openstack
/
keystone
Code Issues Proposed changes

Implement system member test coverage for groups 

This commit introduces explicity test coverage for system members,
making sure they are allowed to perform readable and not writable
group operations.

Subsequent patches will incorporate:

  - system admin functionality
  - domain reader functionality
  - domain member test coverage
  - domain admin functionality

Change-Id: Ie22a18ac7b243089509001fda930474f55e29d3f
Related-Bug: 1805369
Related-Bug: 1808859
Related-Bug: 968696
This commit is contained in:
Lance Bragstad 2018-12-17 22:43:21 +00:00
parent feb0d58df4
commit f66070995d
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
keystone/tests/unit/protection/v3/test_groups.py
View File

@ -246,6 +246,40 @@ class SystemReaderTests(base_classes.TestCaseWithBootstrap,
self.headers = {'X-Auth-Token': self.token_id}
class SystemMemberTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin,
_SystemUserGroupTests,
_SystemMemberAndReaderGroupTests):
def setUp(self):
super(SystemMemberTests, self).setUp()
self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True)
system_member = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
self.user_id = PROVIDERS.identity_api.create_user(
system_member
)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
self.user_id, self.bootstrapper.member_role_id
)
auth = self.build_authentication_request(
user_id=self.user_id, password=system_member['password'],
system=True
)
# Grab a token using the persona we're testing and prepare headers
# for requests we'll be making in the tests.
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
self.token_id = r.headers['X-Subject-Token']
self.headers = {'X-Auth-Token': self.token_id}
class ProjectUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin):