From c8e78bb683f76ed3c6ddbc06f02ec9715b623caf Mon Sep 17 00:00:00 2001 From: Lingxian Kong Date: Wed, 29 Mar 2017 21:46:50 +1300 Subject: [PATCH] Role based resource access control - delete executions We already supported role based api access control, this series patches will implement resource access control for mistral, so that administrator could define the rules of resource accessibility, e.g. admin user could get/delete/update the workflows of other tenants according to the policy. Delete executions by admin already supported after following patch merged: https://review.openstack.org/#/c/451160/ This patch adds some tests. Partially implements: blueprint mistral-rbac Change-Id: I918708d5bf76abdf2c2c08bb147fa50bd715f526 --- .../tests/api/v2/test_executions.py | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/mistral_tempest_tests/tests/api/v2/test_executions.py b/mistral_tempest_tests/tests/api/v2/test_executions.py index 28c9891..7495acb 100644 --- a/mistral_tempest_tests/tests/api/v2/test_executions.py +++ b/mistral_tempest_tests/tests/api/v2/test_executions.py @@ -206,6 +206,33 @@ class ExecutionTestsV2(base.TestCase): self.assertEqual('ERROR', body['state']) self.assertEqual('Forced', body['state_info']) + @test.attr(type='sanity') + @decorators.idempotent_id('b5ce0d18-7d78-45bb-813e-ed94cea65fd0') + def test_update_execution_by_admin(self): + _, execution = self.client.create_execution(self.direct_wf_name) + resp, body = self.admin_client.update_execution( + execution['id'], '{"description": "description set by admin"}') + + self.assertEqual(200, resp.status) + self.assertEqual('description set by admin', body['description']) + + resp, body = self.client.get_object('executions', execution['id']) + + self.assertEqual(200, resp.status) + self.assertEqual("description set by admin", body['description']) + + @test.attr(type='sanity') + @decorators.idempotent_id('c6247362-a082-49ad-a2c3-aaf12419a477') + def test_update_execution_by_other_fail(self): + _, execution = self.client.create_execution(self.direct_wf_name) + + self.assertRaises( + exceptions.NotFound, + self.alt_client.update_execution, + execution['id'], + '{"description": "description set by admin"}' + ) + @test.attr(type='negative') @decorators.idempotent_id('d8bde271-6785-4ace-9173-a8a3a01d5eaa') def test_get_nonexistent_execution(self): @@ -283,3 +310,21 @@ class ExecutionTestsV2(base.TestCase): self.assertEqual('RUNNING', execution['state']) self.client.wait_execution(execution, target_state='ERROR') + + @test.attr(type='sanity') + @decorators.idempotent_id('acc8e401-2b26-4c41-9e79-8da791da85c0') + def test_delete_execution_by_admin(self): + _, body = self.client.create_execution(self.direct_wf_id) + exec_id = body['id'] + resp, _ = self.admin_client.delete_obj('executions', exec_id) + + self.assertEqual(204, resp.status) + + self.client.executions.remove(exec_id) + + self.assertRaises( + exceptions.NotFound, + self.client.get_object, + 'executions', + exec_id + )