150 lines
6.6 KiB
Python
150 lines
6.6 KiB
Python
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from oslo_serialization import jsonutils as json
|
|
|
|
from tempest.lib.common import rest_client
|
|
|
|
|
|
class InheritedRolesClient(rest_client.RestClient):
|
|
api_version = "v3"
|
|
|
|
def create_inherited_role_on_domains_user(
|
|
self, domain_id, user_id, role_id):
|
|
"""Assigns a role to a user on projects owned by a domain."""
|
|
resp, body = self.put(
|
|
"OS-INHERIT/domains/%s/users/%s/roles/%s/inherited_to_projects"
|
|
% (domain_id, user_id, role_id), None)
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def delete_inherited_role_from_user_on_domain(
|
|
self, domain_id, user_id, role_id):
|
|
"""Revokes an inherited project role from a user on a domain."""
|
|
resp, body = self.delete(
|
|
"OS-INHERIT/domains/%s/users/%s/roles/%s/inherited_to_projects"
|
|
% (domain_id, user_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def list_inherited_project_role_for_user_on_domain(
|
|
self, domain_id, user_id):
|
|
"""Lists the inherited project roles on a domain for a user."""
|
|
resp, body = self.get(
|
|
"OS-INHERIT/domains/%s/users/%s/roles/inherited_to_projects"
|
|
% (domain_id, user_id))
|
|
self.expected_success(200, resp.status)
|
|
body = json.loads(body)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def check_user_inherited_project_role_on_domain(
|
|
self, domain_id, user_id, role_id):
|
|
"""Checks whether a user has an inherited project role on a domain."""
|
|
resp, _ = self.head(
|
|
"OS-INHERIT/domains/%s/users/%s/roles/%s/inherited_to_projects"
|
|
% (domain_id, user_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp)
|
|
|
|
def create_inherited_role_on_domains_group(
|
|
self, domain_id, group_id, role_id):
|
|
"""Assigns a role to a group on projects owned by a domain."""
|
|
resp, body = self.put(
|
|
"OS-INHERIT/domains/%s/groups/%s/roles/%s/inherited_to_projects"
|
|
% (domain_id, group_id, role_id), None)
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def delete_inherited_role_from_group_on_domain(
|
|
self, domain_id, group_id, role_id):
|
|
"""Revokes an inherited project role from a group on a domain."""
|
|
resp, body = self.delete(
|
|
"OS-INHERIT/domains/%s/groups/%s/roles/%s/inherited_to_projects"
|
|
% (domain_id, group_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def list_inherited_project_role_for_group_on_domain(
|
|
self, domain_id, group_id):
|
|
"""Lists the inherited project roles on a domain for a group."""
|
|
resp, body = self.get(
|
|
"OS-INHERIT/domains/%s/groups/%s/roles/inherited_to_projects"
|
|
% (domain_id, group_id))
|
|
self.expected_success(200, resp.status)
|
|
body = json.loads(body)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def check_group_inherited_project_role_on_domain(
|
|
self, domain_id, group_id, role_id):
|
|
"""Checks whether a group has an inherited project role on a domain."""
|
|
resp, _ = self.head(
|
|
"OS-INHERIT/domains/%s/groups/%s/roles/%s/inherited_to_projects"
|
|
% (domain_id, group_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp)
|
|
|
|
def create_inherited_role_on_projects_user(
|
|
self, project_id, user_id, role_id):
|
|
"""Assigns a role to a user on projects in a subtree."""
|
|
resp, body = self.put(
|
|
"OS-INHERIT/projects/%s/users/%s/roles/%s/inherited_to_projects"
|
|
% (project_id, user_id, role_id), None)
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def delete_inherited_role_from_user_on_project(
|
|
self, project_id, user_id, role_id):
|
|
"""Revokes an inherited role from a user on a project."""
|
|
resp, body = self.delete(
|
|
"OS-INHERIT/projects/%s/users/%s/roles/%s/inherited_to_projects"
|
|
% (project_id, user_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def check_user_has_flag_on_inherited_to_project(
|
|
self, project_id, user_id, role_id):
|
|
"""Check if user has an inherited project role on project"""
|
|
resp, _ = self.head(
|
|
"OS-INHERIT/projects/%s/users/%s/roles/%s/inherited_to_projects"
|
|
% (project_id, user_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp)
|
|
|
|
def create_inherited_role_on_projects_group(
|
|
self, project_id, group_id, role_id):
|
|
"""Assigns a role to a group on projects in a subtree."""
|
|
resp, body = self.put(
|
|
"OS-INHERIT/projects/%s/groups/%s/roles/%s/inherited_to_projects"
|
|
% (project_id, group_id, role_id), None)
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def delete_inherited_role_from_group_on_project(
|
|
self, project_id, group_id, role_id):
|
|
"""Revokes an inherited role from a group on a project."""
|
|
resp, body = self.delete(
|
|
"OS-INHERIT/projects/%s/groups/%s/roles/%s/inherited_to_projects"
|
|
% (project_id, group_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp, body)
|
|
|
|
def check_group_has_flag_on_inherited_to_project(
|
|
self, project_id, group_id, role_id):
|
|
"""Check if group has an inherited project role on project"""
|
|
resp, _ = self.head(
|
|
"OS-INHERIT/projects/%s/groups/%s/roles/%s/inherited_to_projects"
|
|
% (project_id, group_id, role_id))
|
|
self.expected_success(204, resp.status)
|
|
return rest_client.ResponseBody(resp)
|