"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_trusts.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_trusts.py  (keystone-16.0.1):test_trusts.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import uuid import uuid
import http.client
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
from six.moves import http_client
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
from keystone.tests.unit.ksfixtures import temporaryfile from keystone.tests.unit.ksfixtures import temporaryfile
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
skipping to change at line 134 skipping to change at line 134
def test_admin_cannot_create_trust_for_other_user(self): def test_admin_cannot_create_trust_for_other_user(self):
json = {'trust': self.trust_data['trust']} json = {'trust': self.trust_data['trust']}
json['trust']['roles'] = self.trust_data['roles'] json['trust']['roles'] = self.trust_data['roles']
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
json=json, json=json,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_admin_list_all_trusts(self): def test_admin_list_all_trusts(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
r = c.get( r = c.get(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
headers=self.headers headers=self.headers
skipping to change at line 168 skipping to change at line 168
self.headers = {'X-Auth-Token': 'ADMIN'} self.headers = {'X-Auth-Token': 'ADMIN'}
def test_admin_can_delete_trust_for_other_user(self): def test_admin_can_delete_trust_for_other_user(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.headers, headers=self.headers,
expected_status_code=http_client.NO_CONTENT expected_status_code=http.client.NO_CONTENT
) )
def test_admin_can_get_non_existent_trust_not_found(self): def test_admin_can_get_non_existent_trust_not_found(self):
trust_id = uuid.uuid4().hex trust_id = uuid.uuid4().hex
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % trust_id, '/v3/OS-TRUST/trusts/%s' % trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
def test_admin_cannot_get_trust_for_other_user(self): def test_admin_cannot_get_trust_for_other_user(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % self.trust_id, '/v3/OS-TRUST/trusts/%s' % self.trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_admin_cannot_list_trust_roles_for_other_user(self): def test_admin_cannot_list_trust_roles_for_other_user(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_admin_cannot_get_trust_role_for_other_user(self): def test_admin_cannot_get_trust_role_for_other_user(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
(self.trust_id, self.bootstrapper.member_role_id)), (self.trust_id, self.bootstrapper.member_role_id)),
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class _SystemUserTests(object): class _SystemUserTests(object):
"""Tests for system admin, member, and reader.""" """Tests for system admin, member, and reader."""
def test_user_can_get_non_existent_trust(self): def test_user_can_get_non_existent_trust(self):
trust_id = uuid.uuid4().hex trust_id = uuid.uuid4().hex
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % trust_id, '/v3/OS-TRUST/trusts/%s' % trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
def test_user_can_get_trust_for_other_user(self): def test_user_can_get_trust_for_other_user(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
r = c.get( r = c.get(
'/v3/OS-TRUST/trusts/%s' % self.trust_id, '/v3/OS-TRUST/trusts/%s' % self.trust_id,
headers=self.headers headers=self.headers
skipping to change at line 294 skipping to change at line 294
def test_user_cannot_create_trust(self): def test_user_cannot_create_trust(self):
json = {'trust': self.trust_data['trust']} json = {'trust': self.trust_data['trust']}
json['trust']['roles'] = self.trust_data['roles'] json['trust']['roles'] = self.trust_data['roles']
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
json=json, json=json,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_trust(self): def test_user_cannot_delete_trust(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class SystemReaderTests(TrustTests, _SystemReaderMemberTests): class SystemReaderTests(TrustTests, _SystemReaderMemberTests):
"""Tests for system reader users.""" """Tests for system reader users."""
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.config_fixture.config(group='oslo_policy', enforce_scope=True) self.config_fixture.config(group='oslo_policy', enforce_scope=True)
system_reader = unit.new_user_ref( system_reader = unit.new_user_ref(
skipping to change at line 409 skipping to change at line 409
def test_admin_cannot_delete_trust_for_user_overridden_defaults(self): def test_admin_cannot_delete_trust_for_user_overridden_defaults(self):
# only the is_admin admin can do this # only the is_admin admin can do this
self._override_policy_old_defaults() self._override_policy_old_defaults()
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_admin_cannot_get_trust_for_other_user_overridden_defaults(self): def test_admin_cannot_get_trust_for_other_user_overridden_defaults(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % self.trust_id, '/v3/OS-TRUST/trusts/%s' % self.trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_admin_cannot_list_roles_for_other_user_overridden_defaults(self): def test_admin_cannot_list_roles_for_other_user_overridden_defaults(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_admin_cannot_get_trust_role_for_other_user_overridden_defaults(self ): def test_admin_cannot_get_trust_role_for_other_user_overridden(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
(self.trust_id, self.bootstrapper.member_role_id)), (self.trust_id, self.bootstrapper.member_role_id)),
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_list_all_trusts_overridden_defaults(self): def test_user_list_all_trusts_overridden_defaults(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
r = c.get( r = c.get(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
skipping to change at line 521 skipping to change at line 521
def test_trustor_cannot_list_trusts_for_trustee(self): def test_trustor_cannot_list_trusts_for_trustee(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustee_user_id=%s' % ('/v3/OS-TRUST/trusts?trustee_user_id=%s' %
self.trustee_user_id), self.trustee_user_id),
headers=self.trustor_headers, headers=self.trustor_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustee_cannot_list_trusts_for_trustor(self): def test_trustee_cannot_list_trusts_for_trustor(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustor_user_id=%s' % ('/v3/OS-TRUST/trusts?trustor_user_id=%s' %
self.trustor_user_id), self.trustor_user_id),
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_trusts_for_other_trustor(self): def test_user_cannot_list_trusts_for_other_trustor(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustor_user_id=%s' % ('/v3/OS-TRUST/trusts?trustor_user_id=%s' %
self.trustor_user_id), self.trustor_user_id),
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_trusts_for_other_trustee(self): def test_user_cannot_list_trusts_for_other_trustee(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustee_user_id=%s' % ('/v3/OS-TRUST/trusts?trustee_user_id=%s' %
self.trustee_user_id), self.trustee_user_id),
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_all_trusts(self): def test_user_cannot_list_all_trusts(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_get_another_users_trust(self): def test_user_cannot_get_another_users_trust(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_get_non_existent_trust_not_found(self): def test_user_can_get_non_existent_trust_not_found(self):
trust_id = uuid.uuid4().hex trust_id = uuid.uuid4().hex
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % trust_id, '/v3/OS-TRUST/trusts/%s' % trust_id,
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
def test_user_can_get_trust_of_whom_they_are_the_trustor(self): def test_user_can_get_trust_of_whom_they_are_the_trustor(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.trustor_headers headers=self.trustor_headers
skipping to change at line 632 skipping to change at line 632
def test_trustee_cannot_create_trust(self): def test_trustee_cannot_create_trust(self):
json = {'trust': self.trust_data['trust']} json = {'trust': self.trust_data['trust']}
json['trust']['roles'] = self.trust_data['roles'] json['trust']['roles'] = self.trust_data['roles']
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
json=json, json=json,
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustor_can_delete_trust(self): def test_trustor_can_delete_trust(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.trustor_headers headers=self.trustor_headers
) )
def test_trustee_cannot_delete_trust(self): def test_trustee_cannot_delete_trust(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_trust_for_other_user(self): def test_user_cannot_delete_trust_for_other_user(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustor_can_list_trust_roles(self): def test_trustor_can_list_trust_roles(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
r = c.get( r = c.get(
'/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id,
headers=self.trustor_headers headers=self.trustor_headers
skipping to change at line 699 skipping to change at line 699
self.bootstrapper.member_role_id) self.bootstrapper.member_role_id)
def test_user_cannot_list_trust_roles_for_other_user(self): def test_user_cannot_list_trust_roles_for_other_user(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id,
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustor_can_get_trust_role(self): def test_trustor_can_get_trust_role(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.head( c.head(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
(self.trust_id, self.bootstrapper.member_role_id)), (self.trust_id, self.bootstrapper.member_role_id)),
skipping to change at line 733 skipping to change at line 733
def test_user_cannot_get_trust_role_for_other_user(self): def test_user_cannot_get_trust_role_for_other_user(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.head( c.head(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
(self.trust_id, self.bootstrapper.member_role_id)), (self.trust_id, self.bootstrapper.member_role_id)),
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustor_cannot_list_trusts_for_trustee_overridden_default(self): def test_trustor_cannot_list_trusts_for_trustee_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustee_user_id=%s' % ('/v3/OS-TRUST/trusts?trustee_user_id=%s' %
self.trustee_user_id), self.trustee_user_id),
headers=self.trustor_headers, headers=self.trustor_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustee_cannot_list_trusts_for_trustor_overridden_default(self): def test_trustee_cannot_list_trusts_for_trustor_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustor_user_id=%s' % ('/v3/OS-TRUST/trusts?trustor_user_id=%s' %
self.trustor_user_id), self.trustor_user_id),
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_trusts_for_other_trustor_overridden_default(self): def test_user_cannot_list_trusts_for_other_trustor_overridden(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustor_user_id=%s' % ('/v3/OS-TRUST/trusts?trustor_user_id=%s' %
self.trustor_user_id), self.trustor_user_id),
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_trusts_for_trustee_overridden_default(self): def test_user_cannot_list_trusts_for_trustee_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustee_user_id=%s' % ('/v3/OS-TRUST/trusts?trustee_user_id=%s' %
self.trustee_user_id), self.trustee_user_id),
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_all_trusts_overridden_default(self): def test_user_cannot_list_all_trusts_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustor_can_delete_trust_overridden_default(self): def test_trustor_can_delete_trust_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
skipping to change at line 820 skipping to change at line 820
def test_trustee_cannot_delete_trust_overridden_default(self): def test_trustee_cannot_delete_trust_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.trustee_headers, headers=self.trustee_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_trust_for_other_user_overridden_default(self): def test_user_cannot_delete_trust_for_other_user_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_get_trust_of_whom_they_are_the_trustor_overridden_default( self): def test_user_can_get_trust_of_whom_they_are_the_trustor_overridden(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.trustor_headers headers=self.trustor_headers
) )
skipping to change at line 893 skipping to change at line 893
def test_user_cannot_list_trust_roles_other_user_overridden_default(self): def test_user_cannot_list_trust_roles_other_user_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id,
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustor_can_get_trust_role_overridden_default(self): def test_trustor_can_get_trust_role_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.head( c.head(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
skipping to change at line 930 skipping to change at line 930
def test_user_cannot_get_trust_role_other_user_overridden_default(self): def test_user_cannot_get_trust_role_other_user_overridden_default(self):
self._override_policy_old_defaults() self._override_policy_old_defaults()
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.head( c.head(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
(self.trust_id, self.bootstrapper.member_role_id)), (self.trust_id, self.bootstrapper.member_role_id)),
headers=self.other_headers, headers=self.other_headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class DomainUserTests(TrustTests): class DomainUserTests(TrustTests):
"""Tests for all domain users. """Tests for all domain users.
Domain users should not be able to interact with trusts at all. Domain users should not be able to interact with trusts at all.
""" """
def setUp(self): def setUp(self):
super(DomainUserTests, self).setUp() super(DomainUserTests, self).setUp()
skipping to change at line 971 skipping to change at line 971
def test_trustor_cannot_list_trusts_for_trustee(self): def test_trustor_cannot_list_trusts_for_trustee(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustee_user_id=%s' % ('/v3/OS-TRUST/trusts?trustee_user_id=%s' %
self.trustee_user_id), self.trustee_user_id),
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_trustee_cannot_list_trusts_for_trustor(self): def test_trustee_cannot_list_trusts_for_trustor(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
('/v3/OS-TRUST/trusts?trustor_user_id=%s' % ('/v3/OS-TRUST/trusts?trustor_user_id=%s' %
self.trustor_user_id), self.trustor_user_id),
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_all_trusts(self): def test_user_cannot_list_all_trusts(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_get_trust(self): def test_user_cannot_get_trust(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_can_get_non_existent_trust_not_found(self): def test_user_can_get_non_existent_trust_not_found(self):
trust_id = uuid.uuid4().hex trust_id = uuid.uuid4().hex
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s' % trust_id, '/v3/OS-TRUST/trusts/%s' % trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.NOT_FOUND expected_status_code=http.client.NOT_FOUND
) )
def test_user_cannot_create_trust(self): def test_user_cannot_create_trust(self):
trust_data = self.trust_data['trust'] trust_data = self.trust_data['trust']
trust_data['trustor_user_id'] = self.user_id trust_data['trustor_user_id'] = self.user_id
json = {'trust': trust_data} json = {'trust': trust_data}
json['trust']['roles'] = self.trust_data['roles'] json['trust']['roles'] = self.trust_data['roles']
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/OS-TRUST/trusts', '/v3/OS-TRUST/trusts',
json=json, json=json,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_delete_trust(self): def test_user_cannot_delete_trust(self):
ref = PROVIDERS.trust_api.create_trust( ref = PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.delete( c.delete(
'/v3/OS-TRUST/trusts/%s' % ref['id'], '/v3/OS-TRUST/trusts/%s' % ref['id'],
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_list_trust_roles(self): def test_user_cannot_list_trust_roles(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.get( c.get(
'/v3/OS-TRUST/trusts/%s/roles' % self.trust_id, '/v3/OS-TRUST/trusts/%s/roles' % self.trust_id,
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_get_trust_role(self): def test_user_cannot_get_trust_role(self):
PROVIDERS.trust_api.create_trust( PROVIDERS.trust_api.create_trust(
self.trust_id, **self.trust_data) self.trust_id, **self.trust_data)
with self.test_client() as c: with self.test_client() as c:
c.head( c.head(
('/v3/OS-TRUST/trusts/%s/roles/%s' % ('/v3/OS-TRUST/trusts/%s/roles/%s' %
(self.trust_id, self.bootstrapper.member_role_id)), (self.trust_id, self.bootstrapper.member_role_id)),
headers=self.headers, headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
 End of changes. 48 change blocks. 
47 lines changed or deleted 47 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)