Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 1272679b5005a4991b0af416c083d61d58d406eb / . / tests / test_rbac_rule_validation.py
blob: edc442ee8a798969d03a16ecbc50799d49e1045e [file] [log] [blame]
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]1# Copyright 2017 AT&T Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import mock
16
17from patrole_tempest_plugin import rbac_exceptions
18from patrole_tempest_plugin import rbac_rule_validation as rbac_rv
19
20from tempest.lib import exceptions
21
22from tempest.tests import base
23
24
25class RBACRuleValidationTest(base.TestCase):
26 @mock.patch('patrole_tempest_plugin.rbac_auth.RbacAuthority')
27 def test_RBAC_rv_happy_path(self, mock_auth):
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]28 decorator = rbac_rv.action("", "")
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]29 mock_function = mock.Mock()
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]30 mock_args = mock.MagicMock(**{
31 'auth_provider.credentials.tenant_id': 'tenant_id'
32 })
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]33 wrapper = decorator(mock_function)
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]34 wrapper((mock_args))
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]35 self.assertTrue(mock_function.called)
36
37 @mock.patch('patrole_tempest_plugin.rbac_auth.RbacAuthority')
38 def test_RBAC_rv_forbidden(self, mock_auth):
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]39 decorator = rbac_rv.action("", "")
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]40 mock_function = mock.Mock()
41 mock_function.side_effect = exceptions.Forbidden
42 wrapper = decorator(mock_function)
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]43 mock_args = mock.MagicMock(**{
44 'auth_provider.credentials.tenant_id': 'tenant_id'
45 })
46
47 self.assertRaises(exceptions.Forbidden, wrapper, mock_args)
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]48
49 @mock.patch('patrole_tempest_plugin.rbac_auth.RbacAuthority')
50 def test_RBAC_rv_rbac_action_failed(self, mock_auth):
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]51 decorator = rbac_rv.action("", "")
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]52 mock_function = mock.Mock()
53 mock_function.side_effect = rbac_exceptions.RbacActionFailed
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]54 mock_args = mock.MagicMock(**{
55 'auth_provider.credentials.tenant_id': 'tenant_id'
56 })
57
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]58 wrapper = decorator(mock_function)
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]59 self.assertRaises(exceptions.Forbidden, wrapper, mock_args)
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]60
61 @mock.patch('patrole_tempest_plugin.rbac_auth.RbacAuthority')
62 def test_RBAC_rv_not_allowed(self, mock_auth):
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]63 decorator = rbac_rv.action("", "")
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]64
65 mock_function = mock.Mock()
66 wrapper = decorator(mock_function)
67
68 mock_permission = mock.Mock()
69 mock_permission.get_permission.return_value = False
70 mock_auth.return_value = mock_permission
71
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]72 mock_args = mock.MagicMock(**{
73 'auth_provider.credentials.tenant_id': 'tenant_id'
74 })
75
76 self.assertRaises(rbac_exceptions.RbacOverPermission, wrapper,
77 mock_args)
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]78
79 @mock.patch('patrole_tempest_plugin.rbac_auth.RbacAuthority')
80 def test_RBAC_rv_forbidden_not_allowed(self, mock_auth):
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]81 decorator = rbac_rv.action("", "")
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]82
83 mock_function = mock.Mock()
84 mock_function.side_effect = exceptions.Forbidden
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]85 mock_args = mock.MagicMock(**{
86 'auth_provider.credentials.tenant_id': 'tenant_id'
87 })
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]88 wrapper = decorator(mock_function)
89
90 mock_permission = mock.Mock()
91 mock_permission.get_permission.return_value = False
92 mock_auth.return_value = mock_permission
93
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]94 self.assertIsNone(wrapper(mock_args))
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]95
96 @mock.patch('patrole_tempest_plugin.rbac_auth.RbacAuthority')
97 def test_RBAC_rv_rbac_action_failed_not_allowed(self, mock_auth):
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]98 decorator = rbac_rv.action("", "")
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]99
100 mock_function = mock.Mock()
101 mock_function.side_effect = rbac_exceptions.RbacActionFailed
102 wrapper = decorator(mock_function)
103
104 mock_permission = mock.Mock()
105 mock_permission.get_permission.return_value = False
106 mock_auth.return_value = mock_permission
107
Felipe Monteirob0595652017-01-23 16:51:58 -0500[diff] [blame]108 mock_args = mock.MagicMock(**{
109 'auth_provider.credentials.tenant_id': 'tenant_id'
110 })
111
112 self.assertIsNone(wrapper(mock_args))