Move role_assignments_client to tempest lib
This patch adds unit tests for the role_assignments_client and also moves it to the lib. Additionally, the method is refactored to be generic and handle the full set of the role_assignments API parameters. Change-Id: I1452d4f7be927f87f180badee377afa116d55ed6
This commit is contained in:
parent
2e7d0f026e
commit
bd128d1b40
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- Define the identity service role_assignments_client as a library.
|
||||
Add role_assignments_client to the library interface so the other
|
||||
projects can use this module as a stable library without any
|
||||
maintenance changes.
|
|
@ -168,15 +168,16 @@ class InheritsV3TestJSON(BaseInheritsV3Test):
|
|||
self.domain['id'], self.user['id'], src_role['id'])
|
||||
|
||||
# List "effective" role assignments from user on the parent project
|
||||
assignments = (
|
||||
self.role_assignments.list_user_project_effective_assignments(
|
||||
self.project['id'], self.user['id']))['role_assignments']
|
||||
params = {'scope.project.id': self.project['id'],
|
||||
'user.id': self.user['id']}
|
||||
assignments = self.role_assignments.list_role_assignments(
|
||||
effective=True, **params)['role_assignments']
|
||||
self.assertNotEmpty(assignments)
|
||||
|
||||
# List "effective" role assignments from user on the leaf project
|
||||
assignments = (
|
||||
self.role_assignments.list_user_project_effective_assignments(
|
||||
leaf_project['id'], self.user['id']))['role_assignments']
|
||||
params['scope.project.id'] = leaf_project['id']
|
||||
assignments = self.role_assignments.list_role_assignments(
|
||||
effective=True, **params)['role_assignments']
|
||||
self.assertNotEmpty(assignments)
|
||||
|
||||
# Revoke role from domain
|
||||
|
@ -185,16 +186,16 @@ class InheritsV3TestJSON(BaseInheritsV3Test):
|
|||
|
||||
# List "effective" role assignments from user on the parent project
|
||||
# should return an empty list
|
||||
assignments = (
|
||||
self.role_assignments.list_user_project_effective_assignments(
|
||||
self.project['id'], self.user['id']))['role_assignments']
|
||||
params['scope.project.id'] = self.project['id']
|
||||
assignments = self.role_assignments.list_role_assignments(
|
||||
effective=True, **params)['role_assignments']
|
||||
self.assertEmpty(assignments)
|
||||
|
||||
# List "effective" role assignments from user on the leaf project
|
||||
# should return an empty list
|
||||
assignments = (
|
||||
self.role_assignments.list_user_project_effective_assignments(
|
||||
leaf_project['id'], self.user['id']))['role_assignments']
|
||||
params['scope.project.id'] = leaf_project['id']
|
||||
assignments = self.role_assignments.list_role_assignments(
|
||||
effective=True, **params)['role_assignments']
|
||||
self.assertEmpty(assignments)
|
||||
|
||||
@test.idempotent_id('9f02ccd9-9b57-46b4-8f77-dd5a736f3a06')
|
||||
|
@ -217,9 +218,10 @@ class InheritsV3TestJSON(BaseInheritsV3Test):
|
|||
self.project['id'], self.user['id'], src_role['id'])
|
||||
|
||||
# List "effective" role assignments from user on the leaf project
|
||||
assignments = (
|
||||
self.role_assignments.list_user_project_effective_assignments(
|
||||
leaf_project['id'], self.user['id']))['role_assignments']
|
||||
params = {'scope.project.id': leaf_project['id'],
|
||||
'user.id': self.user['id']}
|
||||
assignments = self.role_assignments.list_role_assignments(
|
||||
effective=True, **params)['role_assignments']
|
||||
self.assertNotEmpty(assignments)
|
||||
|
||||
# Revoke role from parent project
|
||||
|
@ -228,7 +230,6 @@ class InheritsV3TestJSON(BaseInheritsV3Test):
|
|||
|
||||
# List "effective" role assignments from user on the leaf project
|
||||
# should return an empty list
|
||||
assignments = (
|
||||
self.role_assignments.list_user_project_effective_assignments(
|
||||
leaf_project['id'], self.user['id']))['role_assignments']
|
||||
assignments = self.role_assignments.list_role_assignments(
|
||||
effective=True, **params)['role_assignments']
|
||||
self.assertEmpty(assignments)
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from oslo_serialization import jsonutils as json
|
||||
from six.moves.urllib import parse as urllib
|
||||
|
||||
from tempest.lib.common import rest_client
|
||||
|
||||
|
||||
class RoleAssignmentsClient(rest_client.RestClient):
|
||||
api_version = "v3"
|
||||
|
||||
def list_role_assignments(self, effective=False, **kwargs):
|
||||
"""List role assignments.
|
||||
|
||||
For a full list of available parameters, please refer to the official
|
||||
API reference:
|
||||
http://developer.openstack.org/api-ref/identity/v3/?expanded=list-effective-role-assignments-detail
|
||||
|
||||
:param effective: If True, returns the effective assignments, including
|
||||
any assignments gained by virtue of group membership.
|
||||
"""
|
||||
url = 'role_assignments'
|
||||
if kwargs:
|
||||
# NOTE(rodrigods): "effective" is a key-only query parameter and
|
||||
# is treated below.
|
||||
if 'effective' in kwargs:
|
||||
del kwargs['effective']
|
||||
url += '?%s' % urllib.urlencode(kwargs)
|
||||
if effective:
|
||||
url += '&effective'
|
||||
|
||||
resp, body = self.get(url)
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body)
|
||||
return rest_client.ResponseBody(resp, body)
|
|
@ -22,14 +22,14 @@ from tempest.lib.services.identity.v3.inherited_roles_client import \
|
|||
from tempest.lib.services.identity.v3.policies_client import PoliciesClient
|
||||
from tempest.lib.services.identity.v3.projects_client import ProjectsClient
|
||||
from tempest.lib.services.identity.v3.regions_client import RegionsClient
|
||||
from tempest.lib.services.identity.v3.role_assignments_client import \
|
||||
RoleAssignmentsClient
|
||||
from tempest.lib.services.identity.v3.roles_client import RolesClient
|
||||
from tempest.lib.services.identity.v3.services_client import ServicesClient
|
||||
from tempest.lib.services.identity.v3.token_client import V3TokenClient
|
||||
from tempest.lib.services.identity.v3.trusts_client import TrustsClient
|
||||
from tempest.lib.services.identity.v3.users_client import UsersClient
|
||||
from tempest.services.identity.v3.json.domains_client import DomainsClient
|
||||
from tempest.services.identity.v3.json.role_assignments_client import \
|
||||
RoleAssignmentsClient
|
||||
|
||||
__all__ = ['CredentialsClient', 'EndPointsClient', 'GroupsClient',
|
||||
'IdentityClient', 'InheritedRolesClient', 'PoliciesClient',
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from oslo_serialization import jsonutils as json
|
||||
|
||||
from tempest.lib.common import rest_client
|
||||
|
||||
|
||||
class RoleAssignmentsClient(rest_client.RestClient):
|
||||
api_version = "v3"
|
||||
|
||||
def list_user_project_effective_assignments(
|
||||
self, project_id, user_id):
|
||||
"""List the effective role assignments for a user in a project."""
|
||||
resp, body = self.get(
|
||||
"role_assignments?scope.project.id=%s&user.id=%s&effective" %
|
||||
(project_id, user_id))
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body)
|
||||
return rest_client.ResponseBody(resp, body)
|
|
@ -0,0 +1,206 @@
|
|||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from tempest.lib.services.identity.v3 import role_assignments_client
|
||||
from tempest.tests.lib import fake_auth_provider
|
||||
from tempest.tests.lib.services import base
|
||||
|
||||
|
||||
class TestRoleAssignmentsClient(base.BaseServiceTest):
|
||||
|
||||
FAKE_USER_ID = "313234"
|
||||
FAKE_GROUP_ID = "101112"
|
||||
|
||||
FAKE_ROLE1_ID = "123456"
|
||||
FAKE_ROLE2_ID = "123457"
|
||||
|
||||
FAKE_PROJECT_ID = "456789"
|
||||
FAKE_DOMAIN_ID = "102030"
|
||||
|
||||
FAKE_USER_PROJECT_ASSIGNMENT = {
|
||||
"links": {
|
||||
"assignment": "http://example.com/identity/v3/projects/"
|
||||
"%s/users/%s/roles/%s" % (FAKE_PROJECT_ID,
|
||||
FAKE_USER_ID,
|
||||
FAKE_ROLE2_ID)
|
||||
},
|
||||
"role": {
|
||||
"id": FAKE_ROLE2_ID
|
||||
},
|
||||
"scope": {
|
||||
"project": {
|
||||
"id": FAKE_PROJECT_ID
|
||||
}
|
||||
},
|
||||
"user": {
|
||||
"id": FAKE_USER_ID
|
||||
}
|
||||
}
|
||||
|
||||
FAKE_GROUP_PROJECT_ASSIGNMENT = {
|
||||
"links": {
|
||||
"assignment": "http://example.com/identity/v3/projects/"
|
||||
"%s/groups/%s/roles/%s" % (FAKE_PROJECT_ID,
|
||||
FAKE_GROUP_ID,
|
||||
FAKE_ROLE1_ID)
|
||||
},
|
||||
"role": {
|
||||
"id": FAKE_ROLE1_ID
|
||||
},
|
||||
"scope": {
|
||||
"project": {
|
||||
"id": FAKE_PROJECT_ID
|
||||
}
|
||||
},
|
||||
"group": {
|
||||
"id": FAKE_GROUP_ID
|
||||
}
|
||||
}
|
||||
|
||||
FAKE_USER_PROJECT_EFFECTIVE_ASSIGNMENT = {
|
||||
"links": {
|
||||
"assignment": "http://example.com/identity/v3/projects/"
|
||||
"%s/groups/%s/roles/%s" % (FAKE_PROJECT_ID,
|
||||
FAKE_GROUP_ID,
|
||||
FAKE_ROLE1_ID),
|
||||
"membership": "http://example.com/identity/v3/groups/"
|
||||
"%s/users/%s" % (FAKE_GROUP_ID, FAKE_USER_ID)
|
||||
},
|
||||
"role": {
|
||||
"id": FAKE_ROLE1_ID
|
||||
},
|
||||
"scope": {
|
||||
"project": {
|
||||
"id": FAKE_PROJECT_ID
|
||||
}
|
||||
},
|
||||
"user": {
|
||||
"id": FAKE_USER_ID
|
||||
}
|
||||
}
|
||||
|
||||
FAKE_USER_DOMAIN_ASSIGNMENT = {
|
||||
"links": {
|
||||
"assignment": "http://example.com/identity/v3/domains/"
|
||||
"%s/users/%s/roles/%s" % (FAKE_DOMAIN_ID,
|
||||
FAKE_USER_ID,
|
||||
FAKE_ROLE1_ID)
|
||||
},
|
||||
"role": {
|
||||
"id": FAKE_ROLE1_ID
|
||||
},
|
||||
"scope": {
|
||||
"domain": {
|
||||
"id": FAKE_DOMAIN_ID
|
||||
}
|
||||
},
|
||||
"user": {
|
||||
"id": FAKE_USER_ID
|
||||
}
|
||||
}
|
||||
|
||||
FAKE_GROUP_PROJECT_ASSIGNMENTS = {
|
||||
"role_assignments": [
|
||||
FAKE_GROUP_PROJECT_ASSIGNMENT
|
||||
],
|
||||
"links": {
|
||||
"self": "http://example.com/identity/v3/role_assignments?"
|
||||
"scope.project.id=%s&group.id=%s&effective" % (
|
||||
FAKE_PROJECT_ID, FAKE_GROUP_ID),
|
||||
"previous": None,
|
||||
"next": None
|
||||
}
|
||||
}
|
||||
|
||||
FAKE_USER_PROJECT_EFFECTIVE_ASSIGNMENTS = {
|
||||
"role_assignments": [
|
||||
FAKE_USER_PROJECT_ASSIGNMENT,
|
||||
FAKE_USER_PROJECT_EFFECTIVE_ASSIGNMENT
|
||||
],
|
||||
"links": {
|
||||
"self": "http://example.com/identity/v3/role_assignments?"
|
||||
"scope.project.id=%s&user.id=%s&effective" % (
|
||||
FAKE_PROJECT_ID, FAKE_USER_ID),
|
||||
"previous": None,
|
||||
"next": None
|
||||
}
|
||||
}
|
||||
|
||||
FAKE_USER_DOMAIN_ASSIGNMENTS = {
|
||||
"role_assignments": [
|
||||
FAKE_USER_DOMAIN_ASSIGNMENT
|
||||
],
|
||||
"links": {
|
||||
"self": "http://example.com/identity/v3/role_assignments?"
|
||||
"scope.domain.id=%s&user.id=%s&effective" % (
|
||||
FAKE_DOMAIN_ID, FAKE_USER_ID),
|
||||
"previous": None,
|
||||
"next": None
|
||||
}
|
||||
}
|
||||
|
||||
def setUp(self):
|
||||
super(TestRoleAssignmentsClient, self).setUp()
|
||||
fake_auth = fake_auth_provider.FakeAuthProvider()
|
||||
self.client = role_assignments_client.RoleAssignmentsClient(
|
||||
fake_auth, 'identity', 'regionOne')
|
||||
|
||||
def _test_list_user_project_effective_assignments(self, bytes_body=False):
|
||||
params = {'scope.project.id': self.FAKE_PROJECT_ID,
|
||||
'user.id': self.FAKE_USER_ID}
|
||||
self.check_service_client_function(
|
||||
self.client.list_role_assignments,
|
||||
'tempest.lib.common.rest_client.RestClient.get',
|
||||
self.FAKE_USER_PROJECT_EFFECTIVE_ASSIGNMENTS,
|
||||
bytes_body,
|
||||
effective=True,
|
||||
**params)
|
||||
|
||||
def test_list_user_project_effective_assignments_with_str_body(self):
|
||||
self._test_list_user_project_effective_assignments()
|
||||
|
||||
def test_list_user_project_effective_assignments_with_bytes_body(self):
|
||||
self._test_list_user_project_effective_assignments(bytes_body=True)
|
||||
|
||||
def _test_list_group_project_assignments(self, bytes_body=False):
|
||||
params = {'scope.project.id': self.FAKE_PROJECT_ID,
|
||||
'group.id': self.FAKE_GROUP_ID}
|
||||
self.check_service_client_function(
|
||||
self.client.list_role_assignments,
|
||||
'tempest.lib.common.rest_client.RestClient.get',
|
||||
self.FAKE_GROUP_PROJECT_ASSIGNMENTS,
|
||||
bytes_body,
|
||||
**params)
|
||||
|
||||
def test_list_group_project_assignments_with_str_body(self):
|
||||
self._test_list_group_project_assignments()
|
||||
|
||||
def test_list_group_project_assignments_with_bytes_body(self):
|
||||
self._test_list_group_project_assignments(bytes_body=True)
|
||||
|
||||
def _test_list_user_domain_assignments(self, bytes_body=False):
|
||||
params = {'scope.domain.id': self.FAKE_DOMAIN_ID,
|
||||
'user.id': self.FAKE_USER_ID}
|
||||
self.check_service_client_function(
|
||||
self.client.list_role_assignments,
|
||||
'tempest.lib.common.rest_client.RestClient.get',
|
||||
self.FAKE_GROUP_PROJECT_ASSIGNMENTS,
|
||||
bytes_body,
|
||||
**params)
|
||||
|
||||
def test_list_user_domain_assignments_with_str_body(self):
|
||||
self._test_list_user_domain_assignments()
|
||||
|
||||
def test_list_user_domain_assignments_with_bytes_body(self):
|
||||
self._test_list_user_domain_assignments(bytes_body=True)
|
Loading…
Reference in New Issue