"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_domain_roles.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_domain_roles.py  (keystone-16.0.1):test_domain_roles.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import uuid import uuid
from six.moves import http_client import http.client
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
skipping to change at line 61 skipping to change at line 61
class _SystemReaderAndMemberDomainRoleTests(object): class _SystemReaderAndMemberDomainRoleTests(object):
"""Common default functionality for system readers and system members.""" """Common default functionality for system readers and system members."""
def test_user_cannot_create_domain_roles(self): def test_user_cannot_create_domain_roles(self):
create = {'role': unit.new_role_ref( create = {'role': unit.new_role_ref(
domain_id=CONF.identity.default_domain_id)} domain_id=CONF.identity.default_domain_id)}
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/roles', json=create, headers=self.headers, '/v3/roles', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_domain_roles(self): def test_user_cannot_update_domain_roles(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'role': {'description': uuid.uuid4().hex}} update = {'role': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/roles/%s' % role['id'], json=update, headers=self.headers, '/v3/roles/%s' % role['id'], json=update, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_domain_roles(self): def test_user_cannot_delete_domain_roles(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/roles/%s' % role['id'], headers=self.headers, '/v3/roles/%s' % role['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class _DomainAndProjectUserDomainRoleTests(object): class _DomainAndProjectUserDomainRoleTests(object):
"""Common functionality for all domain and project users.""" """Common functionality for all domain and project users."""
def test_user_cannot_list_domain_roles(self): def test_user_cannot_list_domain_roles(self):
PROVIDERS.role_api.create_role( PROVIDERS.role_api.create_role(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id)) unit.new_role_ref(domain_id=CONF.identity.default_domain_id))
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/roles', headers=self.headers, '/v3/roles', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_get_a_domain_role(self): def test_user_cannot_get_a_domain_role(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/roles/%s' % role['id'], headers=self.headers, '/v3/roles/%s' % role['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_create_domain_roles(self): def test_user_cannot_create_domain_roles(self):
create = {'role': unit.new_role_ref( create = {'role': unit.new_role_ref(
domain_id=CONF.identity.default_domain_id)} domain_id=CONF.identity.default_domain_id)}
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/roles', json=create, headers=self.headers, '/v3/roles', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_domain_roles(self): def test_user_cannot_update_domain_roles(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'role': {'description': uuid.uuid4().hex}} update = {'role': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/roles/%s' % role['id'], json=update, headers=self.headers, '/v3/roles/%s' % role['id'], json=update, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_domain_roles(self): def test_user_cannot_delete_domain_roles(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_role_ref(domain_id=CONF.identity.default_domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/roles/%s' % role['id'], headers=self.headers, '/v3/roles/%s' % role['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class SystemReaderTests(base_classes.TestCaseWithBootstrap, class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserDomainRoleTests, _SystemUserDomainRoleTests,
_SystemReaderAndMemberDomainRoleTests): _SystemReaderAndMemberDomainRoleTests):
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.loadapp() self.loadapp()
skipping to change at line 245 skipping to change at line 245
) )
# Grab a token using the persona we're testing and prepare headers # Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests. # for requests we'll be making in the tests.
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth) r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token'] self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id} self.headers = {'X-Auth-Token': self.token_id}
def test_user_can_create_roles(self): def test_user_can_create_roles(self):
create = {'role': unit.new_role_ref(domain_id=CONF.identity.default_doma create = {'role': unit.new_role_ref(
in_id)} domain_id=CONF.identity.default_domain_id)}
with self.test_client() as c: with self.test_client() as c:
c.post('/v3/roles', json=create, headers=self.headers) c.post('/v3/roles', json=create, headers=self.headers)
def test_user_can_update_roles(self): def test_user_can_update_roles(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, unit.new_role_ref(domain_id=CONF.identity.default_ uuid.uuid4().hex,
domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'role': {'description': uuid.uuid4().hex}} update = {'role': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/roles/%s' % role['id'], json=update, headers=self.headers, '/v3/roles/%s' % role['id'], json=update, headers=self.headers,
) )
def test_user_can_delete_roles(self): def test_user_can_delete_roles(self):
role = PROVIDERS.role_api.create_role( role = PROVIDERS.role_api.create_role(
uuid.uuid4().hex, unit.new_role_ref(domain_id=CONF.identity.default_ uuid.uuid4().hex,
domain_id) unit.new_role_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete('/v3/roles/%s' % role['id'], headers=self.headers) c.delete('/v3/roles/%s' % role['id'], headers=self.headers)
class DomainUserTests(base_classes.TestCaseWithBootstrap, class DomainUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_DomainAndProjectUserDomainRoleTests): _DomainAndProjectUserDomainRoleTests):
def setUp(self): def setUp(self):
 End of changes. 12 change blocks. 
15 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)