"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/tests/protection/v3/test_service_providers.py" (13 May 2020, 15530 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "test_service_providers.py": 16.0.1_vs_17.0.0.

    1 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 #    not use this file except in compliance with the License. You may obtain
    3 #    a copy of the License at
    4 #
    5 #         http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 #    Unless required by applicable law or agreed to in writing, software
    8 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 #    License for the specific language governing permissions and limitations
   11 #    under the License.
   12 
   13 import uuid
   14 
   15 import http.client
   16 
   17 from keystone.common import provider_api
   18 import keystone.conf
   19 from keystone.tests.common import auth as common_auth
   20 from keystone.tests import unit
   21 from keystone.tests.unit import base_classes
   22 from keystone.tests.unit import ksfixtures
   23 
   24 CONF = keystone.conf.CONF
   25 PROVIDERS = provider_api.ProviderAPIs
   26 
   27 
   28 class _SystemUserServiceProviderTests(object):
   29     """Common default functionality for all system users."""
   30 
   31     def test_user_can_list_service_providers(self):
   32         service_provider = PROVIDERS.federation_api.create_sp(
   33             uuid.uuid4().hex, unit.new_service_provider_ref()
   34         )
   35 
   36         with self.test_client() as c:
   37             r = c.get(
   38                 '/v3/OS-FEDERATION/service_providers', headers=self.headers
   39             )
   40             self.assertEqual(1, len(r.json['service_providers']))
   41             self.assertEqual(
   42                 service_provider['id'], r.json['service_providers'][0]['id']
   43             )
   44 
   45     def test_user_can_get_a_service_provider(self):
   46         service_provider = PROVIDERS.federation_api.create_sp(
   47             uuid.uuid4().hex, unit.new_service_provider_ref()
   48         )
   49 
   50         with self.test_client() as c:
   51             r = c.get(
   52                 '/v3/OS-FEDERATION/service_providers/%s' %
   53                 service_provider['id'],
   54                 headers=self.headers
   55             )
   56             self.assertEqual(
   57                 service_provider['id'], r.json['service_provider']['id']
   58             )
   59 
   60 
   61 class _SystemReaderAndMemberUserServiceProviderTests(object):
   62     """Common default functionality for system readers and system members."""
   63 
   64     def test_user_cannot_create_service_providers(self):
   65         service_provider = PROVIDERS.federation_api.create_sp(
   66             uuid.uuid4().hex, unit.new_service_provider_ref()
   67         )
   68 
   69         service_provider = unit.new_service_provider_ref()
   70         create = {'service_provider': service_provider}
   71 
   72         with self.test_client() as c:
   73             c.put(
   74                 '/v3/OS-FEDERATION/service_providers/%s' % uuid.uuid4().hex,
   75                 headers=self.headers,
   76                 json=create,
   77                 expected_status_code=http.client.FORBIDDEN
   78             )
   79 
   80     def test_user_cannot_update_service_providers(self):
   81         service_provider = PROVIDERS.federation_api.create_sp(
   82             uuid.uuid4().hex, unit.new_service_provider_ref()
   83         )
   84 
   85         update = {'service_provider': {'enabled': False}}
   86 
   87         with self.test_client() as c:
   88             c.patch(
   89                 '/v3/OS-FEDERATION/service_providers/%s' %
   90                 service_provider['id'],
   91                 headers=self.headers,
   92                 json=update,
   93                 expected_status_code=http.client.FORBIDDEN
   94             )
   95 
   96     def test_user_cannot_delete_service_providers(self):
   97         service_provider = PROVIDERS.federation_api.create_sp(
   98             uuid.uuid4().hex, unit.new_service_provider_ref()
   99         )
  100 
  101         with self.test_client() as c:
  102             c.delete(
  103                 '/v3/OS-FEDERATION/service_providers/%s' %
  104                 service_provider['id'],
  105                 headers=self.headers,
  106                 expected_status_code=http.client.FORBIDDEN
  107             )
  108 
  109 
  110 class _DomainAndProjectUserServiceProviderTests(object):
  111     """Common functionality for all domain and project users."""
  112 
  113     def test_user_cannot_create_service_providers(self):
  114         service_provider = PROVIDERS.federation_api.create_sp(
  115             uuid.uuid4().hex, unit.new_service_provider_ref()
  116         )
  117 
  118         service_provider = unit.new_service_provider_ref()
  119         create = {'service_provider': service_provider}
  120 
  121         with self.test_client() as c:
  122             c.put(
  123                 '/v3/OS-FEDERATION/service_providers/%s' % uuid.uuid4().hex,
  124                 headers=self.headers,
  125                 json=create,
  126                 expected_status_code=http.client.FORBIDDEN
  127             )
  128 
  129     def test_user_cannot_update_service_providers(self):
  130         service_provider = PROVIDERS.federation_api.create_sp(
  131             uuid.uuid4().hex, unit.new_service_provider_ref()
  132         )
  133 
  134         update = {'service_provider': {'enabled': False}}
  135 
  136         with self.test_client() as c:
  137             c.patch(
  138                 '/v3/OS-FEDERATION/service_providers/%s' %
  139                 service_provider['id'],
  140                 headers=self.headers,
  141                 json=update,
  142                 expected_status_code=http.client.FORBIDDEN
  143             )
  144 
  145     def test_user_cannot_list_service_providers(self):
  146         PROVIDERS.federation_api.create_sp(
  147             uuid.uuid4().hex, unit.new_service_provider_ref()
  148         )
  149 
  150         with self.test_client() as c:
  151             c.get(
  152                 '/v3/OS-FEDERATION/service_providers', headers=self.headers,
  153                 expected_status_code=http.client.FORBIDDEN
  154             )
  155 
  156     def test_user_cannot_get_a_service_provider(self):
  157         service_provider = PROVIDERS.federation_api.create_sp(
  158             uuid.uuid4().hex, unit.new_service_provider_ref()
  159         )
  160 
  161         with self.test_client() as c:
  162             c.get(
  163                 '/v3/OS-FEDERATION/service_providers/%s' %
  164                 service_provider['id'],
  165                 headers=self.headers,
  166                 expected_status_code=http.client.FORBIDDEN
  167             )
  168 
  169     def test_user_cannot_delete_service_providers(self):
  170         service_provider = PROVIDERS.federation_api.create_sp(
  171             uuid.uuid4().hex, unit.new_service_provider_ref()
  172         )
  173 
  174         with self.test_client() as c:
  175             c.delete(
  176                 '/v3/OS-FEDERATION/service_providers/%s' %
  177                 service_provider['id'],
  178                 headers=self.headers,
  179                 expected_status_code=http.client.FORBIDDEN
  180             )
  181 
  182 
  183 class SystemReaderTests(base_classes.TestCaseWithBootstrap,
  184                         common_auth.AuthTestMixin,
  185                         _SystemUserServiceProviderTests,
  186                         _SystemReaderAndMemberUserServiceProviderTests):
  187 
  188     def setUp(self):
  189         super(SystemReaderTests, self).setUp()
  190         self.loadapp()
  191         self.useFixture(ksfixtures.Policy(self.config_fixture))
  192         self.config_fixture.config(group='oslo_policy', enforce_scope=True)
  193 
  194         system_reader = unit.new_user_ref(
  195             domain_id=CONF.identity.default_domain_id
  196         )
  197         self.user_id = PROVIDERS.identity_api.create_user(
  198             system_reader
  199         )['id']
  200         PROVIDERS.assignment_api.create_system_grant_for_user(
  201             self.user_id, self.bootstrapper.reader_role_id
  202         )
  203 
  204         auth = self.build_authentication_request(
  205             user_id=self.user_id, password=system_reader['password'],
  206             system=True
  207         )
  208 
  209         # Grab a token using the persona we're testing and prepare headers
  210         # for requests we'll be making in the tests.
  211         with self.test_client() as c:
  212             r = c.post('/v3/auth/tokens', json=auth)
  213             self.token_id = r.headers['X-Subject-Token']
  214             self.headers = {'X-Auth-Token': self.token_id}
  215 
  216 
  217 class SystemMemberTests(base_classes.TestCaseWithBootstrap,
  218                         common_auth.AuthTestMixin,
  219                         _SystemUserServiceProviderTests,
  220                         _SystemReaderAndMemberUserServiceProviderTests):
  221 
  222     def setUp(self):
  223         super(SystemMemberTests, self).setUp()
  224         self.loadapp()
  225         self.useFixture(ksfixtures.Policy(self.config_fixture))
  226         self.config_fixture.config(group='oslo_policy', enforce_scope=True)
  227 
  228         system_member = unit.new_user_ref(
  229             domain_id=CONF.identity.default_domain_id
  230         )
  231         self.user_id = PROVIDERS.identity_api.create_user(
  232             system_member
  233         )['id']
  234         PROVIDERS.assignment_api.create_system_grant_for_user(
  235             self.user_id, self.bootstrapper.member_role_id
  236         )
  237 
  238         auth = self.build_authentication_request(
  239             user_id=self.user_id, password=system_member['password'],
  240             system=True
  241         )
  242 
  243         # Grab a token using the persona we're testing and prepare headers
  244         # for requests we'll be making in the tests.
  245         with self.test_client() as c:
  246             r = c.post('/v3/auth/tokens', json=auth)
  247             self.token_id = r.headers['X-Subject-Token']
  248             self.headers = {'X-Auth-Token': self.token_id}
  249 
  250 
  251 class SystemAdminTests(base_classes.TestCaseWithBootstrap,
  252                        common_auth.AuthTestMixin,
  253                        _SystemUserServiceProviderTests):
  254 
  255     def setUp(self):
  256         super(SystemAdminTests, self).setUp()
  257         self.loadapp()
  258         self.useFixture(ksfixtures.Policy(self.config_fixture))
  259         self.config_fixture.config(group='oslo_policy', enforce_scope=True)
  260 
  261         # Reuse the system administrator account created during
  262         # ``keystone-manage bootstrap``
  263         self.user_id = self.bootstrapper.admin_user_id
  264         auth = self.build_authentication_request(
  265             user_id=self.user_id,
  266             password=self.bootstrapper.admin_password,
  267             system=True
  268         )
  269 
  270         # Grab a token using the persona we're testing and prepare headers
  271         # for requests we'll be making in the tests.
  272         with self.test_client() as c:
  273             r = c.post('/v3/auth/tokens', json=auth)
  274             self.token_id = r.headers['X-Subject-Token']
  275             self.headers = {'X-Auth-Token': self.token_id}
  276 
  277     def test_user_can_create_service_providers(self):
  278         service_provider = PROVIDERS.federation_api.create_sp(
  279             uuid.uuid4().hex, unit.new_service_provider_ref()
  280         )
  281 
  282         service_provider = unit.new_service_provider_ref()
  283         create = {'service_provider': service_provider}
  284 
  285         with self.test_client() as c:
  286             c.put(
  287                 '/v3/OS-FEDERATION/service_providers/%s' % uuid.uuid4().hex,
  288                 headers=self.headers,
  289                 json=create,
  290                 expected_status_code=http.client.CREATED
  291             )
  292 
  293     def test_user_can_update_service_providers(self):
  294         service_provider = PROVIDERS.federation_api.create_sp(
  295             uuid.uuid4().hex, unit.new_service_provider_ref()
  296         )
  297 
  298         update = {'service_provider': {'enabled': False}}
  299 
  300         with self.test_client() as c:
  301             c.patch(
  302                 '/v3/OS-FEDERATION/service_providers/%s' %
  303                 service_provider['id'],
  304                 headers=self.headers,
  305                 json=update
  306             )
  307 
  308     def test_user_can_delete_service_providers(self):
  309         service_provider = PROVIDERS.federation_api.create_sp(
  310             uuid.uuid4().hex, unit.new_service_provider_ref()
  311         )
  312 
  313         with self.test_client() as c:
  314             c.delete(
  315                 '/v3/OS-FEDERATION/service_providers/%s' %
  316                 service_provider['id'],
  317                 headers=self.headers
  318             )
  319 
  320 
  321 class DomainUserTests(base_classes.TestCaseWithBootstrap,
  322                       common_auth.AuthTestMixin,
  323                       _DomainAndProjectUserServiceProviderTests):
  324 
  325     def setUp(self):
  326         super(DomainUserTests, self).setUp()
  327         self.loadapp()
  328         self.useFixture(ksfixtures.Policy(self.config_fixture))
  329         self.config_fixture.config(group='oslo_policy', enforce_scope=True)
  330 
  331         domain = PROVIDERS.resource_api.create_domain(
  332             uuid.uuid4().hex, unit.new_domain_ref()
  333         )
  334         self.domain_id = domain['id']
  335         domain_admin = unit.new_user_ref(domain_id=self.domain_id)
  336         self.user_id = PROVIDERS.identity_api.create_user(domain_admin)['id']
  337         PROVIDERS.assignment_api.create_grant(
  338             self.bootstrapper.admin_role_id, user_id=self.user_id,
  339             domain_id=self.domain_id
  340         )
  341 
  342         auth = self.build_authentication_request(
  343             user_id=self.user_id,
  344             password=domain_admin['password'],
  345             domain_id=self.domain_id
  346         )
  347 
  348         # Grab a token using the persona we're testing and prepare headers
  349         # for requests we'll be making in the tests.
  350         with self.test_client() as c:
  351             r = c.post('/v3/auth/tokens', json=auth)
  352             self.token_id = r.headers['X-Subject-Token']
  353             self.headers = {'X-Auth-Token': self.token_id}
  354 
  355 
  356 class ProjectUserTests(base_classes.TestCaseWithBootstrap,
  357                        common_auth.AuthTestMixin,
  358                        _DomainAndProjectUserServiceProviderTests):
  359 
  360     def setUp(self):
  361         super(ProjectUserTests, self).setUp()
  362         self.loadapp()
  363         self.useFixture(ksfixtures.Policy(self.config_fixture))
  364         self.config_fixture.config(group='oslo_policy', enforce_scope=True)
  365 
  366         self.user_id = self.bootstrapper.admin_user_id
  367         auth = self.build_authentication_request(
  368             user_id=self.user_id,
  369             password=self.bootstrapper.admin_password,
  370             project_id=self.bootstrapper.project_id
  371         )
  372 
  373         # Grab a token using the persona we're testing and prepare headers
  374         # for requests we'll be making in the tests.
  375         with self.test_client() as c:
  376             r = c.post('/v3/auth/tokens', json=auth)
  377             self.token_id = r.headers['X-Subject-Token']
  378             self.headers = {'X-Auth-Token': self.token_id}
  379 
  380 
  381 class ProjectUserTestsWithoutEnforceScope(
  382         base_classes.TestCaseWithBootstrap,
  383         common_auth.AuthTestMixin,
  384         _DomainAndProjectUserServiceProviderTests):
  385 
  386     def setUp(self):
  387         super(ProjectUserTestsWithoutEnforceScope, self).setUp()
  388         self.loadapp()
  389         self.useFixture(ksfixtures.Policy(self.config_fixture))
  390 
  391         # Explicityly set enforce_scope to False to make sure we maintain
  392         # backwards compatibility with project users.
  393         self.config_fixture.config(group='oslo_policy', enforce_scope=False)
  394 
  395         domain = PROVIDERS.resource_api.create_domain(
  396             uuid.uuid4().hex, unit.new_domain_ref()
  397         )
  398         user = unit.new_user_ref(domain_id=domain['id'])
  399         self.user_id = PROVIDERS.identity_api.create_user(user)['id']
  400 
  401         self.project_id = PROVIDERS.resource_api.create_project(
  402             uuid.uuid4().hex, unit.new_project_ref(domain_id=domain['id'])
  403         )['id']
  404 
  405         PROVIDERS.assignment_api.create_grant(
  406             self.bootstrapper.member_role_id, user_id=self.user_id,
  407             project_id=self.project_id
  408         )
  409 
  410         auth = self.build_authentication_request(
  411             user_id=self.user_id,
  412             password=user['password'],
  413             project_id=self.project_id
  414         )
  415 
  416         # Grab a token using the persona we're testing and prepare headers
  417         # for requests we'll be making in the tests.
  418         with self.test_client() as c:
  419             r = c.post('/v3/auth/tokens', json=auth)
  420             self.token_id = r.headers['X-Subject-Token']
  421             self.headers = {'X-Auth-Token': self.token_id}