def test_user_cannot_update_mappings(self):
mapping = unit.new_mapping_ref()
mapping = PROVIDERS.federation_api.create_mapping(
mapping['id'], mapping)
update = {
'mapping': {
'rules': [{
'local': [{
'user': {
'name': '{0}'
}
}],
'remote': [{
'type': 'UserName'
}],
}]
}
}
with self.test_client() as c:
c.patch('/v3/OS-FEDERATION/mappings/%s' % mapping['id'],
json=update,
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def test_user_can_get_a_mapping(self):
mapping = unit.new_mapping_ref()
mapping = PROVIDERS.federation_api.create_mapping(
mapping['id'], mapping)
with self.test_client() as c:
c.get('/v3/OS-FEDERATION/mappings/%s' % mapping['id'],
headers=self.headers)
def test_user_can_list_mappings(self):
mapping = unit.new_mapping_ref()
mapping = PROVIDERS.federation_api.create_mapping(
mapping['id'], mapping)
with self.test_client() as c:
r = c.get('/v3/OS-FEDERATION/mappings', headers=self.headers)
self.assertEqual(1, len(r.json['mappings']))
self.assertEqual(mapping['id'], r.json['mappings'][0]['id'])
def test_user_cannot_delete_mappings(self):
mapping = unit.new_mapping_ref()
mapping = PROVIDERS.federation_api.create_mapping(
mapping['id'], mapping)
with self.test_client() as c:
c.delete('/v3/OS-FEDERATION/mappings/%s' % mapping['id'],
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def _create_protocol_and_deps(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref())
protocol = unit.new_protocol_ref(mapping_id=mapping['id'])
protocol = PROVIDERS.federation_api.create_protocol(
identity_provider['id'], protocol['id'], protocol)
return (protocol, mapping, identity_provider)
def test_user_can_update_protocols(self):
protocol, mapping, identity_provider = self._create_protocol_and_deps()
new_mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref())
update = {'protocol': {'mapping_id': new_mapping['id']}}
with self.test_client() as c:
path = ('/v3/OS-FEDERATION/identity_providers/%s/protocols/%s' %
(identity_provider['id'], protocol['id']))
c.patch(path, json=update, headers=self.headers)
def test_user_can_update_protocols(self):
protocol, mapping, identity_provider = self._create_protocol_and_deps()
new_mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref()
)
update = {'protocol': {'mapping_id': new_mapping['id']}}
with self.test_client() as c:
path = (
'/v3/OS-FEDERATION/identity_providers/%s/protocols/%s' %
(identity_provider['id'], protocol['id'])
)
c.patch(path, json=update, headers=self.headers)
def _create_protocol_and_deps(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider
)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref()
)
protocol = unit.new_protocol_ref(mapping_id=mapping['id'])
protocol = PROVIDERS.federation_api.create_protocol(
identity_provider['id'], protocol['id'], protocol
)
return (protocol, mapping, identity_provider)
def test_user_cannot_create_protocols(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref())
protocol_id = 'saml2'
create = {'protocol': {'mapping_id': mapping['id']}}
with self.test_client() as c:
path = ('/v3/OS-FEDERATION/identity_providers/%s/protocols/%s' %
(identity_provider['id'], protocol_id))
c.put(path,
json=create,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_create_protocols(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider
)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref()
)
protocol_id = 'saml2'
create = {'protocol': {'mapping_id': mapping['id']}}
with self.test_client() as c:
path = (
'/v3/OS-FEDERATION/identity_providers/%s/protocols/%s' %
(identity_provider['id'], protocol_id)
)
c.put(
path, json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
