"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_limits.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_limits.py  (keystone-16.0.1):test_limits.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import uuid import uuid
from six.moves import http_client import http.client
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
skipping to change at line 135 skipping to change at line 135
project_id=project['id'], service_id=service['id'], project_id=project['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'], resource_name=registered_limit['resource_name'],
resource_limit=5 resource_limit=5
) )
] ]
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/limits', json=create, headers=self.headers, '/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_limits(self): def test_user_cannot_update_limits(self):
limit_id, _ = _create_limits_and_dependencies() limit_id, _ = _create_limits_and_dependencies()
update = {'limits': {'description': uuid.uuid4().hex}} update = {'limits': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/limits/%s' % limit_id, json=update, '/v3/limits/%s' % limit_id, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_limits(self): def test_user_cannot_delete_limits(self):
limit_id, _ = _create_limits_and_dependencies() limit_id, _ = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/limits/%s' % limit_id, '/v3/limits/%s' % limit_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class SystemReaderTests(base_classes.TestCaseWithBootstrap, class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_UserLimitTests): _UserLimitTests):
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True) self.config_fixture.config(group='oslo_policy', enforce_scope=True)
skipping to change at line 374 skipping to change at line 374
with self.test_client() as c: with self.test_client() as c:
r = c.get('/v3/limits/%s' % domain_limit_id, headers=self.headers) r = c.get('/v3/limits/%s' % domain_limit_id, headers=self.headers)
self.assertEqual(self.domain_id, r.json['limit']['domain_id']) self.assertEqual(self.domain_id, r.json['limit']['domain_id'])
def test_user_cannot_get_project_limit_outside_domain(self): def test_user_cannot_get_project_limit_outside_domain(self):
project_limit_id, _ = _create_limits_and_dependencies() project_limit_id, _ = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/limits/%s' % project_limit_id, headers=self.headers, '/v3/limits/%s' % project_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_get_domain_limits_for_other_domain(self): def test_user_cannot_get_domain_limits_for_other_domain(self):
_, domain_limit_id = _create_limits_and_dependencies() _, domain_limit_id = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/limits/%s' % domain_limit_id, headers=self.headers, '/v3/limits/%s' % domain_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_list_limits_within_domain(self): def test_user_can_list_limits_within_domain(self):
project_limit_id, domain_limit_id = _create_limits_and_dependencies( project_limit_id, domain_limit_id = _create_limits_and_dependencies(
domain_id=self.domain_id domain_id=self.domain_id
) )
with self.test_client() as c: with self.test_client() as c:
r = c.get('/v3/limits', headers=self.headers) r = c.get('/v3/limits', headers=self.headers)
result = [] result = []
skipping to change at line 436 skipping to change at line 436
domain_id=self.domain_id, service_id=service['id'], domain_id=self.domain_id, service_id=service['id'],
resource_name=registered_limit['resource_name'], resource_name=registered_limit['resource_name'],
resource_limit=5 resource_limit=5
) )
] ]
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/limits', json=create, headers=self.headers, '/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_create_limits_for_other_domain(self): def test_user_cannot_create_limits_for_other_domain(self):
service = PROVIDERS.catalog_api.create_service( service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref() uuid.uuid4().hex, unit.new_service_ref()
) )
registered_limit = unit.new_registered_limit_ref( registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex service_id=service['id'], id=uuid.uuid4().hex
) )
skipping to change at line 468 skipping to change at line 468
service_id=service['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'], resource_name=registered_limit['resource_name'],
resource_limit=5 resource_limit=5
) )
] ]
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/limits', json=create, headers=self.headers, '/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_create_limits_for_projects_in_domain(self): def test_user_cannot_create_limits_for_projects_in_domain(self):
service = PROVIDERS.catalog_api.create_service( service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref() uuid.uuid4().hex, unit.new_service_ref()
) )
registered_limit = unit.new_registered_limit_ref( registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex service_id=service['id'], id=uuid.uuid4().hex
) )
skipping to change at line 504 skipping to change at line 504
service_id=service['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'], resource_name=registered_limit['resource_name'],
resource_limit=5 resource_limit=5
) )
] ]
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/limits', json=create, headers=self.headers, '/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_create_limits_for_projects_outside_domain(self): def test_user_cannot_create_limits_for_projects_outside_domain(self):
service = PROVIDERS.catalog_api.create_service( service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref() uuid.uuid4().hex, unit.new_service_ref()
) )
registered_limit = unit.new_registered_limit_ref( registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex service_id=service['id'], id=uuid.uuid4().hex
) )
skipping to change at line 541 skipping to change at line 541
service_id=service['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'], resource_name=registered_limit['resource_name'],
resource_limit=5 resource_limit=5
) )
] ]
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/limits', json=create, headers=self.headers, '/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_limits_for_domain(self): def test_user_cannot_update_limits_for_domain(self):
_, domain_limit_id = _create_limits_and_dependencies( _, domain_limit_id = _create_limits_and_dependencies(
domain_id=self.domain_id domain_id=self.domain_id
) )
update = {'limit': {'resource_limit': 1}} update = {'limit': {'resource_limit': 1}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/limits/%s' % domain_limit_id, json=update, '/v3/limits/%s' % domain_limit_id, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_limits_for_other_domain(self): def test_user_cannot_update_limits_for_other_domain(self):
_, domain_limit_id = _create_limits_and_dependencies() _, domain_limit_id = _create_limits_and_dependencies()
update = {'limit': {'resource_limit': 1}} update = {'limit': {'resource_limit': 1}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/limits/%s' % domain_limit_id, json=update, '/v3/limits/%s' % domain_limit_id, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_limits_for_projects_in_domain(self): def test_user_cannot_update_limits_for_projects_in_domain(self):
project_limit_id, _ = _create_limits_and_dependencies( project_limit_id, _ = _create_limits_and_dependencies(
domain_id=self.domain_id domain_id=self.domain_id
) )
update = {'limit': {'resource_limit': 1}} update = {'limit': {'resource_limit': 1}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/limits/%s' % project_limit_id, headers=self.headers, '/v3/limits/%s' % project_limit_id, headers=self.headers,
json=update, expected_status_code=http_client.FORBIDDEN json=update, expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_limits_for_projects_outside_domain(self): def test_user_cannot_update_limits_for_projects_outside_domain(self):
project_limit_id, _ = _create_limits_and_dependencies() project_limit_id, _ = _create_limits_and_dependencies()
update = {'limit': {'resource_limit': 1}} update = {'limit': {'resource_limit': 1}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/limits/%s' % project_limit_id, headers=self.headers, '/v3/limits/%s' % project_limit_id, headers=self.headers,
json=update, expected_status_code=http_client.FORBIDDEN json=update, expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_limits_for_domain(self): def test_user_cannot_delete_limits_for_domain(self):
_, domain_limit_id = _create_limits_and_dependencies( _, domain_limit_id = _create_limits_and_dependencies(
domain_id=self.domain_id domain_id=self.domain_id
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/limits/%s' % domain_limit_id, headers=self.headers, '/v3/limits/%s' % domain_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_limits_for_other_domain(self): def test_user_cannot_delete_limits_for_other_domain(self):
_, domain_limit_id = _create_limits_and_dependencies() _, domain_limit_id = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/limits/%s' % domain_limit_id, headers=self.headers, '/v3/limits/%s' % domain_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_limits_for_projects_in_domain(self): def test_user_cannot_delete_limits_for_projects_in_domain(self):
project_limit_id, _ = _create_limits_and_dependencies( project_limit_id, _ = _create_limits_and_dependencies(
domain_id=self.domain_id domain_id=self.domain_id
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/limits/%s' % project_limit_id, headers=self.headers, '/v3/limits/%s' % project_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_limits_for_projects_outside_domain(self): def test_user_cannot_delete_limits_for_projects_outside_domain(self):
project_limit_id, _ = _create_limits_and_dependencies() project_limit_id, _ = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/limits/%s' % project_limit_id, headers=self.headers, '/v3/limits/%s' % project_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class ProjectUserTests(base_classes.TestCaseWithBootstrap, class ProjectUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin): common_auth.AuthTestMixin):
def setUp(self): def setUp(self):
super(ProjectUserTests, self).setUp() super(ProjectUserTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True) self.config_fixture.config(group='oslo_policy', enforce_scope=True)
skipping to change at line 689 skipping to change at line 689
with self.test_client() as c: with self.test_client() as c:
r = c.get('/v3/limits/%s' % project_limit_id, headers=headers) r = c.get('/v3/limits/%s' % project_limit_id, headers=headers)
def test_user_cannot_get_project_limit_without_role_assignment(self): def test_user_cannot_get_project_limit_without_role_assignment(self):
project_limit_id, _ = _create_limits_and_dependencies() project_limit_id, _ = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/limits/%s' % project_limit_id, headers=self.headers, '/v3/limits/%s' % project_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_get_domain_limit(self): def test_user_cannot_get_domain_limit(self):
_, domain_limit_id = _create_limits_and_dependencies() _, domain_limit_id = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/limits/%s' % domain_limit_id, headers=self.headers, '/v3/limits/%s' % domain_limit_id, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_list_limits(self): def test_user_can_list_limits(self):
project_limit_id, _ = _create_limits_and_dependencies() project_limit_id, _ = _create_limits_and_dependencies()
limit = PROVIDERS.unified_limit_api.get_limit(project_limit_id) limit = PROVIDERS.unified_limit_api.get_limit(project_limit_id)
# NOTE(lbragstad): Project users are only allowed to list limits for a # NOTE(lbragstad): Project users are only allowed to list limits for a
# project if they actually have a role assignment on the project and # project if they actually have a role assignment on the project and
# call the API with a project-scoped token. # call the API with a project-scoped token.
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
skipping to change at line 771 skipping to change at line 771
project_id=project['id'], service_id=service['id'], project_id=project['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'], resource_name=registered_limit['resource_name'],
resource_limit=5 resource_limit=5
) )
] ]
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/limits', json=create, headers=self.headers, '/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_limits(self): def test_user_cannot_update_limits(self):
limit_id, _ = _create_limits_and_dependencies() limit_id, _ = _create_limits_and_dependencies()
update = {'limits': {'description': uuid.uuid4().hex}} update = {'limits': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/limits/%s' % limit_id, json=update, '/v3/limits/%s' % limit_id, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_limits(self): def test_user_cannot_delete_limits(self):
limit_id, _ = _create_limits_and_dependencies() limit_id, _ = _create_limits_and_dependencies()
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/limits/%s' % limit_id, '/v3/limits/%s' % limit_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class ProjectUserTestsWithoutEnforceScope(ProjectUserTests): class ProjectUserTestsWithoutEnforceScope(ProjectUserTests):
def setUp(self): def setUp(self):
super(ProjectUserTestsWithoutEnforceScope, self).setUp() super(ProjectUserTestsWithoutEnforceScope, self).setUp()
self.config_fixture.config(group='oslo_policy', enforce_scope=False) self.config_fixture.config(group='oslo_policy', enforce_scope=False)
 End of changes. 23 change blocks. 
23 lines changed or deleted 23 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)