blob: fe20349a029da88f96f6781b62f7a52bb71d9bee [file] [log] [blame]
Maho Koshiya962e7d72015-11-27 20:31:17 +09001# Licensed under the Apache License, Version 2.0 (the "License"); you may
2# not use this file except in compliance with the License. You may obtain
3# a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10# License for the specific language governing permissions and limitations
11# under the License.
12
13from tempest.api.identity import base
14from tempest.common.utils import data_utils
15from tempest import config
16from tempest import test
17
18CONF = config.CONF
19
20
21class BaseInheritsV3Test(base.BaseIdentityV3AdminTest):
22
23 @classmethod
24 def skip_checks(cls):
25 super(BaseInheritsV3Test, cls).skip_checks()
26 if not test.is_extension_enabled('OS-INHERIT', 'identity'):
27 raise cls.skipException("Inherits aren't enabled")
28
29 @classmethod
30 def resource_setup(cls):
31 super(BaseInheritsV3Test, cls).resource_setup()
32 u_name = data_utils.rand_name('user-')
33 u_desc = '%s description' % u_name
34 u_email = '%s@testmail.tm' % u_name
35 u_password = data_utils.rand_name('pass-')
36 cls.domain = cls.domains_client.create_domain(
37 data_utils.rand_name('domain-'),
38 description=data_utils.rand_name('domain-desc-'))['domain']
39 cls.project = cls.projects_client.create_project(
40 data_utils.rand_name('project-'),
41 description=data_utils.rand_name('project-desc-'),
42 domain_id=cls.domain['id'])['project']
43 cls.group = cls.groups_client.create_group(
44 name=data_utils.rand_name('group-'), project_id=cls.project['id'],
45 domain_id=cls.domain['id'])['group']
46 cls.user = cls.users_client.create_user(
47 u_name, description=u_desc, password=u_password,
48 email=u_email, project_id=cls.project['id'],
49 domain_id=cls.domain['id'])['user']
50
51 @classmethod
52 def resource_cleanup(cls):
53 cls.groups_client.delete_group(cls.group['id'])
54 cls.users_client.delete_user(cls.user['id'])
55 cls.projects_client.delete_project(cls.project['id'])
56 cls.domains_client.update_domain(cls.domain['id'], enabled=False)
57 cls.domains_client.delete_domain(cls.domain['id'])
58 super(BaseInheritsV3Test, cls).resource_cleanup()
59
60 def _list_assertions(self, body, fetched_role_ids, role_id):
61 self.assertEqual(len(body), 1)
62 self.assertIn(role_id, fetched_role_ids)
63
64
65class InheritsV3TestJSON(BaseInheritsV3Test):
66
67 @test.idempotent_id('4e6f0366-97c8-423c-b2be-41eae6ac91c8')
68 def test_inherit_assign_list_check_revoke_roles_on_domains_user(self):
69 # Create role
70 src_role = self.roles_client.create_role(
71 name=data_utils.rand_name('Role'))['role']
72 self.addCleanup(self.roles_client.delete_role, src_role['id'])
73 # Assign role on domains user
74 self.roles_client.assign_inherited_role_on_domains_user(
75 self.domain['id'], self.user['id'], src_role['id'])
76 # list role on domains user
77 roles = self.roles_client.\
78 list_inherited_project_role_for_user_on_domain(
79 self.domain['id'], self.user['id'])['roles']
80
81 fetched_role_ids = [i['id'] for i in roles]
82 self._list_assertions(roles, fetched_role_ids,
83 src_role['id'])
84
85 # Check role on domains user
86 self.roles_client.check_user_inherited_project_role_on_domain(
87 self.domain['id'], self.user['id'], src_role['id'])
88 # Revoke role from domains user.
89 self.roles_client.revoke_inherited_role_from_user_on_domain(
90 self.domain['id'], self.user['id'], src_role['id'])
91
92 @test.idempotent_id('c7a8dda2-be50-4fb4-9a9c-e830771078b1')
93 def test_inherit_assign_list_check_revoke_roles_on_domains_group(self):
94 # Create role
95 src_role = self.roles_client.create_role(
96 name=data_utils.rand_name('Role'))['role']
97 self.addCleanup(self.roles_client.delete_role, src_role['id'])
98 # Assign role on domains group
99 self.roles_client.assign_inherited_role_on_domains_group(
100 self.domain['id'], self.group['id'], src_role['id'])
101 # List role on domains group
102 roles = self.roles_client.\
103 list_inherited_project_role_for_group_on_domain(
104 self.domain['id'], self.group['id'])['roles']
105
106 fetched_role_ids = [i['id'] for i in roles]
107 self._list_assertions(roles, fetched_role_ids,
108 src_role['id'])
109
110 # Check role on domains group
111 self.roles_client.check_group_inherited_project_role_on_domain(
112 self.domain['id'], self.group['id'], src_role['id'])
113 # Revoke role from domains group
114 self.roles_client.revoke_inherited_role_from_group_on_domain(
115 self.domain['id'], self.group['id'], src_role['id'])
116
117 @test.idempotent_id('18b70e45-7687-4b72-8277-b8f1a47d7591')
118 def test_inherit_assign_check_revoke_roles_on_projects_user(self):
119 # Create role
120 src_role = self.roles_client.create_role(
121 name=data_utils.rand_name('Role'))['role']
122 self.addCleanup(self.roles_client.delete_role, src_role['id'])
123 # Assign role on projects user
124 self.roles_client.assign_inherited_role_on_projects_user(
125 self.project['id'], self.user['id'], src_role['id'])
126 # Check role on projects user
127 self.roles_client.check_user_has_flag_on_inherited_to_project(
128 self.project['id'], self.user['id'], src_role['id'])
129 # Revoke role from projects user
130 self.roles_client.revoke_inherited_role_from_user_on_project(
131 self.project['id'], self.user['id'], src_role['id'])
132
133 @test.idempotent_id('26021436-d5a4-4256-943c-ded01e0d4b45')
134 def test_inherit_assign_check_revoke_roles_on_projects_group(self):
135 # Create role
136 src_role = self.roles_client.create_role(
137 name=data_utils.rand_name('Role'))['role']
138 self.addCleanup(self.roles_client.delete_role, src_role['id'])
139 # Assign role on projects group
140 self.roles_client.assign_inherited_role_on_projects_group(
141 self.project['id'], self.group['id'], src_role['id'])
142 # Check role on projects group
143 self.roles_client.check_group_has_flag_on_inherited_to_project(
144 self.project['id'], self.group['id'], src_role['id'])
145 # Revoke role from projects group
146 self.roles_client.revoke_inherited_role_from_group_on_project(
147 self.project['id'], self.group['id'], src_role['id'])