Add RBAC tests for orders
We have RBAC tests for secrets and containers, now adding them for orders. Change-Id: I09a1d44f2ab07722552ee94d38f3b25ebe1a4e99
This commit is contained in:
parent
91bed48d48
commit
4f45662cc6
|
@ -19,18 +19,22 @@ from functionaltests.api.v1.models import order_models
|
|||
|
||||
class OrderBehaviors(base_behaviors.BaseBehaviors):
|
||||
|
||||
def create_order(self, model, extra_headers=None, use_auth=True):
|
||||
def create_order(self, model, extra_headers=None, use_auth=True,
|
||||
user_name=None, admin=None):
|
||||
"""Create an order from the data in the model.
|
||||
|
||||
:param model: The data used to create the order
|
||||
:param extra_headers: Optional HTTP headers to add to the request
|
||||
:param use_auth: Boolean to determine whether auth headers are sent
|
||||
:param user_name: the user used to do the create
|
||||
:param admin: the admin of the group to which user_name belongs
|
||||
:return: The create response and href for the order
|
||||
"""
|
||||
|
||||
# create the order
|
||||
resp = self.client.post('orders', request_model=model,
|
||||
extra_headers=extra_headers, use_auth=use_auth)
|
||||
extra_headers=extra_headers,
|
||||
user_name=user_name, use_auth=use_auth)
|
||||
|
||||
# handle expected JSON parsing errors for unauthenticated requests
|
||||
if resp.status_code == 401 and not use_auth:
|
||||
|
@ -39,26 +43,29 @@ class OrderBehaviors(base_behaviors.BaseBehaviors):
|
|||
returned_data = self.get_json(resp)
|
||||
order_ref = returned_data.get('order_ref')
|
||||
|
||||
# remember this order for our housekeeping cleanup
|
||||
# remember this order and its admin for our housekeeping cleanup
|
||||
if order_ref:
|
||||
self.created_entities.append(order_ref)
|
||||
self.created_entities.append((order_ref, admin))
|
||||
|
||||
return resp, order_ref
|
||||
|
||||
def get_order(self, order_ref, extra_headers=None, use_auth=True):
|
||||
def get_order(self, order_ref, extra_headers=None, user_name=None,
|
||||
use_auth=True):
|
||||
"""Get an order from an href.
|
||||
|
||||
:param order_ref: The href for an order
|
||||
:param extra_headers: Optional HTTP headers to add to the request
|
||||
:param user_name: the user used to do the get
|
||||
:param use_auth: Boolean to determine whether auth headers are sent
|
||||
:return: The response from the get
|
||||
"""
|
||||
return self.client.get(order_ref,
|
||||
response_model_type=order_models.OrderModel,
|
||||
extra_headers=extra_headers, use_auth=use_auth)
|
||||
extra_headers=extra_headers,
|
||||
user_name=user_name, use_auth=use_auth)
|
||||
|
||||
def get_orders(self, limit=10, offset=0, name_filter=None,
|
||||
extra_headers=None, use_auth=True):
|
||||
extra_headers=None, user_name=None, use_auth=True):
|
||||
"""Get a list of orders.
|
||||
|
||||
:param limit: limits number of returned orders (default 10)
|
||||
|
@ -67,6 +74,7 @@ class OrderBehaviors(base_behaviors.BaseBehaviors):
|
|||
:param name_filter: optional filter to limit the returned secrets to
|
||||
those whose name matches the filter.
|
||||
:param extra_headers: Optional HTTP headers to add to the request
|
||||
:param user_name: the user used to do the get
|
||||
:param use_auth: Boolean to determine whether auth headers are sent
|
||||
:return the response, a list of orders and the next/pref hrefs
|
||||
"""
|
||||
|
@ -75,7 +83,8 @@ class OrderBehaviors(base_behaviors.BaseBehaviors):
|
|||
params['name'] = name_filter
|
||||
|
||||
resp = self.client.get('orders', params=params,
|
||||
extra_headers=extra_headers, use_auth=use_auth)
|
||||
extra_headers=extra_headers,
|
||||
user_name=user_name, use_auth=use_auth)
|
||||
|
||||
# handle expected JSON parsing errors for unauthenticated requests
|
||||
if resp.status_code == 401 and not use_auth:
|
||||
|
@ -89,7 +98,7 @@ class OrderBehaviors(base_behaviors.BaseBehaviors):
|
|||
return resp, orders, next_ref, prev_ref
|
||||
|
||||
def delete_order(self, order_ref, extra_headers=None, expected_fail=False,
|
||||
use_auth=True):
|
||||
user_name=None, use_auth=True):
|
||||
"""Delete an order.
|
||||
|
||||
:param order_ref: HATEOS ref of the order to be deleted
|
||||
|
@ -100,17 +109,22 @@ class OrderBehaviors(base_behaviors.BaseBehaviors):
|
|||
determine whether or not this delete should
|
||||
also remove an entity from our internal
|
||||
list for housekeeping.
|
||||
:param user_name: the user used to do the delete
|
||||
:param use_auth: Boolean to determine whether auth headers are sent
|
||||
:return A request response object
|
||||
"""
|
||||
resp = self.client.delete(order_ref, extra_headers=extra_headers,
|
||||
use_auth=use_auth)
|
||||
user_name=user_name, use_auth=use_auth)
|
||||
|
||||
if not expected_fail:
|
||||
self.created_entities.remove(order_ref)
|
||||
for item in self.created_entities:
|
||||
if item[0] == order_ref:
|
||||
self.created_entities.remove(item)
|
||||
|
||||
return resp
|
||||
|
||||
def delete_all_created_orders(self):
|
||||
"""Delete all of the orders that we have created."""
|
||||
orders_to_delete = [order for order in self.created_entities]
|
||||
for order_ref in orders_to_delete:
|
||||
self.delete_order(order_ref)
|
||||
for (order_ref, admin) in orders_to_delete:
|
||||
self.delete_order(order_ref, user_name=admin)
|
||||
|
|
|
@ -0,0 +1,197 @@
|
|||
# Copyright (c) 2015 Rackspace
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from barbican.tests import utils
|
||||
from functionaltests.api import base
|
||||
from functionaltests.api.v1.behaviors import order_behaviors
|
||||
from functionaltests.api.v1.models import order_models
|
||||
from functionaltests.common import config
|
||||
|
||||
|
||||
CONF = config.get_config()
|
||||
admin_a = CONF.rbac_users.admin_a
|
||||
creator_a = CONF.rbac_users.creator_a
|
||||
observer_a = CONF.rbac_users.observer_a
|
||||
auditor_a = CONF.rbac_users.auditor_a
|
||||
|
||||
|
||||
test_data_rbac_create_order = {
|
||||
'with_admin_a': {'user': admin_a, 'admin': admin_a,
|
||||
'expected_return': 202},
|
||||
'with_creator_a': {'user': creator_a, 'admin': admin_a,
|
||||
'expected_return': 202},
|
||||
'with_observer_a': {'user': observer_a, 'admin': admin_a,
|
||||
'expected_return': 403},
|
||||
'with_auditor_a': {'user': auditor_a, 'admin': admin_a,
|
||||
'expected_return': 403},
|
||||
}
|
||||
|
||||
|
||||
test_data_rbac_get_order = {
|
||||
'with_admin_a': {'user': admin_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
'with_creator_a': {'user': creator_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
'with_observer_a': {'user': observer_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
'with_auditor_a': {'user': auditor_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
}
|
||||
|
||||
|
||||
test_data_rbac_get_list_of_orders = {
|
||||
'with_admin_a': {'user': admin_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
'with_creator_a': {'user': creator_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
'with_observer_a': {'user': observer_a, 'admin': admin_a,
|
||||
'expected_return': 200},
|
||||
'with_auditor_a': {'user': auditor_a, 'admin': admin_a,
|
||||
'expected_return': 403},
|
||||
}
|
||||
|
||||
test_data_rbac_delete_order = {
|
||||
'with_admin_a': {'user': admin_a, 'admin': admin_a,
|
||||
'expected_return': 204},
|
||||
'with_creator_a': {'user': creator_a, 'admin': admin_a,
|
||||
'expected_return': 403},
|
||||
'with_observer_a': {'user': observer_a, 'admin': admin_a,
|
||||
'expected_return': 403},
|
||||
'with_auditor_a': {'user': auditor_a, 'admin': admin_a,
|
||||
'expected_return': 403},
|
||||
}
|
||||
|
||||
|
||||
def get_default_order_data():
|
||||
return {'type': 'key',
|
||||
"meta": {
|
||||
"name": "barbican functional test order name",
|
||||
"algorithm": "aes",
|
||||
"bit_length": 256,
|
||||
"mode": "cbc",
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@utils.parameterized_test_case
|
||||
class RBACOrdersTestCase(base.TestCase):
|
||||
"""Functional tests exercising RBAC Policies"""
|
||||
def setUp(self):
|
||||
super(RBACOrdersTestCase, self).setUp()
|
||||
self.order_behaviors = order_behaviors.OrderBehaviors(self.client)
|
||||
|
||||
def tearDown(self):
|
||||
self.order_behaviors.delete_all_created_orders()
|
||||
super(RBACOrdersTestCase, self).tearDown()
|
||||
|
||||
@utils.parameterized_dataset(test_data_rbac_create_order)
|
||||
def test_rbac_create_order(self, user, admin, expected_return):
|
||||
"""Test RBAC for order creation
|
||||
|
||||
Issue an order creation and verify that that the correct
|
||||
http return code comes back for the specified user.
|
||||
|
||||
:param user: the user who will attempt to do the create
|
||||
:param admin: the admin of the group containing the user
|
||||
:param expected_return: the expected http return code
|
||||
"""
|
||||
test_model = order_models.OrderModel(**get_default_order_data())
|
||||
resp, order_ref = self.order_behaviors.create_order(test_model,
|
||||
user_name=user,
|
||||
admin=admin)
|
||||
self.assertEqual(expected_return, resp.status_code)
|
||||
self.assertEqual(expected_return == 202, order_ref is not None)
|
||||
|
||||
@utils.parameterized_dataset(test_data_rbac_get_order)
|
||||
def test_rbac_get_order(self, user, admin, expected_return):
|
||||
"""Test RBAC for order get metadata
|
||||
|
||||
Issue an order get and verify that that the correct
|
||||
http return code comes back for the specified user.
|
||||
|
||||
The initial order will be created with the admin user to ensure
|
||||
that it gets created successfully. We don't want the order
|
||||
create to fail since we are only testing order get here.
|
||||
|
||||
:param user: the user who will attempt to do the get
|
||||
:param admin: the admin of the group containing the user
|
||||
:param expected_return: the expected http return code
|
||||
"""
|
||||
order_ref = self._create_initial_order(admin=admin)
|
||||
|
||||
resp = self.order_behaviors.get_order(order_ref, user_name=user)
|
||||
self.assertEqual(expected_return, resp.status_code)
|
||||
self.assertEqual(expected_return == 200, resp.content is not None)
|
||||
|
||||
@utils.parameterized_dataset(test_data_rbac_get_list_of_orders)
|
||||
def test_rbac_get_list_of_orders(self, user, admin, expected_return):
|
||||
"""Test RBAC for get order list
|
||||
|
||||
Issue an get order list and verify that that the correct
|
||||
http return code comes back for the specified user.
|
||||
|
||||
Some initial orders will be stored with the admin user to ensure
|
||||
that they get created successfully. We don't want the order
|
||||
creates to fail since we are only testing get order list.
|
||||
|
||||
:param user: the user who will attempt to get the list of orders
|
||||
:param admin: the admin of the group containing the user
|
||||
:param expected_return: the expected http return code
|
||||
"""
|
||||
for i in range(3):
|
||||
order_ref = self._create_initial_order(admin=admin)
|
||||
self.assertIsNotNone(order_ref)
|
||||
|
||||
resp, orders, next, prev = self.order_behaviors.get_orders(
|
||||
limit=10, offset=0, user_name=user)
|
||||
self.assertEqual(expected_return, resp.status_code)
|
||||
self.assertIsNotNone(orders)
|
||||
|
||||
@utils.parameterized_dataset(test_data_rbac_delete_order)
|
||||
def test_rbac_delete_order(self, user, admin, expected_return):
|
||||
"""Test RBAC for order delete
|
||||
|
||||
Issue an order delete and verify that that the correct
|
||||
http return code comes back for the specified user.
|
||||
|
||||
The initial order will be stored with the admin user to ensure
|
||||
that it gets created successfully. We don't want the order
|
||||
create to fail since we are only testing order delete here.
|
||||
|
||||
:param user: the user who will attempt to do the delete
|
||||
:param admin: the admin of the group containing the user
|
||||
:param expected_return: the expected http return code
|
||||
"""
|
||||
order_ref = self._create_initial_order(admin=admin)
|
||||
|
||||
resp = self.order_behaviors.delete_order(order_ref, user_name=user)
|
||||
self.assertEqual(expected_return, resp.status_code)
|
||||
|
||||
def _create_initial_order(self, admin=admin_a,
|
||||
order_data=get_default_order_data()):
|
||||
"""Utility function to create an order
|
||||
|
||||
Some tests require a order to exist before they test certain things,
|
||||
so this function can be used to do that setup.
|
||||
|
||||
:param admin: the admin user who will create the order
|
||||
:param order_data: the data for the order
|
||||
:return: href to the newly created order
|
||||
"""
|
||||
test_model = order_models.OrderModel(**order_data)
|
||||
resp, order_ref = self.order_behaviors.create_order(test_model,
|
||||
user_name=admin)
|
||||
self.assertEqual(202, resp.status_code)
|
||||
return order_ref
|
Loading…
Reference in New Issue