def test_update(self):
ref = unit.new_policy_ref()
self.policy_api.create_policy(ref['id'], ref)
orig = ref
ref = unit.new_policy_ref()
# (cannot change policy ID)
self.assertRaises(exception.ValidationError,
self.policy_api.update_policy, orig['id'], ref)
ref['id'] = orig['id']
res = self.policy_api.update_policy(orig['id'], ref)
self.assertDictEqual(ref, res)
def setUp(self):
super(PolicyTestCase, self).setUp()
self.policy = unit.new_policy_ref()
self.policy_id = self.policy['id']
PROVIDERS.policy_api.create_policy(
self.policy_id,
self.policy.copy())
def setUp(self):
"""Setup for Identity Limit Test Cases."""
super(IdentityTestListLimitCase, self).setUp()
# Create 10 entries for each of the entities we are going to test
self.ENTITY_TYPES = ['user', 'group', 'project']
self.entity_lists = {}
for entity in self.ENTITY_TYPES:
self.entity_lists[entity] = self._create_test_data(entity, 10)
# Make sure we clean up when finished
self.addCleanup(self.clean_up_entity, entity)
self.service_list = []
self.addCleanup(self.clean_up_service)
for _ in range(10):
new_entity = unit.new_service_ref()
service = self.catalog_api.create_service(new_entity['id'],
new_entity)
self.service_list.append(service)
self.policy_list = []
self.addCleanup(self.clean_up_policy)
for _ in range(10):
new_entity = unit.new_policy_ref()
policy = self.policy_api.create_policy(new_entity['id'],
new_entity)
self.policy_list.append(policy)
def test_update(self):
ref = unit.new_policy_ref()
self.policy_api.create_policy(ref['id'], ref)
orig = ref
ref = unit.new_policy_ref()
# (cannot change policy ID)
self.assertRaises(exception.ValidationError,
self.policy_api.update_policy,
orig['id'],
ref)
ref['id'] = orig['id']
res = self.policy_api.update_policy(orig['id'], ref)
self.assertDictEqual(ref, res)
def setUp(self):
super(PolicyTestCase, self).setUp()
self.policy = unit.new_policy_ref()
self.policy_id = self.policy['id']
self.policy_api.create_policy(
self.policy_id,
self.policy.copy())
def setUp(self):
"""Setup for Identity Limit Test Cases."""
super(IdentityTestListLimitCase, self).setUp()
# Create 10 entries for each of the entities we are going to test
self.ENTITY_TYPES = ['user', 'group', 'project']
self.entity_lists = {}
for entity in self.ENTITY_TYPES:
self.entity_lists[entity] = self._create_test_data(entity, 10)
# Make sure we clean up when finished
self.addCleanup(self.clean_up_entity, entity)
self.service_list = []
self.addCleanup(self.clean_up_service)
for _ in range(10):
new_entity = unit.new_service_ref()
service = self.catalog_api.create_service(new_entity['id'],
new_entity)
self.service_list.append(service)
self.policy_list = []
self.addCleanup(self.clean_up_policy)
for _ in range(10):
new_entity = unit.new_policy_ref()
policy = self.policy_api.create_policy(new_entity['id'],
new_entity)
self.policy_list.append(policy)
def test_list(self):
ref = unit.new_policy_ref()
self.policy_api.create_policy(ref['id'], ref)
res = self.policy_api.list_policies()
res = [x for x in res if x['id'] == ref['id']][0]
self.assertDictEqual(ref, res)
def test_list(self):
ref = unit.new_policy_ref()
self.policy_api.create_policy(ref['id'], ref)
res = self.policy_api.list_policies()
res = [x for x in res if x['id'] == ref['id']][0]
self.assertDictEqual(ref, res)
def test_user_cannot_list_policies(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
with self.test_client() as c:
c.get('/v3/policies',
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_can_create_policy_association_for_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
with self.test_client() as c:
c.put('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' %
(policy['id'], service['id']),
headers=self.headers,
expected_status_code=http_client.NO_CONTENT)
def test_policy_duplicate_conflict_gives_name(self):
policy_ref = unit.new_policy_ref()
self.policy_api.create_policy(policy_ref['id'], policy_ref)
try:
self.policy_api.create_policy(policy_ref['id'], policy_ref)
except exception.Conflict as e:
self.assertIn("Duplicate entry found with name %s"
% policy_ref['name'], repr(e))
else:
self.fail("Create duplicate policy did not raise a conflict")
def test_user_can_update_policy(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
update = {'policy': {'name': uuid.uuid4().hex}}
with self.test_client() as c:
c.patch('/v3/policies/%s' % policy['id'],
json=update,
headers=self.headers)
def test_user_cannot_update_policy(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
update = {'policy': {'name': uuid.uuid4().hex}}
with self.test_client() as c:
c.patch('/v3/policies/%s' % policy['id'],
json=update,
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def test_delete(self):
ref = unit.new_policy_ref()
self.policy_api.create_policy(ref['id'], ref)
self.policy_api.delete_policy(ref['id'])
self.assertRaises(exception.PolicyNotFound,
self.policy_api.delete_policy, ref['id'])
self.assertRaises(exception.PolicyNotFound, self.policy_api.get_policy,
ref['id'])
res = self.policy_api.list_policies()
self.assertFalse(len([x for x in res if x['id'] == ref['id']]))
def test_user_can_list_policies(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
with self.test_client() as c:
r = c.get('/v3/policies', headers=self.headers)
policies = []
for policy in r.json['policies']:
policies.append(policy['id'])
self.assertIn(policy['id'], policies)
def test_policy_duplicate_conflict_gives_name(self):
policy_ref = unit.new_policy_ref()
PROVIDERS.policy_api.create_policy(policy_ref['id'], policy_ref)
try:
PROVIDERS.policy_api.create_policy(policy_ref['id'], policy_ref)
except exception.Conflict as e:
self.assertIn(
"Duplicate entry found with name %s" % policy_ref['name'],
repr(e))
else:
self.fail("Create duplicate policy did not raise a conflict")
def setUp(self):
super(EndpointPolicyTestCase, self).setUp()
self.policy = unit.new_policy_ref()
self.policy_api.create_policy(self.policy['id'], self.policy)
self.service = unit.new_service_ref()
self.catalog_api.create_service(self.service['id'], self.service)
self.endpoint = unit.new_endpoint_ref(self.service['id'], enabled=True,
interface='public',
region_id=self.region_id)
self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint)
self.region = unit.new_region_ref()
self.catalog_api.create_region(self.region)
def setUp(self):
super(EndpointPolicyTestCase, self).setUp()
self.policy = unit.new_policy_ref()
self.policy_api.create_policy(self.policy['id'], self.policy)
self.service = unit.new_service_ref()
self.catalog_api.create_service(self.service['id'], self.service)
self.endpoint = unit.new_endpoint_ref(self.service['id'], enabled=True,
interface='public',
region_id=self.region_id)
self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint)
self.region = unit.new_region_ref()
self.catalog_api.create_region(self.region)
def test_user_cannot_delete_policy_assoc_for_region_and_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
region = PROVIDERS.catalog_api.create_region(unit.new_region_ref())
with self.test_client() as c:
c.delete(
'/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' %
(policy['id'], service['id'], region['id']),
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_delete(self):
ref = unit.new_policy_ref()
self.policy_api.create_policy(ref['id'], ref)
self.policy_api.delete_policy(ref['id'])
self.assertRaises(exception.PolicyNotFound,
self.policy_api.delete_policy,
ref['id'])
self.assertRaises(exception.PolicyNotFound,
self.policy_api.get_policy,
ref['id'])
res = self.policy_api.list_policies()
self.assertFalse(len([x for x in res if x['id'] == ref['id']]))
def load_sample_data(self):
"""Create sample data to test policy associations.
The following data is created:
- 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
- 3 services
- 6 endpoints, 2 in each region, with a mixture of services:
0 - region 0, Service 0
1 - region 0, Service 1
2 - region 1, Service 1
3 - region 1, Service 2
4 - region 2, Service 2
5 - region 2, Service 0
"""
def new_endpoint(region_id, service_id):
endpoint = unit.new_endpoint_ref(interface='test',
region_id=region_id,
service_id=service_id,
url='/url')
self.endpoint.append(PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint))
self.policy = []
self.endpoint = []
self.service = []
self.region = []
parent_region_id = None
for i in range(3):
policy = unit.new_policy_ref()
self.policy.append(
PROVIDERS.policy_api.create_policy(policy['id'], policy)
)
service = unit.new_service_ref()
self.service.append(
PROVIDERS.catalog_api.create_service(service['id'], service)
)
region = unit.new_region_ref(parent_region_id=parent_region_id)
# Link the regions together as a hierarchy, [0] at the top
parent_region_id = region['id']
self.region.append(PROVIDERS.catalog_api.create_region(region))
new_endpoint(self.region[0]['id'], self.service[0]['id'])
new_endpoint(self.region[0]['id'], self.service[1]['id'])
new_endpoint(self.region[1]['id'], self.service[1]['id'])
new_endpoint(self.region[1]['id'], self.service[2]['id'])
new_endpoint(self.region[2]['id'], self.service[2]['id'])
new_endpoint(self.region[2]['id'], self.service[0]['id'])
def test_user_can_get_policy_for_endpoint(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
PROVIDERS.endpoint_policy_api.create_policy_association(
policy['id'], endpoint['id'])
with self.test_client() as c:
c.get('/v3/endpoints/%s/OS-ENDPOINT-POLICY/policy' %
(endpoint['id']),
headers=self.headers)
def load_sample_data(self):
"""Create sample data to test policy associations.
The following data is created:
- 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
- 3 services
- 6 endpoints, 2 in each region, with a mixture of services:
0 - region 0, Service 0
1 - region 0, Service 1
2 - region 1, Service 1
3 - region 1, Service 2
4 - region 2, Service 2
5 - region 2, Service 0
"""
def new_endpoint(region_id, service_id):
endpoint = unit.new_endpoint_ref(interface='test',
region_id=region_id,
service_id=service_id,
url='/url')
self.endpoint.append(
PROVIDERS.catalog_api.create_endpoint(endpoint['id'],
endpoint))
self.policy = []
self.endpoint = []
self.service = []
self.region = []
parent_region_id = None
for i in range(3):
policy = unit.new_policy_ref()
self.policy.append(
PROVIDERS.policy_api.create_policy(policy['id'], policy))
service = unit.new_service_ref()
self.service.append(
PROVIDERS.catalog_api.create_service(service['id'], service))
region = unit.new_region_ref(parent_region_id=parent_region_id)
# Link the regions together as a hierarchy, [0] at the top
parent_region_id = region['id']
self.region.append(PROVIDERS.catalog_api.create_region(region))
new_endpoint(self.region[0]['id'], self.service[0]['id'])
new_endpoint(self.region[0]['id'], self.service[1]['id'])
new_endpoint(self.region[1]['id'], self.service[1]['id'])
new_endpoint(self.region[1]['id'], self.service[2]['id'])
new_endpoint(self.region[2]['id'], self.service[2]['id'])
new_endpoint(self.region[2]['id'], self.service[0]['id'])
def test_user_can_delete_policy_association_for_endpoint(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
with self.test_client() as c:
c.delete('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' %
(policy['id'], endpoint['id']),
headers=self.headers,
expected_status_code=http_client.NO_CONTENT)
def test_user_list_endpoints_for_policy(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
PROVIDERS.endpoint_policy_api.create_policy_association(
policy['id'], endpoint['id'])
with self.test_client() as c:
r = c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints' %
(policy['id']),
headers=self.headers)
for endpoint_itr in r.json['endpoints']:
self.assertIn(endpoint['id'], endpoint_itr['id'])
def test_user_cannot_check_policy_association_for_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref()
)
PROVIDERS.endpoint_policy_api.create_policy_association(
policy['id'], service_id=service['id'])
with self.test_client() as c:
c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s'
% (policy['id'], service['id']),
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def test_create(self):
ref = unit.new_policy_ref()
res = PROVIDERS.policy_api.create_policy(ref['id'], ref)
self.assertDictEqual(ref, res)
def test_update_policy_returns_not_found(self):
ref = unit.new_policy_ref()
self.assertRaises(exception.PolicyNotFound,
self.policy_api.update_policy,
ref['id'],
ref)
def test_delete_policy(self):
policy_ref = unit.new_policy_ref()
self.policy_api.create_policy(policy_ref["id"], policy_ref)
self.policy_api.delete_policy(policy_ref["id"])
self._assert_notify_sent(policy_ref["id"], DELETED_OPERATION, "policy")
self._assert_last_audit(policy_ref["id"], DELETED_OPERATION, "policy", cadftaxonomy.SECURITY_POLICY)
def test_update_policy_returns_not_found(self):
ref = unit.new_policy_ref()
self.assertRaises(exception.PolicyNotFound,
self.policy_api.update_policy, ref['id'], ref)
def test_create(self):
ref = unit.new_policy_ref()
res = PROVIDERS.policy_api.create_policy(ref['id'], ref)
self.assertDictEqual(ref, res)
def test_get(self):
ref = unit.new_policy_ref()
res = self.policy_api.create_policy(ref['id'], ref)
res = self.policy_api.get_policy(ref['id'])
self.assertDictEqual(ref, res)
def test_user_can_get_policy(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
with self.test_client() as c:
c.get('/v3/policies/%s' % policy['id'], headers=self.headers)
def test_create_policy(self):
"""Call ``POST /policies``."""
ref = unit.new_policy_ref()
r = self.post('/policies', body={'policy': ref})
return self.assertValidPolicyResponse(r, ref)
def test_create_policy(self):
"""Call ``POST /policies``."""
ref = unit.new_policy_ref()
r = self.post('/policies', body={'policy': ref})
return self.assertValidPolicyResponse(r, ref)
def new_policy_ref(self):
return tests.new_policy_ref()
def test_get(self):
ref = unit.new_policy_ref()
res = self.policy_api.create_policy(ref['id'], ref)
res = self.policy_api.get_policy(ref['id'])
self.assertDictEqual(ref, res)