Update Ranger keystone group tempest tests

Included the following test cases

test_add_delete_default_user
test_add_delete_region_user
test_add_delete_group_regions

Change-Id: Iba74784e0c4256f8b62a5381ba3ff89791b2ec82
This commit is contained in:
stewie925 2019-05-23 09:56:16 -07:00
parent 265761babd
commit a214d88a64
4 changed files with 171 additions and 25 deletions

View File

@ -50,6 +50,18 @@ _group = {
'required': ['id', 'links', 'created']
}
_users = {
'type': 'object',
'properties': {
'id': {
'type': 'array',
'items': {'type': 'string'}
},
'domain': {'type': 'string'},
},
'required': ['id', 'domain']
}
create_group = {
'status_code': [201],
'response_body': {
@ -73,7 +85,8 @@ get_group = {
'domain': {'type': 'string'},
'name': {'type': 'string'},
'regions': {'type': 'array'},
'description': {'type': 'string'}
'description': {'type': 'string'},
'users': {'type': 'array'}
},
'required': ['status', 'uuid', 'enabled', 'domain', 'name',
'regions', 'description']
@ -113,6 +126,7 @@ list_groups = {
delete_group = _delete
delete_groups_region = _delete
_roles = {
'type': 'object',
'properties': {
@ -158,3 +172,37 @@ list_group_roles = {
'required': ['roles']
}
}
add_groups_region = {
'status_code': [200],
'response_body': {
'type': 'object',
'properties': {
'regions': {
'type': 'array',
'items': _region
},
'transaction_id': {'type': 'string'}
},
'required': ['regions', 'transaction_id']
}
}
add_groups_users = {
'status_code': [200],
'response_body': {
'type': 'object',
'properties': {
'transaction_id': {'type': 'string'},
'users': {
'type': 'array',
'items': _users
},
'links': _links,
'created': {'type': 'string', 'format': 'date-time'}
},
'required': ['transaction_id', 'users', 'links', 'created']
}
}
delete_groups_user = _delete

View File

@ -45,6 +45,12 @@ class GrpClient(base_client.RangerClientBase):
uri += '?' + urllib.urlencode(filter)
return self.get_request(uri, schema.list_groups)
def add_groups_region(self, group_id, *args):
uri = '%s/%s/orm/groups/%s/regions' % (
self.cms_url, self.version, group_id)
post_body = json.dumps(args)
return self.post_request(uri, post_body, schema.add_groups_region)
def delete_groups_region(self, group_id, region_id):
uri = '%s/%s/orm/groups/%s/regions/%s' % (
self.cms_url, self.version, group_id, region_id)
@ -75,3 +81,27 @@ class GrpClient(base_client.RangerClientBase):
uri = '%s/%s/orm/groups/%s/roles/%s' % (
self.cms_url, self.version, group_id, params)
return self.get_request(uri, schema.list_group_roles)
def add_group_default_user(self, group_id, *args):
uri = '%s/%s/orm/groups/%s/users' \
% (self.cms_url, self.version, group_id)
post_body = json.dumps(args)
return self.post_request(uri, post_body, schema.add_groups_users)
def delete_group_default_user(self, group_id, user_id, user_domain):
uri = '%s/%s/orm/groups/%s/users/%s/%s' % (
self.cms_url, self.version, group_id, user_id, user_domain)
return self.delete_request(uri, schema.delete_groups_region)
def add_group_region_user(self, group_id, region_id, *args):
uri = '%s/%s/orm/groups/%s/regions/%s/users' \
% (self.cms_url, self.version, group_id, region_id)
post_body = json.dumps(args)
return self.post_request(uri, post_body, schema.add_groups_users)
def delete_groups_region_user(self, group_id, region_id,
user_id, user_domain):
uri = '%s/%s/orm/groups/%s/regions/%s/users/%s/%s' % (
self.cms_url, self.version, group_id, region_id,
user_id, user_domain)
return self.delete_request(uri, schema.delete_groups_region)

View File

@ -34,28 +34,33 @@ class GrpBaseOrmTest(CmsBaseOrmTest):
cls.grp_client = cls.os_primary.grp_client
@classmethod
def _get_group_params(cls, enabled=True):
region, payload = {}, {}
def _get_group_params(cls, enabled=True, region_users=True,
default_users=True):
region, user, payload = {}, {}, {}
grp_name = data_utils.rand_name('ormTempestGrp')
region['name'] = CONF.identity.region
region['type'] = 'single'
user['id'] = [cls.os_primary.credentials.username]
user['domain'] = CONF.ranger.domain
region["users"] = [user] if region_users else []
regions = [region]
payload["description"] = grp_name
payload["domain"] = CONF.ranger.domain
payload["enabled"] = True if enabled else False
payload["name"] = grp_name
payload["regions"] = regions
payload['users'] = [user] if default_users else []
return payload
@classmethod
def _get_user_params(cls, alt=False):
users = []
if not alt:
users.append({'id': cls.os_primary.credentials.username,
'role': ['admin']})
users.append({'id': [cls.os_primary.credentials.username],
'domain': CONF.ranger.domain})
else:
users.append({'id': cls.os_alt.credentials.username,
'role': ['admin_viewer', 'admin_support']})
users.append({'id': [cls.os_alt.credentials.username],
'domain': CONF.ranger.domain})
return users
@classmethod
@ -63,7 +68,7 @@ class GrpBaseOrmTest(CmsBaseOrmTest):
region = {}
region['name'] = CONF.identity.region
region['type'] = 'single'
return [region]
return region
@classmethod
def _create_grp_validate_creation_on_dcp_and_lcp(self, **kwargs):

View File

@ -88,23 +88,6 @@ class TestTempestGrp(grp_base.GrpBaseOrmTest):
groups = [grp['id'] for grp in body['groups']]
self.assertIn(self.setup_group_id, groups)
@decorators.idempotent_id('880f614f-6317-4973-a244-f2e44443f551')
def test_delete_regions(self):
# setup data for delete_region
post_body = self._get_group_params()
region_name = post_body["regions"][0]["name"]
test_group_id = self._create_grp_validate_creation_on_dcp_and_lcp(
**post_body)
self.addCleanup(self._del_group_validate_deletion_on_dcp_and_lcp,
test_group_id)
_, group = self.grp_client.get_group(test_group_id)
self.assertTrue(group["regions"])
_, body = self.grp_client.delete_groups_region(test_group_id,
region_name)
self._wait_for_group_status(test_group_id, 'no regions')
_, group = self.grp_client.get_group(test_group_id)
self.assertFalse(group["regions"])
@decorators.idempotent_id('bba25028-d962-47df-9566-557eec48f22d')
def test_create_group(self):
post_body = self._get_group_params()
@ -198,3 +181,83 @@ class TestTempestGrp(grp_base.GrpBaseOrmTest):
_, body = self.grp_client.list_group_roles(self.setup_group_id,
list_filter)
self.assertEqual(body['roles'], [])
@decorators.idempotent_id('880f614f-6317-4973-a244-f2e44443f551')
def test_add_delete_group_regions(self):
# using the group record created by tempest setup, we'll test
# delete region first before before add region
region_name = self.setup_group['regions'][0]['name']
_, body = self.grp_client.delete_groups_region(self.setup_group_id,
region_name)
self._wait_for_group_status(self.setup_group_id, 'no regions')
_, group = self.grp_client.get_group(self.setup_group_id)
self.assertFalse(group["regions"])
# now we test add group region to add region back to the setup_group
post_region_body = self._get_region_params()
_, body = self.grp_client.add_groups_region(self.setup_group_id,
post_region_body)
self._wait_for_group_status(self.setup_group_id, 'Success')
_, group = self.grp_client.get_group(self.setup_group_id)
self.assertTrue(group["regions"])
@decorators.idempotent_id('1f23fe95-b05a-4368-baf7-5a526b13bea3')
def test_add_delete_default_user(self):
# using the existing setup group record, delete the default user
default_user_id = self.setup_group['users'][0]['id'][0]
user_domain = self.setup_group['users'][0]['domain']
# user[0]['id'] for user in self.setup_group['users']]
_, body =\
self.grp_client.delete_group_default_user(self.setup_group_id,
default_user_id,
user_domain)
self._wait_for_group_status(self.setup_group_id, 'Success')
_, group = self.grp_client.get_group(self.setup_group_id)
# validate delete operation success by confirming that the default
# users list and region user lists are empty after delete operation
self.assertFalse(group['users'])
self.assertFalse(group['regions'][0]['users'])
# now add back the default user, then validate that new user is
# added to group AND region levels successfully
post_default_user = self._get_user_params()
default_user_id = post_default_user[0]["id"][0]
_, body = self.grp_client.add_group_default_user(self.setup_group_id,
*post_default_user)
self._wait_for_group_status(self.setup_group_id, 'Success')
_, group = self.grp_client.get_group(self.setup_group_id,)
self.assertIn(default_user_id, [x['id'][0] for x in group['users']])
self.assertIn(default_user_id,
[x['id'][0] for x in group['regions'][0]['users']])
@decorators.idempotent_id('3390b5cd-3229-4db2-a5b8-aec3e840a6a0')
def test_add_delete_region_user(self):
# using the tempest setup group record, creare new region user
post_region_user = self._get_user_params(alt=True)
region_user_id = post_region_user[0]["id"][0]
region_user_domain = post_region_user[0]["domain"]
_, body =\
self.grp_client.add_group_region_user(self.setup_group_id,
CONF.identity.region,
*post_region_user)
self._wait_for_group_status(self.setup_group_id, 'Success')
_, group = self.grp_client.get_group(self.setup_group_id)
self.assertTrue(
region_user_id in group['regions'][0]['users'][0]['id'])
# now delete the region_user_id from the tempest setup record
_, body =\
self.grp_client.delete_groups_region_user(self.setup_group_id,
CONF.identity.region,
region_user_id,
region_user_domain)
self._wait_for_group_status(self.setup_group_id, 'Success')
_, group = self.grp_client.get_group(self.setup_group_id)
# assert region user id is removed from the group
self.assertFalse(
region_user_id in group['regions'][0]['users'][0]['id'])