Blame - tempest/api/identity/admin/test_roles_negative.py - tempest

blob: 83d1d4ddc97b833a99ed39a39ab6fdf4b73fd848 [file] [log] [blame]

huangtianhua	35f1187	2013-10-11 11:34:43 +0800	[diff] [blame]	1	# vim: tabstop=4 shiftwidth=4 softtabstop=4
				2
				3	# Copyright 2013 Huawei Technologies Co.,LTD.
				4	# All Rights Reserved.
				5	#
				6	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				7	# not use this file except in compliance with the License. You may obtain
				8	# a copy of the License at
				9	#
				10	# http://www.apache.org/licenses/LICENSE-2.0
				11	#
				12	# Unless required by applicable law or agreed to in writing, software
				13	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				14	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				15	# License for the specific language governing permissions and limitations
				16	# under the License.
				17
				18	import uuid
				19
				20	from tempest.api.identity import base
				21	from tempest.common.utils import data_utils
				22	from tempest import exceptions
				23	from tempest.test import attr
				24
				25
				26	class RolesNegativeTestJSON(base.BaseIdentityAdminTest):
				27	_interface = 'json'
				28
				29	def _get_role_params(self):
				30	self.data.setup_test_user()
				31	self.data.setup_test_role()
				32	user = self.get_user_by_name(self.data.test_user)
				33	tenant = self.get_tenant_by_name(self.data.test_tenant)
				34	role = self.get_role_by_name(self.data.test_role)
				35	return (user, tenant, role)
				36
				37	@attr(type=['negative', 'gate'])
				38	def test_list_roles_by_unauthorized_user(self):
				39	# Non-administrator user should not be able to list roles
				40	self.assertRaises(exceptions.Unauthorized,
				41	self.non_admin_client.list_roles)
				42
				43	@attr(type=['negative', 'gate'])
				44	def test_list_roles_request_without_token(self):
				45	# Request to list roles without a valid token should fail
				46	token = self.client.get_auth()
				47	self.client.delete_token(token)
				48	self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
				49	self.client.clear_auth()
				50
				51	@attr(type=['negative', 'gate'])
				52	def test_role_create_blank_name(self):
				53	# Should not be able to create a role with a blank name
				54	self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
				55
				56	@attr(type=['negative', 'gate'])
				57	def test_create_role_by_unauthorized_user(self):
				58	# Non-administrator user should not be able to create role
				59	role_name = data_utils.rand_name(name='role-')
				60	self.assertRaises(exceptions.Unauthorized,
				61	self.non_admin_client.create_role, role_name)
				62
				63	@attr(type=['negative', 'gate'])
				64	def test_create_role_request_without_token(self):
				65	# Request to create role without a valid token should fail
				66	token = self.client.get_auth()
				67	self.client.delete_token(token)
				68	role_name = data_utils.rand_name(name='role-')
				69	self.assertRaises(exceptions.Unauthorized,
				70	self.client.create_role, role_name)
				71	self.client.clear_auth()
				72
				73	@attr(type=['negative', 'gate'])
				74	def test_role_create_duplicate(self):
				75	# Role names should be unique
				76	role_name = data_utils.rand_name(name='role-dup-')
				77	resp, body = self.client.create_role(role_name)
				78	role1_id = body.get('id')
				79	self.assertIn('status', resp)
				80	self.assertTrue(resp['status'].startswith('2'))
				81	self.addCleanup(self.client.delete_role, role1_id)
				82	self.assertRaises(exceptions.Conflict, self.client.create_role,
				83	role_name)
				84
				85	@attr(type=['negative', 'gate'])
				86	def test_delete_role_by_unauthorized_user(self):
				87	# Non-administrator user should not be able to delete role
				88	role_name = data_utils.rand_name(name='role-')
				89	resp, body = self.client.create_role(role_name)
				90	self.assertEqual(200, resp.status)
				91	self.data.roles.append(body)
				92	role_id = body.get('id')
				93	self.assertRaises(exceptions.Unauthorized,
				94	self.non_admin_client.delete_role, role_id)
				95
				96	@attr(type=['negative', 'gate'])
				97	def test_delete_role_request_without_token(self):
				98	# Request to delete role without a valid token should fail
				99	role_name = data_utils.rand_name(name='role-')
				100	resp, body = self.client.create_role(role_name)
				101	self.assertEqual(200, resp.status)
				102	self.data.roles.append(body)
				103	role_id = body.get('id')
				104	token = self.client.get_auth()
				105	self.client.delete_token(token)
				106	self.assertRaises(exceptions.Unauthorized,
				107	self.client.delete_role,
				108	role_id)
				109	self.client.clear_auth()
				110
				111	@attr(type=['negative', 'gate'])
				112	def test_delete_role_non_existent(self):
				113	# Attempt to delete a non existent role should fail
				114	non_existent_role = str(uuid.uuid4().hex)
				115	self.assertRaises(exceptions.NotFound, self.client.delete_role,
				116	non_existent_role)
				117
				118	@attr(type=['negative', 'gate'])
				119	def test_assign_user_role_by_unauthorized_user(self):
				120	# Non-administrator user should not be authorized to
				121	# assign a role to user
				122	(user, tenant, role) = self._get_role_params()
				123	self.assertRaises(exceptions.Unauthorized,
				124	self.non_admin_client.assign_user_role,
				125	tenant['id'], user['id'], role['id'])
				126
				127	@attr(type=['negative', 'gate'])
				128	def test_assign_user_role_request_without_token(self):
				129	# Request to assign a role to a user without a valid token
				130	(user, tenant, role) = self._get_role_params()
				131	token = self.client.get_auth()
				132	self.client.delete_token(token)
				133	self.assertRaises(exceptions.Unauthorized,
				134	self.client.assign_user_role, tenant['id'],
				135	user['id'], role['id'])
				136	self.client.clear_auth()
				137
				138	@attr(type=['negative', 'gate'])
				139	def test_assign_user_role_for_non_existent_user(self):
				140	# Attempt to assign a role to a non existent user should fail
				141	(user, tenant, role) = self._get_role_params()
				142	non_existent_user = str(uuid.uuid4().hex)
				143	self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
				144	tenant['id'], non_existent_user, role['id'])
				145
				146	@attr(type=['negative', 'gate'])
				147	def test_assign_user_role_for_non_existent_role(self):
				148	# Attempt to assign a non existent role to user should fail
				149	(user, tenant, role) = self._get_role_params()
				150	non_existent_role = str(uuid.uuid4().hex)
				151	self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
				152	tenant['id'], user['id'], non_existent_role)
				153
				154	@attr(type=['negative', 'gate'])
				155	def test_assign_user_role_for_non_existent_tenant(self):
				156	# Attempt to assign a role on a non existent tenant should fail
				157	(user, tenant, role) = self._get_role_params()
				158	non_existent_tenant = str(uuid.uuid4().hex)
				159	self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
				160	non_existent_tenant, user['id'], role['id'])
				161
				162	@attr(type=['negative', 'gate'])
				163	def test_assign_duplicate_user_role(self):
				164	# Duplicate user role should not get assigned
				165	(user, tenant, role) = self._get_role_params()
				166	self.client.assign_user_role(tenant['id'], user['id'], role['id'])
				167	self.assertRaises(exceptions.Conflict, self.client.assign_user_role,
				168	tenant['id'], user['id'], role['id'])
				169
				170	@attr(type=['negative', 'gate'])
				171	def test_remove_user_role_by_unauthorized_user(self):
				172	# Non-administrator user should not be authorized to
				173	# remove a user's role
				174	(user, tenant, role) = self._get_role_params()
				175	resp, user_role = self.client.assign_user_role(tenant['id'],
				176	user['id'],
				177	role['id'])
				178	self.assertRaises(exceptions.Unauthorized,
				179	self.non_admin_client.remove_user_role,
				180	tenant['id'], user['id'], role['id'])
				181
				182	@attr(type=['negative', 'gate'])
				183	def test_remove_user_role_request_without_token(self):
				184	# Request to remove a user's role without a valid token
				185	(user, tenant, role) = self._get_role_params()
				186	resp, user_role = self.client.assign_user_role(tenant['id'],
				187	user['id'],
				188	role['id'])
				189	token = self.client.get_auth()
				190	self.client.delete_token(token)
				191	self.assertRaises(exceptions.Unauthorized,
				192	self.client.remove_user_role, tenant['id'],
				193	user['id'], role['id'])
				194	self.client.clear_auth()
				195
				196	@attr(type=['negative', 'gate'])
				197	def test_remove_user_role_non_existant_user(self):
				198	# Attempt to remove a role from a non existent user should fail
				199	(user, tenant, role) = self._get_role_params()
				200	resp, user_role = self.client.assign_user_role(tenant['id'],
				201	user['id'],
				202	role['id'])
				203	non_existant_user = str(uuid.uuid4().hex)
				204	self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
				205	tenant['id'], non_existant_user, role['id'])
				206
				207	@attr(type=['negative', 'gate'])
				208	def test_remove_user_role_non_existant_role(self):
				209	# Attempt to delete a non existent role from a user should fail
				210	(user, tenant, role) = self._get_role_params()
				211	resp, user_role = self.client.assign_user_role(tenant['id'],
				212	user['id'],
				213	role['id'])
				214	non_existant_role = str(uuid.uuid4().hex)
				215	self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
				216	tenant['id'], user['id'], non_existant_role)
				217
				218	@attr(type=['negative', 'gate'])
				219	def test_remove_user_role_non_existant_tenant(self):
				220	# Attempt to remove a role from a non existent tenant should fail
				221	(user, tenant, role) = self._get_role_params()
				222	resp, user_role = self.client.assign_user_role(tenant['id'],
				223	user['id'],
				224	role['id'])
				225	non_existant_tenant = str(uuid.uuid4().hex)
				226	self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
				227	non_existant_tenant, user['id'], role['id'])
				228
				229	@attr(type=['negative', 'gate'])
				230	def test_list_user_roles_by_unauthorized_user(self):
				231	# Non-administrator user should not be authorized to list
				232	# a user's roles
				233	(user, tenant, role) = self._get_role_params()
				234	self.client.assign_user_role(tenant['id'], user['id'], role['id'])
				235	self.assertRaises(exceptions.Unauthorized,
				236	self.non_admin_client.list_user_roles, tenant['id'],
				237	user['id'])
				238
				239	@attr(type=['negative', 'gate'])
				240	def test_list_user_roles_request_without_token(self):
				241	# Request to list user's roles without a valid token should fail
				242	(user, tenant, role) = self._get_role_params()
				243	token = self.client.get_auth()
				244	self.client.delete_token(token)
				245	try:
				246	self.assertRaises(exceptions.Unauthorized,
				247	self.client.list_user_roles, tenant['id'],
				248	user['id'])
				249	finally:
				250	self.client.clear_auth()
				251
				252	@attr(type=['negative', 'gate'])
				253	def test_list_user_roles_for_non_existent_user(self):
				254	# Attempt to list roles of a non existent user should fail
				255	(user, tenant, role) = self._get_role_params()
				256	non_existent_user = str(uuid.uuid4().hex)
				257	self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
				258	tenant['id'], non_existent_user)
				259
				260
				261	class RolesTestXML(RolesNegativeTestJSON):
				262	_interface = 'xml'