Implement system member role domain test coverage

This commit introduces the system member role to the API, making sure
system members can execute readable operations, leaving writable
domain operations to system administrators.

Subsequent patches will include domain support for:

  - system admin functionality
  - domain user test coverage
  - project user test coverage

Change-Id: I1d21ba562b007b43fc36a7a2010d35591ca3bae5
Partial-Bug: 1794376
Partial-Bug: 968696
This commit is contained in:
Lance Bragstad 2018-09-27 18:15:48 +00:00
parent 9e8849561b
commit d5a57414b4
1 changed files with 69 additions and 30 deletions

View File

@ -89,36 +89,7 @@ class _SystemUserDomainTests(object):
self.assertEqual(domain['id'], r.json['domain']['id'])
class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin):
def setUp(self):
super(SystemReaderTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)
system_reader = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
self.system_reader_id = PROVIDERS.identity_api.create_user(
system_reader
)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
self.system_reader_id, self.bootstrapper.reader_role_id
)
auth = self.build_authentication_request(
user_id=self.system_reader_id, password=system_reader['password'],
system=True
)
# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}
class _SystemMemberAndReaderDomainTests(object):
def test_user_cannot_create_a_domain(self):
create = {'domain': {'name': uuid.uuid4().hex}}
@ -152,3 +123,71 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
'/v3/domains/%s' % domain['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserDomainTests,
_SystemMemberAndReaderDomainTests):
def setUp(self):
super(SystemReaderTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)
system_reader = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
self.system_reader_id = PROVIDERS.identity_api.create_user(
system_reader
)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
self.system_reader_id, self.bootstrapper.reader_role_id
)
auth = self.build_authentication_request(
user_id=self.system_reader_id, password=system_reader['password'],
system=True
)
# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}
class SystemMemberTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserDomainTests,
_SystemMemberAndReaderDomainTests):
def setUp(self):
super(SystemMemberTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)
system_member = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
self.system_member_id = PROVIDERS.identity_api.create_user(
system_member
)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
self.system_member_id, self.bootstrapper.member_role_id
)
auth = self.build_authentication_request(
user_id=self.system_member_id, password=system_member['password'],
system=True
)
# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}