Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 121499d46aecfa14aababa08a32cf636d5b66d05 / . / tempest / tests / identity / admin / test_roles.py
blob: 53c5b0d671dd027d6fe969566f5efd63d0451f59 [file] [log] [blame]
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Copyright 2012 OpenStack, LLC
4# All Rights Reserved.
5#
6# Licensed under the Apache License, Version 2.0 (the "License"); you may
7# not use this file except in compliance with the License. You may obtain
8# a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15# License for the specific language governing permissions and limitations
16# under the License.
17
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]18from tempest.common.utils.data_utils import rand_name
Matthew Treinisha83a16e2012-12-07 13:44:02 -0500[diff] [blame]19from tempest import exceptions
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]20from tempest.tests.identity import base
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]21
22
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]23class RolesTestJSON(base.BaseIdentityAdminTest):
24 _interface = 'json'
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]25
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]26 @classmethod
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]27 def setUpClass(cls):
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]28 super(RolesTestJSON, cls).setUpClass()
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]29 for _ in xrange(5):
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]30 resp, role = cls.client.create_role(rand_name('role-'))
31 cls.data.roles.append(role)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]32
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]33 def _get_role_params(self):
34 self.data.setup_test_user()
35 self.data.setup_test_role()
36 user = self.get_user_by_name(self.data.test_user)
37 tenant = self.get_tenant_by_name(self.data.test_tenant)
38 role = self.get_role_by_name(self.data.test_role)
39 return (user, tenant, role)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]40
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]41 def assert_role_in_role_list(self, role, roles):
42 found = False
43 for user_role in roles:
44 if user_role['id'] == role['id']:
45 found = True
46 self.assertTrue(found, "assigned role was not in list")
47
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]48 def test_list_roles(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]49 # Return a list of all roles
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]50 resp, body = self.client.list_roles()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]51 found = [role for role in body if role in self.data.roles]
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]52 self.assertTrue(any(found))
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]53 self.assertEqual(len(found), len(self.data.roles))
54
55 def test_list_roles_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]56 # Non admin user should not be able to list roles
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]57 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]58 self.non_admin_client.list_roles)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]59
60 def test_list_roles_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]61 # Request to list roles without a valid token should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]62 token = self.client.get_auth()
63 self.client.delete_token(token)
64 self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
65 self.client.clear_auth()
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]66
67 def test_role_create_delete(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]68 # Role should be created, verified, and deleted
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]69 role_name = rand_name('role-test-')
70 resp, body = self.client.create_role(role_name)
71 self.assertTrue('status' in resp)
72 self.assertTrue(resp['status'].startswith('2'))
73 self.assertEqual(role_name, body['name'])
74
75 resp, body = self.client.list_roles()
76 found = [role for role in body if role['name'] == role_name]
77 self.assertTrue(any(found))
78
79 resp, body = self.client.delete_role(found[0]['id'])
80 self.assertTrue('status' in resp)
81 self.assertTrue(resp['status'].startswith('2'))
82
83 resp, body = self.client.list_roles()
84 found = [role for role in body if role['name'] == role_name]
85 self.assertFalse(any(found))
86
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]87 def test_role_create_blank_name(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]88 # Should not be able to create a role with a blank name
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame]89 self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]90
91 def test_role_create_duplicate(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]92 # Role names should be unique
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]93 role_name = rand_name('role-dup-')
94 resp, body = self.client.create_role(role_name)
95 role1_id = body.get('id')
96 self.assertTrue('status' in resp)
97 self.assertTrue(resp['status'].startswith('2'))
98
99 try:
100 resp, body = self.client.create_role(role_name)
101 # this should raise an exception
102 self.fail('Should not be able to create a duplicate role name.'
103 ' %s' % role_name)
104 except exceptions.Duplicate:
105 pass
106 self.client.delete_role(role1_id)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]107
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]108 def test_assign_user_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]109 # Assign a role to a user on a tenant
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]110 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]111 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
112 resp, roles = self.client.list_user_roles(tenant['id'], user['id'])
Adam Youngddb82892013-02-15 13:10:35 -0500[diff] [blame]113 self.assert_role_in_role_list(role, roles)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]114
115 def test_assign_user_role_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]116 # Non admin user should not be authorized to assign a role to user
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]117 (user, tenant, role) = self._get_role_params()
118 self.assertRaises(exceptions.Unauthorized,
119 self.non_admin_client.assign_user_role,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]120 tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]121
122 def test_assign_user_role_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]123 # Request to assign a role to a user without a valid token
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]124 (user, tenant, role) = self._get_role_params()
125 token = self.client.get_auth()
126 self.client.delete_token(token)
127 self.assertRaises(exceptions.Unauthorized,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]128 self.client.assign_user_role, tenant['id'],
129 user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]130 self.client.clear_auth()
131
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]132 def test_assign_user_role_for_non_existent_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]133 # Attempt to assign a role to a non existent user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]134 (user, tenant, role) = self._get_role_params()
135 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]136 tenant['id'], 'junk-user-id-999', role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]137
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]138 def test_assign_user_role_for_non_existent_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]139 # Attempt to assign a non existent role to user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]140 (user, tenant, role) = self._get_role_params()
141 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]142 tenant['id'], user['id'], 'junk-role-id-12345')
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]143
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]144 def test_assign_user_role_for_non_existent_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]145 # Attempt to assign a role on a non existent tenant should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]146 (user, tenant, role) = self._get_role_params()
147 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]148 'junk-tenant-1234', user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]149
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]150 def test_assign_duplicate_user_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]151 # Duplicate user role should not get assigned
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]152 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]153 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]154 self.assertRaises(exceptions.Duplicate, self.client.assign_user_role,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]155 tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]156
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]157 def test_remove_user_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]158 # Remove a role assigned to a user on a tenant
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]159 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]160 resp, user_role = self.client.assign_user_role(tenant['id'],
161 user['id'], role['id'])
162 resp, body = self.client.remove_user_role(tenant['id'], user['id'],
163 user_role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]164 self.assertEquals(resp['status'], '204')
165
166 def test_remove_user_role_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]167 # Non admin user should not be authorized to remove a user's role
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]168 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]169 resp, user_role = self.client.assign_user_role(tenant['id'],
170 user['id'],
171 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]172 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]173 self.non_admin_client.remove_user_role,
174 tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]175
176 def test_remove_user_role_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]177 # Request to remove a user's role without a valid token
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]178 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]179 resp, user_role = self.client.assign_user_role(tenant['id'],
180 user['id'],
181 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]182 token = self.client.get_auth()
183 self.client.delete_token(token)
184 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]185 self.client.remove_user_role, tenant['id'],
186 user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]187 self.client.clear_auth()
188
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]189 def test_remove_user_role_non_existant_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]190 # Attempt to remove a role from a non existent user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]191 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]192 resp, user_role = self.client.assign_user_role(tenant['id'],
193 user['id'],
194 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]195 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]196 tenant['id'], 'junk-user-id-123', role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]197
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]198 def test_remove_user_role_non_existant_role(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]199 # Attempt to delete a non existent role from a user should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]200 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]201 resp, user_role = self.client.assign_user_role(tenant['id'],
202 user['id'],
203 role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]204 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]205 tenant['id'], user['id'], 'junk-user-role-123')
206
207 def test_remove_user_role_non_existant_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]208 # Attempt to remove a role from a non existent tenant should fail
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]209 (user, tenant, role) = self._get_role_params()
210 resp, user_role = self.client.assign_user_role(tenant['id'],
211 user['id'],
212 role['id'])
213 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
214 'junk-tenant-id-123', user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]215
216 def test_list_user_roles(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]217 # List roles assigned to a user on tenant
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]218 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]219 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
220 resp, roles = self.client.list_user_roles(tenant['id'], user['id'])
Adam Youngddb82892013-02-15 13:10:35 -0500[diff] [blame]221 self.assert_role_in_role_list(role, roles)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]222
223 def test_list_user_roles_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]224 # Non admin user should not be authorized to list a user's roles
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]225 (user, tenant, role) = self._get_role_params()
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]226 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]227 self.assertRaises(exceptions.Unauthorized,
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]228 self.non_admin_client.list_user_roles, tenant['id'],
229 user['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]230
231 def test_list_user_roles_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]232 # Request to list user's roles without a valid token should fail
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]233 (user, tenant, role) = self._get_role_params()
234 token = self.client.get_auth()
235 self.client.delete_token(token)
Jaroslav Henner501cacd2012-08-16 10:32:38 +0200[diff] [blame]236 try:
237 self.assertRaises(exceptions.Unauthorized,
238 self.client.list_user_roles, tenant['id'],
239 user['id'])
240 finally:
241 self.client.clear_auth()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]242
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]243 def test_list_user_roles_for_non_existent_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]244 # Attempt to list roles of a non existent user should fail
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]245 (user, tenant, role) = self._get_role_params()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]246 self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]247 tenant['id'], 'junk-role-aabbcc11')
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]248
249
Attila Fazekas0d0c6162013-02-24 09:14:23 +0100[diff] [blame]250class RolesTestXML(RolesTestJSON):
251 _interface = 'xml'