"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_projects.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_projects.py  (keystone-16.0.1):test_projects.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import uuid import uuid
import http.client
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
from six.moves import http_client
from keystone.common.policies import project as pp from keystone.common.policies import project as pp
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
from keystone.tests.unit.ksfixtures import temporaryfile from keystone.tests.unit.ksfixtures import temporaryfile
skipping to change at line 82 skipping to change at line 82
) )
with self.test_client() as c: with self.test_client() as c:
r = c.get('/v3/projects/%s' % project['id'], headers=self.headers) r = c.get('/v3/projects/%s' % project['id'], headers=self.headers)
self.assertEqual(project['id'], r.json['project']['id']) self.assertEqual(project['id'], r.json['project']['id'])
def test_user_cannot_get_non_existent_project_not_found(self): def test_user_cannot_get_non_existent_project_not_found(self):
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
class _SystemMemberAndReaderProjectTests(object): class _SystemMemberAndReaderProjectTests(object):
"""Common default functionality for system members and system readers.""" """Common default functionality for system members and system readers."""
def test_user_cannot_create_projects(self): def test_user_cannot_create_projects(self):
create = { create = {
'project': unit.new_project_ref( 'project': unit.new_project_ref(
domain_id=CONF.identity.default_domain_id domain_id=CONF.identity.default_domain_id
) )
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/projects', json=create, headers=self.headers, '/v3/projects', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_projects(self): def test_user_cannot_update_projects(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % project['id'], json=update, '/v3/projects/%s' % project['id'], json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_non_existent_project_forbidden(self): def test_user_cannot_update_non_existent_project_forbidden(self):
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % uuid.uuid4().hex, json=update, '/v3/projects/%s' % uuid.uuid4().hex, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_projects(self): def test_user_cannot_delete_projects(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_non_existent_project_forbidden(self): def test_user_cannot_delete_non_existent_project_forbidden(self):
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class _DomainUsersTests(object): class _DomainUsersTests(object):
"""Common default functionality for all domain users.""" """Common default functionality for all domain users."""
def test_user_can_list_projects_within_domain(self): def test_user_can_list_projects_within_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=self.domain_id) unit.new_project_ref(domain_id=self.domain_id)
) )
skipping to change at line 188 skipping to change at line 188
def test_user_cannot_get_a_project_in_other_domain(self): def test_user_cannot_get_a_project_in_other_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_list_projects_for_user_in_domain(self): def test_user_can_list_projects_for_user_in_domain(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref( unit.new_user_ref(
self.domain_id, self.domain_id,
id=uuid.uuid4().hex id=uuid.uuid4().hex
) )
) )
skipping to change at line 237 skipping to change at line 237
) )
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
self.bootstrapper.reader_role_id, user_id=user['id'], self.bootstrapper.reader_role_id, user_id=user['id'],
project_id=project['id'] project_id=project['id']
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/users/%s/projects' % user['id'], headers=self.headers, '/v3/users/%s/projects' % user['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class _DomainMemberAndReaderProjectTests(object): class _DomainMemberAndReaderProjectTests(object):
"""Common default functionality for domain member and domain readers.""" """Common default functionality for domain member and domain readers."""
def test_user_cannot_create_projects_within_domain(self): def test_user_cannot_create_projects_within_domain(self):
create = {'project': unit.new_project_ref(domain_id=self.domain_id)} create = {'project': unit.new_project_ref(domain_id=self.domain_id)}
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/projects', json=create, headers=self.headers, '/v3/projects', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_create_projects_in_other_domains(self): def test_user_cannot_create_projects_in_other_domains(self):
create = { create = {
'project': unit.new_project_ref( 'project': unit.new_project_ref(
domain_id=CONF.identity.default_domain_id domain_id=CONF.identity.default_domain_id
) )
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/projects', json=create, headers=self.headers, '/v3/projects', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_projects_within_domain(self): def test_user_cannot_update_projects_within_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=self.domain_id) unit.new_project_ref(domain_id=self.domain_id)
) )
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % project['id'], json=update, '/v3/projects/%s' % project['id'], json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_projects_in_other_domain(self): def test_user_cannot_update_projects_in_other_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % project['id'], json=update, '/v3/projects/%s' % project['id'], json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_non_existent_project_forbidden(self): def test_user_cannot_update_non_existent_project_forbidden(self):
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % uuid.uuid4().hex, json=update, '/v3/projects/%s' % uuid.uuid4().hex, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_projects_within_domain(self): def test_user_cannot_delete_projects_within_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=self.domain_id) unit.new_project_ref(domain_id=self.domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_projects_in_other_domain(self): def test_user_cannot_delete_projects_in_other_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_non_existent_projects_forbidden(self): def test_user_cannot_delete_non_existent_projects_forbidden(self):
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class SystemReaderTests(base_classes.TestCaseWithBootstrap, class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserTests, _SystemUserTests,
_SystemMemberAndReaderProjectTests): _SystemMemberAndReaderProjectTests):
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.loadapp() self.loadapp()
skipping to change at line 457 skipping to change at line 457
headers=self.headers headers=self.headers
) )
def test_user_can_update_non_existent_project_not_found(self): def test_user_can_update_non_existent_project_not_found(self):
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % uuid.uuid4().hex, json=update, '/v3/projects/%s' % uuid.uuid4().hex, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
def test_user_can_delete_projects(self): def test_user_can_delete_projects(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete('/v3/projects/%s' % project['id'], headers=self.headers) c.delete('/v3/projects/%s' % project['id'], headers=self.headers)
def test_user_can_delete_non_existent_project_not_found(self): def test_user_can_delete_non_existent_project_not_found(self):
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
def test_user_can_list_their_projects(self): def test_user_can_list_their_projects(self):
other_project = PROVIDERS.resource_api.create_project( other_project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
user_project = PROVIDERS.resource_api.create_project( user_project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
skipping to change at line 654 skipping to change at line 654
def test_user_cannot_create_projects_in_other_domains(self): def test_user_cannot_create_projects_in_other_domains(self):
create = { create = {
'project': unit.new_project_ref( 'project': unit.new_project_ref(
domain_id=CONF.identity.default_domain_id domain_id=CONF.identity.default_domain_id
) )
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/projects', json=create, headers=self.headers, '/v3/projects', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_update_projects_within_domain(self): def test_user_can_update_projects_within_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=self.domain_id) unit.new_project_ref(domain_id=self.domain_id)
) )
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
skipping to change at line 683 skipping to change at line 683
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % project['id'], json=update, '/v3/projects/%s' % project['id'], json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_non_existent_project_forbidden(self): def test_user_cannot_update_non_existent_project_forbidden(self):
# Because domain users operate outside of system scope, we can't # Because domain users operate outside of system scope, we can't
# confidently return a Not Found here because they aren't system users. # confidently return a Not Found here because they aren't system users.
# The best we can do is return a Forbidden because we need the # The best we can do is return a Forbidden because we need the
# project's domain in order to resolve the policy check, and the # project's domain in order to resolve the policy check, and the
# project doesn't exist. This errors on the side of opacity and returns # project doesn't exist. This errors on the side of opacity and returns
# a 403 instead of a 404. # a 403 instead of a 404.
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % uuid.uuid4().hex, json=update, '/v3/projects/%s' % uuid.uuid4().hex, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_delete_projects_within_domain(self): def test_user_can_delete_projects_within_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=self.domain_id) unit.new_project_ref(domain_id=self.domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete('/v3/projects/%s' % project['id'], headers=self.headers) c.delete('/v3/projects/%s' % project['id'], headers=self.headers)
def test_user_cannot_delete_projects_in_other_domain(self): def test_user_cannot_delete_projects_in_other_domain(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_non_existent_projects_forbidden(self): def test_user_cannot_delete_non_existent_projects_forbidden(self):
# Because domain users operate outside of system scope, we can't # Because domain users operate outside of system scope, we can't
# confidently return a Not Found here because they aren't system users. # confidently return a Not Found here because they aren't system users.
# The best we can do is return a Forbidden because we need the # The best we can do is return a Forbidden because we need the
# project's domain in order to resolve the policy check, and the # project's domain in order to resolve the policy check, and the
# project doesn't exist. This errors on the side of opacity and returns # project doesn't exist. This errors on the side of opacity and returns
# a 403 instead of a 404. # a 403 instead of a 404.
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class ProjectUserTests(base_classes.TestCaseWithBootstrap, class ProjectUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin): common_auth.AuthTestMixin):
def setUp(self): def setUp(self):
super(ProjectUserTests, self).setUp() super(ProjectUserTests, self).setUp()
self.loadapp() self.loadapp()
self.policy_file = self.useFixture(temporaryfile.SecureTempFile()) self.policy_file = self.useFixture(temporaryfile.SecureTempFile())
skipping to change at line 801 skipping to change at line 801
'identity:delete_project': pp.SYSTEM_ADMIN_OR_DOMAIN_ADMIN 'identity:delete_project': pp.SYSTEM_ADMIN_OR_DOMAIN_ADMIN
} }
f.write(jsonutils.dumps(overridden_policies)) f.write(jsonutils.dumps(overridden_policies))
def test_user_cannot_list_projects(self): def test_user_cannot_list_projects(self):
# This test is assuming the user calling the API has a role assignment # This test is assuming the user calling the API has a role assignment
# on the project created by ``keystone-manage bootstrap``. # on the project created by ``keystone-manage bootstrap``.
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/projects', headers=self.headers, '/v3/projects', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_projects_for_others(self): def test_user_cannot_list_projects_for_others(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref( unit.new_user_ref(
CONF.identity.default_domain_id, CONF.identity.default_domain_id,
id=uuid.uuid4().hex id=uuid.uuid4().hex
) )
) )
skipping to change at line 825 skipping to change at line 825
) )
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
self.bootstrapper.reader_role_id, user_id=user['id'], self.bootstrapper.reader_role_id, user_id=user['id'],
project_id=project['id'] project_id=project['id']
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/users/%s/projects' % user['id'], headers=self.headers, '/v3/users/%s/projects' % user['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_list_their_projects(self): def test_user_can_list_their_projects(self):
# Users can get this information from the GET /v3/auth/projects API or # Users can get this information from the GET /v3/auth/projects API or
# the GET /v3/users/{user_id}/projects API. The GET /v3/projects API is # the GET /v3/users/{user_id}/projects API. The GET /v3/projects API is
# administrative, reserved for system and domain users. # administrative, reserved for system and domain users.
with self.test_client() as c: with self.test_client() as c:
r = c.get( r = c.get(
'/v3/users/%s/projects' % self.user_id, headers=self.headers, '/v3/users/%s/projects' % self.user_id, headers=self.headers,
) )
skipping to change at line 852 skipping to change at line 852
def test_user_cannot_get_other_projects(self): def test_user_cannot_get_other_projects(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_create_projects(self): def test_user_cannot_create_projects(self):
create = { create = {
'project': unit.new_project_ref( 'project': unit.new_project_ref(
domain_id=CONF.identity.default_domain_id domain_id=CONF.identity.default_domain_id
) )
} }
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/projects', json=create, headers=self.headers, '/v3/projects', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_projects(self): def test_user_cannot_update_projects(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % project['id'], json=update, '/v3/projects/%s' % project['id'], json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_update_non_existent_project_forbidden(self): def test_user_cannot_update_non_existent_project_forbidden(self):
update = {'project': {'description': uuid.uuid4().hex}} update = {'project': {'description': uuid.uuid4().hex}}
with self.test_client() as c: with self.test_client() as c:
c.patch( c.patch(
'/v3/projects/%s' % uuid.uuid4().hex, json=update, '/v3/projects/%s' % uuid.uuid4().hex, json=update,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_projects(self): def test_user_cannot_delete_projects(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % project['id'], headers=self.headers, '/v3/projects/%s' % project['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_non_existent_project_forbidden(self): def test_user_cannot_delete_non_existent_project_forbidden(self):
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers, '/v3/projects/%s' % uuid.uuid4().hex, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
 End of changes. 33 change blocks. 
32 lines changed or deleted 32 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)