197 lines
6.4 KiB
Python
197 lines
6.4 KiB
Python
# Copyright 2020 SUSE LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import abc
|
|
|
|
from tempest.api.identity import base
|
|
from tempest.lib.common.utils import data_utils
|
|
from tempest.lib import exceptions
|
|
|
|
from keystone_tempest_plugin.tests.rbac.v3 import base as rbac_base
|
|
|
|
|
|
class IdentityV3RbacOauth1ConsumerTest(rbac_base.IdentityV3RbacBaseTests,
|
|
metaclass=abc.ABCMeta):
|
|
|
|
@classmethod
|
|
def setup_clients(cls):
|
|
super(IdentityV3RbacOauth1ConsumerTest, cls).setup_clients()
|
|
cls.persona = getattr(cls, 'os_%s' % cls.credentials[0])
|
|
cls.client = cls.persona.oauth_consumers_client
|
|
cls.admin_client = cls.os_system_admin.oauth_consumers_client
|
|
|
|
def consumer(self):
|
|
return {"description": data_utils.arbitrary_string()}
|
|
|
|
@abc.abstractmethod
|
|
def test_identity_create_consumer(self):
|
|
"""Test identity:create_consumer policy.
|
|
|
|
This test must check:
|
|
* whether the persona can create a consumer
|
|
"""
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def test_identity_get_consumer(self):
|
|
"""Test identity:get_consumer policy.
|
|
|
|
This test must check:
|
|
* whether the persona can get a consumer
|
|
"""
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def test_identity_list_consumers(self):
|
|
"""Test identity:list_consumers policy.
|
|
|
|
This test must check:
|
|
* whether the persona can list all consumers
|
|
"""
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def test_identity_update_consumer(self):
|
|
"""Test identity:update_consumer policy.
|
|
|
|
This test must check:
|
|
* whether the persona can update a
|
|
"""
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def test_identity_delete_consumer(self):
|
|
"""Test identity:delete_consumer policy.
|
|
|
|
This test must check
|
|
* whether the persona can delete a consumer
|
|
"""
|
|
pass
|
|
|
|
|
|
class SystemAdminTests(
|
|
IdentityV3RbacOauth1ConsumerTest, base.BaseIdentityTest):
|
|
|
|
credentials = ['system_admin']
|
|
|
|
def test_identity_create_consumer(self):
|
|
resp = self.do_request('create_consumer',
|
|
expected_status=201,
|
|
**self.consumer())
|
|
self.addCleanup(self.client.delete_consumer,
|
|
resp['consumer']['id'])
|
|
|
|
def test_identity_get_consumer(self):
|
|
consumer = self.admin_client.create_consumer(
|
|
**self.consumer())['consumer']
|
|
self.addCleanup(self.admin_client.delete_consumer, consumer['id'])
|
|
resp = self.do_request('show_consumer', consumer_id=consumer['id'])
|
|
self.assertEqual(resp['consumer']['id'], consumer['id'])
|
|
|
|
def test_identity_list_consumers(self):
|
|
consumer = self.admin_client.create_consumer(
|
|
**self.consumer())['consumer']
|
|
self.addCleanup(self.admin_client.delete_consumer, consumer['id'])
|
|
resp = self.do_request('list_consumers')
|
|
self.assertIn(consumer['id'], set(c['id'] for c in resp['consumers']))
|
|
|
|
def test_identity_update_consumer(self):
|
|
consumer = self.client.create_consumer(**self.consumer())['consumer']
|
|
self.addCleanup(self.client.delete_consumer, consumer['id'])
|
|
self.do_request('update_consumer',
|
|
consumer_id=consumer['id'],
|
|
description=data_utils.arbitrary_string())
|
|
|
|
def test_identity_delete_consumer(self):
|
|
consumer = self.client.create_consumer(**self.consumer())['consumer']
|
|
self.do_request('delete_consumer',
|
|
expected_status=204,
|
|
consumer_id=consumer['id'])
|
|
|
|
|
|
class SystemMemberTests(SystemAdminTests):
|
|
|
|
credentials = ['system_member', 'system_admin']
|
|
|
|
def test_identity_create_consumer(self):
|
|
self.do_request('create_consumer',
|
|
expected_status=exceptions.Forbidden,
|
|
**self.consumer())
|
|
|
|
def test_identity_update_consumer(self):
|
|
consumer = self.admin_client.create_consumer(
|
|
**self.consumer())['consumer']
|
|
self.addCleanup(self.admin_client.delete_consumer, consumer['id'])
|
|
self.do_request('update_consumer',
|
|
expected_status=exceptions.Forbidden,
|
|
consumer_id=consumer['id'],
|
|
description=data_utils.arbitrary_string())
|
|
|
|
def test_identity_delete_consumer(self):
|
|
consumer = self.admin_client.create_consumer(
|
|
**self.consumer())['consumer']
|
|
self.do_request('delete_consumer',
|
|
expected_status=exceptions.Forbidden,
|
|
consumer_id=consumer['id'])
|
|
|
|
|
|
class SystemReaderTests(SystemMemberTests):
|
|
|
|
credentials = ['system_reader', 'system_admin']
|
|
|
|
|
|
class DomainAdminTests(SystemMemberTests):
|
|
|
|
credentials = ['domain_admin', 'system_admin']
|
|
|
|
def test_identity_get_consumer(self):
|
|
consumer = self.admin_client.create_consumer(
|
|
**self.consumer())['consumer']
|
|
self.addCleanup(self.admin_client.delete_consumer, consumer['id'])
|
|
self.do_request('show_consumer',
|
|
expected_status=exceptions.Forbidden,
|
|
consumer_id=consumer['id'])
|
|
|
|
def test_identity_list_consumers(self):
|
|
consumer = self.admin_client.create_consumer(
|
|
**self.consumer())['consumer']
|
|
self.addCleanup(self.admin_client.delete_consumer, consumer['id'])
|
|
self.do_request('list_consumers',
|
|
expected_status=exceptions.Forbidden)
|
|
|
|
|
|
class DomainMemberTests(DomainAdminTests):
|
|
|
|
credentials = ['domain_member', 'system_admin']
|
|
|
|
|
|
class DomainReaderTests(DomainMemberTests):
|
|
|
|
credentials = ['domain_reader', 'system_admin']
|
|
|
|
|
|
class ProjectAdminTests(DomainReaderTests):
|
|
|
|
credentials = ['project_admin', 'system_admin']
|
|
|
|
|
|
class ProjectMemberTests(ProjectAdminTests):
|
|
|
|
credentials = ['project_member', 'system_admin']
|
|
|
|
|
|
class ProjectReaderTests(ProjectAdminTests):
|
|
|
|
credentials = ['project_reader', 'system_admin']
|