def test_admin_client_set_no_admin(self): auth._client_set('test_admin', 'test_p@ssw0rd', tenant_name='test_default_tenant')\ .AndReturn('FAKE_CLIENT_SET') auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None) self.mox.ReplayAll() with self.app.test_request_context(): self.assertRaises(RuntimeError, auth.admin_client_set)
def test_api_cs_for_project(self): auth._client_set('test_admin', 'test_p@ssw0rd', tenant_id='PID') \ .AndReturn('FAKE_CS') auth.admin_role_id('FAKE_CS').AndReturn('ROLE') self.mox.ReplayAll() with self.app.test_request_context(): cs = auth.api_client_set('PID') self.assertEquals(cs, 'FAKE_CS')
def test_admin_client_set_works(self): auth._client_set('test_admin', 'test_p@ssw0rd', tenant_name='test_default_tenant')\ .AndReturn('FAKE_CLIENT_SET') auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID') self.mox.ReplayAll() with self.app.test_request_context(): cs = auth.admin_client_set() self.assertEquals(cs, 'FAKE_CLIENT_SET') self.assertEquals(g.admin_client_set, 'FAKE_CLIENT_SET')
def test_user_endpoint_as_admin(self): user, password = '******', 'p@ssw0rd' auth._client_set(user, password, tenant_name='test_default_tenant') \ .AndReturn('FAKE_CLIENT_SET') auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID') auth.current_user_id().AndReturn('FAKE_UID') self.mox.ReplayAll() rv = self.app.test_client().get( '/hello', headers={'Authorization': _basic_auth(user, password)}) self.assertEquals(rv.status_code, 200, rv.data)
def test_admin_endpoint_no_admin(self): admin, password = '******', 'p@ssw0rd' auth._client_set(admin, password, tenant_name='test_default_tenant') \ .AndReturn('FAKE_CLIENT_SET') auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None) self.mox.ReplayAll() rv = self.app.test_client().get( '/hello', headers={'Authorization': _basic_auth(admin, password)}) self.assertEquals(rv.status_code, 403, rv.data)
def test_success(self): user, password = '******', 'p@ssw0rd' self.fake_client_set = self._fake_client_set_factory() auth._client_set(user, password, tenant_name='systenant') \ .AndReturn(self.fake_client_set) auth.admin_role_id(self.fake_client_set).AndReturn('AR_ID') self.mox.ReplayAll() rv = self.client.get( self.url, headers={'Authorization': _basic_auth(user, password)}) self.check_and_parse_response(rv, status_code=404)
def test_api_cs_for_project_denied_at_last(self): auth._client_set('test_admin', 'test_p@ssw0rd', tenant_id='PID') \ .AndRaise(Unauthorized('denied')) auth.add_api_superuser_to_project('PID') auth._client_set('test_admin', 'test_p@ssw0rd', tenant_id='PID') \ .AndReturn('FAKE_CS') auth.admin_role_id('FAKE_CS').AndReturn(None) self.mox.ReplayAll() with self.app.test_request_context(): self.assertRaises(RuntimeError, auth.api_client_set, 'PID')
def test_admin_endpoint_no_admin(self): admin, password = '******', 'p@ssw0rd' auth._client_set(admin, password, tenant_name='test_default_tenant') \ .AndReturn('FAKE_CLIENT_SET') auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None) self.mox.ReplayAll() rv = self.app.test_client().get( '/hello', headers={'Authorization': _basic_auth(admin, password)} ) self.assertEquals(rv.status_code, 403, rv.data)
def test_success(self): user, password = '******', 'p@ssw0rd' self.fake_client_set = self._fake_client_set_factory() auth._client_set(user, password, tenant_name='systenant') \ .AndReturn(self.fake_client_set) auth.admin_role_id(self.fake_client_set).AndReturn('AR_ID') self.mox.ReplayAll() rv = self.client.get(self.url, headers={ 'Authorization': _basic_auth(user, password) }) self.check_and_parse_response(rv, status_code=404)
def test_user_endpoint_as_admin(self): user, password = '******', 'p@ssw0rd' auth._client_set(user, password, tenant_name='test_default_tenant') \ .AndReturn('FAKE_CLIENT_SET') auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID') auth.current_user_id().AndReturn('FAKE_UID') self.mox.ReplayAll() rv = self.app.test_client().get( '/hello', headers={'Authorization': _basic_auth(user, password)} ) self.assertEquals(rv.status_code, 200, rv.data)
def test_api_cs_for_project_denied_at_first(self): auth._client_set('test_admin', 'test_p@ssw0rd', tenant_id='PID') \ .AndRaise(Unauthorized('denied')) auth.add_api_superuser_to_project('PID') auth._client_set('test_admin', 'test_p@ssw0rd', tenant_id='PID') \ .AndReturn('FAKE_CS') auth.admin_role_id('FAKE_CS').AndReturn('ROLE') self.mox.ReplayAll() with self.app.test_request_context(): cs = auth.api_client_set('PID') self.assertEquals(cs, 'FAKE_CS')
def test_admin_role_id(self): self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() result = auth.admin_role_id() # look at tests/mocked.py, near line 100 self.assertEquals(result, u'ADMIN_ROLE_ID')
def _grant_admin(user_id): """Grant admin permission. Add admin role with in admin tenant (aka systenant). """ auth.assert_admin() g.client_set.identity_admin.roles.add_user_role( user_id, auth.admin_role_id(), auth.default_tenant_id())
def _grant_admin(user_id): """Grant admin permission. Add admin role with in admin tenant (aka systenant). """ auth.assert_admin() g.client_set.identity_admin.roles.add_user_role(user_id, auth.admin_role_id(), auth.default_tenant_id())
def test_admin_role_id_403(self): # make roles empty self.fake_client_set.http_client.access['user']['roles'] = [] self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() g.is_admin = False self.assertEquals(None, auth.admin_role_id()) self.assertAborts(403, auth.assert_admin)
def _revoke_admin(user_id): """Revoke admin permission. Remove admin role in admin tenant (aka systenant). """ auth.assert_admin() try: g.client_set.identity_admin.roles.remove_user_role( user_id, auth.admin_role_id(), auth.default_tenant_id()) except osc_exc.NotFound: pass # user was not admin
def test_with_my_client_set(self): result = auth.admin_role_id(self.fake_client_set) # look at tests/mocked.py, near line 100 self.assertEquals(result, u'ADMIN_ROLE_ID')