Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 28e35c56ba98c8b45c983d99619aab064bfba62f / . / tempest / tests / identity / admin / test_roles.py
blob: dec7d48ad3cb2e0ca269c9d098c16021f31eac6c [file] [log] [blame]
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Copyright 2012 OpenStack, LLC
4# All Rights Reserved.
5#
6# Licensed under the Apache License, Version 2.0 (the "License"); you may
7# not use this file except in compliance with the License. You may obtain
8# a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15# License for the specific language governing permissions and limitations
16# under the License.
17
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]18import unittest2 as unittest
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]19
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]20from tempest import exceptions
21from tempest.common.utils.data_utils import rand_name
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]22from tempest.tests.identity.base import BaseIdentityAdminTest
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]23
24
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]25class RolesTest(BaseIdentityAdminTest):
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]26
27 @classmethod
28 def setUpClass(cls):
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]29 super(RolesTest, cls).setUpClass()
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]30
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]31 for _ in xrange(5):
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]32 resp, role = cls.client.create_role(rand_name('role-'))
33 cls.data.roles.append(role)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]34
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]35 def _get_role_params(self):
36 self.data.setup_test_user()
37 self.data.setup_test_role()
38 user = self.get_user_by_name(self.data.test_user)
39 tenant = self.get_tenant_by_name(self.data.test_tenant)
40 role = self.get_role_by_name(self.data.test_role)
41 return (user, tenant, role)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]42
43 def test_list_roles(self):
44 """Return a list of all roles"""
45 resp, body = self.client.list_roles()
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]46 found = [role for role in body if role in self.data.roles]
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]47 self.assertTrue(any(found))
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]48 self.assertEqual(len(found), len(self.data.roles))
49
50 def test_list_roles_by_unauthorized_user(self):
51 """Non admin user should not be able to list roles"""
52 self.assertRaises(exceptions.Unauthorized,
53 self.non_admin_client.list_roles)
54
55 def test_list_roles_request_without_token(self):
56 """Request to list roles without a valid token should fail"""
57 token = self.client.get_auth()
58 self.client.delete_token(token)
59 self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
60 self.client.clear_auth()
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]61
62 def test_role_create_delete(self):
63 """Role should be created, verified, and deleted"""
64 role_name = rand_name('role-test-')
65 resp, body = self.client.create_role(role_name)
66 self.assertTrue('status' in resp)
67 self.assertTrue(resp['status'].startswith('2'))
68 self.assertEqual(role_name, body['name'])
69
70 resp, body = self.client.list_roles()
71 found = [role for role in body if role['name'] == role_name]
72 self.assertTrue(any(found))
73
74 resp, body = self.client.delete_role(found[0]['id'])
75 self.assertTrue('status' in resp)
76 self.assertTrue(resp['status'].startswith('2'))
77
78 resp, body = self.client.list_roles()
79 found = [role for role in body if role['name'] == role_name]
80 self.assertFalse(any(found))
81
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]82 def test_role_create_blank_name(self):
83 """Should not be able to create a role with a blank name"""
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame^]84 self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]85
86 def test_role_create_duplicate(self):
87 """Role names should be unique"""
88 role_name = rand_name('role-dup-')
89 resp, body = self.client.create_role(role_name)
90 role1_id = body.get('id')
91 self.assertTrue('status' in resp)
92 self.assertTrue(resp['status'].startswith('2'))
93
94 try:
95 resp, body = self.client.create_role(role_name)
96 # this should raise an exception
97 self.fail('Should not be able to create a duplicate role name.'
98 ' %s' % role_name)
99 except exceptions.Duplicate:
100 pass
101 self.client.delete_role(role1_id)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]102
103
104class UserRolesTest(RolesTest):
105
106 @classmethod
107 def setUpClass(cls):
108 super(UserRolesTest, cls).setUpClass()
109
110 def test_assign_user_role(self):
111 """Assign a role to a user on a tenant"""
112 (user, tenant, role) = self._get_role_params()
113 self.client.assign_user_role(user['id'], role['id'], tenant['id'])
114 resp, roles = self.client.list_user_roles(user['id'])
115 self.assertEquals(tenant['id'], roles[0]['tenantId'])
116
117 def test_assign_user_role_by_unauthorized_user(self):
118 """Non admin user should not be authorized to assign a role to user"""
119 (user, tenant, role) = self._get_role_params()
120 self.assertRaises(exceptions.Unauthorized,
121 self.non_admin_client.assign_user_role,
122 user['id'], role['id'], tenant['id'])
123
124 def test_assign_user_role_request_without_token(self):
125 """Request to assign a role to a user without a valid token"""
126 (user, tenant, role) = self._get_role_params()
127 token = self.client.get_auth()
128 self.client.delete_token(token)
129 self.assertRaises(exceptions.Unauthorized,
130 self.client.assign_user_role, user['id'], role['id'],
131 tenant['id'])
132 self.client.clear_auth()
133
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]134 def test_assign_user_role_for_non_existent_user(self):
135 """Attempt to assign a role to a non existent user should fail"""
136 (user, tenant, role) = self._get_role_params()
137 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
138 'junk-user-id-999', role['id'], tenant['id'])
139
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]140 def test_assign_user_role_for_non_existent_role(self):
141 """Attempt to assign a non existent role to user should fail"""
142 (user, tenant, role) = self._get_role_params()
143 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
144 user['id'], 'junk-role-id-12345', tenant['id'])
145
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]146 def test_assign_user_role_for_non_existent_tenant(self):
147 """Attempt to assign a role on a non existent tenant should fail"""
148 (user, tenant, role) = self._get_role_params()
149 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
150 user['id'], role['id'], 'junk-tenant-1234')
151
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]152 def test_assign_duplicate_user_role(self):
153 """Duplicate user role should not get assigned"""
154 (user, tenant, role) = self._get_role_params()
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame^]155 self.client.assign_user_role(user['id'], role['id'], tenant['id'])
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]156 self.assertRaises(exceptions.Duplicate, self.client.assign_user_role,
157 user['id'], role['id'], tenant['id'])
158
159 @unittest.skip("Until Bug 999219 is fixed")
160 def test_remove_user_role(self):
161 """Remove a role assigned to a user on a tenant"""
162 (user, tenant, role) = self._get_role_params()
163 resp, user_role = self.client.assign_user_role(user['id'], role['id'],
164 tenant['id'])
165 resp, body = self.client.remove_user_role(user['id'], user_role['id'])
166 self.assertEquals(resp['status'], '204')
167
168 def test_remove_user_role_by_unauthorized_user(self):
169 """Non admin user should not be authorized to remove a user's role"""
170 (user, tenant, role) = self._get_role_params()
171 resp, user_role = self.client.assign_user_role(user['id'], role['id'],
172 tenant['id'])
173 self.assertRaises(exceptions.Unauthorized,
174 self.non_admin_client.remove_user_role,
175 user['id'], role['id'])
176
177 def test_remove_user_role_request_without_token(self):
178 """Request to remove a user's role without a valid token"""
179 (user, tenant, role) = self._get_role_params()
180 resp, user_role = self.client.assign_user_role(user['id'], role['id'],
181 tenant['id'])
182 token = self.client.get_auth()
183 self.client.delete_token(token)
184 self.assertRaises(exceptions.Unauthorized,
185 self.client.remove_user_role, user['id'], role['id'])
186 self.client.clear_auth()
187
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame^]188 @unittest.skip("Until Bug 1022990 is fixed")
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]189 def test_remove_user_role_non_existant_user(self):
190 """Attempt to remove a role from a non existent user should fail"""
191 (user, tenant, role) = self._get_role_params()
192 resp, user_role = self.client.assign_user_role(user['id'], role['id'],
193 tenant['id'])
194 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
195 'junk-user-id-123', role['id'])
196
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame^]197 @unittest.skip("Until Bug 1022990 is fixed")
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]198 def test_remove_user_role_non_existant_role(self):
199 """Attempt to delete a non existent role from a user should fail"""
200 (user, tenant, role) = self._get_role_params()
201 resp, user_role = self.client.assign_user_role(user['id'], role['id'],
202 tenant['id'])
203 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
204 user['id'], 'junk-user-role-123')
205
206 def test_list_user_roles(self):
207 """List roles assigned to a user on tenant"""
208 (user, tenant, role) = self._get_role_params()
209 self.client.assign_user_role(user['id'], role['id'], tenant['id'])
210 resp, roles = self.client.list_user_roles(user['id'])
211 self.assertEquals(tenant['id'], roles[0]['tenantId'])
212
213 def test_list_user_roles_by_unauthorized_user(self):
214 """Non admin user should not be authorized to list a user's roles"""
215 (user, tenant, role) = self._get_role_params()
216 self.client.assign_user_role(user['id'], role['id'], tenant['id'])
217 self.assertRaises(exceptions.Unauthorized,
218 self.non_admin_client.list_user_roles, user['id'])
219
220 def test_list_user_roles_request_without_token(self):
221 """Request to list user's roles without a valid token should fail"""
222 (user, tenant, role) = self._get_role_params()
223 token = self.client.get_auth()
224 self.client.delete_token(token)
225 self.assertRaises(exceptions.Unauthorized,
226 self.client.list_user_roles, user['id'])
227 self.client.clear_auth()
228
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]229 def test_list_user_roles_for_non_existent_user(self):
230 """Attempt to list roles of a non existent user should fail"""
231 self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
232 'junk-role-aabbcc11')