From bb8ebfd659b7b8b5804ec77e20f58fbd777b9fb7 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Wed, 21 Nov 2018 13:19:34 +0000 Subject: [PATCH] Add tests for project users interacting with regions This commit introduces some tests that show how project users are expected to behave with the regions API. A subsequent patch will clean up the now obsolete policies in the v3.cloudsample.json policy file. Change-Id: I3f2fa736019eb143a4747e708b948660a8567705 Related-Bug: 1804292 --- .../tests/unit/protection/v3/test_regions.py | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/keystone/tests/unit/protection/v3/test_regions.py b/keystone/tests/unit/protection/v3/test_regions.py index 7acb9adc79..0cdfb51bf1 100644 --- a/keystone/tests/unit/protection/v3/test_regions.py +++ b/keystone/tests/unit/protection/v3/test_regions.py @@ -265,3 +265,75 @@ class DomainUserTests(base_classes.TestCaseWithBootstrap, r = c.post('/v3/auth/tokens', json=auth) self.token_id = r.headers['X-Subject-Token'] self.headers = {'X-Auth-Token': self.token_id} + + +class ProjectUserTests(base_classes.TestCaseWithBootstrap, + common_auth.AuthTestMixin, + _UserRegionTests, + _DomainAndProjectUserRegionTests): + + def setUp(self): + super(ProjectUserTests, self).setUp() + self.loadapp() + self.useFixture(ksfixtures.Policy(self.config_fixture)) + self.config_fixture.config(group='oslo_policy', enforce_scope=True) + + # Reuse the system administrator account created during + # ``keystone-manage bootstrap`` + self.user_id = self.bootstrapper.admin_user_id + auth = self.build_authentication_request( + user_id=self.user_id, + password=self.bootstrapper.admin_password, + project_id=self.bootstrapper.project_id + ) + + # Grab a token using the persona we're testing and prepare headers + # for requests we'll be making in the tests. + with self.test_client() as c: + r = c.post('/v3/auth/tokens', json=auth) + self.token_id = r.headers['X-Subject-Token'] + self.headers = {'X-Auth-Token': self.token_id} + + +class ProjectUserTestsWithoutEnforceScope( + base_classes.TestCaseWithBootstrap, + common_auth.AuthTestMixin, + _UserRegionTests, + _DomainAndProjectUserRegionTests): + + def setUp(self): + super(ProjectUserTestsWithoutEnforceScope, self).setUp() + self.loadapp() + self.useFixture(ksfixtures.Policy(self.config_fixture)) + + # Explicityly set enforce_scope to False to make sure we maintain + # backwards compatibility with project users. + self.config_fixture.config(group='oslo_policy', enforce_scope=False) + + domain = PROVIDERS.resource_api.create_domain( + uuid.uuid4().hex, unit.new_domain_ref() + ) + user = unit.new_user_ref(domain_id=domain['id']) + self.user_id = PROVIDERS.identity_api.create_user(user)['id'] + + self.project_id = PROVIDERS.resource_api.create_project( + uuid.uuid4().hex, unit.new_project_ref(domain_id=domain['id']) + )['id'] + + PROVIDERS.assignment_api.create_grant( + self.bootstrapper.member_role_id, user_id=self.user_id, + project_id=self.project_id + ) + + auth = self.build_authentication_request( + user_id=self.user_id, + password=user['password'], + project_id=self.project_id + ) + + # Grab a token using the persona we're testing and prepare headers + # for requests we'll be making in the tests. + with self.test_client() as c: + r = c.post('/v3/auth/tokens', json=auth) + self.token_id = r.headers['X-Subject-Token'] + self.headers = {'X-Auth-Token': self.token_id}