Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / e04628e8bc75b3071bdd08bd0cd2f80e3f85fa5c / . / tempest / tests / identity / admin / test_roles.py
blob: f71bed02a41f8ba34e7d978d3582287d6425ec5f [file] [log] [blame]
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Copyright 2012 OpenStack, LLC
4# All Rights Reserved.
5#
6# Licensed under the Apache License, Version 2.0 (the "License"); you may
7# not use this file except in compliance with the License. You may obtain
8# a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15# License for the specific language governing permissions and limitations
16# under the License.
17
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]18from tempest.common.utils.data_utils import rand_name
Matthew Treinisha83a16e2012-12-07 13:44:02 -0500[diff] [blame]19from tempest import exceptions
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]20from tempest.tests.identity import base
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]21
22
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]23class RolesTestJSON(base.BaseIdentityAdminTest):
24 _interface = 'json'
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]25
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]26 @classmethod
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]27 def setUpClass(cls):
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]28 super(RolesTestJSON, cls).setUpClass()
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]29 for _ in xrange(5):
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]30 resp, role = cls.client.create_role(rand_name('role-'))
31 cls.data.roles.append(role)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]32
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]33 def _get_role_params(self):
34 self.data.setup_test_user()
35 self.data.setup_test_role()
36 user = self.get_user_by_name(self.data.test_user)
37 tenant = self.get_tenant_by_name(self.data.test_tenant)
38 role = self.get_role_by_name(self.data.test_role)
39 return (user, tenant, role)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]40
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]41 def assert_role_in_role_list(self, role, roles):
42 found = False
43 for user_role in roles:
44 if user_role['id'] == role['id']:
45 found = True
46 self.assertTrue(found, "assigned role was not in list")
47
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]48 def test_list_roles(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]49 # Return a list of all roles
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]50 resp, body = self.client.list_roles()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]51 found = [role for role in body if role in self.data.roles]
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]52 self.assertTrue(any(found))
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]53 self.assertEqual(len(found), len(self.data.roles))
54
55 def test_list_roles_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]56 # Non admin user should not be able to list roles
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]57 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]58 self.non_admin_client.list_roles)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]59
60 def test_list_roles_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]61 # Request to list roles without a valid token should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]62 token = self.client.get_auth()
63 self.client.delete_token(token)
64 self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
65 self.client.clear_auth()
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]66
67 def test_role_create_delete(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]68 # Role should be created, verified, and deleted
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]69 role_name = rand_name('role-test-')
70 resp, body = self.client.create_role(role_name)
71 self.assertTrue('status' in resp)
72 self.assertTrue(resp['status'].startswith('2'))
73 self.assertEqual(role_name, body['name'])
74
75 resp, body = self.client.list_roles()
76 found = [role for role in body if role['name'] == role_name]
77 self.assertTrue(any(found))
78
79 resp, body = self.client.delete_role(found[0]['id'])
80 self.assertTrue('status' in resp)
81 self.assertTrue(resp['status'].startswith('2'))
82
83 resp, body = self.client.list_roles()
84 found = [role for role in body if role['name'] == role_name]
85 self.assertFalse(any(found))
86
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]87 def test_role_create_blank_name(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]88 # Should not be able to create a role with a blank name
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame]89 self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]90
91 def test_role_create_duplicate(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]92 # Role names should be unique
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]93 role_name = rand_name('role-dup-')
94 resp, body = self.client.create_role(role_name)
95 role1_id = body.get('id')
96 self.assertTrue('status' in resp)
97 self.assertTrue(resp['status'].startswith('2'))
Chris Yeohe04628e2013-02-25 17:12:21 +1030[diff] [blame^]98 self.addCleanup(self.client.delete_role, role1_id)
99 self.assertRaises(exceptions.Duplicate, self.client.create_role,
100 role_name)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]101
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]102 def test_assign_user_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]103 # Assign a role to a user on a tenant
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]104 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]105 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
106 resp, roles = self.client.list_user_roles(tenant['id'], user['id'])
Adam Youngddb82892013-02-15 13:10:35 -0500[diff] [blame]107 self.assert_role_in_role_list(role, roles)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]108
109 def test_assign_user_role_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]110 # Non admin user should not be authorized to assign a role to user
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]111 (user, tenant, role) = self._get_role_params()
112 self.assertRaises(exceptions.Unauthorized,
113 self.non_admin_client.assign_user_role,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]114 tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]115
116 def test_assign_user_role_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]117 # Request to assign a role to a user without a valid token
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]118 (user, tenant, role) = self._get_role_params()
119 token = self.client.get_auth()
120 self.client.delete_token(token)
121 self.assertRaises(exceptions.Unauthorized,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]122 self.client.assign_user_role, tenant['id'],
123 user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]124 self.client.clear_auth()
125
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]126 def test_assign_user_role_for_non_existent_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]127 # Attempt to assign a role to a non existent user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]128 (user, tenant, role) = self._get_role_params()
129 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]130 tenant['id'], 'junk-user-id-999', role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]131
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]132 def test_assign_user_role_for_non_existent_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]133 # Attempt to assign a non existent role to user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]134 (user, tenant, role) = self._get_role_params()
135 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]136 tenant['id'], user['id'], 'junk-role-id-12345')
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]137
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]138 def test_assign_user_role_for_non_existent_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]139 # Attempt to assign a role on a non existent tenant should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]140 (user, tenant, role) = self._get_role_params()
141 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]142 'junk-tenant-1234', user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]143
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]144 def test_assign_duplicate_user_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]145 # Duplicate user role should not get assigned
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]146 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]147 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]148 self.assertRaises(exceptions.Duplicate, self.client.assign_user_role,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]149 tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]150
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]151 def test_remove_user_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]152 # Remove a role assigned to a user on a tenant
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]153 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]154 resp, user_role = self.client.assign_user_role(tenant['id'],
155 user['id'], role['id'])
156 resp, body = self.client.remove_user_role(tenant['id'], user['id'],
157 user_role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]158 self.assertEquals(resp['status'], '204')
159
160 def test_remove_user_role_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]161 # Non admin user should not be authorized to remove a user's role
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]162 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]163 resp, user_role = self.client.assign_user_role(tenant['id'],
164 user['id'],
165 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]166 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]167 self.non_admin_client.remove_user_role,
168 tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]169
170 def test_remove_user_role_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]171 # Request to remove a user's role without a valid token
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]172 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]173 resp, user_role = self.client.assign_user_role(tenant['id'],
174 user['id'],
175 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]176 token = self.client.get_auth()
177 self.client.delete_token(token)
178 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]179 self.client.remove_user_role, tenant['id'],
180 user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]181 self.client.clear_auth()
182
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]183 def test_remove_user_role_non_existant_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]184 # Attempt to remove a role from a non existent user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]185 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]186 resp, user_role = self.client.assign_user_role(tenant['id'],
187 user['id'],
188 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]189 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]190 tenant['id'], 'junk-user-id-123', role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]191
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]192 def test_remove_user_role_non_existant_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]193 # Attempt to delete a non existent role from a user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]194 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]195 resp, user_role = self.client.assign_user_role(tenant['id'],
196 user['id'],
197 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]198 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]199 tenant['id'], user['id'], 'junk-user-role-123')
200
201 def test_remove_user_role_non_existant_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]202 # Attempt to remove a role from a non existent tenant should fail
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]203 (user, tenant, role) = self._get_role_params()
204 resp, user_role = self.client.assign_user_role(tenant['id'],
205 user['id'],
206 role['id'])
207 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
208 'junk-tenant-id-123', user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]209
210 def test_list_user_roles(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]211 # List roles assigned to a user on tenant
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]212 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]213 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
214 resp, roles = self.client.list_user_roles(tenant['id'], user['id'])
Adam Youngddb82892013-02-15 13:10:35 -0500[diff] [blame]215 self.assert_role_in_role_list(role, roles)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]216
217 def test_list_user_roles_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]218 # Non admin user should not be authorized to list a user's roles
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]219 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]220 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]221 self.assertRaises(exceptions.Unauthorized,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]222 self.non_admin_client.list_user_roles, tenant['id'],
223 user['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]224
225 def test_list_user_roles_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]226 # Request to list user's roles without a valid token should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]227 (user, tenant, role) = self._get_role_params()
228 token = self.client.get_auth()
229 self.client.delete_token(token)
Jaroslav Henner501cacd2012-08-16 10:32:38 +0200[diff] [blame]230 try:
231 self.assertRaises(exceptions.Unauthorized,
232 self.client.list_user_roles, tenant['id'],
233 user['id'])
234 finally:
235 self.client.clear_auth()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]236
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]237 def test_list_user_roles_for_non_existent_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]238 # Attempt to list roles of a non existent user should fail
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]239 (user, tenant, role) = self._get_role_params()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]240 self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]241 tenant['id'], 'junk-role-aabbcc11')
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]242
243
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]244class RolesTestXML(RolesTestJSON):
245 _interface = 'xml'