Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / af639082104c78fad4f0fb728ea2a069779ad7e1 / . / tests / test_rbac_utils.py
blob: 657b3896f00f6f8c6a6e581f6090632ce8fda631 [file] [log] [blame]
DavidPurcell029d8c32017-01-06 15:27:41 -0500[diff] [blame]1# Copyright 2017 AT&T Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import json
16import mock
17
18from tempest.tests import base
19
20from patrole_tempest_plugin import rbac_exceptions
21from patrole_tempest_plugin import rbac_utils as utils
22
23
24class RBACUtilsTest(base.TestCase):
25 def setUp(self):
26 super(RBACUtilsTest, self).setUp()
27 self.rbac_utils = utils.RbacUtils
28
29 get_response = 200
30 put_response = 204
31 delete_response = 204
32 response_data = json.dumps({"roles": []})
33
34 def _response_side_effect(self, action, *args, **kwargs):
35 response = mock.MagicMock()
36 if action == "GET":
37 response.status = self.get_response
38 response.data = self.response_data
39 if action == "PUT":
40 response.status = self.put_response
41 if action == "DELETE":
42 response.status = self.delete_response
43 return response
44
45 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
46 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
47 def test_RBAC_utils_get_roles(self, http, config):
48 self.rbac_utils.dictionary = {}
49
50 caller = mock.Mock()
51 caller.admin_client.token = "test_token"
52
53 http.request.side_effect = self._response_side_effect
54
55 self.assertEqual({'admin_role_id': None, 'rbac_role_id': None},
56 self.rbac_utils.get_roles(caller))
57
58 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
59 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
60 def test_RBAC_utils_get_roles_member(self, http, config):
61 self.rbac_utils.dictionary = {}
62
63 caller = mock.Mock()
64 caller.admin_client.token = "test_token"
65
66 self.response_data = json.dumps({'roles': [{'name': '_member_',
67 'id': '_member_id'}]})
68 http.request.side_effect = self._response_side_effect
69
70 config.rbac.rbac_test_role = '_member_'
71
72 self.assertEqual({'admin_role_id': None,
73 'rbac_role_id': '_member_id'},
74 self.rbac_utils.get_roles(caller))
75
76 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
77 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
78 def test_RBAC_utils_get_roles_admin(self, http, config):
79 self.rbac_utils.dictionary = {}
80
81 caller = mock.Mock()
82 caller.admin_client.token = "test_token"
83
84 self.response_data = json.dumps({'roles': [{'name': 'admin',
85 'id': 'admin_id'}]})
86
87 http.request.side_effect = self._response_side_effect
88
89 config.rbac.rbac_test_role = 'admin'
90
91 self.assertEqual({'admin_role_id': 'admin_id',
92 'rbac_role_id': 'admin_id'},
93 self.rbac_utils.get_roles(caller))
94
95 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
96 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
97 def test_RBAC_utils_get_roles_admin_not_role(self, http, config):
98 self.rbac_utils.dictionary = {}
99
100 caller = mock.Mock()
101 caller.admin_client.token = "test_token"
102
103 self.response_data = json.dumps(
104 {'roles': [{'name': 'admin', 'id': 'admin_id'}]}
105 )
106 http.request.side_effect = self._response_side_effect
107
108 self.assertEqual({'admin_role_id': 'admin_id', 'rbac_role_id': None},
109 self.rbac_utils.get_roles(caller))
110
111 def test_RBAC_utils_get_existing_roles(self):
112 self.rbac_utils.dictionary = {'admin_role_id': None,
113 'rbac_role_id': None}
114
115 self.assertEqual({'admin_role_id': None, 'rbac_role_id': None},
116 self.rbac_utils.get_roles(None))
117
118 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
119 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
120 def test_RBAC_utils_get_roles_response_404(self, http, config):
121 self.rbac_utils.dictionary = {}
122
123 caller = mock.Mock()
124 caller.admin_client.token = "test_token"
125
126 http.request.side_effect = self._response_side_effect
127 self.get_response = 404
128
129 self.assertRaises(rbac_exceptions.RbacResourceSetupFailed,
130 self.rbac_utils.get_roles, caller)
131 self.get_response = 200
132
133 def test_RBAC_utils_switch_roles_none(self):
134 self.assertIsNone(self.rbac_utils.switch_role(None))
135
136 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
137 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
138 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
139 def test_RBAC_utils_switch_roles_member(self, http,
140 get_roles, config):
141 get_roles.return_value = {'admin_role_id': None,
142 'rbac_role_id': '_member_id'}
143
144 self.auth_provider = mock.Mock()
145 self.auth_provider.credentials.user_id = "user_id"
146 self.auth_provider.credentials.tenant_id = "tenant_id"
147 self.admin_client = mock.Mock()
148 self.admin_client.token = "admin_token"
149
150 http.request.side_effect = self._response_side_effect
151
152 self.assertIsNone(self.rbac_utils.switch_role(self, "_member_"))
153
154 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
155 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
156 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
157 def test_RBAC_utils_switch_roles_false(self, http,
158 get_roles, config):
159 get_roles.return_value = {'admin_role_id': None,
160 'rbac_role_id': '_member_id'}
161
162 self.auth_provider = mock.Mock()
163 self.auth_provider.credentials.user_id = "user_id"
164 self.auth_provider.credentials.tenant_id = "tenant_id"
165 self.admin_client = mock.Mock()
166 self.admin_client.token = "admin_token"
167
168 http.request.side_effect = self._response_side_effect
169
170 self.assertIsNone(self.rbac_utils.switch_role(self, False))
171
172 @mock.patch('patrole_tempest_plugin.rbac_utils.CONF')
173 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
174 @mock.patch('patrole_tempest_plugin.rbac_utils.http')
175 def test_RBAC_utils_switch_roles_get_roles_fails(self, http,
176 get_roles, config):
177 get_roles.return_value = {'admin_role_id': None,
178 'rbac_role_id': '_member_id'}
179
180 self.auth_provider = mock.Mock()
181 self.auth_provider.credentials.user_id = "user_id"
182 self.auth_provider.credentials.tenant_id = "tenant_id"
183 self.admin_client = mock.Mock()
184 self.admin_client.token = "admin_token"
185
186 self.get_response = 404
187
188 self.assertRaises(rbac_exceptions.RbacResourceSetupFailed,
189 self.rbac_utils.switch_role, self, False)
190
191 self.get_response = 200
192
193 @mock.patch('patrole_tempest_plugin.rbac_utils.RbacUtils.get_roles')
194 def test_RBAC_utils_switch_roles_exception(self, get_roles):
195 get_roles.return_value = {'admin_role_id': None,
196 'rbac_role_id': '_member_id'}
197 self.assertRaises(AttributeError, self.rbac_utils.switch_role,
198 self, "admin")