From 19a2ccb51ed1df2b1edaf5de36e7f237281cb8f8 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Thu, 14 Dec 2017 18:11:46 +0000 Subject: [PATCH] Introduce assertions for system-scoped token testing This commit consists of some utilities that we can use when testing system-scoped tokens. A subsequent patch will use them when implementing the tests. bp system-scope Change-Id: If011ff7630cda1f7330a7657dd8e6249f0af5442 --- keystone/tests/common/auth.py | 10 +++++--- keystone/tests/unit/test_v3.py | 45 +++++++++++++++++++++++++++++++--- 2 files changed, 48 insertions(+), 7 deletions(-) diff --git a/keystone/tests/common/auth.py b/keystone/tests/common/auth.py index 7df65382fe..4ebbac28bd 100644 --- a/keystone/tests/common/auth.py +++ b/keystone/tests/common/auth.py @@ -14,13 +14,15 @@ class AuthTestMixin(object): """To hold auth building helper functions.""" - def _build_auth_scope(self, project_id=None, project_name=None, - project_domain_id=None, project_domain_name=None, - domain_id=None, domain_name=None, trust_id=None, - unscoped=None): + def _build_auth_scope(self, system=False, project_id=None, + project_name=None, project_domain_id=None, + project_domain_name=None, domain_id=None, + domain_name=None, trust_id=None, unscoped=None): scope_data = {} if unscoped: scope_data['unscoped'] = {} + elif system: + scope_data['system'] = {'all': True} elif project_id or project_name: scope_data['project'] = {} if project_id: diff --git a/keystone/tests/unit/test_v3.py b/keystone/tests/unit/test_v3.py index 599a6afb13..f042d7e9cc 100644 --- a/keystone/tests/unit/test_v3.py +++ b/keystone/tests/unit/test_v3.py @@ -40,7 +40,8 @@ TIME_FORMAT = unit.TIME_FORMAT class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, common_auth.AuthTestMixin): - def generate_token_schema(self, domain_scoped=False, project_scoped=False): + def generate_token_schema(self, system_scoped=False, domain_scoped=False, + project_scoped=False): """Return a dictionary of token properties to validate against.""" properties = { 'audit_ids': { @@ -99,7 +100,28 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, } } - if domain_scoped: + if system_scoped: + properties['catalog'] = {'type': 'array'} + properties['system'] = { + 'type': 'object', + 'properties': { + 'all': {'type': 'boolean'} + } + } + properties['roles'] = { + 'type': 'array', + 'items': { + 'type': 'object', + 'properties': { + 'id': {'type': 'string', }, + 'name': {'type': 'string', }, + }, + 'required': ['id', 'name', ], + 'additionalProperties': False, + }, + 'minItems': 1, + } + elif domain_scoped: properties['catalog'] = {'type': 'array'} properties['roles'] = { 'type': 'array', @@ -156,7 +178,10 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, 'additionalProperties': False } - if domain_scoped: + if system_scoped: + schema['required'].extend(['system', 'roles']) + schema['optional'].append('catalog') + elif domain_scoped: schema['required'].extend(['domain', 'roles']) schema['optional'].append('catalog') elif project_scoped: @@ -682,6 +707,20 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, return token + def assertValidSystemScopedTokenResponse(self, r, *args, **kwargs): + token = self.assertValidTokenResponse(r) + self.assertTrue(token['system']['all']) + + system_scoped_token_schema = self.generate_token_schema( + system_scoped=True + ) + validator_object = validators.SchemaValidator( + system_scoped_token_schema + ) + validator_object.validate(token) + + return token + def assertEqualTokens(self, a, b): """Assert that two tokens are equal.