Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 5b9ff758e3a201efbd9f5d87b8bc5bac3efef725 / . / tests / test_rbac_utils.py
blob: 3c645f802a0371bbb9433bb0a5c262d0cddac873 [file] [log] [blame]
DavidPurcellb25f93d2017-01-27 12:46:27 -0500[diff] [blame]1# Copyright 2017 AT&T Corporation.
2# All Rights Reserved.
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import json
17import mock
18
19from tempest.tests import base
20
21from patrole_tempest_plugin import rbac_exceptions
22from patrole_tempest_plugin import rbac_utils as utils
23
24
25class RBACUtilsTest(base.TestCase):
26 def setUp(self):
27 super(RBACUtilsTest, self).setUp()
28 self.rbac_utils = utils.RbacUtils
29
30 get_response = 200
31 put_response = 204
32 delete_response = 204
33 response_data = json.dumps({"roles": []})
34
35 def _response_side_effect(self, action, *args, **kwargs):
36 response = mock.MagicMock()
37 if action == "GET":
38 response.status = self.get_response
39 response.data = self.response_data
40 if action == "PUT":
41 response.status = self.put_response
42 if action == "DELETE":
43 response.status = self.delete_response
44 return response
45
46 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
47 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
48 def test_RBAC_utils_get_roles(self, http, config):
49 self.rbac_utils.dictionary = {}
50
51 caller = mock.Mock()
52 caller.admin_client.token = "test_token"
53
54 http.request.side_effect = self._response_side_effect
55
56 self.assertEqual({'admin_role_id': None, 'rbac_role_id': None},
57 self.rbac_utils.get_roles(caller))
58
59 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
60 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
61 def test_RBAC_utils_get_roles_member(self, http, config):
62 self.rbac_utils.dictionary = {}
63
64 caller = mock.Mock()
65 caller.admin_client.token = "test_token"
66
67 self.response_data = json.dumps({'roles': [{'name': '_member_',
68 'id': '_member_id'}]})
69 http.request.side_effect = self._response_side_effect
70
71 config.rbac.rbac_test_role = '_member_'
72
73 self.assertEqual({'admin_role_id': None,
74 'rbac_role_id': '_member_id'},
75 self.rbac_utils.get_roles(caller))
76
77 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
78 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
79 def test_RBAC_utils_get_roles_admin(self, http, config):
80 self.rbac_utils.dictionary = {}
81
82 caller = mock.Mock()
83 caller.admin_client.token = "test_token"
84
85 self.response_data = json.dumps({'roles': [{'name': 'admin',
86 'id': 'admin_id'}]})
87
88 http.request.side_effect = self._response_side_effect
89
90 config.rbac.rbac_test_role = 'admin'
91
92 self.assertEqual({'admin_role_id': 'admin_id',
93 'rbac_role_id': 'admin_id'},
94 self.rbac_utils.get_roles(caller))
95
96 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
97 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
98 def test_RBAC_utils_get_roles_admin_not_role(self, http, config):
99 self.rbac_utils.dictionary = {}
100
101 caller = mock.Mock()
102 caller.admin_client.token = "test_token"
103
104 self.response_data = json.dumps(
105 {'roles': [{'name': 'admin', 'id': 'admin_id'}]}
106 )
107 http.request.side_effect = self._response_side_effect
108
109 self.assertEqual({'admin_role_id': 'admin_id', 'rbac_role_id': None},
110 self.rbac_utils.get_roles(caller))
111
112 def test_RBAC_utils_get_existing_roles(self):
113 self.rbac_utils.dictionary = {'admin_role_id': None,
114 'rbac_role_id': None}
115
116 self.assertEqual({'admin_role_id': None, 'rbac_role_id': None},
117 self.rbac_utils.get_roles(None))
118
119 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
120 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
121 def test_RBAC_utils_get_roles_response_404(self, http, config):
122 self.rbac_utils.dictionary = {}
123
124 caller = mock.Mock()
125 caller.admin_client.token = "test_token"
126
127 http.request.side_effect = self._response_side_effect
128 self.get_response = 404
129
130 self.assertRaises(rbac_exceptions.RbacResourceSetupFailed,
131 self.rbac_utils.get_roles, caller)
132 self.get_response = 200
133
134 def test_RBAC_utils_switch_roles_none(self):
135 self.assertIsNone(self.rbac_utils.switch_role(None))
136
137 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
138 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
139 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
140 def test_RBAC_utils_switch_roles_member(self, http,
141 get_roles, config):
142 get_roles.return_value = {'admin_role_id': None,
143 'rbac_role_id': '_member_id'}
144
145 self.auth_provider = mock.Mock()
146 self.auth_provider.credentials.user_id = "user_id"
147 self.auth_provider.credentials.tenant_id = "tenant_id"
148 self.admin_client = mock.Mock()
149 self.admin_client.token = "admin_token"
150
151 http.request.side_effect = self._response_side_effect
152
153 self.assertIsNone(self.rbac_utils.switch_role(self, "_member_"))
154
155 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
156 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
157 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
158 def test_RBAC_utils_switch_roles_false(self, http,
159 get_roles, config):
160 get_roles.return_value = {'admin_role_id': None,
161 'rbac_role_id': '_member_id'}
162
163 self.auth_provider = mock.Mock()
164 self.auth_provider.credentials.user_id = "user_id"
165 self.auth_provider.credentials.tenant_id = "tenant_id"
166 self.admin_client = mock.Mock()
167 self.admin_client.token = "admin_token"
168
169 http.request.side_effect = self._response_side_effect
170
171 self.assertIsNone(self.rbac_utils.switch_role(self, False))
172
173 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
174 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
175 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
176 def test_RBAC_utils_switch_roles_get_roles_fails(self, http,
177 get_roles, config):
178 get_roles.return_value = {'admin_role_id': None,
179 'rbac_role_id': '_member_id'}
180
181 self.auth_provider = mock.Mock()
182 self.auth_provider.credentials.user_id = "user_id"
183 self.auth_provider.credentials.tenant_id = "tenant_id"
184 self.admin_client = mock.Mock()
185 self.admin_client.token = "admin_token"
186
187 self.get_response = 404
188
189 self.assertRaises(rbac_exceptions.RbacResourceSetupFailed,
190 self.rbac_utils.switch_role, self, False)
191
192 self.get_response = 200
193
194 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
195 def test_RBAC_utils_switch_roles_exception(self, get_roles):
196 get_roles.return_value = {'admin_role_id': None,
197 'rbac_role_id': '_member_id'}
198 self.assertRaises(AttributeError, self.rbac_utils.switch_role,
199 self, "admin")