Merge "Add client methods and tests for system grants"
This commit is contained in:
commit
ed2acc91f5
|
@ -142,6 +142,26 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
|
|||
self.roles_client.delete_role_from_user_on_domain(
|
||||
self.domain['id'], self.user_body['id'], self.role['id'])
|
||||
|
||||
@testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
|
||||
'Skipped because environment has an immutable user '
|
||||
'source and solely provides read-only access to users.')
|
||||
@decorators.idempotent_id('e5a81737-d294-424d-8189-8664858aae4c')
|
||||
def test_grant_list_revoke_role_to_user_on_system(self):
|
||||
self.roles_client.create_user_role_on_system(
|
||||
self.user_body['id'], self.role['id'])
|
||||
|
||||
roles = self.roles_client.list_user_roles_on_system(
|
||||
self.user_body['id'])['roles']
|
||||
|
||||
self.assertEqual(1, len(roles))
|
||||
self.assertEqual(self.role['id'], roles[0]['id'])
|
||||
|
||||
self.roles_client.check_user_role_existence_on_system(
|
||||
self.user_body['id'], self.role['id'])
|
||||
|
||||
self.roles_client.delete_role_from_user_on_system(
|
||||
self.user_body['id'], self.role['id'])
|
||||
|
||||
@decorators.idempotent_id('cbf11737-1904-4690-9613-97bcbb3df1c4')
|
||||
@testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
|
||||
'Skipped because environment has an immutable user '
|
||||
|
@ -197,6 +217,23 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
|
|||
self.roles_client.delete_role_from_group_on_domain(
|
||||
self.domain['id'], self.group_body['id'], self.role['id'])
|
||||
|
||||
@decorators.idempotent_id('c888fe4f-8018-48db-b959-542225c1b4b6')
|
||||
def test_grant_list_revoke_role_to_group_on_system(self):
|
||||
self.roles_client.create_group_role_on_system(
|
||||
self.group_body['id'], self.role['id'])
|
||||
|
||||
roles = self.roles_client.list_group_roles_on_system(
|
||||
self.group_body['id'])['roles']
|
||||
|
||||
self.assertEqual(1, len(roles))
|
||||
self.assertEqual(self.role['id'], roles[0]['id'])
|
||||
|
||||
self.roles_client.check_role_from_group_on_system_existence(
|
||||
self.group_body['id'], self.role['id'])
|
||||
|
||||
self.roles_client.delete_role_from_group_on_system(
|
||||
self.group_body['id'], self.role['id'])
|
||||
|
||||
@decorators.idempotent_id('f5654bcc-08c4-4f71-88fe-05d64e06de94')
|
||||
def test_list_roles(self):
|
||||
"""Test listing roles"""
|
||||
|
|
|
@ -89,6 +89,13 @@ class RolesClient(rest_client.RestClient):
|
|||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def create_user_role_on_system(self, user_id, role_id):
|
||||
"""Add roles to a user on the system."""
|
||||
resp, body = self.put('system/users/%s/roles/%s' %
|
||||
(user_id, role_id), None)
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def list_user_roles_on_project(self, project_id, user_id):
|
||||
"""list roles of a user on a project."""
|
||||
resp, body = self.get('projects/%s/users/%s/roles' %
|
||||
|
@ -105,6 +112,13 @@ class RolesClient(rest_client.RestClient):
|
|||
body = json.loads(body)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def list_user_roles_on_system(self, user_id):
|
||||
"""list roles of a user on the system."""
|
||||
resp, body = self.get('system/users/%s/roles' % user_id)
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def delete_role_from_user_on_project(self, project_id, user_id, role_id):
|
||||
"""Delete role of a user on a project."""
|
||||
resp, body = self.delete('projects/%s/users/%s/roles/%s' %
|
||||
|
@ -119,6 +133,13 @@ class RolesClient(rest_client.RestClient):
|
|||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def delete_role_from_user_on_system(self, user_id, role_id):
|
||||
"""Delete role of a user on the system."""
|
||||
resp, body = self.delete('system/users/%s/roles/%s' %
|
||||
(user_id, role_id))
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def check_user_role_existence_on_project(self, project_id,
|
||||
user_id, role_id):
|
||||
"""Check role of a user on a project."""
|
||||
|
@ -135,6 +156,12 @@ class RolesClient(rest_client.RestClient):
|
|||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp)
|
||||
|
||||
def check_user_role_existence_on_system(self, user_id, role_id):
|
||||
"""Check role of a user on the system."""
|
||||
resp, body = self.head('system/users/%s/roles/%s' % (user_id, role_id))
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp)
|
||||
|
||||
def create_group_role_on_project(self, project_id, group_id, role_id):
|
||||
"""Add roles to a group on a project."""
|
||||
resp, body = self.put('projects/%s/groups/%s/roles/%s' %
|
||||
|
@ -149,6 +176,13 @@ class RolesClient(rest_client.RestClient):
|
|||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def create_group_role_on_system(self, group_id, role_id):
|
||||
"""Add roles to a group on the system."""
|
||||
resp, body = self.put('system/groups/%s/roles/%s' %
|
||||
(group_id, role_id), None)
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def list_group_roles_on_project(self, project_id, group_id):
|
||||
"""list roles of a group on a project."""
|
||||
resp, body = self.get('projects/%s/groups/%s/roles' %
|
||||
|
@ -165,6 +199,13 @@ class RolesClient(rest_client.RestClient):
|
|||
body = json.loads(body)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def list_group_roles_on_system(self, group_id):
|
||||
"""list roles of a group on the system."""
|
||||
resp, body = self.get('system/groups/%s/roles' % group_id)
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def delete_role_from_group_on_project(self, project_id, group_id, role_id):
|
||||
"""Delete role of a group on a project."""
|
||||
resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
|
||||
|
@ -179,6 +220,13 @@ class RolesClient(rest_client.RestClient):
|
|||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def delete_role_from_group_on_system(self, group_id, role_id):
|
||||
"""Delete role of a group on the system."""
|
||||
resp, body = self.delete('system/groups/%s/roles/%s' %
|
||||
(group_id, role_id))
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def check_role_from_group_on_project_existence(self, project_id,
|
||||
group_id, role_id):
|
||||
"""Check role of a group on a project."""
|
||||
|
@ -195,6 +243,13 @@ class RolesClient(rest_client.RestClient):
|
|||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp)
|
||||
|
||||
def check_role_from_group_on_system_existence(self, group_id, role_id):
|
||||
"""Check role of a group on the system."""
|
||||
resp, body = self.head('system/groups/%s/roles/%s' %
|
||||
(group_id, role_id))
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp)
|
||||
|
||||
def create_role_inference_rule(self, prior_role, implies_role):
|
||||
"""Create a role inference rule."""
|
||||
resp, body = self.put('roles/%s/implies/%s' %
|
||||
|
|
|
@ -225,6 +225,16 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def _test_create_user_role_on_system(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.create_user_role_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.put',
|
||||
{},
|
||||
bytes_body,
|
||||
user_id="123",
|
||||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def _test_list_user_roles_on_project(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.list_user_roles_on_project,
|
||||
|
@ -243,6 +253,14 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
domain_id="b344506af7644f6794d9cb316600b020",
|
||||
user_id="123")
|
||||
|
||||
def _test_list_user_roles_on_system(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.list_user_roles_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.get',
|
||||
self.FAKE_LIST_ROLES,
|
||||
bytes_body,
|
||||
user_id="123")
|
||||
|
||||
def _test_create_group_role_on_project(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.create_group_role_on_project,
|
||||
|
@ -265,6 +283,16 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def _test_create_group_role_on_system(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.create_group_role_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.put',
|
||||
{},
|
||||
bytes_body,
|
||||
group_id="123",
|
||||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def _test_list_group_roles_on_project(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.list_group_roles_on_project,
|
||||
|
@ -283,6 +311,15 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
domain_id="b344506af7644f6794d9cb316600b020",
|
||||
group_id="123")
|
||||
|
||||
def _test_list_group_roles_on_system(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.list_group_roles_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.get',
|
||||
self.FAKE_LIST_ROLES,
|
||||
bytes_body,
|
||||
domain_id="b344506af7644f6794d9cb316600b020",
|
||||
group_id="123")
|
||||
|
||||
def _test_create_role_inference_rule(self, bytes_body=False):
|
||||
self.check_service_client_function(
|
||||
self.client.create_role_inference_rule,
|
||||
|
@ -405,6 +442,15 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_delete_role_from_user_on_system(self):
|
||||
self.check_service_client_function(
|
||||
self.client.delete_role_from_user_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.delete',
|
||||
{},
|
||||
user_id="123",
|
||||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_delete_role_from_group_on_project(self):
|
||||
self.check_service_client_function(
|
||||
self.client.delete_role_from_group_on_project,
|
||||
|
@ -425,6 +471,15 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_delete_role_from_group_on_system(self):
|
||||
self.check_service_client_function(
|
||||
self.client.delete_role_from_group_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.delete',
|
||||
{},
|
||||
group_id="123",
|
||||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_check_user_role_existence_on_project(self):
|
||||
self.check_service_client_function(
|
||||
self.client.check_user_role_existence_on_project,
|
||||
|
@ -445,6 +500,15 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_check_user_role_existence_on_system(self):
|
||||
self.check_service_client_function(
|
||||
self.client.check_user_role_existence_on_system,
|
||||
'tempest.lib.common.rest_client.RestClient.head',
|
||||
{},
|
||||
user_id="123",
|
||||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_check_role_from_group_on_project_existence(self):
|
||||
self.check_service_client_function(
|
||||
self.client.check_role_from_group_on_project_existence,
|
||||
|
@ -465,6 +529,15 @@ class TestRolesClient(base.BaseServiceTest):
|
|||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_check_role_from_group_on_system_existence(self):
|
||||
self.check_service_client_function(
|
||||
self.client.check_role_from_group_on_system_existence,
|
||||
'tempest.lib.common.rest_client.RestClient.head',
|
||||
{},
|
||||
group_id="123",
|
||||
role_id="1234",
|
||||
status=204)
|
||||
|
||||
def test_create_role_inference_rule_with_str_body(self):
|
||||
self._test_create_role_inference_rule()
|
||||
|
||||
|
|
Loading…
Reference in New Issue