openstack
/
tempest
Code Issues Proposed changes

Merge "Add client methods and tests for system grants"

This commit is contained in:
Zuul 2021-01-22 04:44:35 +00:00 committed by Gerrit Code Review
parent cd147631f8 5dbaaed88e
commit ed2acc91f5
3 changed files with 165 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
tempest/api/identity/admin/v3/test_roles.py
View File

@ -142,6 +142,26 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
self.roles_client.delete_role_from_user_on_domain(
self.domain['id'], self.user_body['id'], self.role['id'])
@testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
'Skipped because environment has an immutable user '
'source and solely provides read-only access to users.')
@decorators.idempotent_id('e5a81737-d294-424d-8189-8664858aae4c')
def test_grant_list_revoke_role_to_user_on_system(self):
self.roles_client.create_user_role_on_system(
self.user_body['id'], self.role['id'])
roles = self.roles_client.list_user_roles_on_system(
self.user_body['id'])['roles']
self.assertEqual(1, len(roles))
self.assertEqual(self.role['id'], roles[0]['id'])
self.roles_client.check_user_role_existence_on_system(
self.user_body['id'], self.role['id'])
self.roles_client.delete_role_from_user_on_system(
self.user_body['id'], self.role['id'])
@decorators.idempotent_id('cbf11737-1904-4690-9613-97bcbb3df1c4')
@testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
'Skipped because environment has an immutable user '
@ -197,6 +217,23 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
self.roles_client.delete_role_from_group_on_domain(
self.domain['id'], self.group_body['id'], self.role['id'])
@decorators.idempotent_id('c888fe4f-8018-48db-b959-542225c1b4b6')
def test_grant_list_revoke_role_to_group_on_system(self):
self.roles_client.create_group_role_on_system(
self.group_body['id'], self.role['id'])
roles = self.roles_client.list_group_roles_on_system(
self.group_body['id'])['roles']
self.assertEqual(1, len(roles))
self.assertEqual(self.role['id'], roles[0]['id'])
self.roles_client.check_role_from_group_on_system_existence(
self.group_body['id'], self.role['id'])
self.roles_client.delete_role_from_group_on_system(
self.group_body['id'], self.role['id'])
@decorators.idempotent_id('f5654bcc-08c4-4f71-88fe-05d64e06de94')
def test_list_roles(self):
"""Test listing roles"""

55
tempest/lib/services/identity/v3/roles_client.py
View File

@ -89,6 +89,13 @@ class RolesClient(rest_client.RestClient):
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def create_user_role_on_system(self, user_id, role_id):
"""Add roles to a user on the system."""
resp, body = self.put('system/users/%s/roles/%s' %
(user_id, role_id), None)
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def list_user_roles_on_project(self, project_id, user_id):
"""list roles of a user on a project."""
resp, body = self.get('projects/%s/users/%s/roles' %
@ -105,6 +112,13 @@ class RolesClient(rest_client.RestClient):
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def list_user_roles_on_system(self, user_id):
"""list roles of a user on the system."""
resp, body = self.get('system/users/%s/roles' % user_id)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def delete_role_from_user_on_project(self, project_id, user_id, role_id):
"""Delete role of a user on a project."""
resp, body = self.delete('projects/%s/users/%s/roles/%s' %
@ -119,6 +133,13 @@ class RolesClient(rest_client.RestClient):
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def delete_role_from_user_on_system(self, user_id, role_id):
"""Delete role of a user on the system."""
resp, body = self.delete('system/users/%s/roles/%s' %
(user_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def check_user_role_existence_on_project(self, project_id,
user_id, role_id):
"""Check role of a user on a project."""
@ -135,6 +156,12 @@ class RolesClient(rest_client.RestClient):
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp)
def check_user_role_existence_on_system(self, user_id, role_id):
"""Check role of a user on the system."""
resp, body = self.head('system/users/%s/roles/%s' % (user_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp)
def create_group_role_on_project(self, project_id, group_id, role_id):
"""Add roles to a group on a project."""
resp, body = self.put('projects/%s/groups/%s/roles/%s' %
@ -149,6 +176,13 @@ class RolesClient(rest_client.RestClient):
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def create_group_role_on_system(self, group_id, role_id):
"""Add roles to a group on the system."""
resp, body = self.put('system/groups/%s/roles/%s' %
(group_id, role_id), None)
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def list_group_roles_on_project(self, project_id, group_id):
"""list roles of a group on a project."""
resp, body = self.get('projects/%s/groups/%s/roles' %
@ -165,6 +199,13 @@ class RolesClient(rest_client.RestClient):
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def list_group_roles_on_system(self, group_id):
"""list roles of a group on the system."""
resp, body = self.get('system/groups/%s/roles' % group_id)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def delete_role_from_group_on_project(self, project_id, group_id, role_id):
"""Delete role of a group on a project."""
resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
@ -179,6 +220,13 @@ class RolesClient(rest_client.RestClient):
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def delete_role_from_group_on_system(self, group_id, role_id):
"""Delete role of a group on the system."""
resp, body = self.delete('system/groups/%s/roles/%s' %
(group_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def check_role_from_group_on_project_existence(self, project_id,
group_id, role_id):
"""Check role of a group on a project."""
@ -195,6 +243,13 @@ class RolesClient(rest_client.RestClient):
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp)
def check_role_from_group_on_system_existence(self, group_id, role_id):
"""Check role of a group on the system."""
resp, body = self.head('system/groups/%s/roles/%s' %
(group_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp)
def create_role_inference_rule(self, prior_role, implies_role):
"""Create a role inference rule."""
resp, body = self.put('roles/%s/implies/%s' %

73
tempest/tests/lib/services/identity/v3/test_roles_client.py
View File

@ -225,6 +225,16 @@ class TestRolesClient(base.BaseServiceTest):
role_id="1234",
status=204)
def _test_create_user_role_on_system(self, bytes_body=False):
self.check_service_client_function(
self.client.create_user_role_on_system,
'tempest.lib.common.rest_client.RestClient.put',
{},
bytes_body,
user_id="123",
role_id="1234",
status=204)
def _test_list_user_roles_on_project(self, bytes_body=False):
self.check_service_client_function(
self.client.list_user_roles_on_project,
@ -243,6 +253,14 @@ class TestRolesClient(base.BaseServiceTest):
domain_id="b344506af7644f6794d9cb316600b020",
user_id="123")
def _test_list_user_roles_on_system(self, bytes_body=False):
self.check_service_client_function(
self.client.list_user_roles_on_system,
'tempest.lib.common.rest_client.RestClient.get',
self.FAKE_LIST_ROLES,
bytes_body,
user_id="123")
def _test_create_group_role_on_project(self, bytes_body=False):
self.check_service_client_function(
self.client.create_group_role_on_project,
@ -265,6 +283,16 @@ class TestRolesClient(base.BaseServiceTest):
role_id="1234",
status=204)
def _test_create_group_role_on_system(self, bytes_body=False):
self.check_service_client_function(
self.client.create_group_role_on_system,
'tempest.lib.common.rest_client.RestClient.put',
{},
bytes_body,
group_id="123",
role_id="1234",
status=204)
def _test_list_group_roles_on_project(self, bytes_body=False):
self.check_service_client_function(
self.client.list_group_roles_on_project,
@ -283,6 +311,15 @@ class TestRolesClient(base.BaseServiceTest):
domain_id="b344506af7644f6794d9cb316600b020",
group_id="123")
def _test_list_group_roles_on_system(self, bytes_body=False):
self.check_service_client_function(
self.client.list_group_roles_on_system,
'tempest.lib.common.rest_client.RestClient.get',
self.FAKE_LIST_ROLES,
bytes_body,
domain_id="b344506af7644f6794d9cb316600b020",
group_id="123")
def _test_create_role_inference_rule(self, bytes_body=False):
self.check_service_client_function(
self.client.create_role_inference_rule,
@ -405,6 +442,15 @@ class TestRolesClient(base.BaseServiceTest):
role_id="1234",
status=204)
def test_delete_role_from_user_on_system(self):
self.check_service_client_function(
self.client.delete_role_from_user_on_system,
'tempest.lib.common.rest_client.RestClient.delete',
{},
user_id="123",
role_id="1234",
status=204)
def test_delete_role_from_group_on_project(self):
self.check_service_client_function(
self.client.delete_role_from_group_on_project,
@ -425,6 +471,15 @@ class TestRolesClient(base.BaseServiceTest):
role_id="1234",
status=204)
def test_delete_role_from_group_on_system(self):
self.check_service_client_function(
self.client.delete_role_from_group_on_system,
'tempest.lib.common.rest_client.RestClient.delete',
{},
group_id="123",
role_id="1234",
status=204)
def test_check_user_role_existence_on_project(self):
self.check_service_client_function(
self.client.check_user_role_existence_on_project,
@ -445,6 +500,15 @@ class TestRolesClient(base.BaseServiceTest):
role_id="1234",
status=204)
def test_check_user_role_existence_on_system(self):
self.check_service_client_function(
self.client.check_user_role_existence_on_system,
'tempest.lib.common.rest_client.RestClient.head',
{},
user_id="123",
role_id="1234",
status=204)
def test_check_role_from_group_on_project_existence(self):
self.check_service_client_function(
self.client.check_role_from_group_on_project_existence,
@ -465,6 +529,15 @@ class TestRolesClient(base.BaseServiceTest):
role_id="1234",
status=204)
def test_check_role_from_group_on_system_existence(self):
self.check_service_client_function(
self.client.check_role_from_group_on_system_existence,
'tempest.lib.common.rest_client.RestClient.head',
{},
group_id="123",
role_id="1234",
status=204)
def test_create_role_inference_rule_with_str_body(self):
self._test_create_role_inference_rule()