Add secure-rbac test for Consumers
This patch adds tests for Container Consumers.
Depends-On: I1724152839f0f5850f8d32d40b36d1670c0ad996
Change-Id: If2209b12dce107c5648d39270d977a1e9f3bea1d
diff --git a/barbican_tempest_plugin/services/key_manager/json/consumer_client.py b/barbican_tempest_plugin/services/key_manager/json/consumer_client.py
index 37fbb86..eb34b94 100644
--- a/barbican_tempest_plugin/services/key_manager/json/consumer_client.py
+++ b/barbican_tempest_plugin/services/key_manager/json/consumer_client.py
@@ -18,12 +18,14 @@
from urllib import parse as urllib
from tempest import config
-from tempest.lib.common import rest_client
+
+from barbican_tempest_plugin.services.key_manager.json import base
+
CONF = config.CONF
-class ConsumerClient(rest_client.RestClient):
+class ConsumerClient(base.BarbicanTempestClient):
def list_consumers_in_container(self, container_id, **kwargs):
uri = "/v1/containers/%s/consumers" % container_id
diff --git a/barbican_tempest_plugin/tests/rbac/v1/base.py b/barbican_tempest_plugin/tests/rbac/v1/base.py
index 07639ef..98371fa 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/base.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/base.py
@@ -130,9 +130,7 @@
adm = cls.os_project_admin
cls.admin_secret_client = adm.secret_v1.SecretClient()
cls.admin_secret_metadata_client = adm.secret_v1.SecretMetadataClient()
- cls.admin_consumer_client = adm.secret_v1.ConsumerClient(
- service='key-manager'
- )
+ cls.admin_consumer_client = adm.secret_v1.ConsumerClient()
cls.admin_container_client = adm.secret_v1.ContainerClient()
cls.admin_order_client = adm.secret_v1.OrderClient(
secret_client=cls.admin_secret_client,
@@ -144,9 +142,7 @@
member = cls.os_project_member
cls.secret_client = member.secret_v1.SecretClient()
cls.secret_metadata_client = member.secret_v1.SecretMetadataClient()
- cls.consumer_client = member.secret_v1.ConsumerClient(
- service='key-manager'
- )
+ cls.member_consumer_client = member.secret_v1.ConsumerClient()
cls.container_client = member.secret_v1.ContainerClient()
cls.order_client = member.secret_v1.OrderClient(
secret_client=cls.secret_client,
@@ -239,16 +235,6 @@
name=container_name,
type=container_type)
- def add_consumer_to_container_admin(self,
- consumer_name,
- consumer_url,
- container_id):
- """add consumer to container as admin user"""
- return self.admin_consumer_client.add_consumer_to_container(
- name=consumer_name,
- URL=consumer_url,
- container_id=container_id)
-
def create_aes_secret_admin(self, secret_name):
key = create_aes_key()
expire_time = (datetime.utcnow() + timedelta(days=5))
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_containers.py b/barbican_tempest_plugin/tests/rbac/v1/test_containers.py
index 0e33b3a..16d743f 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_containers.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_containers.py
@@ -168,6 +168,7 @@
def setup_clients(cls):
super().setup_clients()
cls.client = cls.os_project_reader.secret_v1.ContainerClient()
+ cls.consumer_client = cls.os_project_reader.secret_v1.ConsumerClient()
def setUp(self):
super().setUp()
@@ -185,6 +186,14 @@
'project-access': True
}
}
+ self.test_consumer = {
+ "name": "test-consumer",
+ "URL": "https://example.test/consumer"
+ }
+ self.member_consumer_client.add_consumer_to_container(
+ self.container_id,
+ **self.test_consumer
+ )
def test_list_containers(self):
self.assertRaises(
@@ -235,16 +244,24 @@
self.container_id)
def test_list_container_consumers(self):
- pass
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.consumer_client.list_consumers_in_container,
+ self.container_id)
def test_create_container_consumer(self):
- pass
-
- def test_get_container_consumer(self):
- pass
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.consumer_client.add_consumer_to_container,
+ self.container_id,
+ **self.test_consumer)
def test_delete_container_consumer(self):
- pass
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.consumer_client.delete_consumer_from_container,
+ self.container_id,
+ **self.test_consumer)
def test_add_secret_to_container(self):
self.assertRaises(
@@ -267,6 +284,7 @@
def setup_clients(cls):
super().setup_clients()
cls.client = cls.container_client
+ cls.consumer_client = cls.member_consumer_client
def test_list_containers(self):
resp = self.client.list_containers()
@@ -360,6 +378,31 @@
acl = self.client.get_container_acl(self.container_id)
self.assertNotIn('users', acl['read'].keys())
+ def test_list_container_consumers(self):
+ resp = self.consumer_client.list_consumers_in_container(
+ self.container_id
+ )
+ self.assertEqual(1, resp['total'])
+
+ def test_create_container_consumer(self):
+ second_consumer = {
+ 'name': 'another-test-consumer',
+ 'URL': 'https://exlample.test/consumer/two'
+ }
+
+ resp = self.consumer_client.add_consumer_to_container(
+ self.container_id,
+ **second_consumer)
+
+ self.assertEqual(2, len(resp['consumers']))
+
+ def test_delete_container_consumer(self):
+ resp = self.consumer_client.delete_consumer_from_container(
+ self.container_id,
+ **self.test_consumer)
+
+ self.assertEqual(0, len(resp['consumers']))
+
class ProjectAdminTests(ProjectMemberTests):
@@ -367,6 +410,7 @@
def setup_clients(cls):
super().setup_clients()
cls.client = cls.admin_container_client
+ cls.consumer_client = cls.admin_consumer_client
class ProjectReaderTestsAcrossProjects(ProjectReaderTests):