fakes.app_cred_access_rules,
 | |
|             None,
 | |
|             None,
 | |
|             identity_fakes.app_cred_id,
 | |
|             identity_fakes.app_cred_name,
 | |
|             identity_fakes.project_id,
 | |
|             identity_fakes.role_name,
 | |
|             identity_fakes.app_cred_secret,
 | |
|             False,
 | |
|         )
 | |
|         self.assertEqual(datalist, data)
 | |
| 
 | |
| 
 | |
| class TestApplicationCredentialDelete(TestApplicationCredential):
 | |
| 
 | |
|     def setUp(self):
 | |
|         super(TestApplicationCredentialDelete, self).setUp()
 | |
| 
 | |
|         # This is the return value for utils.find_resource()
 | |
|         self.app_creds_mock.get.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.APP_CRED_BASIC),
 | |
|             loaded=True,
 | |
|         )
 | |
|         self.app_creds_mock.delete.return_value = None
 | |
| 
 | |
|         # Get the command object to test
 | |
|         self.cmd = application_credential.DeleteApplicationCredential(
 | |
|             self.app, None)
 | |
| 
 | |
|     def test_application_credential_delete(self):
 | |
|         arglist = [
 | |
|             identity_fakes.app_cred_id,
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('application_credential', [identity_fakes.app_cred_id])
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         result = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         self.app_creds_mock.delete.assert_called_with(
 | |
|             identity_fakes.app_cred_id,
 | |
|         )
 | |
|         self.assertIsNone(result)
 | |
| 
 | |
|     @mock.patch.object(utils, 'find_resource')
 | |
|     def test_delete_multi_app_creds_with_exception(self, find_mock):
 | |
|         find_mock.side_effect = [self.app_creds_mock.get.return_value,
 | |
|                                  exceptions.CommandError]
 | |
|         arglist = [
 | |
|             identity_fakes.app_cred_id,
 | |
|             'nonexistent_app_cred',
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('application_credential', arglist),
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         try:
 | |
|             self.cmd.take_action(parsed_args)
 | |
|             self.fail('CommandError should be raised.')
 | |
|         except exceptions.CommandError as e:
 | |
|             self.assertEqual('1 of 2 application credentials failed to'
 | |
|                              ' delete.', str(e))
 | |
| 
 | |
|         find_mock.assert_any_call(self.app_creds_mock,
 | |
|                                   identity_fakes.app_cred_id)
 | |
|         find_mock.assert_any_call(self.app_creds_mock,
 | |
|                                   'nonexistent_app_cred')
 | |
| 
 | |
|         self.assertEqual(2, find_mock.call_count)
 | |
|         self.app_creds_mock.delete.assert_called_once_with(
 | |
|             identity_fakes.app_cred_id)
 | |
| 
 | |
| 
 | |
| class TestApplicationCredentialList(TestApplicationCredential):
 | |
| 
 | |
|     def setUp(self):
 | |
|         super(TestApplicationCredentialList, self).setUp()
 | |
| 
 | |
|         self.app_creds_mock.list.return_value = [
 | |
|             fakes.FakeResource(
 | |
|                 None,
 | |
|                 copy.deepcopy(identity_fakes.APP_CRED_BASIC),
 | |
|                 loaded=True,
 | |
|             ),
 | |
|         ]
 | |
| 
 | |
|         # Get the command object to test
 | |
|         self.cmd = application_credential.ListApplicationCredential(self.app,
 | |
|                                                                     None)
 | |
| 
 | |
|     def test_application_credential_list(self):
 | |
|         arglist = []
 | |
|         verifylist = []
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         # In base command class Lister in cliff, abstract method take_action()
 | |
|         # returns a tuple containing the column names and an iterable
 | |
|         # containing the data to be listed.
 | |
|         columns, data = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         self.app_creds_mock.list.assert_called_with(user=None)
 | |
| 
 | |
|         collist = ('ID', 'Name', 'Project ID', 'Description', 'Expires At')
 | |
|         self.assertEqual(collist, columns)
 | |
|         datalist = ((
 | |
|             identity_fakes.app_cred_id,
 | |
|             identity_fakes.app_cred_name,
 | |
|             identity_fakes.project_id,
 | |
|             None,
 | |
|             None
 | |
|         ), )
 | |
|         self.assertEqual(datalist, tuple(data))
 | |
| 
 | |
| 
 | |
| class TestApplicationCredentialShow(TestApplicationCredential):
 | |
| 
 | |
|     def setUp(self):
 | |
|         super(TestApplicationCredentialShow, self).setUp()
 | |
| 
 | |
|         self.app_creds_mock.get.return_value = fakes.FakeResource(
 | |
|             None,
 | |
|             copy.deepcopy(identity_fakes.APP_CRED_BASIC),
 | |
|             loaded=True,
 | |
|         )
 | |
| 
 | |
|         # Get the command object to test
 | |
|         self.cmd = application_credential.ShowApplicationCredential(self.app,
 | |
|                                                                     None)
 | |
| 
 | |
|     def test_application_credential_show(self):
 | |
|         arglist = [
 | |
|             identity_fakes.app_cred_id,
 | |
|         ]
 | |
|         verifylist = [
 | |
|             ('application_credential', identity_fakes.app_cred_id),
 | |
|         ]
 | |
|         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 | |
| 
 | |
|         # In base command class ShowOne in cliff, abstract method take_action()
 | |
|         # returns a two-part tuple with a tuple of column names and a tuple of
 | |
|         # data to be shown.
 | |
|         columns, data = self.cmd.take_action(parsed_args)
 | |
| 
 | |
|         self.app_creds_mock.get.assert_called_with(identity_fakes.app_cred_id)
 | |
| 
 | |
|         collist = ('access_rules', 'description', 'expires_at', 'id', 'name',
 | |
|                    'project_id', 'roles', 'secret', 'unrestricted')
 | |
|         self.assertEqual(collist, columns)
 | |
|         datalist = (
 | |
|             None,
 | |
|             None,
 | |
|             None,
 | |
|             identity_fakes.app_cred_id,
 | |
|             identity_fakes.app_cred_name,
 | |
|             identity_fakes.project_id,
 | |
|             identity_fakes.role_name,
 | |
|             identity_fakes.app_cred_secret,
 | |
|             False,
 | |
|         )
 | |
|         self.assertEqual(datalist, data)
 |