| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 1 | # Copyright 2017 AT&T Corporation. | 
|  | 2 | # All Rights Reserved. | 
|  | 3 | # | 
|  | 4 | #    Licensed under the Apache License, Version 2.0 (the "License"); you may | 
|  | 5 | #    not use this file except in compliance with the License. You may obtain | 
|  | 6 | #    a copy of the License at | 
|  | 7 | # | 
|  | 8 | #         http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 9 | # | 
|  | 10 | #    Unless required by applicable law or agreed to in writing, software | 
|  | 11 | #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | 
|  | 12 | #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | 
|  | 13 | #    License for the specific language governing permissions and limitations | 
|  | 14 | #    under the License. | 
|  | 15 |  | 
|  | 16 | """Fixtures for Patrole tests.""" | 
|  | 17 | from __future__ import absolute_import | 
|  | 18 |  | 
|  | 19 | import fixtures | 
|  | 20 | import mock | 
| Felipe Monteiro | b18a3f6 | 2017-09-19 04:25:51 +0100 | [diff] [blame] | 21 | import time | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 22 |  | 
| Felipe Monteiro | 3e14f47 | 2017-08-17 23:02:11 +0100 | [diff] [blame] | 23 | from tempest import clients | 
|  | 24 | from tempest.common import credentials_factory as credentials | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 25 | from tempest import config | 
| Felipe Monteiro | b18a3f6 | 2017-09-19 04:25:51 +0100 | [diff] [blame] | 26 | from tempest import test | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 27 |  | 
|  | 28 | from patrole_tempest_plugin import rbac_utils | 
|  | 29 |  | 
|  | 30 |  | 
|  | 31 | CONF = config.CONF | 
|  | 32 |  | 
|  | 33 |  | 
|  | 34 | class ConfPatcher(fixtures.Fixture): | 
|  | 35 | """Fixture to patch and restore global CONF. Adopted from Nova. | 
|  | 36 |  | 
|  | 37 | This also resets overrides for everything that is patched during | 
|  | 38 | its teardown. | 
|  | 39 | """ | 
|  | 40 |  | 
|  | 41 | def __init__(self, **kwargs): | 
|  | 42 | """Constructor | 
|  | 43 |  | 
|  | 44 | :params group: if specified all config options apply to that group. | 
|  | 45 | :params **kwargs: the rest of the kwargs are processed as a | 
|  | 46 | set of key/value pairs to be set as configuration override. | 
|  | 47 | """ | 
|  | 48 | super(ConfPatcher, self).__init__() | 
|  | 49 | self.group = kwargs.pop('group', None) | 
|  | 50 | self.args = kwargs | 
|  | 51 |  | 
|  | 52 | def setUp(self): | 
|  | 53 | super(ConfPatcher, self).setUp() | 
|  | 54 | for k, v in self.args.items(): | 
|  | 55 | self.addCleanup(CONF.clear_override, k, self.group) | 
|  | 56 | CONF.set_override(k, v, self.group) | 
|  | 57 |  | 
|  | 58 |  | 
|  | 59 | class RbacUtilsFixture(fixtures.Fixture): | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 60 | """Fixture for `RbacUtils` class.""" | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 61 |  | 
|  | 62 | USER_ID = mock.sentinel.user_id | 
|  | 63 | PROJECT_ID = mock.sentinel.project_id | 
|  | 64 |  | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 65 | def setUp(self): | 
|  | 66 | super(RbacUtilsFixture, self).setUp() | 
|  | 67 |  | 
| Felipe Monteiro | f6eb862 | 2017-08-06 06:08:02 +0100 | [diff] [blame] | 68 | self.useFixture(ConfPatcher(rbac_test_role='member', group='patrole')) | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 69 | self.useFixture(ConfPatcher( | 
|  | 70 | admin_role='admin', auth_version='v3', group='identity')) | 
|  | 71 |  | 
|  | 72 | test_obj_kwargs = { | 
|  | 73 | 'os_primary.credentials.user_id': self.USER_ID, | 
|  | 74 | 'os_primary.credentials.tenant_id': self.PROJECT_ID, | 
|  | 75 | 'os_primary.credentials.project_id': self.PROJECT_ID, | 
|  | 76 | 'get_identity_version.return_value': 'v3' | 
|  | 77 | } | 
| Felipe Monteiro | b18a3f6 | 2017-09-19 04:25:51 +0100 | [diff] [blame] | 78 | self.mock_test_obj = mock.Mock( | 
|  | 79 | __name__='patrole_unit_test', spec=test.BaseTestCase, | 
|  | 80 | os_primary=mock.Mock(), **test_obj_kwargs) | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 81 |  | 
| Felipe Monteiro | b18a3f6 | 2017-09-19 04:25:51 +0100 | [diff] [blame] | 82 | # Mock out functionality that can't be used by unit tests. Mocking out | 
|  | 83 | # time.sleep is a test optimization. | 
|  | 84 | self.mock_time = mock.patch.object( | 
|  | 85 | rbac_utils, 'time', __name__='mock_time', spec=time).start() | 
|  | 86 | mock.patch.object(credentials, 'get_configured_admin_credentials', | 
|  | 87 | spec=object).start() | 
|  | 88 | mock_admin_mgr = mock.patch.object( | 
|  | 89 | clients, 'Manager', spec=clients.Manager, | 
|  | 90 | roles_v3_client=mock.Mock(), roles_client=mock.Mock()).start() | 
| Felipe Monteiro | 3e14f47 | 2017-08-17 23:02:11 +0100 | [diff] [blame] | 91 | self.roles_v3_client = mock_admin_mgr.return_value.roles_v3_client | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 92 |  | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 93 | self.set_roles(['admin', 'member'], []) | 
|  | 94 |  | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 95 | def switch_role(self, *role_toggles): | 
|  | 96 | """Instantiate `rbac_utils.RbacUtils` and call `switch_role`. | 
|  | 97 |  | 
|  | 98 | Create an instance of `rbac_utils.RbacUtils` and call `switch_role` | 
|  | 99 | for each boolean value in `role_toggles`. The number of calls to | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 100 | `switch_role` is always 1 + len(`role_toggles`) because the | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 101 | `rbac_utils.RbacUtils` constructor automatically calls `switch_role`. | 
|  | 102 |  | 
|  | 103 | :param role_toggles: the list of boolean values iterated over and | 
|  | 104 | passed to `switch_role`. | 
|  | 105 | """ | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 106 | self.fake_rbac_utils = rbac_utils.RbacUtils(self.mock_test_obj) | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 107 |  | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 108 | for role_toggle in role_toggles: | 
|  | 109 | self.fake_rbac_utils.switch_role(self.mock_test_obj, role_toggle) | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 110 | # NOTE(felipemonteiro): Simulate that a role switch has occurred | 
|  | 111 | # by updating the user's current role to the new role. This means | 
|  | 112 | # that all API actions involved during a role switch -- listing, | 
|  | 113 | # deleting and adding roles -- are executed, making it easier to | 
|  | 114 | # assert that mock calls were called as expected. | 
|  | 115 | new_role = 'member' if role_toggle else 'admin' | 
|  | 116 | self.set_roles(['admin', 'member'], [new_role]) | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 117 |  | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 118 | def set_roles(self, roles, roles_on_project=None): | 
|  | 119 | """Set the list of available roles in the system. | 
|  | 120 |  | 
|  | 121 | :param roles: List of roles returned by ``list_roles``. | 
|  | 122 | :param roles_on_project: List of roles returned by | 
|  | 123 | ``list_user_roles_on_project``. | 
|  | 124 | :returns: None. | 
|  | 125 | """ | 
|  | 126 | if not roles_on_project: | 
|  | 127 | roles_on_project = [] | 
|  | 128 | if not isinstance(roles, list): | 
|  | 129 | roles = [roles] | 
|  | 130 | if not isinstance(roles_on_project, list): | 
|  | 131 | roles_on_project = [roles_on_project] | 
|  | 132 |  | 
|  | 133 | available_roles = { | 
| Felipe Monteiro | ffa47e6 | 2017-07-05 03:37:55 +0100 | [diff] [blame] | 134 | 'roles': [{'name': role, 'id': '%s_id' % role} for role in roles] | 
|  | 135 | } | 
| Felipe Monteiro | 2693bf7 | 2017-08-12 22:56:47 +0100 | [diff] [blame] | 136 | available_project_roles = { | 
|  | 137 | 'roles': [{'name': role, 'id': '%s_id' % role} | 
|  | 138 | for role in roles_on_project] | 
|  | 139 | } | 
|  | 140 |  | 
|  | 141 | self.roles_v3_client.list_roles.return_value = available_roles | 
|  | 142 | self.roles_v3_client.list_user_roles_on_project.return_value = ( | 
|  | 143 | available_project_roles) |