def test_get_hierarchy_as_list(self):
project = fixtures.Project(self.client,
self.test_domain.id,
parent=self.test_project.id)
self.useFixture(project)
child_project = fixtures.Project(self.client,
self.test_domain.id,
parent=project.id)
self.useFixture(child_project)
# Only parents and subprojects that the current user has role
# assingments on are returned when asked for subtree_as_list and
# parents_as_list.
role = fixtures.Role(self.client)
self.useFixture(role)
self.client.roles.grant(role.id,
user=self.user_id,
project=self.test_project.id)
self.client.roles.grant(role.id, user=self.user_id, project=project.id)
self.client.roles.grant(role.id,
user=self.user_id,
project=child_project.id)
project_ret = self.client.projects.get(project.id,
subtree_as_list=True,
parents_as_list=True)
self.check_project(project_ret, project.ref)
self.assertItemsEqual([{
'project': self.test_project.entity.to_dict()
}], project_ret.parents)
self.assertItemsEqual([{
'project': child_project.entity.to_dict()
}], project_ret.subtree)
def test_update_role_name(self):
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
new_name = fixtures.RESOURCE_NAME_PREFIX + uuid.uuid4().hex
role_ret = self.client.roles.update(role.id, name=new_name)
role.ref.update({'name': new_name})
self.check_role(role_ret, role.ref)
def test_update_role_domain(self):
role = fixtures.Role(self.client)
self.useFixture(role)
domain = fixtures.Domain(self.client)
self.useFixture(domain)
new_domain = domain.id
role_ret = self.client.roles.update(role.id, domain=new_domain)
role.ref.update({'domain': new_domain})
self.check_role(role_ret, role.ref)
def test_list_roles(self):
global_role = fixtures.Role(self.client)
self.useFixture(global_role)
domain = fixtures.Domain(self.client)
self.useFixture(domain)
domain_role = fixtures.Role(self.client, domain=domain.id)
self.useFixture(domain_role)
global_roles = self.client.roles.list()
domain_roles = self.client.roles.list(domain_id=domain.id)
roles = global_roles + domain_roles
# All roles are valid
for role in roles:
self.check_role(role)
self.assertIn(global_role.entity, global_roles)
self.assertIn(domain_role.entity, domain_roles)
def test_group_project_grant_and_revoke(self):
group = fixtures.Group(self.client, self.project_domain_id)
self.useFixture(group)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
self.client.roles.grant(role, group=group.id, project=project.id)
roles_after_grant = self.client.roles.list(group=group.id,
project=project.id)
self.assertItemsEqual(roles_after_grant, [role.entity])
self.client.roles.revoke(role, group=group.id, project=project.id)
roles_after_revoke = self.client.roles.list(group=group.id,
project=project.id)
self.assertEqual(roles_after_revoke, [])
def test_user_project_grant_and_revoke(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
self.client.roles.grant(role, user=user.id, project=project.id)
roles_after_grant = self.client.roles.list(user=user.id,
project=project.id)
self.assertItemsEqual(roles_after_grant, [role.entity])
self.client.roles.revoke(role, user=user.id, project=project.id)
roles_after_revoke = self.client.roles.list(user=user.id,
project=project.id)
self.assertEqual(roles_after_revoke, [])
def test_group_domain_grant_and_revoke(self):
group = fixtures.Group(self.client, self.project_domain_id)
self.useFixture(group)
domain = fixtures.Domain(self.client)
self.useFixture(domain)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
self.client.roles.grant(role, group=group.id, domain=domain.id)
roles_after_grant = self.client.roles.list(group=group.id,
domain=domain.id)
self.assertCountEqual(roles_after_grant, [role.entity])
self.client.roles.revoke(role, group=group.id, domain=domain.id)
roles_after_revoke = self.client.roles.list(group=group.id,
domain=domain.id)
self.assertEqual(roles_after_revoke, [])
def test_user_domain_grant_and_revoke(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
domain = fixtures.Domain(self.client)
self.useFixture(domain)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
self.client.roles.grant(role, user=user.id, domain=domain.id)
roles_after_grant = self.client.roles.list(user=user.id,
domain=domain.id)
self.assertCountEqual(roles_after_grant, [role.entity])
self.client.roles.revoke(role, user=user.id, domain=domain.id)
roles_after_revoke = self.client.roles.list(user=user.id,
domain=domain.id)
self.assertEqual(roles_after_revoke, [])
def test_grant_role_invalid_params(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
# Only grant role to a group on a resource.
# Domain or project must be specified.
self.assertRaises(exceptions.ValidationError,
self.client.roles.grant,
role.id,
user=user.id)
group = fixtures.Group(self.client, self.project_domain_id)
self.useFixture(group)
# Only grant role to a group on a resource.
# Domain or project must be specified.
self.assertRaises(exceptions.ValidationError,
self.client.roles.grant,
role.id,
group=group.id)
def create_roles(self):
for role_def in role_defs:
role = fixtures.Role(self.client, name=role_def)
self.useFixture(role)
def test_get_role(self):
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
role_ret = self.client.roles.get(role.id)
self.check_role(role_ret, role.ref)
