"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_system_assignments.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_system_assignments.py  (keystone-16.0.1):test_system_assignments.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import uuid import uuid
import http.client
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
from six.moves import http_client
from keystone.common.policies import base from keystone.common.policies import base
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
from keystone.tests.unit.ksfixtures import temporaryfile from keystone.tests.unit.ksfixtures import temporaryfile
skipping to change at line 64 skipping to change at line 64
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/system/users/%s/roles/%s' % ( '/v3/system/users/%s/roles/%s' % (
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.NO_CONTENT expected_status_code=http.client.NO_CONTENT
) )
def test_user_can_list_group_system_role_assignments(self): def test_user_can_list_group_system_role_assignments(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_group( PROVIDERS.assignment_api.create_system_grant_for_group(
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
) )
skipping to change at line 100 skipping to change at line 100
PROVIDERS.assignment_api.create_system_grant_for_group( PROVIDERS.assignment_api.create_system_grant_for_group(
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/system/groups/%s/roles/%s' % ( '/v3/system/groups/%s/roles/%s' % (
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.NO_CONTENT expected_status_code=http.client.NO_CONTENT
) )
class _SystemMemberAndReaderSystemAssignmentTests(object): class _SystemMemberAndReaderSystemAssignmentTests(object):
def test_user_cannot_grant_system_assignments(self): def test_user_cannot_grant_system_assignments(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(CONF.identity.default_domain_id) unit.new_user_ref(CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.put( c.put(
'/v3/system/users/%s/roles/%s' % ( '/v3/system/users/%s/roles/%s' % (
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_system_assignments(self): def test_user_cannot_revoke_system_assignments(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(CONF.identity.default_domain_id) unit.new_user_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/system/users/%s/roles/%s' % ( '/v3/system/users/%s/roles/%s' % (
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_grant_group_system_assignment(self): def test_user_cannot_grant_group_system_assignment(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.put( c.put(
'/v3/system/groups/%s/roles/%s' % ( '/v3/system/groups/%s/roles/%s' % (
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_group_system_assignment(self): def test_user_cannot_revoke_group_system_assignment(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_group( PROVIDERS.assignment_api.create_system_grant_for_group(
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/system/groups/%s/roles/%s' % ( '/v3/system/groups/%s/roles/%s' % (
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class _DomainAndProjectUserSystemAssignmentTests(object): class _DomainAndProjectUserSystemAssignmentTests(object):
def test_user_cannot_list_system_role_assignments(self): def test_user_cannot_list_system_role_assignments(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(CONF.identity.default_domain_id) unit.new_user_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/system/users/%s/roles' % user['id'], headers=self.headers, '/v3/system/users/%s/roles' % user['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_check_user_system_role_assignments(self): def test_user_cannot_check_user_system_role_assignments(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(CONF.identity.default_domain_id) unit.new_user_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/system/users/%s/roles/%s' % ( '/v3/system/users/%s/roles/%s' % (
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_grant_system_assignments(self): def test_user_cannot_grant_system_assignments(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(CONF.identity.default_domain_id) unit.new_user_ref(CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.put( c.put(
'/v3/system/users/%s/roles/%s' % ( '/v3/system/users/%s/roles/%s' % (
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_system_assignments(self): def test_user_cannot_revoke_system_assignments(self):
user = PROVIDERS.identity_api.create_user( user = PROVIDERS.identity_api.create_user(
unit.new_user_ref(CONF.identity.default_domain_id) unit.new_user_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/system/users/%s/roles/%s' % ( '/v3/system/users/%s/roles/%s' % (
user['id'], self.bootstrapper.member_role_id user['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_group_system_role_assignments(self): def test_user_cannot_list_group_system_role_assignments(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_group( PROVIDERS.assignment_api.create_system_grant_for_group(
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/system/groups/%s/roles' % group['id'], headers=self.headers '/v3/system/groups/%s/roles' % group['id'],
, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_check_group_system_role_assignments(self): def test_user_cannot_check_group_system_role_assignments(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_group( PROVIDERS.assignment_api.create_system_grant_for_group(
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/system/groups/%s/roles/%s' % ( '/v3/system/groups/%s/roles/%s' % (
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_grant_group_system_assignments(self): def test_user_cannot_grant_group_system_assignments(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
with self.test_client() as c: with self.test_client() as c:
c.put( c.put(
'/v3/system/groups/%s/roles/%s' % ( '/v3/system/groups/%s/roles/%s' % (
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_group_system_assignments(self): def test_user_cannot_revoke_group_system_assignments(self):
group = PROVIDERS.identity_api.create_group( group = PROVIDERS.identity_api.create_group(
unit.new_group_ref(CONF.identity.default_domain_id) unit.new_group_ref(CONF.identity.default_domain_id)
) )
PROVIDERS.assignment_api.create_system_grant_for_group( PROVIDERS.assignment_api.create_system_grant_for_group(
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
) )
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/system/groups/%s/roles/%s' % ( '/v3/system/groups/%s/roles/%s' % (
group['id'], self.bootstrapper.member_role_id group['id'], self.bootstrapper.member_role_id
), headers=self.headers, ), headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class SystemReaderTests(base_classes.TestCaseWithBootstrap, class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserSystemAssignmentTests, _SystemUserSystemAssignmentTests,
_SystemMemberAndReaderSystemAssignmentTests): _SystemMemberAndReaderSystemAssignmentTests):
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.loadapp() self.loadapp()
 End of changes. 16 change blocks. 
17 lines changed or deleted 17 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)