"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_application_credential.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_application_credential.py  (keystone-16.0.1):test_application_credential.py  (keystone-17.0.0)
skipping to change at line 16 skipping to change at line 16
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import datetime import datetime
import uuid import uuid
import http.client
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
from six.moves import http_client
from keystone.common.policies import base as base_policy from keystone.common.policies import base as base_policy
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
from keystone.tests.unit.ksfixtures import temporaryfile from keystone.tests.unit.ksfixtures import temporaryfile
skipping to change at line 128 skipping to change at line 128
""" """
def test_user_cannot_list_application_credentials(self): def test_user_cannot_list_application_credentials(self):
# create a couple of application credentials # create a couple of application credentials
self._create_application_credential() self._create_application_credential()
self._create_application_credential() self._create_application_credential()
with self.test_client() as c: with self.test_client() as c:
c.get('/v3/users/%s/application_credentials' % ( c.get('/v3/users/%s/application_credentials' % (
self.app_cred_user_id), self.app_cred_user_id),
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
def test_user_cannot_get_application_credential(self): def test_user_cannot_get_application_credential(self):
app_cred = self._create_application_credential() app_cred = self._create_application_credential()
with self.test_client() as c: with self.test_client() as c:
c.get('/v3/users/%s/application_credentials/%s' % ( c.get('/v3/users/%s/application_credentials/%s' % (
self.app_cred_user_id, self.app_cred_user_id,
app_cred['id']), app_cred['id']),
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
def test_user_cannot_lookup_application_credential(self): def test_user_cannot_lookup_application_credential(self):
app_cred = self._create_application_credential() app_cred = self._create_application_credential()
with self.test_client() as c: with self.test_client() as c:
c.get('/v3/users/%s/application_credentials?name=%s' % ( c.get('/v3/users/%s/application_credentials?name=%s' % (
self.app_cred_user_id, self.app_cred_user_id,
app_cred['name']), app_cred['name']),
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
def test_user_cannot_delete_application_credential(self): def test_user_cannot_delete_application_credential(self):
app_cred = self._create_application_credential() app_cred = self._create_application_credential()
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/users/%s/application_credentials/%s' % ( '/v3/users/%s/application_credentials/%s' % (
self.app_cred_user_id, self.app_cred_user_id,
app_cred['id']), app_cred['id']),
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
def test_user_cannot_lookup_non_existent_application_credential(self): def test_user_cannot_lookup_non_existent_application_credential(self):
with self.test_client() as c: with self.test_client() as c:
c.get('/v3/users/%s/application_credentials?name=%s' % ( c.get('/v3/users/%s/application_credentials?name=%s' % (
self.app_cred_user_id, self.app_cred_user_id,
uuid.uuid4().hex), uuid.uuid4().hex),
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
def test_user_cannot_create_app_credential_for_another_user(self): def test_user_cannot_create_app_credential_for_another_user(self):
# create another user # create another user
another_user = unit.new_user_ref( another_user = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id domain_id=CONF.identity.default_domain_id
) )
another_user_id = PROVIDERS.identity_api.create_user( another_user_id = PROVIDERS.identity_api.create_user(
another_user another_user
)['id'] )['id']
app_cred_body = { app_cred_body = {
'application_credential': unit.new_application_credential_ref( 'application_credential': unit.new_application_credential_ref(
roles=[{'id': self.bootstrapper.member_role_id}]) roles=[{'id': self.bootstrapper.member_role_id}])
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/users/%s/application_credentials' % another_user_id, '/v3/users/%s/application_credentials' % another_user_id,
json=app_cred_body, json=app_cred_body,
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
class _SystemUserAndOwnerTests(object): class _SystemUserAndOwnerTests(object):
"""Common default functionality for all system users and owner.""" """Common default functionality for all system users and owner."""
def test_user_can_list_application_credentials(self): def test_user_can_list_application_credentials(self):
# create a couple of application credentials # create a couple of application credentials
self._create_application_credential() self._create_application_credential()
self._create_application_credential() self._create_application_credential()
skipping to change at line 233 skipping to change at line 233
'/v3/users/%s/application_credentials?name=%s' % ( '/v3/users/%s/application_credentials?name=%s' % (
self.app_cred_user_id, self.app_cred_user_id,
app_cred['name']), app_cred['name']),
headers=self.headers) headers=self.headers)
self.assertEqual(1, len(r.json['application_credentials'])) self.assertEqual(1, len(r.json['application_credentials']))
actual_app_cred = r.json['application_credentials'][0] actual_app_cred = r.json['application_credentials'][0]
self.assertEqual(app_cred['id'], actual_app_cred['id']) self.assertEqual(app_cred['id'], actual_app_cred['id'])
def _test_delete_application_credential( def _test_delete_application_credential(
self, self,
expected_status_code=http_client.NO_CONTENT): expected_status_code=http.client.NO_CONTENT):
app_cred = self._create_application_credential() app_cred = self._create_application_credential()
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/users/%s/application_credentials/%s' % ( '/v3/users/%s/application_credentials/%s' % (
self.app_cred_user_id, self.app_cred_user_id,
app_cred['id']), app_cred['id']),
expected_status_code=expected_status_code, expected_status_code=expected_status_code,
headers=self.headers) headers=self.headers)
skipping to change at line 262 skipping to change at line 262
app_cred_body = { app_cred_body = {
'application_credential': unit.new_application_credential_ref( 'application_credential': unit.new_application_credential_ref(
roles=[{'id': self.bootstrapper.member_role_id}]) roles=[{'id': self.bootstrapper.member_role_id}])
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/users/%s/application_credentials' % another_user_id, '/v3/users/%s/application_credentials' % another_user_id,
json=app_cred_body, json=app_cred_body,
expected_status_code=http_client.FORBIDDEN, expected_status_code=http.client.FORBIDDEN,
headers=self.headers) headers=self.headers)
class SystemReaderTests(_TestAppCredBase, class SystemReaderTests(_TestAppCredBase,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserAndOwnerTests): _SystemUserAndOwnerTests):
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
skipping to change at line 299 skipping to change at line 299
# Grab a token using the persona we're testing and prepare headers # Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests. # for requests we'll be making in the tests.
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth) r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token'] self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id} self.headers = {'X-Auth-Token': self.token_id}
def test_system_reader_cannot_delete_application_credential_for_user(self): def test_system_reader_cannot_delete_application_credential_for_user(self):
self._test_delete_application_credential( self._test_delete_application_credential(
expected_status_code=http_client.FORBIDDEN) expected_status_code=http.client.FORBIDDEN)
class SystemMemberTests(_TestAppCredBase, class SystemMemberTests(_TestAppCredBase,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserAndOwnerTests): _SystemUserAndOwnerTests):
def setUp(self): def setUp(self):
super(SystemMemberTests, self).setUp() super(SystemMemberTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True) self.config_fixture.config(group='oslo_policy', enforce_scope=True)
skipping to change at line 335 skipping to change at line 335
# Grab a token using the persona we're testing and prepare headers # Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests. # for requests we'll be making in the tests.
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth) r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token'] self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id} self.headers = {'X-Auth-Token': self.token_id}
def test_system_reader_cannot_delete_application_credential_for_user(self): def test_system_reader_cannot_delete_application_credential_for_user(self):
self._test_delete_application_credential( self._test_delete_application_credential(
expected_status_code=http_client.FORBIDDEN) expected_status_code=http.client.FORBIDDEN)
class SystemAdminTests(_TestAppCredBase, class SystemAdminTests(_TestAppCredBase,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserAndOwnerTests): _SystemUserAndOwnerTests):
def setUp(self): def setUp(self):
super(SystemAdminTests, self).setUp() super(SystemAdminTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True) self.config_fixture.config(group='oslo_policy', enforce_scope=True)
skipping to change at line 408 skipping to change at line 408
def test_create_application_credential_by_owner(self): def test_create_application_credential_by_owner(self):
app_cred_body = { app_cred_body = {
'application_credential': unit.new_application_credential_ref() 'application_credential': unit.new_application_credential_ref()
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/users/%s/application_credentials' % self.user_id, '/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body, json=app_cred_body,
expected_status_code=http_client.CREATED, expected_status_code=http.client.CREATED,
headers=self.headers) headers=self.headers)
def test_owner_can_delete_application_credential(self): def test_owner_can_delete_application_credential(self):
self._test_delete_application_credential() self._test_delete_application_credential()
class DomainAdminTests(_TestAppCredBase, class DomainAdminTests(_TestAppCredBase,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_DomainAndProjectUserTests): _DomainAndProjectUserTests):
def setUp(self): def setUp(self):
 End of changes. 13 change blocks. 
12 lines changed or deleted 12 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)